Testing Built-In Network Threat Detection : DNS fl...
# neuvector-securityw
wide-accountant-34635
02/03/2024, 5:49 PMHello Team, I have tried to test the built in network threat detection of DNS flood DDOS attack. I have used for my test dnsperf tool. I have deployed it inside Kubernetes cluster. Next i have made a flood of dns requests to the coredns server of kubernetes cluster. I can see from the network activities of neuvector the openned dns request sessions. But unfortunately, on the security events notification I could not see that the attack (for testing and education purposes ) is violated. Could you just share with me the used threshold of neuvector that makes this attack is violated ?
wide-accountant-34635
02/03/2024, 5:52 PMAdding to that, I have used also ffuf (brute force tool) I have used it to discover the endpoints of my web application . I can see from the network activity the big number of opened sessions. But the security events does not notify me of the DDOS attack (as mentioned on built in network threat detection)
wide-accountant-34635
02/04/2024, 4:42 PMFurthermore. I have simulated Apache Struts RCE attack. I have deployed a vunerable Apache Struts server and then using python script i execute bash commadns inside the web server by exloiting the RCE vunerability. Unfortunately neuvector didn't detect my RCE success preemption attack.
I would appreciate some guidance to ensure I'm correctly simulating these attacks. If there are any mistakes in my approach, I welcome your feedback and corrections.
42 Views