Re: anti-ddos test solutions ?
Dear jul, I would advise Breaking Point : -News : http://www.breakingpointsystems.com/news/press-releases/breakingpoint-distri... -Methodology http://www.breakingpointsystems.com/resources/testmethodologies/breakingpoin... -Documentation : http://docs.google.com/viewer?url=http://www.breakingpointsystems.com/resour... Best Regards, Guillaume FORTAINE On 03/17/2010 07:45 AM, jul wrote:
Hello nanogers,
Following the multiple thread on ddos attack, I was asking myself how someone could test chosen solutions. In most cases, you can't load your Internet access in the same way attackers will (does someone have a botners with ten thousands computers or more :) ?) But a solution to test basic attack (synflood, slowloris, socktress, ...) with 10 to hundred computers would be interesting, so not a tool but more a service.
Found only Parabon [1] on Google
Does someone know something similar ?
Thanks Best regards,
Jul
Note: Please, don't forget this kind of public tests have some serious legal impact and you need to have an agreement with your ISP/operators to do it in most countries. Note2: Google has a lot of answers. Most of them are about tool and methodology, so not sure for a live test. I'm not looking for a lab solution but real one with business acceptation (and a wise choice on the hours of the test so front-end can be switch to "maintenance mode")
[1] New grid service simulates DDoS attacks, May 2009 http://www.computerworlduk.com/technology/security-products/business-continu...
-----Original Message----- From: Guillaume FORTAINE [mailto:gfortaine@live.com] Sent: Wednesday, March 17, 2010 7:02 AM To: nanog@nanog.org Subject: Re: anti-ddos test solutions ?
Dear jul,
I would advise Breaking Point :
To those advising using BreakingPoint for DDoS simulation, I have to ask have you ever actually used it? I have spent considerable time using the BreakingPoint in my DDoS lab and I can tell you that I for one would absolutely and unequivocally NOT advocate using the BreakingPoint for DDoS testing. Sure it's a good box for testing firewalls, but the FPGAs on that box are extremely limited and I would be remiss if I didn't warn you before using this box as a DDoS simulation platform. Here are some of the limitations I've encountered when using the BreakingPoint BPS Elite: - No support for ICMP or ICMP flooding attacks - There are several methods to similate UDP and TCP floods - AppSim and ClientSim only allow you to generate UDP/TCP floods using fixed ports. Another component called Routing Robot lets you use randomize source/destination ports, but is limited to only 64 hosts per interface. In my experience most DDoS attacks are far and away above 64 source hosts. - No ability to fragment packets or modify other items within the packets, such as bits in the IP Options portion of the IP header. - No ability to manipulate DSCP bits with fine grained control - No ability to parse microflows - for example, when running a test, one can look at the Applications tab and see a visible display of how much DNS traffic is received vs. HTTP traffic, however there is no ability to parse the individual microflows within the DNS traffic, for example to identify the malicious DNS traffic vs. the good DNS traffic - Large amount of issues with the Web based GUI, which will cause the end-user considerable frustration when you have to continually reopen the application due to hangs, etc. This is just a small sample of the issues I've encountered. All I'm saying is don't say I didn't warn you. This is *NOT* the box for DDoS testing. Stefan Fouant, CISSP, JNCIE-M/T www.shortestpathfirst.net GPG Key ID: 0xB5E3803D
I use all the testing tools out there for DDOS testing (you name it I've most likely have used or currently have in the lab). The only way I've been able to whack anti-DDOS solutions is by build a couple of racks of servers to emulate a DDOS Botnet.
Hey Barry, What program do you use to simulate the DDOS Botnet? Is it a custom program or something off the shelf?
From: bgreene@senki.org To: sfouant@shortestpathfirst.net; gfortaine@live.com; nanog@nanog.org Subject: RE: anti-ddos test solutions ? Date: Wed, 17 Mar 2010 09:27:20 -0700
I use all the testing tools out there for DDOS testing (you name it I've most likely have used or currently have in the lab). The only way I've been able to whack anti-DDOS solutions is by build a couple of racks of servers to emulate a DDOS Botnet.
Or let your users post something on their blog that person x y z might not like =) -----Original Message----- From: Matthew Kaufman [mailto:matthew@matthew.at] Sent: Wednesday, March 17, 2010 1:00 PM To: Brandon Kim Cc: nanog@nanog.org Subject: Re: anti-ddos test solutions ? Brandon Kim wrote:
Hey Barry,
What program do you use to simulate the DDOS Botnet? Is it a custom program or something off the shelf?
Don't you just set up an IRC server and then say something inflammatory to the wrong person? Matthew Kaufman
(Written on a blackberry - please don't flame me for top posting.) Depends on what kind of DoS - cause your more likely to experience a phone DoS moreso then an Internet DoS. Hope you don't need to make or receive any calls for a week or two :) -- Brielle Bruns http://www.sosdg.org / http://www.ahbl.org -----Original Message----- From: Valdis.Kletnieks@vt.edu Date: Wed, 17 Mar 2010 13:20:00 To: <matthew@matthew.at> Cc: <nanog@nanog.org> Subject: Re: anti-ddos test solutions ? On Wed, 17 Mar 2010 10:00:21 PDT, Matthew Kaufman said:
Don't you just set up an IRC server and then say something inflammatory to the wrong person?
For a slightly more interesting packet mix, go over to 4chan and get anon ticked at you.
-----Original Message----- From: Matthew Kaufman [mailto:matthew@matthew.at] Sent: Wednesday, March 17, 2010 11:00 AM
Don't you just set up an IRC server and then say something inflammatory to the wrong person?
You can always get DNS hosting from Ultra. You're apt to experience some noise in that scenario too ;) Stefan Fouant, CISSP, JNCIE-M/T www.shortestpathfirst.net GPG Key ID: 0xB5E3803D
participants (8)
-
Barry Raveendran Greene -
Brandon Kim -
Brielle Bruns -
Drew Weaver -
Guillaume FORTAINE -
Matthew Kaufman -
Stefan Fouant -
Valdis.Kletnieks@vt.edu