DDOS Simulation
alvin nanog
nanogml at Mail.DDoS-Mitigator.net
Tue Jul 28 22:19:41 UTC 2015
hi dovid
On 07/28/15 at 02:31pm, Dovid Bender wrote:
> We are looking for a company that can launch a DDOS attack against the
> solutions we are testing. I don't want a proof of concept from the company
> that will be offering DDOS protection since they can simulate an easy
> attack and then mitigate. I want whom ever we go with to be able to handle
> what ever is thrown at them.
most all ddos simulator folks all sell their own version of a ddos mitigator
appliance or ddos cloud services ... both has good and bad ddos mitigation
features depending on the type of DDoS attacks you are defending against
http://DDoS-Mitigator.net/Competitors
- largest folks ( aka probably legit ) are probably akamai/prolexic,
arbor networks, fortinet, incapsula, radware, etc
as previously noted by others, legit corp will ask you for lots of
legal paperwork for their "get out of jail card" for DDoS'ing your servers
and all the other ISP's routers along the way that had to transport
those gigabyte/terabyte of useless ddos packets
imho, most ddos simulator folks will want to know what are you wanting
to simulate .... there are easily, say 100,000 attack vectors ...
- attack all your IP#
- attack all ports on each IP#
- various arp flood
- various icmp flood
- various udp flood
- various tcp flood ( trivial to defend )
- attack specific vulnerabilities already found n not patched
- there are proably thousands of apps that can be used
to launch various DDoS attacks ...
- volumetric icmp DDoS attacks and volumetric udp DDoS attacks will
most likely take you offline ... almost nothing you can do to
stop it, prevent it, block it, etc... your ISP has to do that for you
or your ISP's larger peer has to get in there too
you will want the ph# of the security guru at the ISP
to help you resolve the issue
i doubt any ddos mitigation will help you and more importantly,
you probably will not want to pay $$$ to the ddos cloud scrubber
to be removing xTB of udp or icmp DDoS attacks
- if you're thinking of ddos attacks as "anything that is thrown at them"
against webservers, mail servers, and ssh servers, that is only 3 ports
out of 65,535 possible attacks
there is "no such thing as anything that can be thrown at them"
defending web servers, mail servers and ssh servers can
be "script kiddie" trivially defended ... as long as it is
properly patched and maintained and built to be defensible
before you ask others to DDoS your servers, have you
already patched apache/sendmail/ssh/openssl, kernels, etc, etc
ddos attackers will be looking for your weakest link,
usually login/pwd from outside wifi access points and
home offices, hotel ethernet, etc
there is almost zero benefit for volumetric 10TB or 20 TB of
DDoS attacks we read about in the papers against large corp. the only
defense is to build your own geographically separate colo in each
major customer countries in asia, europe, usa, south america, etc
usually the purpose of DDoS attacks is to take your servers offline or
steal/copy/sniff info or hide in your network or launch other attacks
these are easier ( script kiddie ) DDoS attacks and less likely to
be noticed by your ISP of incoming "attacks"
- sniff login/passwd from outside ( wifi, home office, etc )
- install keyboard sniffers
- install other trojans ( virii, worm, etc )
endless list of attacks to simulate
pixie dust
alvin
- http://DDoS-Simulator.net
> On Mon, Jul 27, 2015 at 5:40 PM, lobna gouda <lobna_gouda at hotmail.com>
> wrote:
>
> > Hello David et Dan,
> >
> > Are you going to perform the DDOS solution yourself, or you are looking
> > for a company to provide a solution for you. Some companies perform an
> > attack simulation for you before buying the product
> >
More information about the NANOG
mailing list