SlideShare a Scribd company logo

Penetration testing is a field which has experienced rapid growth over the years

Download as DOCX, PDF
Gregory Hanis
Gregory Hanis
Technology
1 of 3
Sockstressby Gregory Hanis Penetration testing is a field which has experienced rapid growth over the years, and is not going to slow down any time soon. This subject is certainly not to be entered into lightly by either the organization sponsoring the test, or the testers themselves. There are many legal issues that need to be dealt with prior to even starting the test not to mention laying down a groundwork of rules for the test such as which areas are exposed and what the procedure is comprised of. As a newcomer to penetration testing you need to understand that vulnerabilities exist in all networks, operating systems, and applications. New attacks and vulnerabilities appear constantly, and even some old and well known attacks seem to slip through the defenses of modern networks. Let’s discuss a vulnerability and attack which was introduced in 2008 by Robert E. Lee and Jack Louis, called Sockstress. Sockstress has been chosen because it is an outstanding example of a vulnerability exploitation which is well known and in most cases controlled by intrusion detection/prevention systems. Even though there are many tools available to detect and thwart this threat it still poses a danger such as in the astounding Spamhaus attack in March of 2013 (Bowne S. , 2013). Descriptions used here of the attack are by no means comprehensive, but they will give the new penetration tester a look at a small part of what goes into identifying and mitigating attacks in general. Briefly, Sockstress is a denial of service attack which consumes resources of devices that accept TCP connections. The attack itself uses a “user-land” TCP stack, or TCP stack within the application, rather than the kernel’s TCP stack. Typically it will open an arbitrary number of connections to a server and engage in the usual 3-way TCP handshake. Once the connection is established Sockstress targets specific traits of TCP in order to tax resources on the server such as timers, buffer window sizes, and memory used in the connection. Windows, Mac, Linux, and BSD are all similarly affected by the attack, with the common vector being TCP (Gibson &Laporte, 2008). With Sockstress we have a situation where implementation of the tool is difficult enough so that it is not favored by most script-kiddies, and moreover it is easy enough to mitigate. Consequently not enough people are paying attention or protecting themselves from it. Killing a server or denying services is perhaps not as profitable as other exploits in the cyber-crime world, so for the most part parties with the criminal capabilities have either not taken much interest or are preparing a large scale implementation for a later date. If there were a widely distributed tool for carrying out these attacks and the proper defenses had never been developed, perhaps there would be more cause for concern. Today’s script kiddies however enjoy working in numbers and they have the ability to make mayhem with tools that are already available. The beauty of this attack is that it does not require tremendous resources on the part of the attacker- a small herd of bots is able to tie up enough resources over time to bring down a server. As each connection is made server resources are committed to that socket or connection. Each zombie computer continues to establish connections and subversively chew up resources such as RAM. Rather than flooding the server this attack allows resource degradation rather than connection volume to bring down a server. In August of this year, Sam Bowne displayed a great example of Sockstress in action at the BSides Las Vegas conference (Bowne, S. 2013).
Sockstressby Gregory Hanis It is important to note that this attack can be performed by a single machine, or a small number of machines. All the attacker needs to supply is different IP addresses in order to mask how many endpoints are performing the attack. Using a set of zombie computers is a better method of attack though, because the endpoints can come from different geographic locations. These connections appear as though they are coming from valid clients to the server, making life difficult for the intrusion detection systems being used. By no means does that mean there is no defense to the attack. Tools available to block this attack include those that block IP addresses, or limit how many connections can be made from a specific IP address. Cisco suggests mitigation by “allowing only trusted sources to access TCP based services” (Cisco, 2009). Whitelisting in this way is not feasible with publicly facing servers though. Red Hat recommends “limit the number of new connections over a time period” (redhat, 2013). Set connection rules to check if there are more than 10 TCP connections to a port over a given time, suggested at one minute. This gives a connection rate limit rather than a concurrent connection limit. Red Hat also suggests that once it is evident that you are under attack block the offensive IP(s). Mitigation will be based on a case by case basis, but repetitive zero or low value windows set on connections will give a good indication that your service is at risk (redhat, 2013). One method of supporting detection of this type of attack is to keep track of connections which are consistently giving TCP zero window, or low value window returns. The trouble is in false positives. Client connections may be slow, or routers along the path of the transmission may have full buffers forcing a real client to invoke TCP's flow control mechanisms, which may make them fit the profile of an attacker. Connections which have the heuristic or behavioral traits of a Sockstress attack may have to be dropped forcing the client to reconnect, degrading QoS. Repetitive reconnection attempts from an IP address with zero or low value windows can be forced to wait for a time between connections, or perhaps even be blacklisted to prevent further trouble from that IP. Also, track and monitor system resource usage such as RAM on the server. As the Sockstress clients connect and tell the server to hold the connection data, the server's RAM usage will gradually start to ramp up based on how many connections are being made. As the RAM usage increases to a threshold level, stale connections which are just dithering should be shed reducing resource load. This can still have a negative impact on QoS. Connections dropped must be algorithmically compared against what is deemed as a productive connection, hopefully preventing false positives in which too many real clients lose the service. After reading this brief description of an attack it should be evident that penetration testing is no laughing matter. The Spamhaus attack mentioned above has been given light treatment here, but was actually a remarkably effective attack that had a rippling effect through the Internet which even affected the London Internet Exchange (LINX) (Dunn, 2013). Also it is evident that there are many reasons to commit or solicit penetration tests. Having a penetration test might have found the vulnerabilities at Spamhaus - if it had been discovered. Another reason to acquire solid pen testing services is to ensure that organizations such as service providers comply with safeguards imposed by regulatory compliance, contracts, and service level agreements. These will require various types of insurance that the services provided are secure and interests are
Sockstressby Gregory Hanis protected. Penetration testing provides proof of due diligence on the part of the organization or service provider, lending more than a modicum of legal protection. As a field of employment penetration testing is not going to see reductions for its need across all industries; quite the opposite will surely be true. As new vulnerabilities continue to be found and crafty thieves create new tools and attacks the need for network hardening is only going to increase and become more valuable. References Bowne, S. (2013, August 5). BSidesLV 2013 cookie reusesambowne. Retrieved from youtube.com: https://www.youtube.com/watch?v=AJs-_HhOku0 Bowne, S. (2013).Evil Dos attacks and strong defenses. Retrieved from samsclass.info: http://samsclass.info/seminars/defcon21-cfp.htm Cisco. (2009, September 9). Cisco response to outpost24 TCP state table manipulation denial of service vulnerabilities. Retrieved from cisco.com: http://www.cisco.com/en/US/products/csr/cisco-sr20081017-tcp.html Dunn, J. (2013, September 30). British teen accused of massive spamhausDDoS attack arrested months ago. Retrieved from techworld.com: http://news.techworld.com/security/3471224/british-teenaccused-of-massive-spamhaus-ddos-attack-arrested-months-ago/ Gibson, S., &Laporte, L. (2008, October 2). Sockstress; security now! episode 164 transcript.Retrieved from grc.com: https://www.grc.com/sn/sn-164.htm redhat. (2013, August 05). Does CVE-2008-4609 affect Red Hat Enterprise Linux? Retrieved from redhat.com: https://access.redhat.com/site/solutions/18729

