Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


DDOS?
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

DDOS?

RaymiiRaymii Member

Lets say I need to load test a website of a client (with written permission of course) and we've used loadimpact and such, but want to know if we can resist a "real" ddos.

How would I accomplish this, without going to shady places like hf and such? (I need an invoice or a receipt for the finance department).

Comments

  • Somewhat interested in this as well, if its possible to test our infrastructure against DDoS without having some skiddys do it for us. While it remaining legal :).

  • RaymiiRaymii Member

    Well, client wants a "real" ddos, whatever that may mean. Even if they take the money and ddos the shit out of them, they got what they asked for...

  • AlexBarakovAlexBarakov Patron Provider, Veteran

    I can't see a really legal way to do this.

    Let's assume that you and your "tester" are both paying for full pipes (dedicated lines). In this case, I assume that with a couple of servers in different locations, dedicated lines and etc., the tester can simulate a small DDoS, which would be rather easy to filter.

    Doing reflective attacks is illegal, no matter how it is called. You are still using someone else's infrastructure to send the packets. And those attacks are hard to mitigate and handle.

    So don't think you will find anything that would suit your needs.

  • I figured that would be the case, unless the outgoing infrastructure was owned or had some sort of special agreement, but then I'm sure the bandwidth providers would be rather upset.

    The only way I could see to do this is possible in a lab environment with several computers and simulate it that way.

  • AnthonySmithAnthonySmith Member, Patron Provider

    I guess the closest thing you would get to legal is either finding someone with access to a couple of high speed leased lines or contacting a DC who has bandwidth to spare so they can do it in a controlled manner.

    It is not impossible to do legally you just need to put some effort in to finding the right people.

  • rds100rds100 Member

    Can't you just legally piss some people off? Or install some game servers, etc. DoS will come for free then.

    Thanked by 1anyNode
  • maybe contact shovenose/robert clarke?

    Thanked by 1doughmanes
  • smansman Member
    edited July 2013

    If you have linux you can use Apache Bench.
    http://httpd.apache.org/docs/2.2/programs/ab.html

    You can google around for command line examples. These are the ones I used. I think I was able to run this directly on the webserver as localhost which let me really kick the heck out of it and see what it could handle.
    http://www.cyberciti.biz/tips/howto-performance-benchmarks-a-web-server.html

  • smansman Member
    edited July 2013

    @rds100 said:
    Can't you just legally piss some people off? Or install some game servers, etc. DoS will come for free then.

    Yup, nothing seems to attract DDOS better than a game server. Kind of tells you a lot about the people doing it.

  • There's a software like ab, siege, and some perl script to cause heavy DOS.
    If that perl script executed at several servers, it could be considered as a DDOS. One of the company webste I worked for, were dead last year due to this attack.

    It consumed about 3TB of bandwidth in a several minutes. So the ISP (NTT Singapore) have to nullroute the attacker IP.

  • jcalebjcaleb Member

    Gameserver and kick people out from time to time.

  • retryretry Member

    Why not go for booters?

  • loader.io?

  • loader.io is pretty nice, but that's just a load test against your HTTP server.

  • SplitIceSplitIce Member, Host Rep

    Make sure you get written permission from more than just the client (their upstream / datacenter). If you damage them your client my lose their contract causing alot of damage.

Sign In or Register to comment.