network background popup
What is DDoS Testing

What is DDoS Testing ?

DDoS testing is subjecting a web property or infrastructure to a realistic number of actual DDoS attacks to prove your DDoS defenses can mitigate them as you expected.

DDoS testing is the only way to test your website or infrastructure against an ever-evolving Internet threat landscape. This is accomplished by pushing the envelope of what you thought your Internet assets and properties should be able to survive with little or no impact on your network or website's performance. Testing this is easier said than done given how sophisticated attacks are able to render a website or an entire network infrastructure unusable.

Hackers don’t just throw traffic at a website and hope they can cause problems, they do reconnaissance on your system and setup, to find its weak points.
Every infrastructure has weak points.

Should I test my DDoS defenses ?

Should I test my DDoS defenses ?

At DOSarrest we highly recommend testing your defenses. Why wouldn’t you ? Would you install an automated backup system for your data and not test the restore process ? Not testing is asking for problems that could have been avoided.

Our Cyber attack platform is used by many well known E-commerce, Government, ISPs/Telcos and large global DNS providers. Whether it’s a single website or a global network we can run a number of attacks or stress tests designed to challenge your setup.

Save money too !

If you’re using a cloud provider its extra important to test your setup.

Many cloud providers and CDN’s stop DDoS attacks with just pure CPU power and bandwidth. They have lots to spare and would love to help you stop attacks by just serving up all the requests the attacker is asking for. Your site may not go down but by the time you see your bill at the end of the month, it could cost you a small fortune.

Why Use DOSarrest’s DDoS testing Platform ?

Why Use DOSarrest’s DDoS testing Platform ?

Experience - DOSarrest has been mitigating DDoS attacks for our global client base since 2007. We know what a sophisticated attack is and how to stop them. We stock our attack database with the latest attacks, volumetric as well as some that are very sophisticated .

Attack Variety - Large array of Attacks in stock each with multiple options, this gives you 10’s of thousands of attack combinations, including volumetric attacks up to 100Gb/sec

Stress testing - The platform can be used to stress test any part of a website or Network component.

Self Serve Portal - Access anytime you like or schedule an engineer to help you perform the tests or a combination of both.

Continuity Testing - Maintain long term access to our portal and use the platform to test anytime you like, especially important after a website code change or network modification.

Scale, Intensity and Geographic Region - All attacks have these parameters available that allows you to ramp up or down at your own pace and allows you to store a specific custom test attack to use again at a later date.

Victim Reaction - View in real-time how your IP’s or website reacts to a particular attack…Some attacks force the victim/target to respond with 20 times more bandwidth then it receives, this causes you to DDoS your own upstream provider.

Performance Monitoring - View multiple metrics using our global performance monitoring service, some attacks could have a major impact on your website’s performance. This is also used in legitimate stress testing.

Emergency shutoff - Halt button stops all attacks in 5 seconds

Reporting - All attack tests results can be viewed in real-time and are archived for download or view through our customer portal anytime

System Overview

The system is made up of hundreds of high powered machines on their own IP addresses, each machine is connected to a mix of multiple 10Gb/Sec and 100Gb/sec upstream links. The botnet is located in 5 geographic regions, Europe, US east, Canada, US west and Asia. The total strength of this private botnet is over 100Gb/sec and 70MPPS for certain TCP volumetric attacks. Depending on the type and scale of an attack chosen and the region, there is an auxiliary third party cloud pool of machines that will be activated on demand to fulfill the resources when required. This is primarily for certain sophisticated HTTP attacks and provides extra IP addresses as well as source location diversity.

Step 1

Once you have a chosen target site and IP address and its been verified by DOSarrest, the system has an easy to use Wizard that walks you through the steps required to run a test attack. Some of the TCP tests have some serious firepower and we strongly recommend you use our bandwidth and packet per second calculator so you don’t risk bringing down your whole infrastructure while conducting test attacks.

Click here to see and learn more about attack types available.

