Web Application Security
Re: pentest tool for dos Jun 14 2011 05:48AM
ShiYih Lye (shiyih lye my offgamers com) (2 replies)
Re: pentest tool for dos Jun 14 2011 03:34PM
Jeremiah Cornelius (jeremiah nur net) (1 replies)
Re: pentest tool for dos Jun 14 2011 09:40PM
anthony cicalla gmail com (1 replies)
If you have been doing pen testing for any real length of time your already on watch lists. However dos and ddos testing isn't part of a pen test because you can always take something offline with enough traffic.

Sent via BlackBerry from T-Mobile

-----Original Message-----

From: Jeremiah Cornelius <jeremiah (at) nur (dot) net [email concealed]>

Sender: listbounce (at) securityfocus (dot) com [email concealed]

Date: Tue, 14 Jun 2011 08:34:10

To: <webappsec (at) securityfocus (dot) com [email concealed]>

Reply-To: jeremiah (at) nur (dot) net [email concealed]

Subject: Re: pentest tool for dos

There's a Java version of LOIC.

You might want to DL through a proxy , and doing so might still get you

on a watchlist. ;-)

Also, the SourceForge page for JavaLOIC has disappeared. There are

links to different archives on the 'net. Proceed with caution (sandbox,

etc.)

http://www.mediafire.com/?u3pn398d5w6sixg

http://www.mediafire.com/?9rfblvej3ycd8dt

-- JC

On 06/13/2011 10:48 PM, ShiYih Lye wrote:

> hi guys,

>

> Appreciated a lot with the feedback. I have tested HOIC and LOIC, they

> are both windows, so might not that suitable for my pentest

> environment, as I'm using a datacenter linux server as the attacker to

> dos my webserver.

>

> We are still testing Slowloris and RUDY. Siege so far able to trigger

> more concurrent connection to the victim with 1000+, which ab maximum

> connection is only around 100+. After those threshold, we will be

> getting error from the attacker. We are using a Centos 5.5 for the

> attacker.

>

>

>

> On Tue, Jun 14, 2011 at 1:47 PM, ShiYih Lye<shiyih.lye (at) my.offgamers (dot) com [email concealed]> wrote:

>> hi guys,

>>

>> Appreciated a lot with the feedback. I have tested HOIC and LOIC, they are both windows, so might not that suitable for my pentest environment, as I'm using a datacenter linux server as the attacker to dos my webserver.

>>

>> We are still testing Slowloris and RUDY. Siege so far able to trigger more concurrent connection to the victim with 1000+, which ab maximum connection is only around 100+. After those threshold, we will be getting error from the attacker. We are using a Centos 5.5 for the attacker.

>>

>>

>>

>>

>> On Mon, Jun 13, 2011 at 5:46 AM, amar wakharkar<amarsuhas (at) hotmail (dot) com [email concealed]> wrote:

>>> Dear Lye,

>>>

>>> You can use Low Orbit Ion Cannon Tool for DOS.

>>>

>>> Regards,

>>>

>>> Amar Wakharkar.

>>>

>>>

>>>

>>>

>>>> From: shiyih.lye (at) my.offgamers (dot) com [email concealed]

>>>> Date: Wed, 8 Jun 2011 11:40:00 +0800

>>>> Subject: pentest tool for dos

>>>> To: webappsec (at) securityfocus (dot) com [email concealed]; pen-test (at) securityfocus (dot) com [email concealed]

>>>>

>>>> Hi guys,

>>>>

>>>> We are testing the dos protection mechanism of our web server, and

>>>> we're using 'apache benchmark', ab for that purpose (httpd version is

>>>> 2.2.3 in Centos 5) from the pentest machine. But it is not able to go

>>>> to a higher concurrent hits, so I'm wonder do you have any better or

>>>> more comprehensive tools out there that you think is better ?

>>>>

>>>> Thanks for any input given.

>>>>

>>>> Regards,

>>>> Lye

>>>>

>>>> ------------------------------------------------------------------------

>>>> This list is sponsored by: Information Assurance Certification Review Board

>>>>

>>>> Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

>>>>

>>>> http://www.iacertification.org

>>>> ------------------------------------------------------------------------

>>>>

>

>

> This list is sponsored by Cenzic

> --------------------------------------

> Let Us Hack You. Before Hackers Do!

> It's Finally Here - The Cenzic Website HealthCheck. FREE.

> Request Yours Now!

> http://www.cenzic.com/2009HClaunch_Securityfocus

> --------------------------------------

>

This list is sponsored by Cenzic

--------------------------------------

Let Us Hack You. Before Hackers Do!

It's Finally Here - The Cenzic Website HealthCheck. FREE.

Request Yours Now!

http://www.cenzic.com/2009HClaunch_Securityfocus

--------------------------------------

[ reply ]
Re: pentest tool for dos Jun 15 2011 03:04PM
hkm (hkm hakim ws)
Re: pentest tool for dos Jun 14 2011 12:16PM
Rafael Correia (rafaelnominato gmail com)


 

Privacy Statement
Copyright 2010, SecurityFocus