DDOS Simulation

Mon Jul 27 20:32:56 UTC 2015

Hello!

I would like to recommend MoonGen for generating very high speed
attacks (I have generated up to 56 mpps/40GE with it).

There are another open project: quezstresser.com

On Mon, Jul 27, 2015 at 11:25 PM, alvin nanog
<nanogml at mail.ddos-mitigator.net> wrote:
>
> hi dovid
>
> On 07/27/15 at 11:32am, Dovid Bender wrote:
>> We are looking into a few different DDOS solutions for a client. We need a
>> LEGITIMATE company that can simulate some DDOS attacks (the generic +
>> specific to the clients business). Anyone have any recommendations?
>
> i've compiled a fairly comprehensive list is here:
>
> - http://ddos-mitigator.net/Competitors
>
> simulating ddos attacks are fairly easy to do, except one does
> have to be careful of process and proceedure and the all important
> "get out of jail for free" card ( let your local ISP techie's know too )
>
>         http://DDoS-Simulator.net/Demo
>         ( wrapper gui around *perf/nc/nmap/*ping command options )
>
> ddos mitigation is not a "single thing-a-ma-jig", and should
> be multi-layered, different solutions solving different DDoS issues
>
>         http://ddos-solutions.net/Mitigation/#Howto
>         - how are they attacking
>         - who is attacking ( script kiddie vs master of deception )
>         - what are they attacking
>         - when are they attacking
>         - why are they attacking
>         - ...
>
> # ---------------------------------------------
> # what kind of simulations are you trying to do ??
> # ---------------------------------------------
> - volumetric attacks say 10gigabit vs 200gigabit attacks is trivial
>         - ping flood, udp flood, arp flood, tcp flood, etc, etc
>
>   local appliances with 10/100 gigabit NIC cards should be able to
>   generate close to 100 gigabit/sec of ddos attacks
>
> - udp and icmp attacks are harder to mitigate, since those packets
>   need to be stopped at the ISP .... if it came down the wire to
>   the local offices, it already used the bandwidth, cpu, memory,
>   time, people, etc, etc
>
> - tcp-based ddos attacks are trivial ( imho ) to defend against with
>   iptables + tarpits
>         if each tcp connection takes 2K bytes, the DDoS attacker
>         that is intent on sending large quantity of tcp-based packets
>         would incur a counter ddos attack using up its own kernel
>         memory
>
>         100,000 tcp packet/sec * 2K byte --> 200M /sec of kernel memory
>
>         ?? with tcp timeout of 2 minutes implies they'd need 24TB of
>         ?? kernel memory to sustain a 100,000 tcp packet/sec attack
>
>         # live demo of tarpit incoming ddos attacks
>         http://ddos-mitigator.net/cgi-bin/IPtables-GUI.pl
>         http://target-practice.net/cgi-bin/IPtables-GUI.pl
>
>         # command line options is 100x faster and easier than html
>
>         # to automatically add new incoming ddos attackers
>         iptables-gui -doadd -addauto
>
>         # to automatically remove inactive ddos attackers
>         iptables-gui -dodel -deluto
>
>         ssh based solutions are nice but only works on port 22
>         http based solutions are nice but only works on port 80
>
>         there are 65,533 other ports to defend against DDoS attacks
>         which is defensible with tarpit
>
> - it is trivial to generate attacks against apache or web browser
> - it is trivial to generate attacks against sendmail or mail reader
>
>         - netcat/socat/nc, hping*, nping, etc, etc
>         - something that you can define source and destination IP#
>         - something that you can define source and destination port#
>
> - it is harder to generate the various malformed tcp headers
>
>         - gui to help set tcp header flags and options for nmap/hping
>         - http://ddos-simulator.net/Demo/
>
> - spam, virii and worms seems to be in its own category
>
> - another important question for your clients is if they are under
>   any govermental regulations which will limit their choices of solutions
>         - hippa, pci, sox, etc
>
>    inhouse ddos solutions should not have any governmental compliance
>    issues
>
>    cloud based ddos solutions and their facilities would have to
>    comply with the various govermental issues
>
>    both inhouse and cloud based solutions solve some problems
>
>    another 32+ point comparison for inhouse vs cloud based solutions
>    - http://ddos-mitigator.net/InHouse-vs-Cloud
>
> thanx
> alvin
> - http://ddos-mitigator.net
> - http://ddos-simulator.net
>

-- 
Sincerely yours, Pavel Odintsov