Recommended

How to mitigate tcp syn flood attacks
How to mitigate tcp syn flood attacksHow to mitigate tcp syn flood attacks
How to mitigate tcp syn flood attacksTechnograhx
 
NetworkWorld-SafeBreach
NetworkWorld-SafeBreachNetworkWorld-SafeBreach
NetworkWorld-SafeBreachDan Kunkel
 
20150311 bit module7_tbk_bit_lecture
20150311 bit module7_tbk_bit_lecture20150311 bit module7_tbk_bit_lecture
20150311 bit module7_tbk_bit_lectureUniversity of Twente
 
20140313_tu_delft
20140313_tu_delft20140313_tu_delft
20140313_tu_delftUniversity of Twente
 
20160316_tbk_bit_module7
20160316_tbk_bit_module720160316_tbk_bit_module7
20160316_tbk_bit_module7University of Twente
 
DDoS Mitigation Training | DDoS Mitigation Guide | Learn DDoS Mitigation Conc...
DDoS Mitigation Training | DDoS Mitigation Guide | Learn DDoS Mitigation Conc...DDoS Mitigation Training | DDoS Mitigation Guide | Learn DDoS Mitigation Conc...
DDoS Mitigation Training | DDoS Mitigation Guide | Learn DDoS Mitigation Conc...MazeBolt Technologies
 
Hands-On Security Breakout Session- Disrupting the Kill Chain
Hands-On Security Breakout Session- Disrupting the Kill ChainHands-On Security Breakout Session- Disrupting the Kill Chain
Hands-On Security Breakout Session- Disrupting the Kill ChainSplunk
 
Review of Detection DDOS Attack Detection Using Naive Bayes Classifier for Ne...
Review of Detection DDOS Attack Detection Using Naive Bayes Classifier for Ne...Review of Detection DDOS Attack Detection Using Naive Bayes Classifier for Ne...
Review of Detection DDOS Attack Detection Using Naive Bayes Classifier for Ne...journalBEEI
 

Recommended

How to mitigate tcp syn flood attacks
How to mitigate tcp syn flood attacksHow to mitigate tcp syn flood attacks
How to mitigate tcp syn flood attacksTechnograhx
 
NetworkWorld-SafeBreach
NetworkWorld-SafeBreachNetworkWorld-SafeBreach
NetworkWorld-SafeBreachDan Kunkel
 
20150311 bit module7_tbk_bit_lecture
20150311 bit module7_tbk_bit_lecture20150311 bit module7_tbk_bit_lecture
20150311 bit module7_tbk_bit_lectureUniversity of Twente
 
20140313_tu_delft
20140313_tu_delft20140313_tu_delft
20140313_tu_delftUniversity of Twente
 
20160316_tbk_bit_module7
20160316_tbk_bit_module720160316_tbk_bit_module7
20160316_tbk_bit_module7University of Twente
 
DDoS Mitigation Training | DDoS Mitigation Guide | Learn DDoS Mitigation Conc...
DDoS Mitigation Training | DDoS Mitigation Guide | Learn DDoS Mitigation Conc...DDoS Mitigation Training | DDoS Mitigation Guide | Learn DDoS Mitigation Conc...
DDoS Mitigation Training | DDoS Mitigation Guide | Learn DDoS Mitigation Conc...MazeBolt Technologies
 
