Roy 10,832 / 0 Report Post Posted July 14, 2020 Hey all, I just figured I'd share a video I made that includes me pen-testing my home server using my Packet Flooding tool to generate a DoS attack against my Barricade Firewall project. The Packet Flooding tool sends packets to the VM running the Barricade FW directly by using its MAC address. This makes it so it doesn't have to go through my router/gateway (which can rarely handle ~50+K PPS). The packet flooding tool is able to generate 3.4 - 4.0 gbps running on an older Intel Xeon clocked at 2.2 GHz (12 cores and 24 threads) when sending packets with a payload of 1400 bytes (equally). For an older Xeon CPU, I feel it being able to push 3.5 - 4 gbps is pretty impressive. When sending packets with no payload, I'm able to send over 500K+ PPS on my home server (demonstrated in the video as well). Here's the video with the results: Before running the Barricade Firewall tool on the victim VM, the TCP SYN flood was able to cause a lot of packet loss on my VM (~50%). However, after enabling the firewall, I saw no packet loss whatsoever and everything worked fine. It's pretty neat doing this pen-testing knowing I've made the tool that generates the DoS attack and also the tool to block the attack Doing things like this helps me understand (D)DoS attacks along with understanding how to block them. This is pretty important because we're responsible for filtering on our Anycast network and I'm currently rolling out filters that should drop most malicious traffic unless if the attacker knows exactly what they're doing. After BiFrost is released, I'm confident we'll be blocking all malicious traffic since we'll be accepting legitimate traffic only and dropping the rest. If you have any questions, feel free to respond I made this thread for those who are interested in the networking and programming I'm into. Thanks! Share this post Link to post Share on other sites More sharing options...
mbs 365 / 8,846 Report Post Posted July 14, 2020 · Hidden Hidden Or just use an auto refresher Former Manager On Hide and Seek Former Admin on prop hunt Former trail admin on breach Share this post Link to post
Roy 10,832 / 0 Report Post Posted July 14, 2020 1 hour ago, mbs said: Or just use an auto refresher You're just lucky PHP + IPS 4 + the old web machine without rate limiting was easy to take down Share this post Link to post Share on other sites More sharing options...