DoS using Host Monitor

General chat about HostMonitor
Post Reply
patches
Posts: 3
Joined: Sun Nov 22, 2009 11:35 am

DoS using Host Monitor

Post by patches »

Theoretically, could KS Host Monitor be used to perpetrate a denial of service attack against a web site, i.e. eat up or deplete server resources, bandwidth, etc.?
KS-Soft
Posts: 12921
Joined: Wed Apr 03, 2002 6:00 pm
Location: USA
Contact:

Post by KS-Soft »

If we made some special mistake in the code and you enable RCI or Active RMA interface allowing connections from any IP address, then yes.
I hope we did not make such mistake. So far we did not get any complains regarding such issue.

Regards
Alex
patches
Posts: 3
Joined: Sun Nov 22, 2009 11:35 am

Post by patches »

Our web site has been targeted by DoS attacks by someone using KS Host Monitor. Please see the log excerpts below. The perpetrator made no attempt to hide their IP address. They used KS Host Monitor to pummel our site with millions of hits and many GB of bandwidth over a period of several months.

- - [03/Nov/2009:13:24:05 -0500] "GET
/c-Cat-Furniture.html HTTP/1.1" 301 238 "-" "KSHostMonitor:/1.0"

- - [03/Nov/2009:13:24:05 -0500] "GET
/c-Cat-Furniture.html HTTP/1.1" 301 238 "-" "KSHostMonitor:/1.0"

- - [03/Nov/2009:13:24:05 -0500] "GET / HTTP/1.1"
200 17656 "-" "KSHostMonitor:/1.0"

- - [03/Nov/2009:13:24:05 -0500] "GET / HTTP/1.1"
200 17656 "-" "KSHostMonitor:/1.0"
KS-Soft
Posts: 12921
Joined: Wed Apr 03, 2002 6:00 pm
Location: USA
Contact:

Post by KS-Soft »

I don't think this is attack.
HostMonitor does not allow you to perform more then 128 tests (requests) per second. Is this attack? Of course not, its not enough to attack any web server.

Sure, somebody can install HostMonitor on 100 systems and perform 12800 tests per second against your server. But it just does not make any sense. You need 20 minutes to create simple application that will allow you to send as many requests as posible. You don't need to use some monitoring software, you can easily create your own. All you need is a computer. Usually 1 computer is not enough for such attacks, that why attackers use botnets.

If that traffic is a problem, you should contact admin of the network. You know IP address.

Regards
Alex
patches
Posts: 3
Joined: Sun Nov 22, 2009 11:35 am

Post by patches »

This wasn't the only method of attack. This was used in conjunction with another method from a different IP. These combined methods did slow the site severely, crashed it for several days, and cost us thousands of dollars. A DoS attack does not have to totally take a web site completely down and offline to be classified as such. It can cripple a site by using up a large percentage of server resources, i.e. bandwidth, CPU, etc.. This attack was a retaliatory action against us for a prior dispute. We have contacted the perpetrator and the appropriate law enforcement authorities.

Thank you for your viewpoint.
Post Reply