DDOS Simulation

Valdis.Kletnieks at vt.edu Valdis.Kletnieks at vt.edu
Thu Jul 30 16:12:52 UTC 2015


On Wed, 29 Jul 2015 12:38:18 -0700, alvin nanog said:
> On 07/29/15 at 05:47am, Roland Dobbins wrote:
> > On 29 Jul 2015, at 5:19, alvin nanog wrote:
> > >and all the other ISP's routers along the way that had to transport
> > >those gigabyte/terabyte of useless ddos packets
> >
> > No company can provide a 'get out of jail card' for illegal activities,
> > irrespective of how they arrange their paperwork.
>
> oopps, maybe a "misunderstanding" ... it's an old "be careful euphomism(sp?)
> and not meant as "literal get out of jail" ( from monopoly game too )

You may indeed need a "get out of jail" card if one of those "all the other
ISPs along the way" decides to make an issue of it.  The company you're working
with can only promise that *they* won't press charges.  What their upstream
decides to do is out of their control.

> if i had to pick only one command for the ddos tests .... i'd simply
> flood the wire .. everything is now offline ( should be un-responsive )

>	nping "send 100,000 packets/sec" x 65,000byte/packet  192.168.0.0/16

That will only send out packets as fast as your single pipe can send, which
will probably *not* make everything unresponsive. Hint - only (roughly) one out
of every 65,635 packets will be pointed at the host at 198.168.5.16, for
example - and I would *hope* that said host can handle an added 65K packet
every 0.6 seconds or so...

Oh, and line speed for a 10G connection is 155K 64K packets per second, so
your command won't even fill *one* computer's pipe.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 848 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20150730/1f747390/attachment.sig>


More information about the NANOG mailing list