Tuesday, January 23, 2024

Vulcan DoS Vs Akamai

In the past I had to do several DoS security audits, with mĂșltiples types of tests and intensities. Sometimes several DDoS protections were present like Akamai for static content, and Arbor for absorb part of the bandwith.

One consideration for the DoS/DDoS tools is that probably it will loss the control of the attacker host, and the tool at least has to be able to stop automatically with a timeout, but can also implement remote response checks.

In order to size the minimum mbps needed to flood a service or to retard the response in a significant amount of time, the attacker hosts need a bandwith limiter, that increments in a logarithmic way up to a limit agreed with the customer/isp/cpd.

There are DoS tools that doesn't have this timeouts, and bandwith limit based on mbps, for that reason I have to implement a LD_PRELOAD based solution: bwcontrol

Although there are several good tools for stressing web servers and web aplications like apache ab, or other common tools used for pen-testing, but I also wrote a fast web flooder in c++ named wflood.

As expected the most effective for taking down the web server are the slow-loris, slow-read and derivatives, few host were needed to DoS an online banking. 
Remote attacks to database and highly dynamic web content were discarded, that could be impacted for sure.

I did another tool in c++ for crafting massive tcp/udp/ip malformed packets, that impacted sometimes on load balancers and firewalls, it was vulcan, it freezed even the firewall client software.

The funny thing was that the common attacks against Akamai hosts, where ineffective, and so does the slow-loris family of attacks, because are common, and the Akamai nginx webservers are well tunned. But when tried vulcan, few intensity was enough to crash Akamai hosts.

Another attack vector for static sites was trying to locate the IP of the customer instead of Akamai, if the customer doesn't use the Akamai Shadow service, it's possible to perform a HTTP Host header scan, and direct the attack to that host bypassing Akamai.

And what about Arbor protection? is good for reducing the flood but there are other kind of attacks, and this protection use to be disabled by default and in local holidays can be a mess.

Related news


  1. Hack And Tools
  2. New Hacker Tools
  3. Nsa Hack Tools
  4. Hacking Tools Kit
  5. World No 1 Hacker Software
  6. Pentest Tools Website
  7. Pentest Tools Windows
  8. Hacking Tools Name
  9. Pentest Tools Url Fuzzer
  10. Hacker Tools For Ios
  11. Hack Apps
  12. Hacking Tools And Software
  13. Hacker Security Tools
  14. Pentest Recon Tools
  15. Hacking Tools Hardware
  16. Hack Tool Apk
  17. Underground Hacker Sites
  18. Hacker Tools 2019
  19. Hacking Tools 2020
  20. Pentest Tools For Mac
  21. Hack Tools
  22. Hacker Tools Apk Download
  23. Hacking Tools For Windows 7
  24. How To Install Pentest Tools In Ubuntu
  25. Pentest Tools For Ubuntu
  26. Nsa Hack Tools
  27. Hacking Tools Kit
  28. Hacks And Tools
  29. Hacker Tool Kit
  30. Pentest Tools Website Vulnerability
  31. Hacking Tools Software
  32. Hacker Tools List
  33. Hacking Tools For Kali Linux
  34. Pentest Tools Download
  35. Pentest Tools Windows
  36. Pentest Tools Website Vulnerability
  37. Hacker Tools For Pc
  38. Pentest Tools Port Scanner
  39. Pentest Tools For Android
  40. Easy Hack Tools
  41. Hacking Tools Github
  42. Hacker Hardware Tools
  43. Hacker Security Tools
  44. Hacking Tools For Windows
  45. Game Hacking
  46. How To Install Pentest Tools In Ubuntu
  47. Termux Hacking Tools 2019
  48. Hack Tools Mac
  49. Hacking Tools For Pc
  50. Hack Tools Download
  51. Hacking Tools Free Download
  52. Bluetooth Hacking Tools Kali
  53. Pentest Tools List
  54. Hack Tools For Mac
  55. New Hacker Tools
  56. Pentest Tools Website
  57. Pentest Box Tools Download
  58. Pentest Tools Port Scanner
  59. Hacking App
  60. Easy Hack Tools
  61. Best Pentesting Tools 2018
  62. Hacks And Tools
  63. Hack Rom Tools
  64. Hacking Tools For Beginners
  65. Pentest Box Tools Download
  66. New Hacker Tools
  67. Free Pentest Tools For Windows
  68. Pentest Tools For Mac
  69. Pentest Tools Apk
  70. Free Pentest Tools For Windows
  71. Hacker Techniques Tools And Incident Handling
  72. Hack Tools For Ubuntu
  73. Hacker Hardware Tools
  74. Hacking Tools Software
  75. What Are Hacking Tools
  76. Hacker Techniques Tools And Incident Handling
  77. Hacker Tools Windows
  78. Hacking Tools Online
  79. Kik Hack Tools
  80. Beginner Hacker Tools
  81. Hack Tools Mac
  82. World No 1 Hacker Software
  83. Pentest Tools For Android
  84. Hacker Tools Apk Download
  85. What Are Hacking Tools
  86. Nsa Hack Tools
  87. Hack Tools
  88. Hacking Tools Kit
  89. Pentest Tools Subdomain
  90. Hacking Tools Free Download
  91. Blackhat Hacker Tools
  92. Top Pentest Tools
  93. Hackers Toolbox
  94. Hacking Tools Free Download
  95. Physical Pentest Tools
  96. Hacking Tools For Windows
  97. Underground Hacker Sites
  98. Hacker Tool Kit
  99. Usb Pentest Tools
  100. New Hacker Tools
  101. Best Hacking Tools 2019
  102. Hack Tools For Mac
  103. Pentest Tools
  104. Hack Tools For Pc
  105. Hack Tools For Ubuntu
  106. Game Hacking
  107. Pentest Tools Tcp Port Scanner
  108. Hacking Tools Github
  109. Game Hacking
  110. Computer Hacker
  111. Hacking Tools For Windows 7
  112. Github Hacking Tools
  113. Hack Tools Online
  114. Hacks And Tools
  115. Hacker Tools Hardware
  116. Nsa Hack Tools
  117. Pentest Automation Tools
  118. Hacking Tools For Games
  119. Install Pentest Tools Ubuntu
  120. Hacking Tools Github
  121. Easy Hack Tools
  122. Hacker Hardware Tools
  123. Hackers Toolbox
  124. Android Hack Tools Github
  125. Pentest Tools For Mac
  126. Hack Tool Apk
  127. Hacker Tools Free
  128. Hackrf Tools
  129. Beginner Hacker Tools

No comments: