How to duplicate a DoS attack

Question

I've a WP blog who have received a DoS attack last days. server start using all CPU and memory, and eventually stop replying http request.

It's a POST request to xmlrpc.php, I've checked the content of the $_POST var and is empty, so it looks similar to this kind of attack:

http://blog.carlesmateo.com/2014/08/30/stopping-and-investigating-a-wordpress-xmlrpc-php-attack/

It seems to be a very basic attack, so I'm interested in duplicate it.

I've tried with curl and ab without any luck (I'm not able to take my server down) I also tried with siege but not sure if I configured it right.

So my question is about what tools can be used to create multiple, simultanious POST connections to a remote server, in this case my blog.

`curl`, `ab` and `siege` can all be used. There are also third-party services like https://www.blitz.io/. — ceejayoz, Feb 09 '16 at 14:52
You may want to let your host know you're testing this out. You might get flagged as a real attacker and have your IP null routed. — ceejayoz, Feb 09 '16 at 15:02

score 0 · Answer 1 · answered Feb 09 '16 at 14:51

0

Isolate this test if you can. There is an application that might work, its called Low Orbit Ion Cannon or LOIC. Look for it on sourceforge.net @ http://sourceforge.net/projects/loic/

answered Feb 09 '16 at 14:51

jonathan warren

351
2
4

i checked loic but it seems to flood with UDP packets only, which are really low cpu utilization. – Arnold Roa Feb 09 '16 at 15:01
sorry thought there was a tcp setting – jonathan warren Feb 09 '16 at 16:12

How to duplicate a DoS attack

1 Answers1