WebApp Sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: pentest tool for dos

From: anthony.cicalla () gmail com
Date: Tue, 14 Jun 2011 21:40:16 +0000
If you have been doing pen testing for any real length of time your already on watch lists. However dos and ddos 
testing isn't part of a pen test because you can always take something offline with enough traffic. 
Sent via BlackBerry from T-Mobile

-----Original Message-----
From: Jeremiah Cornelius <jeremiah () nur net>
Sender: listbounce () securityfocus com
Date: Tue, 14 Jun 2011 08:34:10 
To: <webappsec () securityfocus com>
Reply-To: jeremiah () nur net
Subject: Re: pentest tool for dos

There's a Java version of LOIC.

You might want to DL through a proxy , and doing so might still get you 
on a watchlist. ;-)

Also, the SourceForge page for JavaLOIC has disappeared.  There are 
links to different archives on the 'net.  Proceed with caution (sandbox, 
etc.)

http://www.mediafire.com/?u3pn398d5w6sixg
http://www.mediafire.com/?9rfblvej3ycd8dt

-- JC



On 06/13/2011 10:48 PM, ShiYih Lye wrote:

hi guys,

Appreciated a lot with the feedback. I have tested HOIC and LOIC, they
are both windows, so might not that suitable for my pentest
environment, as I'm using a datacenter linux server as the attacker to
dos my webserver.

We are still testing Slowloris and RUDY.  Siege so far able to trigger
more concurrent connection to the victim with 1000+, which ab maximum
connection is only around 100+. After those threshold, we will be
getting error from the attacker. We are using a Centos 5.5 for the
attacker.



On Tue, Jun 14, 2011 at 1:47 PM, ShiYih Lye<shiyih.lye () my offgamers com>  wrote:

hi guys,

Appreciated a lot with the feedback. I have tested HOIC and LOIC, they are both windows, so might not that suitable 
for my pentest environment, as I'm using a datacenter linux server as the attacker to dos my webserver.

We are still testing Slowloris and RUDY.  Siege so far able to trigger more concurrent connection to the victim with 
1000+, which ab maximum connection is only around 100+. After those threshold, we will be getting error from the 
attacker. We are using a Centos 5.5 for the attacker.




On Mon, Jun 13, 2011 at 5:46 AM, amar wakharkar<amarsuhas () hotmail com>  wrote:

Dear Lye,

You can use Low Orbit Ion Cannon Tool for DOS.

Regards,

Amar Wakharkar.





From: shiyih.lye () my offgamers com
Date: Wed, 8 Jun 2011 11:40:00 +0800
Subject: pentest tool for dos
To: webappsec () securityfocus com; pen-test () securityfocus com

Hi guys,

We are testing the dos protection mechanism of our web server, and
we're using 'apache benchmark', ab for that purpose (httpd version is
2.2.3 in Centos 5) from the pentest machine. But it is not able to go
to a higher concurrent hits, so I'm wonder do you have any better or
more comprehensive tools out there that you think is better ?

Thanks for any input given.

Regards,
Lye

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB 
CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------




This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now!
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------







This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now! 
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: