Jump to content
 Share

Roy

My Packet Flooding Tool VS My Barricade Firewall

Recommended Posts

Hey all,

 

I just figured I'd share a video I made that includes me pen-testing my home server using my Packet Flooding tool to generate a DoS attack against my Barricade Firewall project.

 

The Packet Flooding tool sends packets to the VM running the Barricade FW directly by using its MAC address. This makes it so it doesn't have to go through my router/gateway (which can rarely handle ~50+K PPS). The packet flooding tool is able to generate 3.4 - 4.0 gbps running on an older Intel Xeon clocked at 2.2 GHz (12 cores and 24 threads) when sending packets with a payload of 1400 bytes (equally). For an older Xeon CPU, I feel it being able to push 3.5 - 4 gbps is pretty impressive. When sending packets with no payload, I'm able to send over 500K+ PPS on my home server (demonstrated in the video as well).

 

Here's the video with the results:

 

 

Before running the Barricade Firewall tool on the victim VM, the TCP SYN flood was able to cause a lot of packet loss on my VM (~50%). However, after enabling the firewall, I saw no packet loss whatsoever and everything worked fine.

 

It's pretty neat doing this pen-testing knowing I've made the tool that generates the DoS attack and also the tool to block the attack :)

 

Doing things like this helps me understand (D)DoS attacks along with understanding how to block them. This is pretty important because we're responsible for filtering on our Anycast network and I'm currently rolling out filters that should drop most malicious traffic unless if the attacker knows exactly what they're doing. After BiFrost is released, I'm confident we'll be blocking all malicious traffic since we'll be accepting legitimate traffic only and dropping the rest.

 

If you have any questions, feel free to respond :) I  made this thread for those who are interested in the networking and programming I'm into.

 

Thanks!

Share this post


Link to post
Share on other sites


Hidden

Or just use an auto refresher :lenny:


.eJwVzEEOhCAMAMC_8ABaC0L0NwQJkogltJ42-_ddM_f5mGdeZjen6pAd4GiSeR5WlGeqxVbmepU0mtjMHZJqymcvtwrQhs6vHqMPjrYXOES3hCWsRIjR-UjQ-r8RO-5qvj_gJCIu.t46Loz1YH4dqwtzyP7UxuKymbe4Capture.PNG.4c9bc5dbf21f8a1679c5bd711f1f064e.PNG

 

Former Manager On Hide and Seek

Former Admin  on prop hunt

Former trail admin on breach 

Share this post


Link to post

1 hour ago, mbs said:

Or just use an auto refresher :lenny:

You're just lucky PHP + IPS 4 + the old web machine without rate limiting was easy to take down :lenny: 

Share this post


Link to post
Share on other sites


Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


×
×
  • Create New...