Hands-On Security Breakout Session- Disrupting the Kill Chain
Hands-On Security Breakout Session- Disrupting the Kill ChainHands-On Security Breakout Session- Disrupting the Kill Chain
Hands-On Security Breakout Session- Disrupting the Kill ChainSplunk
 
Review of Detection DDOS Attack Detection Using Naive Bayes Classifier for Ne...
Review of Detection DDOS Attack Detection Using Naive Bayes Classifier for Ne...Review of Detection DDOS Attack Detection Using Naive Bayes Classifier for Ne...
Review of Detection DDOS Attack Detection Using Naive Bayes Classifier for Ne...journalBEEI
 
DDoS Attacks
DDoS AttacksDDoS Attacks
DDoS AttacksJignesh Patel
 
10 DDoS Mitigation Techniques
10 DDoS Mitigation Techniques10 DDoS Mitigation Techniques
10 DDoS Mitigation TechniquesIntruGuard
 
KHNOG 3: DDoS Attack Prevention
KHNOG 3: DDoS Attack PreventionKHNOG 3: DDoS Attack Prevention
KHNOG 3: DDoS Attack PreventionAPNIC
 
Hands-On Security - Disrupting the Kill Chain
Hands-On Security - Disrupting the Kill ChainHands-On Security - Disrupting the Kill Chain
Hands-On Security - Disrupting the Kill ChainSplunk
 
Advanced security - Seccom Global
Advanced security - Seccom Global Advanced security - Seccom Global
Advanced security - Seccom Global Kim Tu
 
XST
XSTXST
XSTAung Khant
 
Ix3615551559
Ix3615551559Ix3615551559
Ix3615551559IJERA Editor
 
Splunk for Security Workshop
Splunk for Security WorkshopSplunk for Security Workshop
Splunk for Security WorkshopSplunk
 
Cybersecurity breakfast tour 2013 (1)
Cybersecurity breakfast tour 2013 (1)Cybersecurity breakfast tour 2013 (1)
Cybersecurity breakfast tour 2013 (1)Infradata
 
Webmasterbreach
WebmasterbreachWebmasterbreach
WebmasterbreachÉdgar Medina
 
Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)IJERD Editor
 
Denial of-service (do s) attack
Denial of-service (do s) attackDenial of-service (do s) attack
Denial of-service (do s) attackHTS Hosting
 
Hop by hop message authentication chapter 1
Hop by hop message authentication chapter 1Hop by hop message authentication chapter 1
Hop by hop message authentication chapter 1Selva Raj
 
Ransomware 2017: New threats emerge
Ransomware 2017: New threats emergeRansomware 2017: New threats emerge
Ransomware 2017: New threats emergeSymantec Security Response
 
Using LinkedIn to Find a Job
Using LinkedIn to Find a JobUsing LinkedIn to Find a Job
Using LinkedIn to Find a JobCoreen Tossona
 
Introducción Diseño Editorial
Introducción Diseño EditorialIntroducción Diseño Editorial
Introducción Diseño EditorialFelix Jaramillo
 
5 Rules of Good Content
5 Rules of Good Content5 Rules of Good Content
5 Rules of Good ContentCoreen Tossona
 
Abstrak pik
Abstrak pikAbstrak pik
Abstrak pikawan1351
 
Level 1 and 2
Level 1 and 2Level 1 and 2
Level 1 and 2jlopez1996
 
Nail Your Next Job Interview
Nail Your Next Job InterviewNail Your Next Job Interview
Nail Your Next Job InterviewCoreen Tossona
 
Building a-brand-for-your-business
Building a-brand-for-your-businessBuilding a-brand-for-your-business
Building a-brand-for-your-businessCoreen Tossona
 
The grinch
The grinchThe grinch
The grinchPaula Rodriguez
 

More Related Content

What's hot

10 DDoS Mitigation Techniques
10 DDoS Mitigation Techniques10 DDoS Mitigation Techniques
10 DDoS Mitigation TechniquesIntruGuard
 
KHNOG 3: DDoS Attack Prevention
KHNOG 3: DDoS Attack PreventionKHNOG 3: DDoS Attack Prevention
KHNOG 3: DDoS Attack PreventionAPNIC
 
Hands-On Security - Disrupting the Kill Chain
Hands-On Security - Disrupting the Kill ChainHands-On Security - Disrupting the Kill Chain
Hands-On Security - Disrupting the Kill ChainSplunk
 
Advanced security - Seccom Global
Advanced security - Seccom Global Advanced security - Seccom Global
Advanced security - Seccom Global Kim Tu
 
Splunk for Security Workshop
Splunk for Security WorkshopSplunk for Security Workshop
Splunk for Security WorkshopSplunk
 
Cybersecurity breakfast tour 2013 (1)
Cybersecurity breakfast tour 2013 (1)Cybersecurity breakfast tour 2013 (1)
Cybersecurity breakfast tour 2013 (1)Infradata
 
Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)IJERD Editor
 
Denial of-service (do s) attack
Denial of-service (do s) attackDenial of-service (do s) attack
Denial of-service (do s) attackHTS Hosting
 
Hop by hop message authentication chapter 1
Hop by hop message authentication chapter 1Hop by hop message authentication chapter 1
Hop by hop message authentication chapter 1Selva Raj
 

What's hot (14)

