RE: Limited vs full blown testing
From: Alan Davies (AlanIRL_at_blueyonder.co.uk)
Date: 06/25/04
- Previous message: jatkinson: "IE caching issue"
- Maybe in reply to: Toby Barrick: "Limited vs full blown testing"
- Next in thread: Martin Murray-Brown: "RE: Limited vs full blown testing"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: <pen-test@securityfocus.com> Date: Fri, 25 Jun 2004 00:45:40 +0100
>I'm trying to understand the significance of DDOS testing and importance.
>Thing is, if you can spew packets fast enough, or make enough connections
>to consume the resources involved, you can take a site/serice down for at
>least the duration of the attack, even pipes as large as those of
>akami<sp?> were proven to be susceptable in recent days. It's a given
>vector of attack that we live with, a risk level we hope to avoid. But,
>not something that gives away the insides of the network to thugs and
>theives. No root shell and all that, which constitute a real threat, at
>least in my mind. Perhaps I'm missing something that has come up in
>recent years that redefines DDOS as something that is preventable and a
>potential for something other then a blip, however long lasting the
>attack, in service?
Ron - I think the difference here is DoS vs. DDoS. The latter is just
throwing packets at a target to fill all available bandwidth and I can't see
a lot of point in that during a pen test (in that it's not actually
compromising anything).
However a DoS can be anything that denies service - if I walk up to your
desktop and steal your keyboard and mouse, I've DoS'd you by stopping you
working ;) Seriously though - run Nessus with dangerous plugins on and you
will likely DoS many parts of the clients network .. and not by overwhelming
with packets. You may find that some routers/switches have been killed
until a full power cycle is done and that some systems (especially older)
have completely and irrecoverably locked up. It could even end up causing
data loss.
The fact of the matter is, if there are systems that can be knocked down
like this by an exploit, then you would really want to know about it and try
to prevent it. At the same time, if the client is aware of this and doesn't
want to take the risk ... well they are the ones paying you and all you can
do is tell them!
P.S. One final reminder of how a DoS can be used in a penetration ....
think of good old Kevin Mitnick! Without DoS he wouldn't have been able to
break in the way he did.
Best regards,
Alan Davies.
- Previous message: jatkinson: "IE caching issue"
- Maybe in reply to: Toby Barrick: "Limited vs full blown testing"
- Next in thread: Martin Murray-Brown: "RE: Limited vs full blown testing"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
