New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
How can I simulate a DDoS attack
IgniteServers
Member
in General
For the past few weeks ive been working on a anti DDoS script for beta to offer my clients. I have finished up the last touches on the script now I need to test the actual protection of the script. The script is basically meant to block IPs that send more than the permitted packets to the server. How can I simulate an attack?
This discussion has been closed.
Comments
Just rent a "stresser". For once it will actually be used to test a server.
How about load testing tools like loadimpact?
blitz.io
Turn off your server.
I either use this or unplug the ethernet cable. Works exactly the same.
Do it yourself. I've always done it to myself. Get lots of nodes, and dns amplify it.
Piss off some people here
ping -c999999999999999999999999999999999999999999999999999999 google.com
Post in Offers.
Or use stress testing apps such as Loic (The only one I remember)
Sounds pretty ineffectual TBH. Anti-DDoS must pass all legitimate traffic, otherwise DoS goals are essentially achieved. This script sounds like it would quickly block e.g., HTTP uploads to a website.
Unless you own the DNS servers used for amplification and pay the bandwidth bills, this is totally unethical and also not legal in the U.S.
There are tools for the replay of pcap files, tcpreplay is what we use.
That way you can capture attacks (The easiest way is to use stressers with size limiting to send small attacks of approximately 1Gbps, and capture this). You may wish to make multiple captures so that when replaying from multiple senders you can achieve more accurate distributions.
You should refrain from using stressers on any network (even DDoS protected ones) without first getting written permission. And even then if using reflection or some Layer 7 attacks (WP/Joomla) consult your lawyers on the legality of using compromised resources or insecure resources.
Post a test IP on LET, i am sure someone will "stress" it sooner than later.
The script will ban the IPs that crosses X number of connections which is pre configured.
A DDoS usually involves tens of thousands to hundreds of thousands of IPs, often only seen once or twice (random, spoofing). It sounds like more of a DoS protection (which is still useful IMHO), and more suitable for running in software.
So what do you do about SYN flood? If single SYNs don't count towards X, then there's no protection again SYN flood. If single SYN packets do count towards X, then any given IP can easily be banned by sending only X SYN packets with spoofed origin. Thus you've created a very cheap new attack.
It takes quite a bit of work to make effective DDoS protection. The correct approach is probably whack-a-mole, where you create a narrowly tailored rule to exclude each attack you get.
Also, you must have quite high bandwidth connections to even get all these packets and be able to do the filtering at all.
If you want to learn how to perform a DDoS attack (or simulate it), please do so elsewhere.