Dombrowski, Stan wrote: > A DOS attack.... I'm trying to test a new product we just purchased. > It's a Packeteer which will recognize and deal with unusal traffic flow > and bandwidth problems. We experienced several internal DOS attacks from > internal hosts caused by bots. I've configured the Packeteer but haven't > found a way to test the device. I have it set up on a private vlan with > just the nessus server/client, the Packeteer and a test host. But > running the normal scan with DOS enabled doesn't generate much traffic. > How do I crank it up to really eat up the bandwidth and emulate an > attack. No animals will be used in this experiment and it is safe for > childrens consumption as required by the FDA. Appreciate any help as I > just downloaded this software and am a newbie.
On one hand, I am thrilled that Nessus isn't enough of a DOS tool for you as we try very hard to make Nessus have as little effect on its targets as possible. Having said that, if you want to test the Packeteer with Nessus, I don't think you will find very much using Nessus. I suggest you look into capturing the Nessus scan with tcpdump and then replaying it as fast as possible with a tool like tcpreplay. For testing inline devices, trying to replay the conversation from one side of the device may not work. Also, keep in mind that DOS attacks are not always bandwidth related or from one source. If you are DOSed by a botnet, you'll see attacks from many different remote IPs. You can also be DOSed by someone who is exploiting a flaw in an application on your network. Certain web queries, FTP queries, SMTP commands, .etc can cause high disk IO, CPU utilization or memory utilization and can just of an effective DOS event. There are plenty of commercial products in this space that do exactly what you are asking. You might start with tools that are used to test inline IPSes. Ron Gula _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
