Vulcan DoS Vs Akamai

In the past I had to do several DoS security audits, with múltiples types of tests and intensities. Sometimes several DDoS protections were present like Akamai for static content, and Arbor for absorb part of the bandwith.

One consideration for the DoS/DDoS tools is that probably it will loss the control of the attacker host, and the tool at least has to be able to stop automatically with a timeout, but can also implement remote response checks.

In order to size the minimum mbps needed to flood a service or to retard the response in a significant amount of time, the attacker hosts need a bandwith limiter, that increments in a logarithmic way up to a limit agreed with the customer/isp/cpd.

There are DoS tools that doesn't have this timeouts, and bandwith limit based on mbps, for that reason I have to implement a LD_PRELOAD based solution: bwcontrol

Although there are several good tools for stressing web servers and web aplications like apache ab, or other common tools used for pen-testing, but I also wrote a fast web flooder in c++ named wflood.

As expected the most effective for taking down the web server are the slow-loris, slow-read and derivatives, few host were needed to DoS an online banking. 

Remote attacks to database and highly dynamic web content were discarded, that could be impacted for sure.

I did another tool in c++ for crafting massive tcp/udp/ip malformed packets, that impacted sometimes on load balancers and firewalls, it was vulcan, it freezed even the firewall client software.

The funny thing was that the common attacks against Akamai hosts, where ineffective, and so does the slow-loris family of attacks, because are common, and the Akamai nginx webservers are well tunned. But when tried vulcan, few intensity was enough to crash Akamai hosts.

Another attack vector for static sites was trying to locate the IP of the customer instead of Akamai, if the customer doesn't use the Akamai Shadow service, it's possible to perform a HTTP Host header scan, and direct the attack to that host bypassing Akamai.

And what about Arbor protection? is good for reducing the flood but there are other kind of attacks, and this protection use to be disabled by default and in local holidays can be a mess.

More information

1. Pentest Tools Kali Linux
2. Nsa Hack Tools Download
3. Beginner Hacker Tools
4. Hacking Tools 2020
5. Hacker Techniques Tools And Incident Handling
6. Top Pentest Tools
7. Hacker Tools Online
8. Github Hacking Tools
9. Beginner Hacker Tools
10. Hacking Tools For Pc
11. Hack Tools
12. Growth Hacker Tools
13. Wifi Hacker Tools For Windows
14. Hack Tool Apk No Root
15. Pentest Automation Tools
16. Pentest Recon Tools
17. Hacker Tools For Mac
18. Nsa Hacker Tools
19. Hack And Tools
20. Hacking Tools For Kali Linux
21. Pentest Tools Download
22. Hacking Tools Software
23. Usb Pentest Tools
24. Hacking Tools For Games
25. Pentest Tools Download
26. Hacking Tools For Games
27. Hacker Security Tools
28. Pentest Tools For Mac
29. Hack Website Online Tool
30. Pentest Tools Website Vulnerability
31. Hacker Security Tools
32. Hacking Tools For Games
33. Pentest Tools Download
34. Hacker Tools Free Download
35. Pentest Tools Url Fuzzer
36. Hack Tools Pc
37. Blackhat Hacker Tools
38. Pentest Tools Find Subdomains
39. Hack Tool Apk
40. Pentest Tools List
41. Pentest Recon Tools
42. Pentest Tools Download
43. Hacker Tools For Pc
44. What Is Hacking Tools
45. Pentest Tools Alternative
46. Hack Tools For Mac
47. Hacker Tools List
48. Hack Tool Apk No Root
49. Underground Hacker Sites
50. Hack And Tools
51. Pentest Tools Framework
52. Hacking Tools Github
53. Hacker Search Tools
54. Hacking Tools For Windows Free Download
55. Hack And Tools
56. Nsa Hack Tools
57. Game Hacking
58. Hack Tools Online
59. Hacker Tools Github
60. Pentest Reporting Tools
61. Kik Hack Tools
62. Hacker Tools 2019
63. Pentest Tools Kali Linux
64. Pentest Box Tools Download
65. Hack Tool Apk
66. Hacker Tools Free Download
67. Hacker Tools Windows
68. Hacker Tools For Pc
69. New Hack Tools
70. Top Pentest Tools
71. Hack Tools For Ubuntu
72. Top Pentest Tools