Design And Implementation Of DoS Penetrating Test Platform Based On Web

Penetrating test has been an indispensable method of testing network vulnerability and its performance. It can show vividly the weakness of the network to the administrators and improve the security consciousness of the administrators. And based on the test result, network security capability is also strengthened. Thus, the research and implementation of penetrating test is meaningful.Deny of Service (Dos) is not only a significant challenge to network security but also an important technique in penetrating Test. Currently popular DoSs testing tools are implemented in the form of software, their main feature is high-speed, but their platform-independency, compatibility and the convenience of installation are not very well. The software developed in Linux can only run in Linux Operating System, the same is true to the tools which are developed in Windows Operating System. Moreover, different kinds of software are incompatible. Even a user is familiar with test software; he can not always use another one adroitly. The test tools are not easy to install. For example, the software developed in Linux Operating System is hard to be used in Windows Operating System. Only can those users, who are used to using Linux Operating System, use these testing tools.Considering the above problems, this thesis presents the notion of DoS penetrating test platform based on Web. There are several distinct excellences in this platform compared with other software test tools, such as its system-independence and no-installation. User can use the platform as long as he can use the browser. Users are not required to install the software in their computer. It is very convenient to common users, because it is hard to them when the software must be installed in Linux Operation System. However, the key problem is its low-speed to the platform because of the loading of the Web interface.In this thesis, I first introduced several kinds of DoS attacks, such as SYN flooding, Smurf, ICMP Flood, UDP Flood, etc. Based on this theory, we implement a Web platform of DoS in Linux Operation System. This platform, programmed with JSP, can provide a Web interface for users. They can test the destination host using this platform. It can scan the ports of the destination host; this function is implemented by using Java Language. The constructing and sending of DoS Datagram are realized by raw Socket of C Language. To avoid the misuse of this platform, I, using Mysql database, record each user's basic information, such as the address of the source host and destination host.In a word, my thesis, on the basis of studying the features of current penetrating test platforms and the principles of DoS, presents a new concept of Penetrating Testing Platform, and analyses the advantages and disadvantages of its performance.