[Noisebridge-discuss] DDoS defense testing?

Joel Jaeggli joelja at bogus.com
Mon Jun 21 00:39:28 UTC 2010 

normallly I just attack one of my datacenter deployments from a pile of
vm's in one or more of my other datacenter deployments.

I'm limited to an address span of about a /19 worth of incoming sources
without actually forging sources from outside space that we control.

joel

On 06/16/2010 04:47 PM, John Menerick wrote:
> I can think of a few ways to test.  Everything from Apache Benchmark
> tools, Slowloris, to tweaked BSD/Solaris machines.  Contact me for more
> information.
> 
> 
> John
> www.securesql.info <http://www.securesql.info>
> 
> 
> On Wed, Jun 16, 2010 at 4:14 PM, Jeff Tchang <jeff.tchang at gmail.com
> <mailto:jeff.tchang at gmail.com>> wrote:
> 
>     This might be kind of unorthodox but one approach that would work is
>     to simulate a scaled down botnet:
> 
>     - Figure out who your customers are. Suppose I was running a website.
>     I would start logging IP addresses for a few weeks, months, etc.
>     - I would take those IP addresses and do some analysis on them. Figure
>     out what networks/geographical locations my users are coming from. I
>     would try to aggregate the data by subnets.
> 
>     - At this point I would pick the top few subnets or geographical
>     regions that tended to pop up. I would somehow obtain boxes with load
>     testing software at those locations.
> 
>     - The test would help reveal load issues coming from a # of different
>     IPs. It would also give assurance that this is the primary customer
>     that would be affected in the event of a true DDoS attack.
> 
>     -Jeff
> 
>     On Wed, Jun 16, 2010 at 3:14 PM, Kristian Erik Hermansen
>     <kristian.hermansen at gmail.com <mailto:kristian.hermansen at gmail.com>>
>     wrote:
>     > Moin Moin,
>     >
>     > Other than renting out an illegitimate botnet, can anyone suggest some
>     > ways to test how well an infrastructure is able to defend against
>     > specific DDoS attacks?  Commonly it is discovered that some device in
>     > path of the target is unable to process certain payloads or heavy
>     > traffic, rather than the target itself.  If anyone has suggestions, it
>     > would be greatly appreciated.
>     >
>     > Cheers,
>     > --
>     > Kristian Erik Hermansen
>     > _______________________________________________
>     > Noisebridge-discuss mailing list
>     > Noisebridge-discuss at lists.noisebridge.net
>     <mailto:Noisebridge-discuss at lists.noisebridge.net>
>     > https://www.noisebridge.net/mailman/listinfo/noisebridge-discuss
>     >
>     _______________________________________________
>     Noisebridge-discuss mailing list
>     Noisebridge-discuss at lists.noisebridge.net
>     <mailto:Noisebridge-discuss at lists.noisebridge.net>
>     https://www.noisebridge.net/mailman/listinfo/noisebridge-discuss
> 
> 
> 
> 
> _______________________________________________
> Noisebridge-discuss mailing list
> Noisebridge-discuss at lists.noisebridge.net
> https://www.noisebridge.net/mailman/listinfo/noisebridge-discuss

More information about the Noisebridge-discuss mailing list