For a description of this category, see dos NSE category in the Nmap documentation.
Scripts
- broadcast-avahi-dos
Attempts to discover hosts in the local network using the DNS Service Discovery protocol and sends a NULL UDP packet to each host to test if it is vulnerable to the Avahi NULL UDP packet denial of service (CVE-2011-1002).
- http-slowloris
Tests a web server for vulnerability to the Slowloris DoS attack by launching a Slowloris attack.
- ipv6-ra-flood
Generates a flood of Router Advertisements (RA) with random source MAC addresses and IPv6 prefixes. Computers, which have stateless autoconfiguration enabled by default (every major OS), will start to compute IPv6 suffix and update their routing table to reflect the accepted announcement. This will cause 100% CPU usage on Windows and platforms, preventing to process other application requests.
- smb-flood
Exhausts a remote SMB server's connection limit by by opening as many connections as we can. Most implementations of SMB have a hard global limit of 11 connections for user accounts and 10 connections for anonymous. Once that limit is reached, further connections are denied. This script exploits that limit by taking up all the connections and holding them.
- smb-vuln-conficker
Detects Microsoft Windows systems infected by the Conficker worm. This check is dangerous and it may crash systems.
- smb-vuln-cve2009-3103
Detects Microsoft Windows systems vulnerable to denial of service (CVE-2009-3103). This script will crash the service if it is vulnerable.
- smb-vuln-ms06-025
Detects Microsoft Windows systems with Ras RPC service vulnerable to MS06-025.
- smb-vuln-ms07-029
Detects Microsoft Windows systems with Dns Server RPC vulnerable to MS07-029.
- smb-vuln-ms08-067
Detects Microsoft Windows systems vulnerable to the remote code execution vulnerability known as MS08-067. This check is dangerous and it may crash systems.
- smb-vuln-ms10-054
Tests whether target machines are vulnerable to the ms10-054 SMB remote memory corruption vulnerability.
- smb-vuln-regsvc-dos
Checks if a Microsoft Windows 2000 system is vulnerable to a crash in regsvc caused by a null pointer dereference. This check will crash the service if it is vulnerable and requires a guest account or higher to work.