DDOS Simulation

alvin nanog nanogml at Mail.DDoS-Mitigator.net
Tue Jul 28 22:19:41 UTC 2015 

hi dovid

On 07/28/15 at 02:31pm, Dovid Bender wrote:
> We are looking for a company that can launch a DDOS attack against the
> solutions we are testing. I don't want a proof of concept from the company
> that will be offering DDOS protection since they can simulate an easy
> attack and then mitigate. I want whom ever we go with to be able to handle
> what ever is thrown at them.

most all ddos simulator folks all sell their own version of a ddos mitigator
appliance or ddos cloud services ... both has good and bad ddos mitigation
features depending on the type of DDoS attacks you are defending against

	http://DDoS-Mitigator.net/Competitors

	- largest folks ( aka probably legit ) are probably akamai/prolexic,
	arbor networks, fortinet, incapsula, radware, etc

as previously noted by others, legit corp will ask you for lots of
legal paperwork  for their "get out of jail card" for DDoS'ing your servers
and all the other ISP's routers along the way that had to transport
those gigabyte/terabyte of useless ddos packets

imho, most ddos simulator folks will want to know what are you wanting
to simulate ....  there are easily, say 100,000 attack vectors ...
	- attack all your IP#
	- attack all ports on each IP#
	- various arp flood 
	- various icmp flood
	- various udp flood
	- various tcp flood ( trivial to defend )
	- attack specific vulnerabilities already found n not patched

	- there are proably thousands of apps that can be used
	to launch various DDoS attacks ...

- volumetric icmp DDoS attacks and volumetric udp DDoS attacks will
  most likely take you offline ... almost nothing you can do to 
  stop it, prevent it, block it, etc... your ISP has to do that for you
  or your ISP's larger peer has to get in there too

	you will want the ph# of the security guru at the ISP
	to help you resolve the issue

	i doubt any ddos mitigation will help you and more importantly,
	you probably will not want to pay $$$ to the ddos cloud scrubber
	to be removing xTB of udp or icmp DDoS attacks

- if you're thinking of ddos attacks as "anything that is thrown at them"
  against webservers, mail servers, and ssh servers, that is only 3 ports 
  out of 65,535 possible attacks

	there is "no such thing as anything that can be thrown at them"

	defending web servers, mail servers and ssh servers can
	be "script kiddie" trivially defended ... as long as it is
	properly patched and maintained and built to be defensible

	before you ask others to DDoS your servers, have you
	already patched apache/sendmail/ssh/openssl, kernels, etc, etc

	ddos attackers will be looking for your weakest link,
	usually login/pwd from outside wifi access points and 
	home offices, hotel ethernet, etc

there is almost zero benefit for volumetric 10TB or 20 TB of
DDoS attacks we read about in the papers against large corp. the only
defense is to build your own geographically separate colo in each
major customer countries in asia, europe, usa, south america, etc

usually the purpose of DDoS attacks is to take your servers offline or
steal/copy/sniff info or hide in your network or launch other attacks

these are easier ( script kiddie ) DDoS attacks and less likely to 
be noticed by your ISP of incoming "attacks"
	- sniff login/passwd from outside ( wifi, home office, etc )
	- install keyboard sniffers
	- install other trojans ( virii, worm, etc )

endless list of attacks to simulate

pixie dust
alvin
- http://DDoS-Simulator.net

> On Mon, Jul 27, 2015 at 5:40 PM, lobna gouda <lobna_gouda at hotmail.com>
> wrote:
> 
> > Hello David et Dan,
> >
> > Are you going to perform the DDOS solution yourself, or you are looking
> > for  a company to provide a solution for you. Some companies perform an
> > attack simulation for you before buying the product
> >

More information about the NANOG mailing list