Vulcan DoS Vs Akamai

In the past I had to do several DoS security audits, with múltiples types of tests and intensities. Sometimes several DDoS protections were present like Akamai for static content, and Arbor for absorb part of the bandwith.

One consideration for the DoS/DDoS tools is that probably it will loss the control of the attacker host, and the tool at least has to be able to stop automatically with a timeout, but can also implement remote response checks.

In order to size the minimum mbps needed to flood a service or to retard the response in a significant amount of time, the attacker hosts need a bandwith limiter, that increments in a logarithmic way up to a limit agreed with the customer/isp/cpd.

There are DoS tools that doesn't have this timeouts, and bandwith limit based on mbps, for that reason I have to implement a LD_PRELOAD based solution: bwcontrol

Although there are several good tools for stressing web servers and web aplications like apache ab, or other common tools used for pen-testing, but I also wrote a fast web flooder in c++ named wflood.

As expected the most effective for taking down the web server are the slow-loris, slow-read and derivatives, few host were needed to DoS an online banking. 

Remote attacks to database and highly dynamic web content were discarded, that could be impacted for sure.

I did another tool in c++ for crafting massive tcp/udp/ip malformed packets, that impacted sometimes on load balancers and firewalls, it was vulcan, it freezed even the firewall client software.

The funny thing was that the common attacks against Akamai hosts, where ineffective, and so does the slow-loris family of attacks, because are common, and the Akamai nginx webservers are well tunned. But when tried vulcan, few intensity was enough to crash Akamai hosts.

Another attack vector for static sites was trying to locate the IP of the customer instead of Akamai, if the customer doesn't use the Akamai Shadow service, it's possible to perform a HTTP Host header scan, and direct the attack to that host bypassing Akamai.

And what about Arbor protection? is good for reducing the flood but there are other kind of attacks, and this protection use to be disabled by default and in local holidays can be a mess.

Related links

1. Hacking Tools Name
2. Github Hacking Tools
3. Hacking Tools Github
4. Hacker Tools Free
5. How To Make Hacking Tools
6. Hack And Tools
7. Hacker Tools Online
8. Pentest Tools Website
9. Hacking Tools Windows
10. Free Pentest Tools For Windows
11. What Are Hacking Tools
12. Physical Pentest Tools
13. Nsa Hacker Tools
14. Pentest Tools Download
15. Pentest Tools Port Scanner
16. Bluetooth Hacking Tools Kali
17. Pentest Tools Github
18. What Are Hacking Tools
19. Hacking Tools Windows
20. Hacker Tools Windows
21. Pentest Tools For Android
22. How To Make Hacking Tools
23. Tools Used For Hacking
24. Best Pentesting Tools 2018
25. Hacker Tools Apk
26. Hacking Tools Usb
27. Pentest Tools Apk
28. Pentest Tools Online
29. Pentest Tools List
30. Hacking Tools For Pc
31. Pentest Tools Framework
32. Kik Hack Tools
33. Best Hacking Tools 2020
34. Pentest Tools Kali Linux
35. Black Hat Hacker Tools
36. Hacker Tool Kit
37. Hacker Tools 2020
38. Ethical Hacker Tools
39. Hacking Tools Windows 10
40. Tools For Hacker
41. Pentest Tools Bluekeep
42. Pentest Tools Port Scanner
43. Hacking Tools Pc
44. Hack Rom Tools
45. Wifi Hacker Tools For Windows
46. Pentest Tools For Windows
47. Hacking Tools For Mac
48. Bluetooth Hacking Tools Kali
49. Hack Tools For Windows
50. What Is Hacking Tools
51. Pentest Tools Linux
52. Hack Tool Apk
53. Hacking Tools Free Download
54. Pentest Reporting Tools
55. Pentest Tools For Android
56. Ethical Hacker Tools
57. Pentest Reporting Tools
58. Hack Tools For Mac
59. Pentest Tools Kali Linux
60. Hack Tools For Windows
61. Hack Tools For Pc
62. Hacking App
63. Hacking Tools Windows
64. Pentest Tools Framework
65. Hacking Tools Pc
66. Hacking Tools Windows 10
67. Hacking Tools Usb
68. Kik Hack Tools
69. Hacking Tools Mac
70. Hacker Techniques Tools And Incident Handling
71. Hack Tools For Ubuntu
72. Hacker Tools 2020
73. Easy Hack Tools
74. Hackers Toolbox
75. Hacking Tools For Kali Linux
76. Termux Hacking Tools 2019
77. Pentest Tools Android