WebApp Sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: pentest tool for dos

From: ShiYih Lye <shiyih.lye () my offgamers com>
Date: Tue, 14 Jun 2011 13:48:36 +0800
hi guys,

Appreciated a lot with the feedback. I have tested HOIC and LOIC, they
are both windows, so might not that suitable for my pentest
environment, as I'm using a datacenter linux server as the attacker to
dos my webserver.

We are still testing Slowloris and RUDY.  Siege so far able to trigger
more concurrent connection to the victim with 1000+, which ab maximum
connection is only around 100+. After those threshold, we will be
getting error from the attacker. We are using a Centos 5.5 for the
attacker.



On Tue, Jun 14, 2011 at 1:47 PM, ShiYih Lye <shiyih.lye () my offgamers com> wrote:


hi guys,

Appreciated a lot with the feedback. I have tested HOIC and LOIC, they are both windows, so might not that suitable 
for my pentest environment, as I'm using a datacenter linux server as the attacker to dos my webserver.

We are still testing Slowloris and RUDY.  Siege so far able to trigger more concurrent connection to the victim with 
1000+, which ab maximum connection is only around 100+. After those threshold, we will be getting error from the 
attacker. We are using a Centos 5.5 for the attacker.




On Mon, Jun 13, 2011 at 5:46 AM, amar wakharkar <amarsuhas () hotmail com> wrote:


Dear Lye,

You can use Low Orbit Ion Cannon Tool for DOS.

Regards,

Amar Wakharkar.





From: shiyih.lye () my offgamers com
Date: Wed, 8 Jun 2011 11:40:00 +0800
Subject: pentest tool for dos
To: webappsec () securityfocus com; pen-test () securityfocus com

Hi guys,

We are testing the dos protection mechanism of our web server, and
we're using 'apache benchmark', ab for that purpose (httpd version is
2.2.3 in Centos 5) from the pentest machine. But it is not able to go
to a higher concurrent hits, so I'm wonder do you have any better or
more comprehensive tools out there that you think is better ?

Thanks for any input given.

Regards,
Lye

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB 
CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------







This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now!
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: