A small workshop teaching people how to produce DDoS simulation traffic - useful for testing their own infrastructures. We will have a server connected on 10Gbps on a switch with multiple 1Gbps port for attackers. Attackers can be connected through 1Gbps ports using USB Ethernet - we have loaners.
Work together to produce as much attack traffic while having fun.
WHILE attack is ongoing there will be ample opportunities to monitor traffic, monitor port, and decide on changes to prevent the attacks from working.
We will work through common attack types using packet generators, like:
- hping3 the old skool way with IPv4 only, or using a simple 2018 patch set also IPv6
- T50 fast and fun, can easily produce mixed protocol traffic
- PenguinPing - DPDK, MoonGen and Lua based. Super fast, like 14 million packets per second on a single CPU core!
We will teach you how to produce the common attacks, such as:
- TCP SYN flooding
- TCP other flooding
- UDP flooding NTP, etc.
- ICMP flooding Misc - stranger attacks and illegal combinations of flags etc. then we will implement the changes suggested and retry attacks. You will go away from this with tools for producing packets, like hping3, PenguinPing and some configurations for protecting - PF rules, switch rules, server firewall rules.
We will mostly stay at the lower levels, but you are welcome to try out just about any DoS/DDoS tool in the closed lab network.
Note: course materials are open source and available at Github: https://github.com/kramse/security-courses/tree/master/presentations/pentest/simulated-ddos-workshop Link may change, or updated version uploaded before event!
To be prepared have a Secure Shell client, and if you want to produce attack traffic from your machine, a virtual machine with Linux
Hosts for Simulating DDoS packets:
Metadata for Simulating DDoS packets
To be recorded: NoURLs for Simulating DDoS packets
No URLs found.
Schedule for Simulating DDoS packets
- Friday, Jul 19th, 2024, 13:00 (CEST) - Friday, Jul 19th, 2024, 15:00 (CEST) at Workshop Room