DDoS Attacks
DDoS AttacksDDoS Attacks
DDoS Attacks
 
10 DDoS Mitigation Techniques
10 DDoS Mitigation Techniques10 DDoS Mitigation Techniques
10 DDoS Mitigation Techniques
 
KHNOG 3: DDoS Attack Prevention
KHNOG 3: DDoS Attack PreventionKHNOG 3: DDoS Attack Prevention
KHNOG 3: DDoS Attack Prevention
 
Hands-On Security - Disrupting the Kill Chain
Hands-On Security - Disrupting the Kill ChainHands-On Security - Disrupting the Kill Chain
Hands-On Security - Disrupting the Kill Chain
 
Advanced security - Seccom Global
Advanced security - Seccom Global Advanced security - Seccom Global
Advanced security - Seccom Global
 
XST
XSTXST
XST
 
Ix3615551559
Ix3615551559Ix3615551559
Ix3615551559
 
Splunk for Security Workshop
Splunk for Security WorkshopSplunk for Security Workshop
Splunk for Security Workshop
 
Cybersecurity breakfast tour 2013 (1)
Cybersecurity breakfast tour 2013 (1)Cybersecurity breakfast tour 2013 (1)
Cybersecurity breakfast tour 2013 (1)
 
Webmasterbreach
WebmasterbreachWebmasterbreach
Webmasterbreach
 
Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)
 
Denial of-service (do s) attack
Denial of-service (do s) attackDenial of-service (do s) attack
Denial of-service (do s) attack
 
Hop by hop message authentication chapter 1
Hop by hop message authentication chapter 1Hop by hop message authentication chapter 1
Hop by hop message authentication chapter 1
 
Ransomware 2017: New threats emerge
Ransomware 2017: New threats emergeRansomware 2017: New threats emerge
Ransomware 2017: New threats emerge
 

Viewers also liked

Using LinkedIn to Find a Job
Using LinkedIn to Find a JobUsing LinkedIn to Find a Job
Using LinkedIn to Find a JobCoreen Tossona
 
Introducción Diseño Editorial
Introducción Diseño EditorialIntroducción Diseño Editorial
Introducción Diseño EditorialFelix Jaramillo
 
5 Rules of Good Content
5 Rules of Good Content5 Rules of Good Content
5 Rules of Good ContentCoreen Tossona
 
Abstrak pik
Abstrak pikAbstrak pik
Abstrak pikawan1351
 
Nail Your Next Job Interview
Nail Your Next Job InterviewNail Your Next Job Interview
Nail Your Next Job InterviewCoreen Tossona
 
Building a-brand-for-your-business
Building a-brand-for-your-businessBuilding a-brand-for-your-business
Building a-brand-for-your-businessCoreen Tossona
 
Telehack: May the Command Line Live Forever
Telehack: May the Command Line Live ForeverTelehack: May the Command Line Live Forever
Telehack: May the Command Line Live ForeverGregory Hanis
 
How to boost your biz with a buddy
How to boost your biz with a buddyHow to boost your biz with a buddy
How to boost your biz with a buddyCoreen Tossona
 
Evaluating and forecasting the lithium market from a value perspective
Evaluating and forecasting the lithium market from a value perspectiveEvaluating and forecasting the lithium market from a value perspective
Evaluating and forecasting the lithium market from a value perspectiveRoskill
 
Regulamento interno catl
Regulamento interno catlRegulamento interno catl
Regulamento interno catlaszf fontainhas
 
Editorial Calendar - Yes, You Need One. Here's Why.
Editorial Calendar - Yes, You Need One. Here's Why.Editorial Calendar - Yes, You Need One. Here's Why.
Editorial Calendar - Yes, You Need One. Here's Why.Coreen Tossona
 

Viewers also liked (16)

Using LinkedIn to Find a Job
Using LinkedIn to Find a JobUsing LinkedIn to Find a Job
Using LinkedIn to Find a Job
 
Introducción Diseño Editorial
Introducción Diseño EditorialIntroducción Diseño Editorial
Introducción Diseño Editorial
 
5 Rules of Good Content
5 Rules of Good Content5 Rules of Good Content
5 Rules of Good Content
 
Abstrak pik
Abstrak pikAbstrak pik
Abstrak pik
 
Level 1 and 2
Level 1 and 2Level 1 and 2
Level 1 and 2
 
Nail Your Next Job Interview
Nail Your Next Job InterviewNail Your Next Job Interview
Nail Your Next Job Interview
 
Building a-brand-for-your-business
Building a-brand-for-your-businessBuilding a-brand-for-your-business
Building a-brand-for-your-business
 
The grinch
The grinchThe grinch
The grinch
 
2º período
2º período2º período
2º período
 
The grinch
The grinchThe grinch
The grinch
 
Telehack: May the Command Line Live Forever
Telehack: May the Command Line Live ForeverTelehack: May the Command Line Live Forever
Telehack: May the Command Line Live Forever
 
How to boost your biz with a buddy
How to boost your biz with a buddyHow to boost your biz with a buddy
How to boost your biz with a buddy
 
Evaluating and forecasting the lithium market from a value perspective
Evaluating and forecasting the lithium market from a value perspectiveEvaluating and forecasting the lithium market from a value perspective
Evaluating and forecasting the lithium market from a value perspective
 
Regulamento interno catl
Regulamento interno catlRegulamento interno catl
Regulamento interno catl
 
The grinch
The grinchThe grinch
The grinch
 
Editorial Calendar - Yes, You Need One. Here's Why.
Editorial Calendar - Yes, You Need One. Here's Why.Editorial Calendar - Yes, You Need One. Here's Why.
Editorial Calendar - Yes, You Need One. Here's Why.
 

