Tutorial Another SECURITY TEST ( for time pass)

I was getting bored really in home quarantine ( of 7 days, cause i travelled to a containment zone), nothing to do except watching netflix. Then just by coincidence,I Saw a video on youtube about DDOS attacks and mitigation strategies. I enable some syn attack and ddos preventing rules on my Mikrotik Hap Ac router and i got an itch to test my rules. I searched for DDOS simulated attack and found a website (Shield Test - Free comprehensive security test) which simulates ddos attack on your ip address. They provides some other tests too. Then while testing, on the second test (ddos test)it just stopped abruptly saying " the entire domain is getting blocked" and test terminated itself ( image 1). I thought it was my router blocking the test, but there was no logs registered in my router. Then i switched off nextdns doh and enabled google dns doh ( by adguard ). To my surprise the test went on without any hiccups ( image 2). So Nextdns was blocking ddos attack from this website. Try it for yourself just for fun.

1.With NEXTDNS.
2.jpg



2. With Google Dns

1.jpg
 

geminis3

Level 18
Verified
Sep 10, 2015
859
OS: Android 10 / DNS 1.1.1.1
Chrome
Screenshot_20201008-081420_Firefox Nightly.jpg


Firefox

Screenshot_20201008-081420_Firefox Nightly.jpg

I understand that Android doesn't has an AV although "malware" file was not downloaded to Downloads folder in both cases (triggered Google's safe browsing maybe), but I don't know what they're doing the credit card test.

Will post the results of my Linux laptop later
 
Last edited by a moderator:

JoyousBudweiser

Level 12
Verified
Aug 22, 2013
587
On phone over mobile network I got the same result with Vanadium under GrapheneOS (Android 11) like geminis3.

I wonder too how they test download as no popup appear nor files were downloaded. Also the credit card test is strange
Surprisingly there is no explanation to the tests they are doing...so take it with a pinch of salt.
 

geminis3

Level 18
Verified
Sep 10, 2015
859
What this website do is downloading EICAR from the following URLs:

Code:
http://www.shieldtest.com/b/eicar1.com?random=1602176483499
http://v2qks.cybrarro.com/WebInterface/home/b/eicar1.com.zip?_=1602176446788
www.shieldtest.com/command.jsp?command=download2&random=0.36051329688618916

It also generates some tokens and user identifiers, and since those URLs are not blacklisted by Google's safebrowsing this test means nothing on non-Windows platforms. NextDNS probably looked at it and just added those domains to the blacklist.
 

JoyousBudweiser

Level 12
Verified
Aug 22, 2013
587
What this website do is downloading EICAR from the following URLs:

Code:
http://www.shieldtest.com/b/eicar1.com?random=1602176483499
http://v2qks.cybrarro.com/WebInterface/home/b/eicar1.com.zip?_=1602176446788
www.shieldtest.com/command.jsp?command=download2&random=0.36051329688618916

It also generates some tokens and user identifiers, and since those URLs are not blacklisted by Google's safebrowsing this test means nothing on non-Windows platforms. NextDNS probably looked at it and just added those domains to the blacklist.
Even if I turn off nextdns, ddos is not getting logged by my router, I usually gets event logs even when I do a 10 continuous ping on my ip address from a vpn. So we can assume it is not even doing a reasonable continuous pings on ip.
 
Top