hi dovid On 07/27/15 at 11:32am, Dovid Bender wrote:
We are looking into a few different DDOS solutions for a client. We need a LEGITIMATE company that can simulate some DDOS attacks (the generic + specific to the clients business). Anyone have any recommendations?
i've compiled a fairly comprehensive list is here: - http://ddos-mitigator.net/Competitors simulating ddos attacks are fairly easy to do, except one does have to be careful of process and proceedure and the all important "get out of jail for free" card ( let your local ISP techie's know too ) http://DDoS-Simulator.net/Demo ( wrapper gui around *perf/nc/nmap/*ping command options ) ddos mitigation is not a "single thing-a-ma-jig", and should be multi-layered, different solutions solving different DDoS issues http://ddos-solutions.net/Mitigation/#Howto - how are they attacking - who is attacking ( script kiddie vs master of deception ) - what are they attacking - when are they attacking - why are they attacking - ... # --------------------------------------------- # what kind of simulations are you trying to do ?? # --------------------------------------------- - volumetric attacks say 10gigabit vs 200gigabit attacks is trivial - ping flood, udp flood, arp flood, tcp flood, etc, etc local appliances with 10/100 gigabit NIC cards should be able to generate close to 100 gigabit/sec of ddos attacks - udp and icmp attacks are harder to mitigate, since those packets need to be stopped at the ISP .... if it came down the wire to the local offices, it already used the bandwidth, cpu, memory, time, people, etc, etc - tcp-based ddos attacks are trivial ( imho ) to defend against with iptables + tarpits if each tcp connection takes 2K bytes, the DDoS attacker that is intent on sending large quantity of tcp-based packets would incur a counter ddos attack using up its own kernel memory 100,000 tcp packet/sec * 2K byte --> 200M /sec of kernel memory ?? with tcp timeout of 2 minutes implies they'd need 24TB of ?? kernel memory to sustain a 100,000 tcp packet/sec attack # live demo of tarpit incoming ddos attacks http://ddos-mitigator.net/cgi-bin/IPtables-GUI.pl http://target-practice.net/cgi-bin/IPtables-GUI.pl # command line options is 100x faster and easier than html # to automatically add new incoming ddos attackers iptables-gui -doadd -addauto # to automatically remove inactive ddos attackers iptables-gui -dodel -deluto ssh based solutions are nice but only works on port 22 http based solutions are nice but only works on port 80 there are 65,533 other ports to defend against DDoS attacks which is defensible with tarpit - it is trivial to generate attacks against apache or web browser - it is trivial to generate attacks against sendmail or mail reader - netcat/socat/nc, hping*, nping, etc, etc - something that you can define source and destination IP# - something that you can define source and destination port# - it is harder to generate the various malformed tcp headers - gui to help set tcp header flags and options for nmap/hping - http://ddos-simulator.net/Demo/ - spam, virii and worms seems to be in its own category - another important question for your clients is if they are under any govermental regulations which will limit their choices of solutions - hippa, pci, sox, etc inhouse ddos solutions should not have any governmental compliance issues cloud based ddos solutions and their facilities would have to comply with the various govermental issues both inhouse and cloud based solutions solve some problems another 32+ point comparison for inhouse vs cloud based solutions - http://ddos-mitigator.net/InHouse-vs-Cloud thanx alvin - http://ddos-mitigator.net - http://ddos-simulator.net