[123974] in North American Network Operators' Group
Re: anti-ddos test solutions ?
daemon@ATHENA.MIT.EDU (Dave Edelman)
Thu Mar 18 16:07:28 2010
From: Dave Edelman <dedelman@iname.com>
To: Drew Weaver <drew.weaver@thenap.com>
In-Reply-To: <F3318834F1F89D46857972DD4B411D7001869ADDCB@EXCHANGE.thenap.com>
Date: Thu, 18 Mar 2010 15:06:18 -0500
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
I use argus, radium, and the ra clients to do this. Works very well www.qosient.com
Dave Edelman
+1 917 331-0112 cell
On Mar 18, 2010, at 8:05 AM, Drew Weaver <drew.weaver@thenap.com> wrote:
> On a similar note but slightly unrelated note,
>
> Not to thread hijack, but does anyone have any useful recipes for
> generating any basic baseline data (top talkers, SSH brute forcing,
> SMTP brute forcing, 445,etc)
> via any of the open source netflow collectors (Flow-Tools, nfdump)?
>
> I've had mixed success getting these packages to produce any useful
> information after getting them to collect the flow data.
>
> Thanks,
> -Drew
>
>
> -----Original Message-----
> From: kowsik [mailto:kowsik@gmail.com]
> Sent: Thursday, March 18, 2010 12:33 AM
> To: Stefan Fouant
> Cc: nanog@nanog.org
> Subject: Re: anti-ddos test solutions ?
>
> http://labs.mudynamics.com/2009/04/10/ddos-testing-network-applications/
> http://www.pcapr.net/dos
>
> YMMV, but mudos converts *any* IP packet into a DoS generator (it's
> free).
>
> K.
> ---
> http://www.pcapr.net
> http://labs.mudynamics.com
> http://twitter.com/pcapr
>
> On Wed, Mar 17, 2010 at 11:28 AM, Stefan Fouant
> <sfouant@shortestpathfirst.net> wrote:
>>> -----Original Message-----
>>> From: Charles N Wyble [mailto:charles@knownelement.com]
>>> Sent: Wednesday, March 17, 2010 12:16 PM
>>> To: nanog@nanog.org
>>> Subject: Re: anti-ddos test solutions ?
>>>
>>> bit gossip wrote:
>>>> Nessus is a vulnerability scanner:
>>>>
>>>> http://www.nessus.org/nessus/
>>>>
>>>> Ixia provides a full Nessus implementation in one of its platform.
>>>>
>>>
>>> Well these days I would use http://www.openvas.org and
>>> http://www.metasploit.org
>>> for vulnerability scanning and analysis.
>>>
>>> However that wouldn't be a DDoS, but could certainly lead to DOS.
>>
>> If you can get your hands on a PCAP from a previous attack, you
>> could also use something like Bit-Twist which will allow you to
>> manipulate things like the destination IP and also the transmission
>> rate, etc. Pretty useful tool to include in the DDoS simulation
>> toolbox.
>>
>> http://bittwist.sourceforge.net/
>>
>> Stefan Fouant, CISSP, JNCIE-M/T
>> www.shortestpathfirst.net
>> GPG Key ID: 0xB5E3803D
>>
>>
>>
>
