anti-ddos test solutions ?

Hello nanogers,
Following the multiple thread on ddos attack, I was asking myself how
someone could test chosen solutions.
In most cases, you can't load your Internet access in the same way
attackers will (does someone have a botners with ten thousands computers
or more :) ?)
But a solution to test basic attack (synflood, slowloris, socktress,
...) with 10 to hundred computers would be interesting, so not a tool
but more a service.
Found only Parabon [1] on Google
Does someone know something similar ?
Thanks
Best regards,
Jul
Note: Please, don't forget this kind of public tests have some serious
legal impact and you need to have an agreement with your ISP/operators
to do it in most countries.
Note2: Google has a lot of answers. Most of them are about tool and
methodology, so not sure for a live test. I'm not looking for a lab
solution but real one with business acceptation (and a wise choice on
the hours of the test so front-end can be switch to "maintenance mode")
[1] New grid service simulates DDoS attacks, May 2009
http://www.computerworlduk.com/technology/security-products/business-continuity/news/index.cfm?newsId640

On Wed, 2010-03-17 at 07:45 +0100, jul dit:
If you have access to a large enough network in a campus-size
establishment, try booting a large room (100+) full of desktop PCs with
a live CD/USB and script (or clusterSSH) some hpings, blind netcats
(large file as input), iperfs or nmap+nmapscripting) through a -good-
switch stack. Set a low mtu on the interfaces for maximum pps.
Please remember to fully air-gap it (and the redundants) from the cloud
and the rest of the campus backbone in case you have thick fingers
entering the target - your upstream might be tempted to ring you on the
BatFone in a hurry. That gets embarrassing, as a friend of mine found
out in December last year.
Other than that, I suspect it's going to cost you for "real" kit :(
Depends how "real" you need it I guess.
Kiddies seem to be able to do it with E1/T1-sized pipes so it should at
least be better than waiting for one to come your way naturally :)
regards
Gord

On Wed, 2010-03-17 at 08:07 +0000, gordon b slater wrote:
(large file as input), iperfs or nmap+nmapscripting) through a -good-
^^^^^^^^^^^^^
~fail~
correcting myself: set low packet/payload sizes (fragmenting where
possible).
reason: lack of coffee, too early, feel ill :(
G

Nessus is a vulnerability scanner:
http://www.nessus.org/nessus/
Ixia provides a full Nessus implementation in one of its platform.
Bit.

Hire/buy what I know as a router tester. People call them different things.
It's a device that generates packets, and can normally simulate TCP etc. all the way up to HTTP etc. or higher. BGP, OSPF, MPLS, etc. etc. etc.
Tell it to generate packets that look like they come from many many hosts (you can normally simulate some kind of network topology with hosts in different places and hence different TTLs etc.), and viola.
They normally let you generate background noise traffic, or you could record 24 hours of packet headers from somewhere in your network and play it back through your test network. This needs a lot of disk of course.
I used to work for an anti-ddos vendor (Esphion, now owned by Allot) and built their first test rig. First we did it with a bank of PCs with custom Linux kernel code to generate packets because we were a startup doing things on the cheap and I was a bit masochistic. Then we got a router tester and did exactly the same thing, but in a whole lot less space with a whole lot less effort.
Both worked great, naturally I recommend a router tester.
--
Nathan Ward

I would suggest looking at Breaking Point Systems. They have boxes that can
generate lots of traffic and they can also run exploits against the systems.
HD Moore was affiliated with this company at some point so Metasploit is
probably used for vulnerability testing.
Travis
www.theIPSGuy.com
--
Travis Abrams, GCIH, CISSP, etc.
www.theipsguy.com

bit gossip wrote:
Well these days I would use http://www.openvas.org and
http://www.metasploit.org
for vulnerability scanning and analysis.
However that wouldn't be a DDoS, but could certainly lead to DOS.

Linux has a packet generator in the kernel as well.
More info readily available from your local search engine.
Hmmm. What about a fuzzer, or something like scapy?
tcpreplay is great for that.

http://bittwist.sourceforge.net/
Stefan Fouant, CISSP, JNCIE-M/T
www.shortestpathfirst.net
GPG Key ID: 0xB5E3803D

http://labs.mudynamics.com/2009/04/10/ddos-testing-network-applications/
http://www.pcapr.net/dos
YMMV, but mudos converts *any* IP packet into a DoS generator (it's free).
K.
On Wed, Mar 17, 2010 at 11:28 AM, Stefan Fouant
>>

I use argus, radium, and the ra clients to do this. Works very well www.qosient.com
Dave Edelman
+1 917 331-0112 cell
>