Cyber Attack Preparation Platform

History

DOSarrest has been in the DDoS protection business since 2007 and has acquired unparalleled experience in the DDoS mitigation arena. We have always had a system to simulate DDoS attacks in order to test our DDoS protection platform, as of late many customers and non customers are asking us to test their websites and applications. We now have what customers have been asking for ….. CAPP !

Overview

The Cyber Attack Preparation Platform (CAPP) is a DOSarrest developed advanced botnet simulation platform that can intelligently generate controlled/simulated DDOS attacks to assess how different defense systems can detect and prevent against malicious traffic. Using CAPP's capabilities and reporting analytics, customers can avoid the unknowns of working with unpredictable, variable and chance encounters of a real DDoS attack.

CAPP is a strictly controlled private elastic botnet comprised of our own globally distributed high powered servers plus a large cloud based component, giving it a wide multi directional vector. Customers can choose from a variety of known attacks as well as some we have captured from the wild.
Learn more about attack types available click here

In our 11 year history, we have learnt a lot about what causes real problems for websites. A 5 Mb/sec well placed attack can have the same impact as a 5 Gb/sec attack.

Why Use CAPP ?

• Assess the impact of an attack on your network infrastructure.

Our network engineers have a combined network experience of over 150 years, so we know Routers, switches and load balancers very well and their weaknesses and will test accordingly as well as determine if it’s a hardware limitation or misconfiguration.

• Assess the impact of an attack on your website and applications.

Our experienced team will examine your site, pick out possible weak spots and zero in on these areas, as a real hacker would do.

• Evaluate your existing DDoS protection defences

Determine how effective your mitigation solutions are, and let our engineering team show you how to harden your systems.

• Monitor in real-time the performance of any URL on your website

Using our own monitoring system(DEMS) see any number of parameters that may be effected by an attack. Learn More

• Reporting

Once the testing is complete one of our security specialists will go through the test results with you.

• Stress testing

Customers testing with CAPP can get a real feel for weak spots on their website which can help them better manage these sub-optimal areas by re-coding or adjusting their cache strategies.
CAPP will not find vulnerabilities if you require a thorough vulnerability assessment this product is a better fit. CLICK HERE

Notes:
  • Customers requesting this service must prove ownership of the target Domain.
  • We will only respond to enquiries from corporate email accounts, requests from Gmail, Hotmail, etc will not receive a response from DOSarrest.
  • Current DOSarrest customers will receive a 50% discount on this service.

Apache Benchmark has been designed to benchmark the number of concurrent requests an Apache HTTP Server can handle. Yet, this tool is generic enough that it can be used to test any HTTP/HTTPS server. This tool has not been designed to be sympathetic to your network or hardware. This test has been designed to send an overwhelming number of HTTP/HTTPS requests, in an attempt to judge the maximum number of request that an application can handle.

Apache Benchmark has been designed to benchmark the number of concurrent requests an Apache HTTP Server can handle. Yet, this tool is generic enough that it can be used to test any HTTP/HTTPS server. This tool has not been designed to be sympathetic to your network or hardware. This test has been designed to send an overwhelming number of HTTP/HTTPS requests, in an attempt to judge the maximum number of request that an application can handle.

GoldenEye is an HTTP DDoS tool that exploits HTTP Keep Alive and NoCache. This python based tool utilizes a multi-threaded HTTP/HTTPS flood. This tool sends GET requests with randomized user agents and referrers.

GoldenEye is an HTTP DDoS tool that exploits HTTP Keep Alive and NoCache. This python based tool utilizes a multi-threaded HTTP/HTTPS flood. This tool sends POST requests with randomized user agents and referrers.

GoldenEye is an HTTP DDoS tool that exploits HTTP Keep Alive and NoCache. This python based tool utilizes a multi-threaded HTTP/HTTPS flood. This tool sends both GET and POST requests. As well as randomized user agents and referrers.

TCP floods are one of the most common forms of DDoS attacks. The following attack preforms a volumetric TCP flood, designed to overwhelm a networks capacity, or in some cases, the TCP state tables within network devices. This attack utilizes packets with a ACK flag.

TCP floods are one of the most common forms of DDoS attacks. The following attack preforms a volumetric TCP flood, designed to overwhelm a networks capacity, or in some cases, the TCP state tables within network devices. This attack utilizes packets with a ACK flag with a spoofed source IP address.

Utilizing spoofed IP addresses increases the resource requirements needed to mitigate a DDoS attack. As the source can be randomized, the effectiveness of ACLs become harder to create and maintain. Moreover, response traffic is directed (reflected back) towards the spoofed IPs, and not the attacker. While also masking the true source of the attack from the target.

Developed by Barry Shteiman, the Http Unbearable Load King was designed to bring down a web server from a single source. This tool generated a small TCP flood alongside a multithreaded HTTP GET flood. This GET flood exploits HTTP Keep Alive and NoCache. It also incorporates random URIs, referrers, and user agents.