Similar to Penetration testing is a field which has experienced rapid growth over the years

Impact of Flash Crowd Attack in Online Retail Applications
Impact of Flash Crowd Attack in Online Retail ApplicationsImpact of Flash Crowd Attack in Online Retail Applications
Impact of Flash Crowd Attack in Online Retail ApplicationsIJEACS
 
A MECHANISM FOR EARLY DETECTING DDOS ATTACKS BASED ON M/G/R PS QUEUE
A MECHANISM FOR EARLY DETECTING DDOS ATTACKS BASED ON M/G/R PS QUEUEA MECHANISM FOR EARLY DETECTING DDOS ATTACKS BASED ON M/G/R PS QUEUE
A MECHANISM FOR EARLY DETECTING DDOS ATTACKS BASED ON M/G/R PS QUEUEIJNSA Journal
 
A MECHANISM FOR EARLY DETECTING DDOS ATTACKS BASED ON M/G/R PS QUEUE
A MECHANISM FOR EARLY DETECTING DDOS ATTACKS BASED ON M/G/R PS QUEUEA MECHANISM FOR EARLY DETECTING DDOS ATTACKS BASED ON M/G/R PS QUEUE
A MECHANISM FOR EARLY DETECTING DDOS ATTACKS BASED ON M/G/R PS QUEUEIJNSA Journal
 
A MECHANISM FOR EARLY DETECTING DDOS ATTACKS BASED ON M/G/R PS QUEUE
A MECHANISM FOR EARLY DETECTING DDOS ATTACKS BASED ON M/G/R PS QUEUEA MECHANISM FOR EARLY DETECTING DDOS ATTACKS BASED ON M/G/R PS QUEUE
A MECHANISM FOR EARLY DETECTING DDOS ATTACKS BASED ON M/G/R PS QUEUEIJNSA Journal
 
A ROBUST MECHANISM FOR DEFENDING DISTRIBUTED DENIAL OF SERVICE ATTACKS ON WEB...
A ROBUST MECHANISM FOR DEFENDING DISTRIBUTED DENIAL OF SERVICE ATTACKS ON WEB...A ROBUST MECHANISM FOR DEFENDING DISTRIBUTED DENIAL OF SERVICE ATTACKS ON WEB...
A ROBUST MECHANISM FOR DEFENDING DISTRIBUTED DENIAL OF SERVICE ATTACKS ON WEB...IJNSA Journal
 
WEB-BASED APPLICATION LAYER DISTRIBUTED DENIAL-OF-SERVICE ATTACKS: A DATA-DRI...
WEB-BASED APPLICATION LAYER DISTRIBUTED DENIAL-OF-SERVICE ATTACKS: A DATA-DRI...WEB-BASED APPLICATION LAYER DISTRIBUTED DENIAL-OF-SERVICE ATTACKS: A DATA-DRI...
WEB-BASED APPLICATION LAYER DISTRIBUTED DENIAL-OF-SERVICE ATTACKS: A DATA-DRI...indexPub
 
Detection of application layer ddos attack using hidden semi markov model (20...
Detection of application layer ddos attack using hidden semi markov model (20...Detection of application layer ddos attack using hidden semi markov model (20...
Detection of application layer ddos attack using hidden semi markov model (20...Mumbai Academisc
 
DDOS Attacks-A Stealthy Way of Implementation and Detection
DDOS Attacks-A Stealthy Way of Implementation and DetectionDDOS Attacks-A Stealthy Way of Implementation and Detection
DDOS Attacks-A Stealthy Way of Implementation and DetectionIJRES Journal
 
USER AUTHENTICATION DEFENSE AGAINST ONLINE DICTIONARY ATTACKS
USER AUTHENTICATION DEFENSE AGAINST ONLINE DICTIONARY ATTACKSUSER AUTHENTICATION DEFENSE AGAINST ONLINE DICTIONARY ATTACKS
USER AUTHENTICATION DEFENSE AGAINST ONLINE DICTIONARY ATTACKSpharmaindexing
 
A Countermeasure for Double Spending Attacks on Blockchain Technology in Smar...
A Countermeasure for Double Spending Attacks on Blockchain Technology in Smar...A Countermeasure for Double Spending Attacks on Blockchain Technology in Smar...
A Countermeasure for Double Spending Attacks on Blockchain Technology in Smar...IJNSA Journal
 
A New Way of Identifying DOS Attack Using Multivariate Correlation Analysis
A New Way of Identifying DOS Attack Using Multivariate Correlation AnalysisA New Way of Identifying DOS Attack Using Multivariate Correlation Analysis
A New Way of Identifying DOS Attack Using Multivariate Correlation Analysisijceronline
 
Efficient ddos attacks security scheme using asvs
Efficient ddos attacks security scheme using asvsEfficient ddos attacks security scheme using asvs
Efficient ddos attacks security scheme using asvseSAT Publishing House
 
Efficient ddos attacks security scheme using asvs
Efficient ddos attacks security scheme using asvsEfficient ddos attacks security scheme using asvs
Efficient ddos attacks security scheme using asvseSAT Journals
 
