For the past few days I’m implementing various attacks related to the TCP protocol.
I just finished a TCP connection flooder which can bring almost any service to complete stop with as little as 75Kbit/s and 12 packets per second.
This is for one service only. But if you combine this with a second service, for example the SSH. You can render almost any server with some of its services down without raising any alarms on the network traffic monitoring systems. The flood is with small packets and not very intensive so if the administrators didn’t protected the ssh service on the machine, they would not be able to connect to the machine without serial or kvm console.
Attackers can use such techniques to disrupt all kinds of services.
There are a few more things I like to test and maybe I’ll include these attacks in the next Network Security course in FMI.
I was really glad that I didn’t had to write all of my DoS scripts in C. Actually Net::RawIP and Net::Pcap a perfect modules to write small network things in Perl.
I’ll do some benchmarks to see how good perl is in generating packets and how it compares with the C packet generators I have written.
