Jump to content

dos attack - school project

supercool

By supercool
in Questions

 Share

Recommended Posts

supercool Newbie

supercool

Posted
Posted

Hello

I’m looking for some mac apps to help me with a security class I’m in.

In this class we are in groups and each group has a server, running server 2003. All servers need to be running a web server and an ftp server.

The servers and client computers are on an isolated network (no internet.)

The servers have software firewalls.

Everyone uses pc’s and I’m the only one with a powerbook. I’m looking for some tools, whats a good doss attack tool? Is there a cain like tool for mac?

What would be the best way to kill a server on a 100mb network? I can get 5-6 people on my team to help with the attacks.

What is a good packet sniffing application for the mac?

Now my powerbook has a gigabit network adapter, can it flood the network faster then the other pc on the network with 100megbit connection? I believe the switches are a gigabit. Any help/ info would be great!

Link to comment
Share on other sites
cooper Newbie

cooper

Posted
Posted
I’m looking for some mac apps to help me with a security class I’m in.

Fair enough.

Everyone uses pc’s and I’m the only one with a powerbook. I’m looking for some tools, whats a good doss attack tool?

Where's the fun in a DOS attack? Requests come in at such a staggering rate that legitimate users can't access it anymore. Hardy fucking har.

Is there a cain like tool for mac?

Hopefully someone else will answer that.

What would be the best way to kill a server on a 100mb network? I can get 5-6 people on my team to help with the attacks.

Preventing legitimate requests from reaching the server doesn't "kill a server". Try actually hacking the FTP server. You'll learn *WAY* more.

What is a good packet sniffing application for the mac?

I would assume WireShark can be had for the Mac aswell?

Now my powerbook has a gigabit network adapter, can it flood the network faster then the other pc on the network with 100megbit connection? I believe the switches are a gigabit.

Presumably yes, but it should be sufficient to just be able to match the line speed to the server. So those 100 MBit PCs can just as easily fill that line on their own.

What's more interesting, if you really _must_ DOS, is to try an amplification attack. Where you send 10 bytes of data to a server, and it responds by sending 100 bytes back. Make the server think you are the target box and you get a 10-fold increase in traffic to the target box compared to what you're actually sending. Check out the DNS server (assuming there is one). It's typically not firewalled off which can be extra fun.

Link to comment
Share on other sites
Dr Zaius Newbie

Dr Zaius

Posted
Posted
What is a good packet sniffing application for the mac?

I would assume WireShark can be had for the Mac aswell?

Yes there are third party ports, check the downloads page:

http://www.wireshark.org/download.html

Although I've never used it on a Mac so I can't say how well it performs compared to the Windows/Linux versions.

Link to comment
Share on other sites
cooper Newbie

cooper

Posted
Posted
its you.

do you want more info on the servers? I help set one of them up.

And then we tell you what's wrong with it, you hack it and people think the world of you, yet what have you learned?

This was security class, wasn't it?

The idea isn't to be succesful. The idea is to understand.

Link to comment
Share on other sites
Spartain X Newbie

Spartain X

Posted
Posted
its you.

do you want more info on the servers? I help set one of them up.

And then we tell you what's wrong with it, you hack it and people think the world of you, yet what have you learned?

This was security class, wasn't it?

The idea isn't to be succesful. The idea is to understand.

that is quite right

Link to comment
Share on other sites
supercool Newbie

supercool

Posted
  • Author
Posted
its you.

do you want more info on the servers? I help set one of them up.

And then we tell you what's wrong with it, you hack it and people think the world of you, yet what have you learned?

This was security class, wasn't it?

The idea isn't to be succesful. The idea is to understand.

I want to be successful and understand! I post and ask for help here because I know a lot of smart people are on this forum. I want to understand how it (attacks) work and use them.

If anyone knows of other web sites that might be helpful please let me know,

Thanks

Link to comment
Share on other sites
moonlit Newbie

moonlit

Posted
Posted
I want to be successful and understand! I post and ask for help here because I know a lot of smart people are on this forum. I want to understand how it (attacks) work and use them.

Smart we are, affected by flattery we are not... ;)

Link to comment
Share on other sites
cooper Newbie

cooper

Posted
Posted
I want to be successful and understand! I post and ask for help here because I know a lot of smart people are on this forum. I want to understand how it (attacks) work and use them.

If anyone knows of other web sites that might be helpful please let me know,

Thanks

Start by getting intimate with the protocols on the network. You should be able to talk HTTP and FTP with the machine over Telnet. A small calculator is allowed when you're doing FTP . No, I'm not kidding.

Once you have a good grasp at the protocol, look for exploits of all kinds of HTTP/FTP/whatever servers that worked before or on other OSes. Understand what the guy who made the software did wrong at that time, and see if the installation you're up against has made similar errors. Format string bugs were all the rage for a while because once people figured out they were actually exploitable they were uncovered everywhere. People didn't think much of them before then.

A DOS attack is BORING! You're 'exploiting' the network rather than the machine. An exception would be calling a page that takes a lot of system resources to prepare a gazillion times simultaneously, but that can be handily beaten aswell with a bit of server-side caching. DOSes for the most part have NOTHING to do with security.

Link to comment
Share on other sites
  • 2 years later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...