An improvement to trust based cross layer security protocol against sybil att...
An improvement to trust based cross layer security protocol against sybil att...An improvement to trust based cross layer security protocol against sybil att...
An improvement to trust based cross layer security protocol against sybil att...Alexander Decker
 
3 Reasons Why The Host Rules Intrusion Detection in The Cloud
3 Reasons Why The Host Rules Intrusion Detection in The Cloud 3 Reasons Why The Host Rules Intrusion Detection in The Cloud
3 Reasons Why The Host Rules Intrusion Detection in The Cloud Threat Stack
 
Protecting your business from ddos attacks
Protecting your business from ddos attacksProtecting your business from ddos attacks
Protecting your business from ddos attacksSaptha Wanniarachchi
 

Similar to Penetration testing is a field which has experienced rapid growth over the years (20)

Impact of Flash Crowd Attack in Online Retail Applications
Impact of Flash Crowd Attack in Online Retail ApplicationsImpact of Flash Crowd Attack in Online Retail Applications
Impact of Flash Crowd Attack in Online Retail Applications
 
A MECHANISM FOR EARLY DETECTING DDOS ATTACKS BASED ON M/G/R PS QUEUE
A MECHANISM FOR EARLY DETECTING DDOS ATTACKS BASED ON M/G/R PS QUEUEA MECHANISM FOR EARLY DETECTING DDOS ATTACKS BASED ON M/G/R PS QUEUE
A MECHANISM FOR EARLY DETECTING DDOS ATTACKS BASED ON M/G/R PS QUEUE
 
A MECHANISM FOR EARLY DETECTING DDOS ATTACKS BASED ON M/G/R PS QUEUE
A MECHANISM FOR EARLY DETECTING DDOS ATTACKS BASED ON M/G/R PS QUEUEA MECHANISM FOR EARLY DETECTING DDOS ATTACKS BASED ON M/G/R PS QUEUE
A MECHANISM FOR EARLY DETECTING DDOS ATTACKS BASED ON M/G/R PS QUEUE
 
A MECHANISM FOR EARLY DETECTING DDOS ATTACKS BASED ON M/G/R PS QUEUE
A MECHANISM FOR EARLY DETECTING DDOS ATTACKS BASED ON M/G/R PS QUEUEA MECHANISM FOR EARLY DETECTING DDOS ATTACKS BASED ON M/G/R PS QUEUE
A MECHANISM FOR EARLY DETECTING DDOS ATTACKS BASED ON M/G/R PS QUEUE
 
A ROBUST MECHANISM FOR DEFENDING DISTRIBUTED DENIAL OF SERVICE ATTACKS ON WEB...
A ROBUST MECHANISM FOR DEFENDING DISTRIBUTED DENIAL OF SERVICE ATTACKS ON WEB...A ROBUST MECHANISM FOR DEFENDING DISTRIBUTED DENIAL OF SERVICE ATTACKS ON WEB...
A ROBUST MECHANISM FOR DEFENDING DISTRIBUTED DENIAL OF SERVICE ATTACKS ON WEB...
 
Https interception
Https interceptionHttps interception
Https interception
 
WEB-BASED APPLICATION LAYER DISTRIBUTED DENIAL-OF-SERVICE ATTACKS: A DATA-DRI...
WEB-BASED APPLICATION LAYER DISTRIBUTED DENIAL-OF-SERVICE ATTACKS: A DATA-DRI...WEB-BASED APPLICATION LAYER DISTRIBUTED DENIAL-OF-SERVICE ATTACKS: A DATA-DRI...
WEB-BASED APPLICATION LAYER DISTRIBUTED DENIAL-OF-SERVICE ATTACKS: A DATA-DRI...
 
Detection of application layer ddos attack using hidden semi markov model (20...
Detection of application layer ddos attack using hidden semi markov model (20...Detection of application layer ddos attack using hidden semi markov model (20...
Detection of application layer ddos attack using hidden semi markov model (20...
 
10. 23757.pdf
10. 23757.pdf10. 23757.pdf
10. 23757.pdf
 
DDOS Attacks-A Stealthy Way of Implementation and Detection
DDOS Attacks-A Stealthy Way of Implementation and DetectionDDOS Attacks-A Stealthy Way of Implementation and Detection
DDOS Attacks-A Stealthy Way of Implementation and Detection
 
Research paper
Research paperResearch paper
Research paper
 
USER AUTHENTICATION DEFENSE AGAINST ONLINE DICTIONARY ATTACKS
USER AUTHENTICATION DEFENSE AGAINST ONLINE DICTIONARY ATTACKSUSER AUTHENTICATION DEFENSE AGAINST ONLINE DICTIONARY ATTACKS
USER AUTHENTICATION DEFENSE AGAINST ONLINE DICTIONARY ATTACKS
 
A Countermeasure for Double Spending Attacks on Blockchain Technology in Smar...
A Countermeasure for Double Spending Attacks on Blockchain Technology in Smar...A Countermeasure for Double Spending Attacks on Blockchain Technology in Smar...
A Countermeasure for Double Spending Attacks on Blockchain Technology in Smar...
 
