Re: Controlled DoS



You can say that monitored/controlled DOS attack.In PenTest Scenarios
it may require more cooperation from client to analyze the resources
which would be impacted from the DOS.
Generally this methodology this used to design defense strategies
against DOS attacks

..Dharm


On Fri, Mar 12, 2010 at 5:25 PM, Adam Mooz <adam.mooz@xxxxxxxxx> wrote:
Hey Tibor

A DoS is essentially just overwhelming the capabilities of whatever service you're going after, so for web servers it's initiating a storm of connections, for SMB it can be attempting to login 1,000,000 times per second, etc...  You just keep using the resources until they're exhausted preventing anyone else from using that service.  With that in mind, doing a 'controlled' DoS is possible, just limit how many connections or attempts to exhaust the resources, and increase it until the service breaks.

Hope this helps...

-----------------------------------------------------------------
Adam Mooz
Adam.Mooz@xxxxxxxxx
http://www.AdamMooz.com

On 2010-03-10, at 6:52 AM, Tibor Kaskoto wrote:

Respected Members,



Is it possible to do a Denial of Service attack in a controlled way, e.g. in
a penetration testing scenario? How can you control/limit the possible
degradation of the client's services? Can you ask the client to corporate in
terms of IDS/IPS alerts, or any sign of service degradation? How can you
measure the success of the test if you are actually not allowed to break
anything? What is the approach to a 99.99% availability requirement network?





Thanks & Regards,





Tibor




------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------



------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------





--
Cheers and keep rocking!
- Dharm

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------



Relevant Pages

  • RE: DoS test on specific TCP Port
    ... DoS test on specific TCP Port ... Information Assurance Certification Review Board ... Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. ...
    (Pen-Test)
  • Re: DoS test on specific TCP Port
    ... DoS attack. ... Information Assurance Certification Review Board ... Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. ... IACRB CPT and CEPT certs require a full practical examination in order to become certified. ...
    (Pen-Test)
  • Re: Nessus, Harmful?
    ... There are few plugins for destructive attacks like DOS in NESSUS. ... Information Assurance Certification Review Board ... Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. ...
    (Pen-Test)
  • RE: Which Commercial Web App Scanner?
    ... so assuming that leaves WebInspect and Acunetix ... actually do a proper penetration test. ... Information Assurance Certification Review Board ...
    (Pen-Test)
  • Re: Pentest exams
    ... would be a dynamic duo of pen testing certs. ... Information Assurance Certification Review Board ... Prove to peers and potential employers without a doubt that you can actually ... do a proper penetration test. ...
    (Pen-Test)