View previous topic :: View next topic |
Author |
Message |
patches
Joined: 22 Nov 2009 Posts: 3
|
Posted: Sun Nov 22, 2009 11:51 am Post subject: DoS using Host Monitor |
|
|
Theoretically, could KS Host Monitor be used to perpetrate a denial of service attack against a web site, i.e. eat up or deplete server resources, bandwidth, etc.? |
|
Back to top |
|
|
KS-Soft
Joined: 03 Apr 2002 Posts: 12808 Location: USA
|
Posted: Mon Nov 23, 2009 1:01 pm Post subject: |
|
|
If we made some special mistake in the code and you enable RCI or Active RMA interface allowing connections from any IP address, then yes.
I hope we did not make such mistake. So far we did not get any complains regarding such issue.
Regards
Alex |
|
Back to top |
|
|
patches
Joined: 22 Nov 2009 Posts: 3
|
Posted: Mon Nov 23, 2009 1:25 pm Post subject: |
|
|
Our web site has been targeted by DoS attacks by someone using KS Host Monitor. Please see the log excerpts below. The perpetrator made no attempt to hide their IP address. They used KS Host Monitor to pummel our site with millions of hits and many GB of bandwidth over a period of several months.
- - [03/Nov/2009:13:24:05 -0500] "GET
/c-Cat-Furniture.html HTTP/1.1" 301 238 "-" "KSHostMonitor:/1.0"
- - [03/Nov/2009:13:24:05 -0500] "GET
/c-Cat-Furniture.html HTTP/1.1" 301 238 "-" "KSHostMonitor:/1.0"
- - [03/Nov/2009:13:24:05 -0500] "GET / HTTP/1.1"
200 17656 "-" "KSHostMonitor:/1.0"
- - [03/Nov/2009:13:24:05 -0500] "GET / HTTP/1.1"
200 17656 "-" "KSHostMonitor:/1.0" |
|
Back to top |
|
|
KS-Soft
Joined: 03 Apr 2002 Posts: 12808 Location: USA
|
Posted: Mon Nov 23, 2009 2:20 pm Post subject: |
|
|
I don't think this is attack.
HostMonitor does not allow you to perform more then 128 tests (requests) per second. Is this attack? Of course not, its not enough to attack any web server.
Sure, somebody can install HostMonitor on 100 systems and perform 12800 tests per second against your server. But it just does not make any sense. You need 20 minutes to create simple application that will allow you to send as many requests as posible. You don't need to use some monitoring software, you can easily create your own. All you need is a computer. Usually 1 computer is not enough for such attacks, that why attackers use botnets.
If that traffic is a problem, you should contact admin of the network. You know IP address.
Regards
Alex |
|
Back to top |
|
|
patches
Joined: 22 Nov 2009 Posts: 3
|
Posted: Mon Nov 23, 2009 4:52 pm Post subject: |
|
|
This wasn't the only method of attack. This was used in conjunction with another method from a different IP. These combined methods did slow the site severely, crashed it for several days, and cost us thousands of dollars. A DoS attack does not have to totally take a web site completely down and offline to be classified as such. It can cripple a site by using up a large percentage of server resources, i.e. bandwidth, CPU, etc.. This attack was a retaliatory action against us for a prior dispute. We have contacted the perpetrator and the appropriate law enforcement authorities.
Thank you for your viewpoint. |
|
Back to top |
|
|
|