Authorization

Authorization :

DOSarrest’s private attack platform is strictly controlled and anyone wishing to use the system will require authorization from their hosting provider.


  • HTTP Attacks
  • TCP Attacks
  • Packet Generator Attacks

Apache Benchmark has been designed to benchmark the number of concurrent requests an Apache HTTP Server can handle. Yet, this tool is generic enough that it can be used to test any HTTP/HTTPS server. This tool has not been designed to be sympathetic to your network or hardware. This test has been designed to send an overwhelming number of HTTP/HTTPS requests, in an attempt to judge the maximum number of request that an application can handle.

Apache Benchmark has been designed to benchmark the number of concurrent requests an Apache HTTP Server can handle. Yet, this tool is generic enough that it can be used to test any HTTP/HTTPS server. This tool has not been designed to be sympathetic to your network or hardware. This test has been designed to send an overwhelming number of HTTP/HTTPS requests, in an attempt to judge the maximum number of request that an application can handle.

CasperJS is a headless browser tool that has been configured to execute HTTP flood attacks.

CasperJS is a headless browser tool that has been configured to execute HTTP flood attacks.

An edited version HULK. ChiHULK includes the functionality of the original Http Unbearable Load King. However, this version has modifications to its random URIs and random referrers. Refers and URIs obfuscation strings have increased complexity and length (example: /?~\x9A\x9D=\x9C\x8B\x90\x9E\x9F\x8C\x8C\x80). This tool was originally created by chinassie in 2016.

GoldenEye is an HTTP DDoS tool that exploits HTTP Keep Alive and NoCache. This python based tool utilizes a multi-threaded HTTP/HTTPS flood. This tool sends GET requests with randomized user agents and referrers.

GoldenEye is an HTTP DDoS tool that exploits HTTP Keep Alive and NoCache. This python based tool utilizes a multi-threaded HTTP/HTTPS flood. This tool sends POST requests with randomized user agents and referrers.

GoldenEye is an HTTP DDoS tool that exploits HTTP Keep Alive and NoCache. This python based tool utilizes a multi-threaded HTTP/HTTPS flood. This tool sends both GET and POST requests. As well as randomized user agents and referrers.

Developed by Barry Shteiman, the Http Unbearable Load King was designed to bring down a web server from a single source. This tool generated a small TCP flood alongside a multithreaded HTTP GET flood. This GET flood exploits HTTP Keep Alive and NoCache. It also incorporates random URIs, referrers, and user agents.

PhantomJS is a headless browser tool that has been configured to execute HTTP flood attacks.

PhantomJS is a headless browser tool that has been configured to execute HTTP flood attacks.

Originally developed by Robert Hansen (RSnake), and released to the public in 2009. Slowloris reaches out to a target web server and attempts to keep as many connections open as it can, for as long as possible. This eventually fills uses all the available connections within the server’s pool. Slowloris is also effective in using up the available connections on load balancers.

Tor's Hammer is a slow post dos testing tool written in Python by phiral. It can also be run through the Tor network as a means of anonymization. The tool kills most unprotected web servers running Apache and IIS via a single instance. Kills Apache 1.X and older IIS with ~128 threads, newer IIS and Apache 2.X with ~256 threads. This tool dates back to early 2011.

TCP floods are one of the most common forms of DDoS attacks. The following attack preforms a volumetric TCP flood, designed to overwhelm a networks capacity, or in some cases, the TCP state tables within network devices. This attack utilizes packets with a ACK flag.

TCP floods are one of the most common forms of DDoS attacks. The following attack preforms a volumetric TCP flood, designed to overwhelm a networks capacity, or in some cases, the TCP state tables within network devices. This attack utilizes packets with a ACK flag with a spoofed source IP address.

Utilizing spoofed IP addresses increases the resource requirements needed to mitigate a DDoS attack. As the source can be randomized, the effectiveness of ACLs become harder to create and maintain. Moreover, response traffic is directed (reflected back) towards the spoofed IPs, and not the attacker. While also masking the true source of the attack from the target.