Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: Implement the Ndos tool into the next version of Nmap
From: Duarte Silva <duartejcsilva () gmail com>
Date: Fri, 13 Feb 2009 11:16:18 +0000

Hi,

A DoS attack from a single network connection is not enough in a
pentesting situation.DoS attacks from a single connection no longer
work in the modern

If you could care to read that chapter in what I think to be one of the
"Stealing The Network" series book (I didn't click the link you
provided), you can read that, ndos as a big flaw, witch is the fact that
the user cant spoof its IP address in order to use the many *cool* DoS
features in it (resource exhaustion by file request? leaving connections
half completed?). Second, ndos isn't a DDoS tool (maybe could be made
into one? don't know).
You were the one to write,

So, please include the Ndos tool in Nmap. I would greatly appreciate
it for
education purposes.

And for this, a simple non firewall protected web server on a local lan
with a simple SYN packet sender utility will suffice. Once again you
would be able to teach the *class* the basics of DoS and demonstrate the
results.  The hell, even DDoS.

Professor 0110 is my online alias. All hackers white, black or gray
should have one.

I can't help myself to wonder why... you choose to use *your* alias to
send this message.

I'm off to weekend, best regards and have fun,
Duarte

Sex, 2009-02-13 às 20:49 +1000, Professor 0110 escreveu:
A simple SYN packet sender
would suffice wouldn't?
A DoS attack from a single network connection is not enough in a pen testing
situation.DoS attacks from a single connection no longer work in the modern
digital age matey. Also, who cares if Black Hats misuse it? Black Hats
already misuse Nmap, nessus, Metasploit, and about a million other hacker
tools around the Internet.

It doesn't have to be implemented into Nmap, but I would appreciate a copy
of Ndos all the same.

And sincerely, why you hide behind *Professor 0110*, come on,
educational proposes?

Professor 0110 is my online alias. All hackers white, black or gray should
have one.

Sincerely,

Professor 0110

On Fri, Feb 13, 2009 at 8:37 PM, Duarte Silva <duartejcsilva () gmail com>wrote:

Hi,

Allow me to disagree.

countered by tools out there such as Metasploit which basically hands
exploits to black hat hackers on a golden plate.

Black hat hackers are the ones that make the exploit modules to
Metasploit. Not the other way round, they may use Metasploit, but only
as a base for rapid prototyping and development of their one exploits.

And sincerely, why you hide behind *Professor 0110*, come on,
educational proposes? If you wanted to show the *class* how to DoS a
server, why don't you do a tool yourself? A simple SYN packet sender
would suffice wouldn't?

Best regards,
saphex

Sex, 2009-02-13 às 18:23 +1000, Professor 0110 escreveu:
Dear Fyodor and Nmappers ,
Ever since Fyodor wrote this paper:

http://insecure.org/stf/tcp-dos-attack-explained.html

I have been intensely interested in his Ndos tool which I hear is a
very
powerful tool for Denial of Service enumeration. And since Ncat and
Ndiff
have been integrated into Nmap, why not Ndos? Also, Ndos would be
great for
pen testing situations where clients want their network stress tested
against denial of service attacks.

Also, the argument that releasing this tool would aid Black Hat
Hackers is
countered by tools out there such as Metasploit which basically hands
exploits to black hat hackers on a golden plate.

So, please include the Ndos tool in Nmap. I would greatly appreciate
it for
education purposes.

Sincerely,

Professor 0110

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

Attachment: signature.asc
Description: Esta é uma parte de mensagem assinada digitalmente


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault