DDOS Simulation
Pavel Odintsov
pavel.odintsov at gmail.com
Mon Jul 27 20:32:56 UTC 2015
Hello!
I would like to recommend MoonGen for generating very high speed
attacks (I have generated up to 56 mpps/40GE with it).
There are another open project: quezstresser.com
On Mon, Jul 27, 2015 at 11:25 PM, alvin nanog
<nanogml at mail.ddos-mitigator.net> wrote:
>
> hi dovid
>
> On 07/27/15 at 11:32am, Dovid Bender wrote:
>> We are looking into a few different DDOS solutions for a client. We need a
>> LEGITIMATE company that can simulate some DDOS attacks (the generic +
>> specific to the clients business). Anyone have any recommendations?
>
> i've compiled a fairly comprehensive list is here:
>
> - http://ddos-mitigator.net/Competitors
>
> simulating ddos attacks are fairly easy to do, except one does
> have to be careful of process and proceedure and the all important
> "get out of jail for free" card ( let your local ISP techie's know too )
>
> http://DDoS-Simulator.net/Demo
> ( wrapper gui around *perf/nc/nmap/*ping command options )
>
> ddos mitigation is not a "single thing-a-ma-jig", and should
> be multi-layered, different solutions solving different DDoS issues
>
> http://ddos-solutions.net/Mitigation/#Howto
> - how are they attacking
> - who is attacking ( script kiddie vs master of deception )
> - what are they attacking
> - when are they attacking
> - why are they attacking
> - ...
>
> # ---------------------------------------------
> # what kind of simulations are you trying to do ??
> # ---------------------------------------------
> - volumetric attacks say 10gigabit vs 200gigabit attacks is trivial
> - ping flood, udp flood, arp flood, tcp flood, etc, etc
>
> local appliances with 10/100 gigabit NIC cards should be able to
> generate close to 100 gigabit/sec of ddos attacks
>
> - udp and icmp attacks are harder to mitigate, since those packets
> need to be stopped at the ISP .... if it came down the wire to
> the local offices, it already used the bandwidth, cpu, memory,
> time, people, etc, etc
>
> - tcp-based ddos attacks are trivial ( imho ) to defend against with
> iptables + tarpits
> if each tcp connection takes 2K bytes, the DDoS attacker
> that is intent on sending large quantity of tcp-based packets
> would incur a counter ddos attack using up its own kernel
> memory
>
> 100,000 tcp packet/sec * 2K byte --> 200M /sec of kernel memory
>
> ?? with tcp timeout of 2 minutes implies they'd need 24TB of
> ?? kernel memory to sustain a 100,000 tcp packet/sec attack
>
> # live demo of tarpit incoming ddos attacks
> http://ddos-mitigator.net/cgi-bin/IPtables-GUI.pl
> http://target-practice.net/cgi-bin/IPtables-GUI.pl
>
> # command line options is 100x faster and easier than html
>
> # to automatically add new incoming ddos attackers
> iptables-gui -doadd -addauto
>
> # to automatically remove inactive ddos attackers
> iptables-gui -dodel -deluto
>
> ssh based solutions are nice but only works on port 22
> http based solutions are nice but only works on port 80
>
> there are 65,533 other ports to defend against DDoS attacks
> which is defensible with tarpit
>
> - it is trivial to generate attacks against apache or web browser
> - it is trivial to generate attacks against sendmail or mail reader
>
> - netcat/socat/nc, hping*, nping, etc, etc
> - something that you can define source and destination IP#
> - something that you can define source and destination port#
>
> - it is harder to generate the various malformed tcp headers
>
> - gui to help set tcp header flags and options for nmap/hping
> - http://ddos-simulator.net/Demo/
>
> - spam, virii and worms seems to be in its own category
>
> - another important question for your clients is if they are under
> any govermental regulations which will limit their choices of solutions
> - hippa, pci, sox, etc
>
> inhouse ddos solutions should not have any governmental compliance
> issues
>
> cloud based ddos solutions and their facilities would have to
> comply with the various govermental issues
>
> both inhouse and cloud based solutions solve some problems
>
> another 32+ point comparison for inhouse vs cloud based solutions
> - http://ddos-mitigator.net/InHouse-vs-Cloud
>
> thanx
> alvin
> - http://ddos-mitigator.net
> - http://ddos-simulator.net
>
--
Sincerely yours, Pavel Odintsov
More information about the NANOG
mailing list