Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Subscribe to our newsletter

Advertise on LowEndTalk.com

Latest LowEndBox Offers

    How can I simulate a DDoS attack
    New on LowEndTalk? Please read our 'Community Rules' by clicking on it in the right menu!

    How can I simulate a DDoS attack

    For the past few weeks ive been working on a anti DDoS script for beta to offer my clients. I have finished up the last touches on the script now I need to test the actual protection of the script. The script is basically meant to block IPs that send more than the permitted packets to the server. How can I simulate an attack?

    LEBNODE LLC: High Performance OpenVZ and KVM-SATA-3/RAID1-10 VM's - LA - VA - LDN - Free 20Gbps Mitigation

    ~EU~ Dedicated Intel Servers - Intel Xeon E3 1231v3 @ 3.4GHz - Loc (NL) - On Sale (Contact Me On Skype @ IgniteServers) for a deal!

    Comments

    • Just rent a "stresser". For once it will actually be used to test a server.

    • How about load testing tools like loadimpact?

    • JonchunJonchun Member, Provider

      blitz.io

    • Turn off your server.

      This signature wasted 121 bytes of your data allocation.

      https://nixstats.com/report/56b53d6465689e44598b4567

    • @0xdragon said:
      Turn off your server.

      I either use this or unplug the ethernet cable. Works exactly the same.

    • Do it yourself. I've always done it to myself. Get lots of nodes, and dns amplify it.

      Thanked by 1IgniteServers
    • Piss off some people here :)

    • ping -c999999999999999999999999999999999999999999999999999999 google.com

      Let's bet which dot-name will collapse first ;)

    • Post in Offers.

      Or use stress testing apps such as Loic (The only one I remember)

      ...
      ...

    • IgniteServers said: The script is basically meant to block IPs that send more than the permitted packets to the server.

      Sounds pretty ineffectual TBH. Anti-DDoS must pass all legitimate traffic, otherwise DoS goals are essentially achieved. This script sounds like it would quickly block e.g., HTTP uploads to a website.

      vladka24 said: Do it yourself. I've always done it to myself. Get lots of nodes, and dns amplify it.

      Unless you own the DNS servers used for amplification and pay the bandwidth bills, this is totally unethical and also not legal in the U.S.

    • SplitIceSplitIce Member, Provider

      There are tools for the replay of pcap files, tcpreplay is what we use.

      That way you can capture attacks (The easiest way is to use stressers with size limiting to send small attacks of approximately 1Gbps, and capture this). You may wish to make multiple captures so that when replaying from multiple senders you can achieve more accurate distributions.

      You should refrain from using stressers on any network (even DDoS protected ones) without first getting written permission. And even then if using reflection or some Layer 7 attacks (WP/Joomla) consult your lawyers on the legality of using compromised resources or insecure resources.

      X4B - DDoS Protection: Affordable DDoS protection including Layer 7 mitigation with PoPs in the US, EU and Asia.
      Latest Offer: $14 in Asia DDoS mitigation
    • Post a test IP on LET, i am sure someone will "stress" it sooner than later.

      Thanked by 128Tom

      -

    • @singsing said:
      Sounds pretty ineffectual TBH. Anti-DDoS must pass all legitimate traffic, otherwise DoS goals are essentially achieved. This script sounds like it would quickly block e.g., HTTP uploads to a website.

      The script will ban the IPs that crosses X number of connections which is pre configured.

      LEBNODE LLC: High Performance OpenVZ and KVM-SATA-3/RAID1-10 VM's - LA - VA - LDN - Free 20Gbps Mitigation

      ~EU~ Dedicated Intel Servers - Intel Xeon E3 1231v3 @ 3.4GHz - Loc (NL) - On Sale (Contact Me On Skype @ IgniteServers) for a deal!

    • SplitIceSplitIce Member, Provider

      A DDoS usually involves tens of thousands to hundreds of thousands of IPs, often only seen once or twice (random, spoofing). It sounds like more of a DoS protection (which is still useful IMHO), and more suitable for running in software.

      Thanked by 1IgniteServers
      X4B - DDoS Protection: Affordable DDoS protection including Layer 7 mitigation with PoPs in the US, EU and Asia.
      Latest Offer: $14 in Asia DDoS mitigation
    • IgniteServers said: The script will ban the IPs that crosses X number of connections which is pre configured.

      So what do you do about SYN flood? If single SYNs don't count towards X, then there's no protection again SYN flood. If single SYN packets do count towards X, then any given IP can easily be banned by sending only X SYN packets with spoofed origin. Thus you've created a very cheap new attack.

      It takes quite a bit of work to make effective DDoS protection. The correct approach is probably whack-a-mole, where you create a narrowly tailored rule to exclude each attack you get.

      Also, you must have quite high bandwidth connections to even get all these packets and be able to do the filtering at all.

    • mpkossenmpkossen Member
      edited October 2015

      If you want to learn how to perform a DDoS attack (or simulate it), please do so elsewhere.

      I recommend Prometeus, the best provider ever!

    This discussion has been closed.