Vulcan DoS Vs Akamai

In the past I had to do several DoS security audits, with múltiples types of tests and intensities. Sometimes several DDoS protections were present like Akamai for static content, and Arbor for absorb part of the bandwith.

One consideration for the DoS/DDoS tools is that probably it will loss the control of the attacker host, and the tool at least has to be able to stop automatically with a timeout, but can also implement remote response checks.

In order to size the minimum mbps needed to flood a service or to retard the response in a significant amount of time, the attacker hosts need a bandwith limiter, that increments in a logarithmic way up to a limit agreed with the customer/isp/cpd.

There are DoS tools that doesn't have this timeouts, and bandwith limit based on mbps, for that reason I have to implement a LD_PRELOAD based solution: bwcontrol

Although there are several good tools for stressing web servers and web aplications like apache ab, or other common tools used for pen-testing, but I also wrote a fast web flooder in c++ named wflood.

As expected the most effective for taking down the web server are the slow-loris, slow-read and derivatives, few host were needed to DoS an online banking. 

Remote attacks to database and highly dynamic web content were discarded, that could be impacted for sure.

I did another tool in c++ for crafting massive tcp/udp/ip malformed packets, that impacted sometimes on load balancers and firewalls, it was vulcan, it freezed even the firewall client software.

The funny thing was that the common attacks against Akamai hosts, where ineffective, and so does the slow-loris family of attacks, because are common, and the Akamai nginx webservers are well tunned. But when tried vulcan, few intensity was enough to crash Akamai hosts.

Another attack vector for static sites was trying to locate the IP of the customer instead of Akamai, if the customer doesn't use the Akamai Shadow service, it's possible to perform a HTTP Host header scan, and direct the attack to that host bypassing Akamai.

And what about Arbor protection? is good for reducing the flood but there are other kind of attacks, and this protection use to be disabled by default and in local holidays can be a mess.

Related links

1. Hack Tools Github
2. Hak5 Tools
3. What Is Hacking Tools
4. Hacker Tools Linux
5. Hak5 Tools
6. Wifi Hacker Tools For Windows
7. Tools Used For Hacking
8. Computer Hacker
9. Pentest Reporting Tools
10. Hacker Tools Github
11. Pentest Tools
12. Pentest Tools Android
13. Easy Hack Tools
14. Hacking Tools For Windows
15. Install Pentest Tools Ubuntu
16. Hack Website Online Tool
17. Hack Tool Apk
18. Hacker Tools Github
19. Bluetooth Hacking Tools Kali
20. Pentest Box Tools Download
21. Pentest Tools Website Vulnerability
22. Pentest Tools Bluekeep
23. Pentest Tools Website Vulnerability
24. How To Make Hacking Tools
25. Hacker Tools Software
26. Hacker Tools Mac
27. Pentest Tools
28. Hack Tools For Games
29. Hacking Tools For Windows
30. Hacking Tools Name
31. Pentest Tools List
32. Hacking Tools For Windows Free Download
33. Hacking Tools For Mac
34. Hacker Tools Free
35. Hacker Tools Apk Download
36. Hack Tools For Games
37. Tools Used For Hacking
38. Underground Hacker Sites
39. Hacking Tools Github
40. Install Pentest Tools Ubuntu
41. Hack Tools For Games
42. Pentest Tools Review
43. Hacking Tools Mac
44. Tools For Hacker
45. Hacker Tools Free
46. Hacking Apps
47. Hack Tools Pc
48. Hacking Tools For Pc
49. Pentest Automation Tools
50. Pentest Tools
51. How To Hack
52. Beginner Hacker Tools
53. Hacker Tools Free Download
54. Hacker Hardware Tools
55. Pentest Tools Android
56. Pentest Tools Review
57. How To Make Hacking Tools
58. Hacking Tools 2019
59. Hacker Tools For Mac
60. Hack Tools Download
61. Underground Hacker Sites
62. What Is Hacking Tools
63. Hacker Tools Mac
64. Hack Website Online Tool
65. Hack Tools 2019
66. Growth Hacker Tools
67. Pentest Tools
68. Pentest Tools Github
69. Hacker Tools
70. How To Install Pentest Tools In Ubuntu
71. Hacking Tools For Pc
72. Hacker Tools Free Download
73. Hacking Tools For Games
74. Hacker Hardware Tools
75. Hacking Tools And Software
76. Easy Hack Tools
77. Pentest Reporting Tools
78. Pentest Tools Kali Linux
79. Pentest Automation Tools
80. Hack Tools Github
81. Nsa Hack Tools Download
82. Hacking Tools For Pc
83. Hacking Tools And Software
84. Hacker Tools Software
85. Hacker Tools Free
86. Nsa Hacker Tools
87. Game Hacking
88. Pentest Reporting Tools
89. Pentest Tools Nmap
90. Best Hacking Tools 2019
91. Hacking Tools For Games
92. Hackers Toolbox
93. Hacker Tools Online
94. Hack Tools
95. Pentest Recon Tools
96. Hacker Tools For Windows
97. Hack Tools For Mac
98. Nsa Hack Tools Download
99. Hacking Tools For Pc
100. Free Pentest Tools For Windows
101. Hacking Tools 2019
102. Hacker Tools Hardware
103. Pentest Tools Find Subdomains
104. Pentest Automation Tools
105. Hacker Security Tools
106. Hacker Tools For Mac
107. Pentest Tools Bluekeep
108. Hacker Tools Github
109. Pentest Tools Free
110. Beginner Hacker Tools
111. Pentest Tools For Mac
112. Game Hacking
113. Hack Tools For Games
114. Hacking Tools Software
115. Pentest Tools Kali Linux
116. Pentest Tools Website Vulnerability
117. Tools Used For Hacking
118. Pentest Tools For Android
119. Hacker Tools
120. How To Make Hacking Tools
121. Tools Used For Hacking
122. Hacker
123. Pentest Tools Website
124. Pentest Tools Subdomain
125. Hack And Tools
126. Hacker Tools List
127. Pentest Tools Android
128. Pentest Automation Tools
129. New Hack Tools
130. Beginner Hacker Tools
131. Computer Hacker
132. Hacking Tools Windows
133. Kik Hack Tools
134. Hacker Tools For Ios
135. Pentest Tools Download
136. Pentest Tools Tcp Port Scanner
137. How To Hack
138. What Are Hacking Tools
139. Pentest Tools Linux
140. Hacking Tools For Windows
141. Tools For Hacker
142. Hack Tool Apk No Root
143. Hack Rom Tools
144. Best Hacking Tools 2019
145. Install Pentest Tools Ubuntu
146. Blackhat Hacker Tools
147. How To Install Pentest Tools In Ubuntu
148. Hacker Tools 2019