On a similar note but slightly unrelated note, Not to thread hijack, but does anyone have any useful recipes for generating any basic baseline data (top talkers, SSH brute forcing, SMTP brute forcing, 445,etc) via any of the open source netflow collectors (Flow-Tools, nfdump)? I've had mixed success getting these packages to produce any useful information after getting them to collect the flow data. Thanks, -Drew -----Original Message----- From: kowsik [mailto:kowsik@gmail.com] Sent: Thursday, March 18, 2010 12:33 AM To: Stefan Fouant Cc: nanog@nanog.org Subject: Re: anti-ddos test solutions ? http://labs.mudynamics.com/2009/04/10/ddos-testing-network-applications/ http://www.pcapr.net/dos YMMV, but mudos converts *any* IP packet into a DoS generator (it's free). K. --- http://www.pcapr.net http://labs.mudynamics.com http://twitter.com/pcapr On Wed, Mar 17, 2010 at 11:28 AM, Stefan Fouant <sfouant@shortestpathfirst.net> wrote:
-----Original Message----- From: Charles N Wyble [mailto:charles@knownelement.com] Sent: Wednesday, March 17, 2010 12:16 PM To: nanog@nanog.org Subject: Re: anti-ddos test solutions ?
bit gossip wrote:
Nessus is a vulnerability scanner:
Ixia provides a full Nessus implementation in one of its platform.
Well these days I would use http://www.openvas.org and http://www.metasploit.org for vulnerability scanning and analysis.
However that wouldn't be a DDoS, but could certainly lead to DOS.
If you can get your hands on a PCAP from a previous attack, you could also use something like Bit-Twist which will allow you to manipulate things like the destination IP and also the transmission rate, etc. Pretty useful tool to include in the DDoS simulation toolbox.
http://bittwist.sourceforge.net/
Stefan Fouant, CISSP, JNCIE-M/T www.shortestpathfirst.net GPG Key ID: 0xB5E3803D