Vulcan DoS Vs Akamai

In the past I had to do several DoS security audits, with múltiples types of tests and intensities. Sometimes several DDoS protections were present like Akamai for static content, and Arbor for absorb part of the bandwith.

One consideration for the DoS/DDoS tools is that probably it will loss the control of the attacker host, and the tool at least has to be able to stop automatically with a timeout, but can also implement remote response checks.

In order to size the minimum mbps needed to flood a service or to retard the response in a significant amount of time, the attacker hosts need a bandwith limiter, that increments in a logarithmic way up to a limit agreed with the customer/isp/cpd.

There are DoS tools that doesn't have this timeouts, and bandwith limit based on mbps, for that reason I have to implement a LD_PRELOAD based solution: bwcontrol

Although there are several good tools for stressing web servers and web aplications like apache ab, or other common tools used for pen-testing, but I also wrote a fast web flooder in c++ named wflood.

As expected the most effective for taking down the web server are the slow-loris, slow-read and derivatives, few host were needed to DoS an online banking. 

Remote attacks to database and highly dynamic web content were discarded, that could be impacted for sure.

I did another tool in c++ for crafting massive tcp/udp/ip malformed packets, that impacted sometimes on load balancers and firewalls, it was vulcan, it freezed even the firewall client software.

The funny thing was that the common attacks against Akamai hosts, where ineffective, and so does the slow-loris family of attacks, because are common, and the Akamai nginx webservers are well tunned. But when tried vulcan, few intensity was enough to crash Akamai hosts.

Another attack vector for static sites was trying to locate the IP of the customer instead of Akamai, if the customer doesn't use the Akamai Shadow service, it's possible to perform a HTTP Host header scan, and direct the attack to that host bypassing Akamai.

And what about Arbor protection? is good for reducing the flood but there are other kind of attacks, and this protection use to be disabled by default and in local holidays can be a mess.

Related posts

1. How To Install Pentest Tools In Ubuntu
2. Pentest Tools List
3. Hacker Tools Free
4. Pentest Tools Online
5. Hack Tool Apk
6. Pentest Tools Review
7. Nsa Hack Tools Download
8. Pentest Tools Website Vulnerability
9. Hacker Hardware Tools
10. Hack Tools For Windows
11. Pentest Tools List
12. Pentest Box Tools Download
13. Usb Pentest Tools
14. Hacking Apps
15. Hacker Tools
16. Pentest Automation Tools
17. Hacking Tools For Games
18. Pentest Tools Website
19. Hacker Tool Kit
20. Hacker Tools Apk
21. Hacker Tool Kit
22. What Are Hacking Tools
23. Blackhat Hacker Tools
24. Hack Tools For Ubuntu
25. Pentest Tools Review
26. Hacking Tools Github
27. Hack Tools For Mac
28. Pentest Tools For Android
29. Hacking Tools For Games
30. Hack App
31. Hacking Tools 2020
32. Install Pentest Tools Ubuntu
33. Hack Tool Apk No Root
34. Hacker Tools For Pc
35. Hack Website Online Tool
36. How To Make Hacking Tools
37. Free Pentest Tools For Windows
38. Bluetooth Hacking Tools Kali
39. Hacker Hardware Tools
40. Pentest Tools Github
41. Pentest Tools Bluekeep
42. Hack And Tools
43. What Are Hacking Tools
44. Hacker Tool Kit
45. Hacker Tools Software
46. Hacking Tools For Games
47. Pentest Tools Open Source
48. Hacker Tools Free Download
49. Hack Tools 2019
50. Beginner Hacker Tools
51. Hack Tools Pc
52. Hacking Tools Hardware
53. Pentest Tools Website Vulnerability
54. Nsa Hack Tools
55. Underground Hacker Sites
56. Wifi Hacker Tools For Windows
57. Ethical Hacker Tools
58. Hacking Tools For Pc
59. Pentest Tools Url Fuzzer
60. Hack Tools For Mac
61. Hacker Tools Apk Download
62. Kik Hack Tools
63. Hacking Tools Windows
64. Pentest Tools Port Scanner
65. Hack Tools For Windows
66. Hacker Tools Hardware
67. Hacker Tools 2020
68. Kik Hack Tools
69. Hacker Tools Github