KS-Soft. Network Management Solutions
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister    ProfileProfile    Log inLog in 

DoS using Host Monitor

 
Post new topic   Reply to topic    KS-Soft Forum Index -> Other
View previous topic :: View next topic  
Author Message
patches



Joined: 22 Nov 2009
Posts: 3

PostPosted: Sun Nov 22, 2009 11:51 am    Post subject: DoS using Host Monitor Reply with quote

Theoretically, could KS Host Monitor be used to perpetrate a denial of service attack against a web site, i.e. eat up or deplete server resources, bandwidth, etc.?
Back to top
View user's profile Send private message
KS-Soft



Joined: 03 Apr 2002
Posts: 12791
Location: USA

PostPosted: Mon Nov 23, 2009 1:01 pm    Post subject: Reply with quote

If we made some special mistake in the code and you enable RCI or Active RMA interface allowing connections from any IP address, then yes.
I hope we did not make such mistake. So far we did not get any complains regarding such issue.

Regards
Alex
Back to top
View user's profile Send private message Visit poster's website
patches



Joined: 22 Nov 2009
Posts: 3

PostPosted: Mon Nov 23, 2009 1:25 pm    Post subject: Reply with quote

Our web site has been targeted by DoS attacks by someone using KS Host Monitor. Please see the log excerpts below. The perpetrator made no attempt to hide their IP address. They used KS Host Monitor to pummel our site with millions of hits and many GB of bandwidth over a period of several months.

- - [03/Nov/2009:13:24:05 -0500] "GET
/c-Cat-Furniture.html HTTP/1.1" 301 238 "-" "KSHostMonitor:/1.0"

- - [03/Nov/2009:13:24:05 -0500] "GET
/c-Cat-Furniture.html HTTP/1.1" 301 238 "-" "KSHostMonitor:/1.0"

- - [03/Nov/2009:13:24:05 -0500] "GET / HTTP/1.1"
200 17656 "-" "KSHostMonitor:/1.0"

- - [03/Nov/2009:13:24:05 -0500] "GET / HTTP/1.1"
200 17656 "-" "KSHostMonitor:/1.0"
Back to top
View user's profile Send private message
KS-Soft



Joined: 03 Apr 2002
Posts: 12791
Location: USA

PostPosted: Mon Nov 23, 2009 2:20 pm    Post subject: Reply with quote

I don't think this is attack.
HostMonitor does not allow you to perform more then 128 tests (requests) per second. Is this attack? Of course not, its not enough to attack any web server.

Sure, somebody can install HostMonitor on 100 systems and perform 12800 tests per second against your server. But it just does not make any sense. You need 20 minutes to create simple application that will allow you to send as many requests as posible. You don't need to use some monitoring software, you can easily create your own. All you need is a computer. Usually 1 computer is not enough for such attacks, that why attackers use botnets.

If that traffic is a problem, you should contact admin of the network. You know IP address.

Regards
Alex
Back to top
View user's profile Send private message Visit poster's website
patches



Joined: 22 Nov 2009
Posts: 3

PostPosted: Mon Nov 23, 2009 4:52 pm    Post subject: Reply with quote

This wasn't the only method of attack. This was used in conjunction with another method from a different IP. These combined methods did slow the site severely, crashed it for several days, and cost us thousands of dollars. A DoS attack does not have to totally take a web site completely down and offline to be classified as such. It can cripple a site by using up a large percentage of server resources, i.e. bandwidth, CPU, etc.. This attack was a retaliatory action against us for a prior dispute. We have contacted the perpetrator and the appropriate law enforcement authorities.

Thank you for your viewpoint.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    KS-Soft Forum Index -> Other All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group

KS-Soft Forum Index