Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


How can I simulate a DDoS attack
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

How can I simulate a DDoS attack

For the past few weeks ive been working on a anti DDoS script for beta to offer my clients. I have finished up the last touches on the script now I need to test the actual protection of the script. The script is basically meant to block IPs that send more than the permitted packets to the server. How can I simulate an attack?

Comments

  • Just rent a "stresser". For once it will actually be used to test a server.

  • How about load testing tools like loadimpact?

  • blitz.io

  • Turn off your server.

  • @0xdragon said:
    Turn off your server.

    I either use this or unplug the ethernet cable. Works exactly the same.

  • Do it yourself. I've always done it to myself. Get lots of nodes, and dns amplify it.

    Thanked by 1IgniteServers
  • Piss off some people here :)

  • ping -c999999999999999999999999999999999999999999999999999999 google.com

  • Post in Offers.

    Or use stress testing apps such as Loic (The only one I remember)

  • IgniteServers said: The script is basically meant to block IPs that send more than the permitted packets to the server.

    Sounds pretty ineffectual TBH. Anti-DDoS must pass all legitimate traffic, otherwise DoS goals are essentially achieved. This script sounds like it would quickly block e.g., HTTP uploads to a website.

    vladka24 said: Do it yourself. I've always done it to myself. Get lots of nodes, and dns amplify it.

    Unless you own the DNS servers used for amplification and pay the bandwidth bills, this is totally unethical and also not legal in the U.S.

  • SplitIceSplitIce Member, Host Rep

    There are tools for the replay of pcap files, tcpreplay is what we use.

    That way you can capture attacks (The easiest way is to use stressers with size limiting to send small attacks of approximately 1Gbps, and capture this). You may wish to make multiple captures so that when replaying from multiple senders you can achieve more accurate distributions.

    You should refrain from using stressers on any network (even DDoS protected ones) without first getting written permission. And even then if using reflection or some Layer 7 attacks (WP/Joomla) consult your lawyers on the legality of using compromised resources or insecure resources.

  • Post a test IP on LET, i am sure someone will "stress" it sooner than later.

    Thanked by 128Tom
  • @singsing said:
    Sounds pretty ineffectual TBH. Anti-DDoS must pass all legitimate traffic, otherwise DoS goals are essentially achieved. This script sounds like it would quickly block e.g., HTTP uploads to a website.

    The script will ban the IPs that crosses X number of connections which is pre configured.

  • SplitIceSplitIce Member, Host Rep

    A DDoS usually involves tens of thousands to hundreds of thousands of IPs, often only seen once or twice (random, spoofing). It sounds like more of a DoS protection (which is still useful IMHO), and more suitable for running in software.

    Thanked by 1IgniteServers
  • IgniteServers said: The script will ban the IPs that crosses X number of connections which is pre configured.

    So what do you do about SYN flood? If single SYNs don't count towards X, then there's no protection again SYN flood. If single SYN packets do count towards X, then any given IP can easily be banned by sending only X SYN packets with spoofed origin. Thus you've created a very cheap new attack.

    It takes quite a bit of work to make effective DDoS protection. The correct approach is probably whack-a-mole, where you create a narrowly tailored rule to exclude each attack you get.

    Also, you must have quite high bandwidth connections to even get all these packets and be able to do the filtering at all.

  • mpkossenmpkossen Member
    edited October 2015

    If you want to learn how to perform a DDoS attack (or simulate it), please do so elsewhere.

This discussion has been closed.