Looking for a Network Guy! (Killed my Network :(

[Deleted]

Hey there,

Quick question:

I had a VM open with Ubuntu Server, and was playing a bit with Nessus. Decided to give Hping3 a go with a Syn Flood, From the VM --> a server somewhere (which has a gigabit line, legal ofc)

Now I left it on for a few minutes, so I could still access it here (@work), had QoS on port22. But guess it didn't do much good, line got sort of killed

Now I have managed to kill the VM, however I still can't access the machine from here, not even the router-page (Remote Management is on for this IP).

Question, is there a way to fix this without fully resetting the router? (as I can't reset it from here)

Thanks!

PS. Yeah, laugh at me, I did something stupid :<

[vesseblah]

Errm... The whole point of DoSing is to crash routers/switches/servers... Sounds like you have no choice than rebooting all hardware that got fucked.

[Deleted]

Wanted to see what it'd do to the end-server though, not the first router it encountered Too bad I can't physically reach it from here at the moment though. Host seems to be up according to nmap, just won't allow me in anymore...

[Diber]

The server (though stupidly didn't have protections to stop syn flooding) has protections to stop you from attacking it again, it probably blocked your IP or MAC address to stop further attacks.

Also, if your pen testing it, metasploit is an awesome tool to try

[masterkiller]

Yea most likely the target firewall recognized the attack and is now dropping all packets from your IP address.

Change your home IP address by turning off the modem, plugging in a DIFFERENT device to the modem (dont use your same router) and plug it in. If you need to go back to your router, do the same thing, turn off modem and plug router back in. Depending on your ISP setup you could have a new IP address for your old router.

[Deleted]

The server I was testing allows all connections from that specific IP. It was no random server, it's a server owned by us for the purposes of testing things like this Anyway back at home now, thing that happened was simply the pipe was sorta full, not just at the server I targetted, also at my local router. (Which is prolly because it was a VM as well, went from VM --> "real"-machine --> router-->other server, guess that needs some more researching

Not actually pen-testing like that, just wanted to see how much datatraffic/logs and packets are being sent by this, and how the other server reacts to it. (I do use Nessus for tests, but not doing stuff with Metasploit).

Anyway thanks anyway, back at home now so was able to reset the router

[masterkiller]

It most likely crashed your home modem. Your computer and VM should be able to handle the traffic fine.

[Deleted]

Yep, that's what happened It was really flooding with thousends of requests/sec... The server is in a datacenter with real switches/routers so ofc their lines didn't really notice that much