RE: Limited vs full blown testing

From: R. DuFresne (dufresne_at_sysinfo.com)
Date: 06/25/04

  • Next message: R. DuFresne: "RE: Limited vs full blown testing" 
    Date: Thu, 24 Jun 2004 20:09:53 -0400 (EDT)
To: Jerry Shenk <jshenk@decommunications.com>

    On Thu, 24 Jun 2004, Jerry Shenk wrote:

    > He SPECIFICALLY excluded DDOS. Of course, if you sit in on the network
    > with a battery of laptops and find a few amplifiers internally, you can
    > do a DDOS...that's why he excluded it. In fact, it was the VERY NEXT
    > sentence after the first sentence you snipped out. How about some more
    > basic DOS attempts. Doing that type of thing internally doesn't seem
    > very practical to me.
    >
    > Now, about doing a DOS in a penetration test or vulnerability
    > assessment...sure, it makes sense.
    >
    >

    Cool, now define for me specifically how a resource exhaustion or
    'packeting' a network or system is different then a 'DOS'. We know few if
    any inetd's can withstand much pounding, it;s been an issue since before
    the 1990's, a resource exhaustion or perhaps a form of 'buffer overflow'.
    but, what exactly is a DOS without heavy packeting <bandwidth exhaustion>
    or exhausting system resources? We all deal with limits, I'm seriouslyy
    interested in the differences in the definitions here.

    Thanks,

    Ron DuFresne 

    -- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com
"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart
testing, only testing, and damn good at it too!
  • Next message: R. DuFresne: "RE: Limited vs full blown testing"