DoS using Host Monitor
DoS using Host Monitor
Theoretically, could KS Host Monitor be used to perpetrate a denial of service attack against a web site, i.e. eat up or deplete server resources, bandwidth, etc.?
Our web site has been targeted by DoS attacks by someone using KS Host Monitor. Please see the log excerpts below. The perpetrator made no attempt to hide their IP address. They used KS Host Monitor to pummel our site with millions of hits and many GB of bandwidth over a period of several months.
- - [03/Nov/2009:13:24:05 -0500] "GET
/c-Cat-Furniture.html HTTP/1.1" 301 238 "-" "KSHostMonitor:/1.0"
- - [03/Nov/2009:13:24:05 -0500] "GET
/c-Cat-Furniture.html HTTP/1.1" 301 238 "-" "KSHostMonitor:/1.0"
- - [03/Nov/2009:13:24:05 -0500] "GET / HTTP/1.1"
200 17656 "-" "KSHostMonitor:/1.0"
- - [03/Nov/2009:13:24:05 -0500] "GET / HTTP/1.1"
200 17656 "-" "KSHostMonitor:/1.0"
- - [03/Nov/2009:13:24:05 -0500] "GET
/c-Cat-Furniture.html HTTP/1.1" 301 238 "-" "KSHostMonitor:/1.0"
- - [03/Nov/2009:13:24:05 -0500] "GET
/c-Cat-Furniture.html HTTP/1.1" 301 238 "-" "KSHostMonitor:/1.0"
- - [03/Nov/2009:13:24:05 -0500] "GET / HTTP/1.1"
200 17656 "-" "KSHostMonitor:/1.0"
- - [03/Nov/2009:13:24:05 -0500] "GET / HTTP/1.1"
200 17656 "-" "KSHostMonitor:/1.0"
I don't think this is attack.
HostMonitor does not allow you to perform more then 128 tests (requests) per second. Is this attack? Of course not, its not enough to attack any web server.
Sure, somebody can install HostMonitor on 100 systems and perform 12800 tests per second against your server. But it just does not make any sense. You need 20 minutes to create simple application that will allow you to send as many requests as posible. You don't need to use some monitoring software, you can easily create your own. All you need is a computer. Usually 1 computer is not enough for such attacks, that why attackers use botnets.
If that traffic is a problem, you should contact admin of the network. You know IP address.
Regards
Alex
HostMonitor does not allow you to perform more then 128 tests (requests) per second. Is this attack? Of course not, its not enough to attack any web server.
Sure, somebody can install HostMonitor on 100 systems and perform 12800 tests per second against your server. But it just does not make any sense. You need 20 minutes to create simple application that will allow you to send as many requests as posible. You don't need to use some monitoring software, you can easily create your own. All you need is a computer. Usually 1 computer is not enough for such attacks, that why attackers use botnets.
If that traffic is a problem, you should contact admin of the network. You know IP address.
Regards
Alex
This wasn't the only method of attack. This was used in conjunction with another method from a different IP. These combined methods did slow the site severely, crashed it for several days, and cost us thousands of dollars. A DoS attack does not have to totally take a web site completely down and offline to be classified as such. It can cripple a site by using up a large percentage of server resources, i.e. bandwidth, CPU, etc.. This attack was a retaliatory action against us for a prior dispute. We have contacted the perpetrator and the appropriate law enforcement authorities.
Thank you for your viewpoint.
Thank you for your viewpoint.