A New Way of Identifying DOS Attack Using Multivariate Correlation Analysis
A New Way of Identifying DOS Attack Using Multivariate Correlation AnalysisA New Way of Identifying DOS Attack Using Multivariate Correlation Analysis
A New Way of Identifying DOS Attack Using Multivariate Correlation Analysis
 
Efficient ddos attacks security scheme using asvs
Efficient ddos attacks security scheme using asvsEfficient ddos attacks security scheme using asvs
Efficient ddos attacks security scheme using asvs
 
Efficient ddos attacks security scheme using asvs
Efficient ddos attacks security scheme using asvsEfficient ddos attacks security scheme using asvs
Efficient ddos attacks security scheme using asvs
 
DoS/DDoS
DoS/DDoSDoS/DDoS
DoS/DDoS
 
An improvement to trust based cross layer security protocol against sybil att...
An improvement to trust based cross layer security protocol against sybil att...An improvement to trust based cross layer security protocol against sybil att...
An improvement to trust based cross layer security protocol against sybil att...
 
3 Reasons Why The Host Rules Intrusion Detection in The Cloud
3 Reasons Why The Host Rules Intrusion Detection in The Cloud 3 Reasons Why The Host Rules Intrusion Detection in The Cloud
3 Reasons Why The Host Rules Intrusion Detection in The Cloud
 
Protecting your business from ddos attacks
Protecting your business from ddos attacksProtecting your business from ddos attacks
Protecting your business from ddos attacks
 

More from Gregory Hanis

To cert or not to cert
To cert or not to certTo cert or not to cert
To cert or not to certGregory Hanis
 
IDS+Honeypots Making Security Simple
IDS+Honeypots Making Security SimpleIDS+Honeypots Making Security Simple
IDS+Honeypots Making Security SimpleGregory Hanis
 
Rollingstone greghanis
Rollingstone greghanisRollingstone greghanis
Rollingstone greghanisGregory Hanis
 
Javascript Deofuscation A manual Approach
Javascript Deofuscation A manual ApproachJavascript Deofuscation A manual Approach
Javascript Deofuscation A manual ApproachGregory Hanis
 

More from Gregory Hanis (13)

Hacker bootcamp
Hacker bootcampHacker bootcamp
Hacker bootcamp
 
To cert or not to cert
To cert or not to certTo cert or not to cert
To cert or not to cert
 
Windows great again
Windows great againWindows great again
Windows great again
 
IDS+Honeypots Making Security Simple
IDS+Honeypots Making Security SimpleIDS+Honeypots Making Security Simple
IDS+Honeypots Making Security Simple
 
Anonymizers
AnonymizersAnonymizers
Anonymizers
 
Oop in php_tutorial
Oop in php_tutorialOop in php_tutorial
Oop in php_tutorial
 
Suncoastscam
SuncoastscamSuncoastscam
Suncoastscam
 
Rollingstone greghanis
Rollingstone greghanisRollingstone greghanis
Rollingstone greghanis
 
Linuxserver harden
Linuxserver hardenLinuxserver harden
Linuxserver harden
 
Intrusion Detection
Intrusion DetectionIntrusion Detection
Intrusion Detection
 
security IDS
security IDSsecurity IDS
security IDS
 
Pm final project
Pm final projectPm final project
Pm final project
 
Javascript Deofuscation A manual Approach
Javascript Deofuscation A manual ApproachJavascript Deofuscation A manual Approach
Javascript Deofuscation A manual Approach
 

Recently uploaded

Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentationphoebematthew05
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 

Recently uploaded (20)

Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentation
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 