An edited version HULK. ChiHULK includes the functionality of the original Http Unbearable Load King. However, this version has modifications to its random URIs and random referrers. Refers and URIs obfuscation strings have increased complexity and length (example: /?~\x9A\x9D=\x9C\x8B\x90\x9E\x9F\x8C\x8C\x80). This tool was originally created by chinassie in 2016.

Originally developed by Robert Hansen (RSnake), and released to the public in 2009. Slowloris reaches out to a target web server and attempts to keep as many connections open as it can, for as long as possible. This eventually fills uses all the available connections within the server’s pool. Slowloris is also effective in using up the available connections on load balancers.

Tor's Hammer is a slow post dos testing tool written in Python by phiral. It can also be run through the Tor network as a means of anonymization. The tool kills most unprotected web servers running Apache and IIS via a single instance. Kills Apache 1.X and older IIS with ~128 threads, newer IIS and Apache 2.X with ~256 threads. This tool dates back to early 2011.

TCP floods are one of the most common forms of DDoS attacks. The following attack preforms a volumetric TCP flood, designed to overwhelm a networks capacity, or in some cases, the TCP state tables within network devices. This attack utilizes packets with a ACK+PSH flag.

TCP floods are one of the most common forms of DDoS attacks. The following attack preforms a volumetric TCP flood, designed to overwhelm a networks capacity, or in some cases, the TCP state tables within network devices. This attack utilizes packets with a ACK+PSH flag with a spoofed source IP address.

Utilizing spoofed IP addresses increases the resource requirements needed to mitigate a DDoS attack. As the source can be randomized, the effectiveness of ACLs become harder to create and maintain. Moreover, response traffic is directed (reflected back) towards the spoofed IPs, and not the attacker. While also masking the true source of the attack from the target.

TCP floods are one of the most common forms of DDoS attacks. The following attack preforms a volumetric TCP flood, designed to overwhelm a networks capacity, or in some cases, the TCP state tables within network devices. This attack utilizes packets with a FIN flag.

TCP floods are one of the most common forms of DDoS attacks. The following attack preforms a volumetric TCP flood, designed to overwhelm a networks capacity, or in some cases, the TCP state tables within network devices. This attack utilizes packets with a FIN flag with a spoofed source IP address.

Utilizing spoofed IP addresses increases the resource requirements needed to mitigate a DDoS attack. As the source can be randomized, the effectiveness of ACLs become harder to create and maintain. Moreover, response traffic is directed (reflected back) towards the spoofed IPs, and not the attacker. While also masking the true source of the attack from the target.

TCP floods are one of the most common forms of DDoS attacks. The following attack preforms a volumetric TCP flood, designed to overwhelm a networks capacity, or in some cases, the TCP state tables within network devices. This attack utilizes packets with a FIN+PSH flag.

TCP floods are one of the most common forms of DDoS attacks. The following attack preforms a volumetric TCP flood, designed to overwhelm a networks capacity, or in some cases, the TCP state tables within network devices. This attack utilizes packets with a FIN+PSH flag with a spoofed source IP address.

Utilizing spoofed IP addresses increases the resource requirements needed to mitigate a DDoS attack. As the source can be randomized, the effectiveness of ACLs become harder to create and maintain. Moreover, response traffic is directed (reflected back) towards the spoofed IPs, and not the attacker. While also masking the true source of the attack from the target.

TCP floods are one of the most common forms of DDoS attacks. The following attack preforms a volumetric TCP flood, designed to overwhelm a networks capacity, or in some cases, the TCP state tables within network devices. This attack utilizes packets with a Fragmented ACK flag.

TCP floods are one of the most common forms of DDoS attacks. The following attack preforms a volumetric TCP flood, designed to overwhelm a networks capacity, or in some cases, the TCP state tables within network devices. This attack utilizes packets with a Fragmented ACK flag with a spoofed source IP address.

Utilizing spoofed IP addresses increases the resource requirements needed to mitigate a DDoS attack. As the source can be randomized, the effectiveness of ACLs become harder to create and maintain. Moreover, response traffic is directed (reflected back) towards the spoofed IPs, and not the attacker. While also masking the true source of the attack from the target.

TCP floods are one of the most common forms of DDoS attacks. The following attack preforms a volumetric TCP flood, designed to overwhelm a networks capacity, or in some cases, the TCP state tables within network devices. This attack utilizes packets with a PSH flag.

TCP floods are one of the most common forms of DDoS attacks. The following attack preforms a volumetric TCP flood, designed to overwhelm a networks capacity, or in some cases, the TCP state tables within network devices. This attack utilizes packets with a PSH flag with a spoofed source IP address.

Utilizing spoofed IP addresses increases the resource requirements needed to mitigate a DDoS attack. As the source can be randomized, the effectiveness of ACLs become harder to create and maintain. Moreover, response traffic is directed (reflected back) towards the spoofed IPs, and not the attacker. While also masking the true source of the attack from the target.

