How to determine the systems with vulnerability, which scanning tool is best. The system should be identified so that it can be used as agent for DDoS. In a test bed environment I want to check this. Can anyone help?
Asked
Active
Viewed 597 times
4 Answers
1
Not directly related to your question but a idea that may become handy somewhere in the future is the concept of enabling netflow in your network infrastructure.
Once your network devices start reporting network flows to a netflow collector you can relatively easy detect which machines are being used as part of a DDoS campaign. Those that shows a spike in the number of flows per second may very well be the ones that are already compromised and used as a DDoS tool to disable a target (netflow has many other uses in security).
There are many other "traffic engineering" techniques that are useful to detect this kind of behavior in an enterprise network (and many others in a service provider environment).
For example through traffic engineering (routing) you could "attract" all the traffic destined to the IP address space (i.e. RFC1918/RFC5735) that your organization is not using into a device that is commonly referred to as the "sinkhole". You should normally never see traffic in the sinkhole, but if you do, it may be signaling the presence of compromised machines in your infrastructure that are generating traffic to IP addresses that are not valid inside your organization. Because you are "attracting" this traffic, they end at the sinkhole. This behavior may also be the result of infected machines scanning your organization searching for victims to further spread, etc.
jliendo
- 1,578
- 11
- 13
0
Any system can become compromised and be used for DDoS. To remotely scan a system to see if it is vulnerable to attack you can use OpenVAS. Compromised machines are also used to send spam, many ip addresses on a Realtime Black List are also members of a botnet which are often used for DDoS.
Rook
- 2,655
- 6
- 27
- 35
0
A combined use of nmap and metasploit can help you detect a vulnerability and launch an attack in a test environment.
Daniel t.
- 9,291
- 1
- 33
- 36