Penetration testing is a field which has experienced rapid growth over the years

  • 1. Sockstressby Gregory Hanis Penetration testing is a field which has experienced rapid growth over the years, and is not going to slow down any time soon. This subject is certainly not to be entered into lightly by either the organization sponsoring the test, or the testers themselves. There are many legal issues that need to be dealt with prior to even starting the test not to mention laying down a groundwork of rules for the test such as which areas are exposed and what the procedure is comprised of. As a newcomer to penetration testing you need to understand that vulnerabilities exist in all networks, operating systems, and applications. New attacks and vulnerabilities appear constantly, and even some old and well known attacks seem to slip through the defenses of modern networks. Let’s discuss a vulnerability and attack which was introduced in 2008 by Robert E. Lee and Jack Louis, called Sockstress. Sockstress has been chosen because it is an outstanding example of a vulnerability exploitation which is well known and in most cases controlled by intrusion detection/prevention systems. Even though there are many tools available to detect and thwart this threat it still poses a danger such as in the astounding Spamhaus attack in March of 2013 (Bowne S. , 2013). Descriptions used here of the attack are by no means comprehensive, but they will give the new penetration tester a look at a small part of what goes into identifying and mitigating attacks in general. Briefly, Sockstress is a denial of service attack which consumes resources of devices that accept TCP connections. The attack itself uses a “user-land” TCP stack, or TCP stack within the application, rather than the kernel’s TCP stack. Typically it will open an arbitrary number of connections to a server and engage in the usual 3-way TCP handshake. Once the connection is established Sockstress targets specific traits of TCP in order to tax resources on the server such as timers, buffer window sizes, and memory used in the connection. Windows, Mac, Linux, and BSD are all similarly affected by the attack, with the common vector being TCP (Gibson &Laporte, 2008). With Sockstress we have a situation where implementation of the tool is difficult enough so that it is not favored by most script-kiddies, and moreover it is easy enough to mitigate. Consequently not enough people are paying attention or protecting themselves from it. Killing a server or denying services is perhaps not as profitable as other exploits in the cyber-crime world, so for the most part parties with the criminal capabilities have either not taken much interest or are preparing a large scale implementation for a later date. If there were a widely distributed tool for carrying out these attacks and the proper defenses had never been developed, perhaps there would be more cause for concern. Today’s script kiddies however enjoy working in numbers and they have the ability to make mayhem with tools that are already available. The beauty of this attack is that it does not require tremendous resources on the part of the attacker- a small herd of bots is able to tie up enough resources over time to bring down a server. As each connection is made server resources are committed to that socket or connection. Each zombie computer continues to establish connections and subversively chew up resources such as RAM. Rather than flooding the server this attack allows resource degradation rather than connection volume to bring down a server. In August of this year, Sam Bowne displayed a great example of Sockstress in action at the BSides Las Vegas conference (Bowne, S. 2013).
  • 2. Sockstressby Gregory Hanis It is important to note that this attack can be performed by a single machine, or a small number of machines. All the attacker needs to supply is different IP addresses in order to mask how many endpoints are performing the attack. Using a set of zombie computers is a better method of attack though, because the endpoints can come from different geographic locations. These connections appear as though they are coming from valid clients to the server, making life difficult for the intrusion detection systems being used. By no means does that mean there is no defense to the attack. Tools available to block this attack include those that block IP addresses, or limit how many connections can be made from a specific IP address. Cisco suggests mitigation by “allowing only trusted sources to access TCP based services” (Cisco, 2009). Whitelisting in this way is not feasible with publicly facing servers though. Red Hat recommends “limit the number of new connections over a time period” (redhat, 2013). Set connection rules to check if there are more than 10 TCP connections to a port over a given time, suggested at one minute. This gives a connection rate limit rather than a concurrent connection limit. Red Hat also suggests that once it is evident that you are under attack block the offensive IP(s). Mitigation will be based on a case by case basis, but repetitive zero or low value windows set on connections will give a good indication that your service is at risk (redhat, 2013). One method of supporting detection of this type of attack is to keep track of connections which are consistently giving TCP zero window, or low value window returns. The trouble is in false positives. Client connections may be slow, or routers along the path of the transmission may have full buffers forcing a real client to invoke TCP's flow control mechanisms, which may make them fit the profile of an attacker. Connections which have the heuristic or behavioral traits of a Sockstress attack may have to be dropped forcing the client to reconnect, degrading QoS. Repetitive reconnection attempts from an IP address with zero or low value windows can be forced to wait for a time between connections, or perhaps even be blacklisted to prevent further trouble from that IP. Also, track and monitor system resource usage such as RAM on the server. As the Sockstress clients connect and tell the server to hold the connection data, the server's RAM usage will gradually start to ramp up based on how many connections are being made. As the RAM usage increases to a threshold level, stale connections which are just dithering should be shed reducing resource load. This can still have a negative impact on QoS. Connections dropped must be algorithmically compared against what is deemed as a productive connection, hopefully preventing false positives in which too many real clients lose the service. After reading this brief description of an attack it should be evident that penetration testing is no laughing matter. The Spamhaus attack mentioned above has been given light treatment here, but was actually a remarkably effective attack that had a rippling effect through the Internet which even affected the London Internet Exchange (LINX) (Dunn, 2013). Also it is evident that there are many reasons to commit or solicit penetration tests. Having a penetration test might have found the vulnerabilities at Spamhaus - if it had been discovered. Another reason to acquire solid pen testing services is to ensure that organizations such as service providers comply with safeguards imposed by regulatory compliance, contracts, and service level agreements. These will require various types of insurance that the services provided are secure and interests are
  • 3. Sockstressby Gregory Hanis protected. Penetration testing provides proof of due diligence on the part of the organization or service provider, lending more than a modicum of legal protection. As a field of employment penetration testing is not going to see reductions for its need across all industries; quite the opposite will surely be true. As new vulnerabilities continue to be found and crafty thieves create new tools and attacks the need for network hardening is only going to increase and become more valuable. References Bowne, S. (2013, August 5). BSidesLV 2013 cookie reusesambowne. Retrieved from youtube.com: https://www.youtube.com/watch?v=AJs-_HhOku0 Bowne, S. (2013).Evil Dos attacks and strong defenses. Retrieved from samsclass.info: http://samsclass.info/seminars/defcon21-cfp.htm Cisco. (2009, September 9). Cisco response to outpost24 TCP state table manipulation denial of service vulnerabilities. Retrieved from cisco.com: http://www.cisco.com/en/US/products/csr/cisco-sr20081017-tcp.html Dunn, J. (2013, September 30). British teen accused of massive spamhausDDoS attack arrested months ago. Retrieved from techworld.com: http://news.techworld.com/security/3471224/british-teenaccused-of-massive-spamhaus-ddos-attack-arrested-months-ago/ Gibson, S., &Laporte, L. (2008, October 2). Sockstress; security now! episode 164 transcript.Retrieved from grc.com: https://www.grc.com/sn/sn-164.htm redhat. (2013, August 05). Does CVE-2008-4609 affect Red Hat Enterprise Linux? Retrieved from redhat.com: https://access.redhat.com/site/solutions/18729