Re: DoS ToolKit

From: dharana (dharana@dharana.net)
Date: 07/31/01 

Date: Tue, 31 Jul 2001 10:17:04 +0200
From: dharana <dharana@dharana.net>
To: pen-test@securityfocus.com
Subject: Re: DoS ToolKit
Message-ID: <20010731101704.A3775@cifra.dharana.net>

Ershad Shafi Chowdhury(iru@bol-online.com)@2001.07.31 10:12:04 +0000:
> Whoa! Hold on those tests if you don't know what to do to protect
> yourself first. DoS can be nasty especially if carried out during office
> hours.

The idea is first to try pen-testing against the actual configuration, and
then make the necessary changes.

> I suggest reading relevant security docs for those network
> devices, e.g. Cisco, WinNT, Win2K, Linux and other devices you may have,
> and checking if you have the protection in place.

http://neworder.box.sk/
http://packetstorm.linuxsecurity.com/
http://www.securityfocus.com/

Do you recommend me another website of the like?

> Then, you can blast away, first from a remote site, then from your local
> LAN while no one is working at the office. If you can, close any DB's
> you may have running (you don't want your OS to crash and corrupt the DB
> too), and if everything works out, you can test again with them up and
> running.

I think I know what I'm playing with. My question was more about what kind of
attacks. For example:
- Smurf Attacks
- Arp poisoning hubs and switches
- Jolt'ing against the Windows Machines.
- (a lot more I don't know at this moment)

I've already tried exploits against the visible services (some of them might cause
DoS) and now I wanted to test the stability of some of our routers,
firewalls and workstations and servers.

>
> On the other hand, if you have already taken the precautions, start with
> attempting DoS at workstations, servers, firewalls, hubs, switches and
> finally routers.

Here we are. Do you know any good place to start?

>
> Regards,
> Ershad Shafi Chowdhury (Iru)
> Chief Information Officer
> Bangladesh Online Ltd - A Beximco Company
> House 21, Road 3, Dhanmondi R/A, Dhaka 1205
> Tel: +88029668320, Fax: +88029668321
> E-mail: iru@bol-online.com, http://bol-online.com
>
> -----Original Message-----
> From: dharana@dharana.net [mailto:dharana@dharana.net]
> Sent: Tuesday, July 31, 2001 5:26 AM
> To: pen-test@securityfocus.com
> Subject: DoS ToolKit
>
>
> Hello list:
>
> My company is performing (at least trying to do ) a full security test
> on our installations, and I've been assigned the network security tests.
> I've already performed network maps as seen from the Internet, I've run
> ISS and Nessus, I've performed some sniffing in specific areas, I've
> read and applied most of the OSSTM Manual and one of the few things that
> rests are DoS tests (against network devices, firewalls) but I have no
> idea of what
> checklist should I follow.
>
> Can anyone give me some advice?
>
> Thanks in advance.
>
> --
> dharana
> dharana@dharana.net
>
> "Don't worry; you can't do anything."
>
> ------------------------------------------------------------------------
> ----
> This list is provided by the SecurityFocus Security Intelligence Alert
> (SIA) Service. For more information on SecurityFocus' SIA service which
> automatically alerts you to the latest security vulnerabilities please
> see: https://alerts.securityfocus.com/
>

Thanks for your time, 

-- 
dharana
dharana@dharana.net

"Don't worry; you can't do anything."

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Relevant Pages

  • RE: SQL
    ... Subject: SQL ... >> This list is provided by the SecurityFocus Security ... For more information on SecurityFocus' SIA service which ... >This list is provided by the SecurityFocus Security Intelligence Alert ...
    (Pen-Test)
  • RE: Insurance
    ... property--data beign deemed "intangible" for the purposes of insurance. ... for physical security testing there are often 3rd parties ... For more information on SecurityFocus' SIA service which ... This list is provided by the SecurityFocus Security Intelligence Alert ...
    (Pen-Test)
  • RE: Pen-Testing Lotus Notes/Domino
    ... Subject: Pen-Testing Lotus Notes/Domino ... of document security. ... This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ...
    (Pen-Test)
  • R: Pen-Testing help (Compaq Insight & htsearch)
    ... This web server happens to be in front of their ... This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ...
    (Pen-Test)
  • Re: Application & Iplanet/Apache web server vulnerability and penetration testing
    ... I don't know what to do on the web servers other than delete example ... Any suggestions on iPlanet and Apache security? ... > This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ...
    (Pen-Test)