Ershad Shafi Chowdhury(iru@bol-online.com)@2001.07.31 10:12:04 +0000: > Whoa! Hold on those tests if you don't know what to do to protect > yourself first. DoS can be nasty especially if carried out during office > hours. The idea is first to try pen-testing against the actual configuration, and then make the necessary changes. > I suggest reading relevant security docs for those network > devices, e.g. Cisco, WinNT, Win2K, Linux and other devices you may have, > and checking if you have the protection in place. http://neworder.box.sk/ http://packetstorm.linuxsecurity.com/ http://www.securityfocus.com/ Do you recommend me another website of the like? > Then, you can blast away, first from a remote site, then from your local > LAN while no one is working at the office. If you can, close any DB's > you may have running (you don't want your OS to crash and corrupt the DB > too), and if everything works out, you can test again with them up and > running. I think I know what I'm playing with. My question was more about what kind of attacks. For example: - Smurf Attacks - Arp poisoning hubs and switches - Jolt'ing against the Windows Machines. - (a lot more I don't know at this moment) I've already tried exploits against the visible services (some of them might cause DoS) and now I wanted to test the stability of some of our routers, firewalls and workstations and servers. > > On the other hand, if you have already taken the precautions, start with > attempting DoS at workstations, servers, firewalls, hubs, switches and > finally routers. Here we are. Do you know any good place to start? > > Regards, > Ershad Shafi Chowdhury (Iru) > Chief Information Officer > Bangladesh Online Ltd - A Beximco Company > House 21, Road 3, Dhanmondi R/A, Dhaka 1205 > Tel: +88029668320, Fax: +88029668321 > E-mail: iru@bol-online.com, http://bol-online.com > > -----Original Message----- > From: dharanaat_private [mailto:dharanaat_private] > Sent: Tuesday, July 31, 2001 5:26 AM > To: pen-testat_private > Subject: DoS ToolKit > > > Hello list: > > My company is performing (at least trying to do ) a full security test > on our installations, and I've been assigned the network security tests. > I've already performed network maps as seen from the Internet, I've run > ISS and Nessus, I've performed some sniffing in specific areas, I've > read and applied most of the OSSTM Manual and one of the few things that > rests are DoS tests (against network devices, firewalls) but I have no > idea of what > checklist should I follow. > > Can anyone give me some advice? > > Thanks in advance. > > -- > dharana > dharanaat_private > > "Don't worry; you can't do anything." > > ------------------------------------------------------------------------ > ---- > This list is provided by the SecurityFocus Security Intelligence Alert > (SIA) Service. For more information on SecurityFocus' SIA service which > automatically alerts you to the latest security vulnerabilities please > see: https://alerts.securityfocus.com/ > Thanks for your time, -- dharana dharanaat_private "Don't worry; you can't do anything." ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Tue Jul 31 2001 - 10:17:34 PDT