[Noisebridge-discuss] DDoS defense testing?
Joel Jaeggli
joelja at bogus.com
Mon Jun 21 00:39:28 UTC 2010
normallly I just attack one of my datacenter deployments from a pile of
vm's in one or more of my other datacenter deployments.
I'm limited to an address span of about a /19 worth of incoming sources
without actually forging sources from outside space that we control.
joel
On 06/16/2010 04:47 PM, John Menerick wrote:
> I can think of a few ways to test. Everything from Apache Benchmark
> tools, Slowloris, to tweaked BSD/Solaris machines. Contact me for more
> information.
>
>
> John
> www.securesql.info <http://www.securesql.info>
>
>
> On Wed, Jun 16, 2010 at 4:14 PM, Jeff Tchang <jeff.tchang at gmail.com
> <mailto:jeff.tchang at gmail.com>> wrote:
>
> This might be kind of unorthodox but one approach that would work is
> to simulate a scaled down botnet:
>
> - Figure out who your customers are. Suppose I was running a website.
> I would start logging IP addresses for a few weeks, months, etc.
> - I would take those IP addresses and do some analysis on them. Figure
> out what networks/geographical locations my users are coming from. I
> would try to aggregate the data by subnets.
>
> - At this point I would pick the top few subnets or geographical
> regions that tended to pop up. I would somehow obtain boxes with load
> testing software at those locations.
>
> - The test would help reveal load issues coming from a # of different
> IPs. It would also give assurance that this is the primary customer
> that would be affected in the event of a true DDoS attack.
>
> -Jeff
>
> On Wed, Jun 16, 2010 at 3:14 PM, Kristian Erik Hermansen
> <kristian.hermansen at gmail.com <mailto:kristian.hermansen at gmail.com>>
> wrote:
> > Moin Moin,
> >
> > Other than renting out an illegitimate botnet, can anyone suggest some
> > ways to test how well an infrastructure is able to defend against
> > specific DDoS attacks? Commonly it is discovered that some device in
> > path of the target is unable to process certain payloads or heavy
> > traffic, rather than the target itself. If anyone has suggestions, it
> > would be greatly appreciated.
> >
> > Cheers,
> > --
> > Kristian Erik Hermansen
> > _______________________________________________
> > Noisebridge-discuss mailing list
> > Noisebridge-discuss at lists.noisebridge.net
> <mailto:Noisebridge-discuss at lists.noisebridge.net>
> > https://www.noisebridge.net/mailman/listinfo/noisebridge-discuss
> >
> _______________________________________________
> Noisebridge-discuss mailing list
> Noisebridge-discuss at lists.noisebridge.net
> <mailto:Noisebridge-discuss at lists.noisebridge.net>
> https://www.noisebridge.net/mailman/listinfo/noisebridge-discuss
>
>
>
>
> _______________________________________________
> Noisebridge-discuss mailing list
> Noisebridge-discuss at lists.noisebridge.net
> https://www.noisebridge.net/mailman/listinfo/noisebridge-discuss
More information about the Noisebridge-discuss
mailing list