Accéder au contenu principal

Vulcan DoS Vs Akamai

Par
In the past I had to do several DoS security audits, with múltiples types of tests and intensities. Sometimes several DDoS protections were present like Akamai for static content, and Arbor for absorb part of the bandwith.

One consideration for the DoS/DDoS tools is that probably it will loss the control of the attacker host, and the tool at least has to be able to stop automatically with a timeout, but can also implement remote response checks.

In order to size the minimum mbps needed to flood a service or to retard the response in a significant amount of time, the attacker hosts need a bandwith limiter, that increments in a logarithmic way up to a limit agreed with the customer/isp/cpd.

There are DoS tools that doesn't have this timeouts, and bandwith limit based on mbps, for that reason I have to implement a LD_PRELOAD based solution: bwcontrol

Although there are several good tools for stressing web servers and web aplications like apache ab, or other common tools used for pen-testing, but I also wrote a fast web flooder in c++ named wflood.

As expected the most effective for taking down the web server are the slow-loris, slow-read and derivatives, few host were needed to DoS an online banking. 
Remote attacks to database and highly dynamic web content were discarded, that could be impacted for sure.

I did another tool in c++ for crafting massive tcp/udp/ip malformed packets, that impacted sometimes on load balancers and firewalls, it was vulcan, it freezed even the firewall client software.

The funny thing was that the common attacks against Akamai hosts, where ineffective, and so does the slow-loris family of attacks, because are common, and the Akamai nginx webservers are well tunned. But when tried vulcan, few intensity was enough to crash Akamai hosts.

Another attack vector for static sites was trying to locate the IP of the customer instead of Akamai, if the customer doesn't use the Akamai Shadow service, it's possible to perform a HTTP Host header scan, and direct the attack to that host bypassing Akamai.

And what about Arbor protection? is good for reducing the flood but there are other kind of attacks, and this protection use to be disabled by default and in local holidays can be a mess.

Related posts

Commentaires

Enregistrer un commentaire

Posts les plus consultés de ce blog

Abdominal pain after a motor vehicle accident

Par
CASE A 22-year-old man was brought to the ED complaining of abdominal pain after a rollover motor vehicle accident. He was the front seat passenger and was wearing a seat belt. Although he was trapped in the vehicle and it caught on fire, he did not suffer any cutaneous burns. History  The patient's past medical history was significant for attention-deficit hyperactivity disorder. He admitted to using tobacco and alcohol socially, but denied illicit drug use. He denied any medication use or drug allergies. A review of systems was positive for complaints of abdominal pain and anxiety. Physical examination  The patient's vital signs were: BP, 112/51 mm Hg; heart rate, 110 beats/minute; respirations, 23; SpO 2 , 95% on room air; and temperature, 37.4° C (99.3° F). On ED arrival, he was awake, alert, and oriented but appeared anxious and agitated. His pupils were equal, round, and reactive to light. His head was normocephalic with a 2-cm laceration on the left ear. The pati...
Enregistrer un commentaire
Lire la suite

HTML5 Games On Android

Par
On my last hollidays, I made two HTML5 games, and published on android market. Nowadays javascript has powerful libraries for doing almost everything, and also there are several compilers from java or c code to javascript, converting opengl c code to html5 canvas, but definitely, javascript execution is slower than dalvik applications, and of course much slower than arm c libs. For improving the speed of sounds and images loader, I have used javascript asynchronous execution and scheduling priority has been controlled with setTimeout/setInterval which deprioritize or priorize a code block. This games are published on the android market here: Android Planets and here: Far Planet Related news Hacker Hardware Tools Pentest Tools Port Scanner Hacker Tools For Mac Tools Used For Hacking Hacker Techniques Tools And Incident Handling Easy Hack Tools Hacking Tools Kit Hacking Tools Usb Hacker Hardware Tools Hacker Tools Hardware Hack Tools For Windows Hacking Tools For G...
Enregistrer un commentaire
Lire la suite

"Abre Las Puertas A La Inclusión": La Campaña De Donativos De ASCM Para Hacer Su Sede Más Accesible

Par
La Asociación Sociocultural ASCM lanza la campaña de recaudación de fondos: "Abre las puertas a la inclusión", con el objetivo de dotar su sede de una puerta automática.                                                       Campaña "Abre las puertas a la inclusión": Vídeo promocional.  La Asociación Sociocultural ASCM lanza, hoy, una campaña de recaudación de fondos para mejorar la accesibilidad de su sede de Ferrol y adaptarse a las medidas de seguridad y prevención que exige la nueva normalidad. "Abre las puertas a la inclusión" es el slogan de esta campaña de donativos, que se extenderá hasta el 24 de julio, y que busca la colaboración de la ciudadanía para lograr reunir los 3.599 euros necesarios para dotar su local de una puerta automática. ASCM lleva, desde su fundación en 1987, reivindicando la necesidad de pensar en clave de accesibilidad un...
Enregistrer un commentaire
Lire la suite