Web stress testing is a popular topic. Using web stress testing can effectively test the running status and response time of some Web servers, it is a good way to test the web server's endurance. Web stress testing usually uses some tools, such as Microsoft's web application stress, siege in Linux, and comprehensive web-CT. These are all excellent web stress testing tools. Although these tools make it easy for us to test the server's affordability, their harm is even more astonishing, even a comprehensive test tool can be used to launch catastrophic denial-of-service attacks on a small Web server. Next, I will show you how to use Microsoft's web application stress for a web stress test. The purpose of this test is to let everyone see its great harm. I. Brief Introduction to tools Microsoft Web application stress tool is a set of tools developed by Microsoft website testers to perform actual website stress testing. With this powerful stress testing tool, you can use a small number of client computers to simulate the potential impact of a large number of users going online on website services, before the website is launched, perform a test on the website you designed in the real environment to identify potential system problems and further adjust and set up the system. These features enable the d. o.s bombing function. Tip: D. o.s blocks your service by crashing your service computer or pressing it across. To put it simply, it is to make your computer provide more services, so that your computer can be stuck on the verge of crash or crash. Ii. Simple tool settings Open the web application stress tool, a simple page (1). the top is the toolbar, the lower left is the function option, and the lower right is the detailed setting option. Before stress testing the target Web server, make necessary settings. Figure 1 1. In the "Settings" function settings (2), one is the stress level (threads), which is specified hereProgramThe number of threads used in the background for requests is equivalent to simulating the number of client connections. A more vivid way is to set the number of bombing threads. Generally, enter 500 ~ 1000, because the number of threads is set based on the local capacity. If you have sufficient confidence in your machine configuration, the higher the setting, the better the bombing effect. Figure 2 2. In "test run time", specify the duration of a stress test, which can be divided into days, hours, minutes, And seconds. Set the duration based on the actual situation! 3. The rest of the options are not very important. Here we will not waste any effort. You can try setting them yourself. Iii. Stress Testing After the introduction of the tool, we will prepare the following conditions: here we will discuss with a friend about the test, he is a single machine online, the machine configuration is CPU: athlon xp2500 +, memory 512 MB, hard disk 80 GB, etc, the machine configuration is not bad. He installed IIS on the machine and set up an external web server. The program in the Web Service is the Mobile Network 7.0. I used the stress testing tool to test this server. Step 1: Right-click the tool and select Add to add a new test project: new script, in the master option, enter the IP address of the server to be tested. Select the Web connection method to be tested at the bottom. Select "get" as the mode verb and "path" as the path of the web page to be tested. Enter "/index. asp" as the homepage file (3) of the dynamic network ). Figure 3 Step 2: set the number of stress level (threads) threads to 1000 in the "Settings" function settings. After that, click the gray triangle button in the tool to perform the test (4 ). After the test is completed, wait for a friend to send the task manager and connection view! Figure 4 After the attack starts, you can see from the task manager that the CPU usage has reached 100%, and the loss rate has reached the maximum (5 ). Run the netstat-An command in the CMD window. You can see that my IP address is connected to port 80 on a friend's server (6 ). In addition, its web site cannot be opened, prompting too many users to connect, achieving the same purpose as the D. o.s attack. Figure 5 Figure 6 Imagine that if multiple bots are used to perform a web stress test on a server, it would be a disaster tolerance for this server. Therefore, friends must consider it carefully before using it. |