Windows 2000 SNMP DOS

Finding DOS Attacks

The previous example illustrates another excellent technique for finding DOS attacks ”closely monitoring resource utilization. Eliminating resource leaks is a difficult problem, and most large applications have leaks in one form or another. This is the sort of bug that's easy to spot with good instrumentation and almost impossible without it. So, how do we go about monitoring for this kind of thing?

In Linux, the proc tree is pretty informative ( man proc ); it lists files that a process has open ( fd ), memory regions that the process has mapped ( maps ), and the virtual memory size in bytes ( stat/vsize ). statm is also somewhat useful; it provides page-based memory status information.

In Windows, the story is slightly different. The standard task manager can be helpful in getting a rough idea of resource utilization, because you can fairly easily change the columns displayed in the processes tab. Useful things to look for are handle count , memory usage , and vm size .

A better way of monitoring resources in a process (if you're serious about your instrumentation) is the Windows Performance Monitor, which can be started by running perfmon.msc in Windows 2000 or via the Administrative Tools Start menu option.

Performance Monitor is an excellent source of numerical information about processes, because it allows you to create custom histograms including all the items you'd like to monitor in the process. This gives you a view of the resource usage over time, rather than just a spot count, making it easier for you to see patterns.

Useful counters to add to the chart when you're testing a specific process are generally found in the process performance object ”such things as handle count, thread count, and the memory usage stats. If you monitor these numbers over time, you'll be much more likely to find resource leak DOS problems.



The Shellcoder's Handbook. Discovering and Exploiting Security
Hacking Ubuntu: Serious Hacks Mods and Customizations (ExtremeTech)
ISBN: N/A
EAN: 2147483647
Year: 2003
Pages: 198
Authors: Neal Krawetz

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net