ok,i removed that post....i really didnt mean to hurt or flame vijay2.....ofcourse theres plenty of stuff on the net,but as u said it doesnt help if you don't know what to search for.And i got to submit an initial proposal for the project by the 2nd,so there aint much time to read all the basic stuff n then plan things from the ocean of knowledge.so thats reason i ask experts like u.....vijay did try to help,but it really freaks me out when
i post something,RR or someone else trys to help n vijay has a thing or 2 to say bout it......just made me  wonder what the matter was with him...anyways,its over as far as i'm concerned,peace with vijay2.cheers buddy....hope ur ok with me

"the listed attack vectors only make sense if the box you are trying to test is running the vulnerable service"

I wouldnt be knowing what vulnerablities,if any that the server wud be running.So I assume,that i wud have to scan for them first and then based on the search,launch attacks to exploit them...did i get that one right?

Thanks a ton.However, one thing my supervisor says is that if the test tool cant crash the server,it suggests that the tool aint good enuff.
But it cud also mean that the server is robust and secure in which case i can list out the reasons y the attacks arent working anymore and the explanations wud fetch me the required credits.

thanx 4 the info bout the daemons,i wasnt aware of that...so in that case DoS isnt that easy to implement as some of the earlier posts suggest...

I've identified the following DoS attacks-
Apache2
back
Mailbomb
Neptune
Ping of death
Process Table
Smurf
Teardrop
UDP Storm
syslogd

Does it make sense that I focus on these attacks or are they no more effective these days?like for instance the Ping of Death is no more a threat....how good is the rest of the list?

Cheers

Continuing from ystdays post on server crashing(thats my uni project to build a server test tool),I've identified the following DoS attacks-
Apache2
back
Mailbomb
Neptune
Ping of death
Process Table
Smurf
Teardrop
UDP Storm
syslogd

Does it make sense that I focus on these attacks or are they no more effective these days?like for instance the Ping of Death is no more a threat....how good is the rest of the list?

Cheers

I'm with you...Unless i give more specific details,it would be hard for u guys to help me out.I'm in the initial stagesof the project.my supervisor has asked me to identify the type of attacks that i wud need to carry out against windows and linux systems in an attempt to crash it,and make a proposal report...so after the next meeting ,i would have more specific queries.Anyways thanks for the posts,it was really helpful,i was all confused after the googling,lol:)

Role Reversal,
I'm trying to build a framework,on the lines of nessus,metasploit framework,nmap n so on to carry out attacks on a server.I'm authorized to undertake this project and hence no legal issues as such.

the main question for me after reading ur posts is,is dos n ddos the way to go or should i focus on other attacks like sql injection,buffer overflows n stuff?

Its an university project in conjunction with a company!

Shawal,
I'm aware that crashing a server isn't a nice thing to do..however its my dissertation and am doing it for a company so that they could test how good their servers are at withstanding such attacks.

u talked about developing a safe plugin for nessus or enhacing one of the current pen. test tools?..could you plz give me some more details on those lines....?

You also metioned about DoS being very simple to carry out.Would it be that easy if the sever is well protected by IDS and firewall and ddos defence mechanisms?

Thanks mate.I did quite a bit of googling on it,came up with tons of stuff and so understandably confused as to which attacks to focus on...is it only DoS?The server is pretty secure and patched upto date...so need a damn good tool to do the job....

Hi guys,
My names Leo and I'm  new to this forum.I'm assigned a project in my university which's on buiding a security stress testing tool with which to test servers.The tool will be developed by collecting open-source software(nessus,framework and the like) and operating systems and writing a test harness to combine the functionality together into a single flexible tool.

Could you help me with ideas regarding what sort of attacks i should incorporate in the tool,the idea is to try and crash the server.....there would be a software interface.its like i press this button and this particular attack happens...plz help me with suggestions and ideas,am running out of time.....

Cheers