TCP floods are one of the most common forms of DDoS attacks. The following attack preforms a volumetric TCP flood, designed to overwhelm a networks capacity, or in some cases, the TCP state tables within network devices. This attack utilizes packets with a RST flag.

TCP floods are one of the most common forms of DDoS attacks. The following attack preforms a volumetric TCP flood, designed to overwhelm a networks capacity, or in some cases, the TCP state tables within network devices. This attack utilizes packets with a RST flag with a spoofed source IP address.

Utilizing spoofed IP addresses increases the resource requirements needed to mitigate a DDoS attack. As the source can be randomized, the effectiveness of ACLs become harder to create and maintain. Moreover, response traffic is directed (reflected back) towards the spoofed IPs, and not the attacker. While also masking the true source of the attack from the target.

TCP floods are one of the most common forms of DDoS attacks. The following attack preforms a volumetric TCP flood, designed to overwhelm a networks capacity, or in some cases, the TCP state tables within network devices. This attack utilizes packets with a RST+PSH flag.

TCP floods are one of the most common forms of DDoS attacks. The following attack preforms a volumetric TCP flood, designed to overwhelm a networks capacity, or in some cases, the TCP state tables within network devices. This attack utilizes packets with a RST+PSH flag with a spoofed source IP address.

Utilizing spoofed IP addresses increases the resource requirements needed to mitigate a DDoS attack. As the source can be randomized, the effectiveness of ACLs become harder to create and maintain. Moreover, response traffic is directed (reflected back) towards the spoofed IPs, and not the attacker. While also masking the true source of the attack from the target.

The SYN Attack, for all its simplicity remains an effective means of attack, on an unprotected server. The SYN packet is the first step in establishing a connection between two computers over the internet. This event is expected and treated by servers as a normal event. However, SYN events build connections quickly; while, the server waits for each connection to proceed through its normal connection cycle. However, the attacker, in this case, has no intension of completing this cycle. The server is then left waiting for its expected ACK packet; of which, none will arrive. In this time server, resources are being accumulated to an extent in which the server is quickly overwhelmed.

This test will flood the target with TCP SYNchronize packets using spoofed random source IPs.

TCP floods are one of the most common forms of DDoS attacks. The following attack preforms a volumetric TCP flood, designed to overwhelm a networks capacity, or in some cases, the TCP state tables within network devices. This attack utilizes packets with a SYN+ACK flag.

TCP floods are one of the most common forms of DDoS attacks. The following attack preforms a volumetric TCP flood, designed to overwhelm a networks capacity, or in some cases, the TCP state tables within network devices. This attack utilizes packets with a SYN+ACK flag with a spoofed source IP address.

Utilizing spoofed IP addresses increases the resource requirements needed to mitigate a DDoS attack. As the source can be randomized, the effectiveness of ACLs become harder to create and maintain. Moreover, response traffic is directed (reflected back) towards the spoofed IPs, and not the attacker. While also masking the true source of the attack from the target.

TCP floods are one of the most common forms of DDoS attacks. The following attack preforms a volumetric TCP flood, designed to overwhelm a networks capacity, or in some cases, the TCP state tables within network devices. This attack utilizes packets with a SYN+FIN flag.

TCP floods are one of the most common forms of DDoS attacks. The following attack preforms a volumetric TCP flood, designed to overwhelm a networks capacity, or in some cases, the TCP state tables within network devices. This attack utilizes packets with a SYN+FIN flag with a spoofed source IP address.

Utilizing spoofed IP addresses increases the resource requirements needed to mitigate a DDoS attack. As the source can be randomized, the effectiveness of ACLs become harder to create and maintain. Moreover, response traffic is directed (reflected back) towards the spoofed IPs, and not the attacker. While also masking the true source of the attack from the target.

TCP floods are one of the most common forms of DDoS attacks. The following attack preforms a volumetric TCP flood, designed to overwhelm a networks capacity, or in some cases, the TCP state tables within network devices. This attack utilizes packets with a SYN+PSH flag.

TCP floods are one of the most common forms of DDoS attacks. The following attack preforms a volumetric TCP flood, designed to overwhelm a networks capacity, or in some cases, the TCP state tables within network devices. This attack utilizes packets with a SYN+PSH flag with a spoofed source IP address.

Utilizing spoofed IP addresses increases the resource requirements needed to mitigate a DDoS attack. As the source can be randomized, the effectiveness of ACLs become harder to create and maintain. Moreover, response traffic is directed (reflected back) towards the spoofed IPs, and not the attacker. While also masking the true source of the attack from the target.

CasperJS is a headless browser tool that has been configured to execute HTTP flood attacks.

CasperJS is a headless browser tool that has been configured to execute HTTP flood attacks.

PhantomJS is a headless browser tool that has been configured to execute HTTP flood attacks.

PhantomJS is a headless browser tool that has been configured to execute HTTP flood attacks.

Experience, Technology, and Focus

Ready to get started? Contact us now and get a free quote!

Get A Free Quote