DDOS Simulation

Pavel Odintsov pavel.odintsov at gmail.com
Tue Jul 28 07:15:45 UTC 2015


Hello!

My machines have 16GB of memory but traffic generator uses about ~1GB
of memory for 10GE link.

On Tue, Jul 28, 2015 at 12:36 AM, alvin nanog
<nanogml at mail.ddos-mitigator.net> wrote:
>
> hi pavel
>
> On 07/28/15 at 12:02am, Pavel Odintsov wrote:
>> It's poor man's traffic generator :)
>
> that's the best kind :-)
> as long as it gets the job done and you get to control what it does
>
>> My test lab is i7 2600 with 2 port Intel X520 10GE and Intel Xeon E5
>> 2604 witj 2 port Intel X520 10GE.
>
> nice cpu hw
>
> trick questions for those thinking of generating ddos traffic for testing
>
> - ?? how much memory was needed to run the traffic generator
>
>         i assume around 1GB of memory for 1gigE interface and i still
>         can purposely run out of memory while some apps are running
>
>         at 10gigE pci card,
>         you'd probably want at least 12GB - 16GB of memory
>
> - some "poor mans apps" to generate traffic ... start w/ nping or hping
>
>         # generate 1,000 Mbit/sec of junk .. floodig is trivial ...
>         ping -i 0.001 -s 2000  victimIP#
>         nping --data-length 2000 --rate 1000 victimIP#
>         socat
>         iperf ...
>         #
>         # generate udp  or icmp or arp or tcp traffic
>         #
>         # add options to generate large-sized packets
>         # add options to generate 10Gbit/sec ( number of packet/sec )
>         #
>         # play around with tcp headers
>         # add options to send MTU=1501 byte but NOT set DF
>         # add options to send ACK but no request
>         #
>         # add options to spoof source and desitination address and ports
>
>         #
>         # if the host machine become un-available, you've got a problem
>         #
>         for host in gw dns ntp http smtp
>           for protocol in arp icmp udp tcp
>             nping --protocol [ options ] host.example.com
>             # hping is nice too
>           done
>         done
>
>         # for bonus arp fun ...
>         attacker# arpspoof gateway victim
>         attacker# arpspoof victim gateway
>
>         # prevent mitm with: use hard coded arp "/etc/ethers" for linux
>
>         use OpenSSL certs to flag a warning when "attacker" inserted
>         itself in between gateway and un-aware victim
>
> pixie dust
> alvin
> - DDoS-Mitigator.net
>
>> On Mon, Jul 27, 2015 at 11:59 PM,  <Valdis.Kletnieks at vt.edu> wrote:
>> > On Mon, 27 Jul 2015 23:32:56 +0300, Pavel Odintsov said:
>> >
>> >> I would like to recommend MoonGen for generating very high speed
>> >> attacks (I have generated up to 56 mpps/40GE with it).
>> >
>> > OK, I'll bite - what hardware were you using to inject that many packets?



-- 
Sincerely yours, Pavel Odintsov



More information about the NANOG mailing list