[PenTBox] How to test stability of a network application using PB

PenTBox includes Denial of Service testing tools, and it can be used by developers to test stability of their applications. Ok, in PenTBox we have DoS tools and a network application (Honeypot), we will see how to test the stability of the Honeypot using PenTBox.

I run the Honeypot, opening port 80. And as we can see, by the moment it works fine.

IMAGE UNAVAILABLE

Now, I will launch a DoS against port 80.

dos_honeypot

dos_honeypot

And 5 seconds later, Honeypot crashed.

honeypot_crashed

honeypot_crashed

Yes, I should improve the stability of the Honeypot, Im working on it ;-)

Tags: , , ,

This entry was posted on Wednesday, September 2nd, 2009 at 12:08 PM and is filed under Network Area. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

3 Comments

  1. Guillermo Ramos says:
    September 3, 2009 at 12:27 AM

    honeypot_creator.rb
    ———————————–
    (…)

    def honeyconfig(port, message)
    begin
    tcpserver = TCPServer.new(“”, port)
    if tcpserver
    puts “”
    puts ” HONEYPOT ACTIVATED (” + Time.now.to_s + “)”
    puts “”
    count = 1
    maxcount = 300 # Maximum number of connections
    loop do
    socket = tcpserver.accept
    if socket and count <= maxcount
    count += 1
    Thread.new do
    puts ""
    puts " INTRUSION ATTEMPT DETECTED! (" + Time.now.to_s + ")"
    puts " —————————–"
    puts ""
    puts socket.recv(1000).to_s
    sleep(7)
    socket.write(message)
    socket.close
    end
    else
    puts " Maximum number of connection attempts reached; connection refused (possible DoS)"
    end
    end
    end
    rescue Errno::EACCES
    puts ""
    puts " Error: Honeypot Creator requires root privileges!!"
    puts ""
    rescue Errno::EADDRINUSE
    puts ""
    puts " Error: Port in use."
    puts ""
    end
    end

    (…)
    ———————————–

    Simple, but it works -you'll never need (for instance) +300 connections, so if it reaches that number it could be considered as a DoS and the program must stop, although it's fine to continue showing messages so that you knew when the attacker had stopped DoS'ing.

  2. Alberto (Admin) says:
    September 3, 2009 at 12:50 AM

    @Guillermo
    This may be a solution, but doing a new rescue it would be more simple:

    rescue Errno::EACCES
    puts “”
    puts ” Error: Honeypot Creator requires root privileges!!”
    puts “”
    rescue Errno::EADDRINUSE
    puts “”
    puts ” Error: Port in use.”
    puts “”
    rescue Errno::EMFILE
    puts “”
    puts ” Maximum number of connection attempts reached; connection refused (possible DoS)”
    puts “”

    Or something like that. But the result is the same, the Honeypot would crash.

    The program should kill first threads when are more than 300 (for example). Im working on this now, it is not so difficult but takes time.

  3. Alberto (Admin) says:
    September 18, 2009 at 7:31 PM

    Problem solved. It would be available in next version of PenTBox.

Leave a Reply