Dear jul,
I would advise Breaking Point :
-News :
-Methodology
-Documentation :
Best Regards,
Guillaume FORTAINE
To those advising using BreakingPoint for DDoS simulation, I have to ask
have you ever actually used it? I have spent considerable time using the
BreakingPoint in my DDoS lab and I can tell you that I for one would
absolutely and unequivocally NOT advocate using the BreakingPoint for DDoS
testing. Sure it's a good box for testing firewalls, but the FPGAs on that
box are extremely limited and I would be remiss if I didn't warn you before
using this box as a DDoS simulation platform.
Here are some of the limitations I've encountered when using the
BreakingPoint BPS Elite:
- No support for ICMP or ICMP flooding attacks
- There are several methods to similate UDP and TCP floods - AppSim and
ClientSim only allow you to generate UDP/TCP floods using fixed ports.
Another component called Routing Robot lets you use randomize
source/destination ports, but is limited to only 64 hosts per interface. In
my experience most DDoS attacks are far and away above 64 source hosts.
- No ability to fragment packets or modify other items within the packets,
such as bits in the IP Options portion of the IP header.
- No ability to manipulate DSCP bits with fine grained control
- No ability to parse microflows - for example, when running a test, one can
look at the Applications tab and see a visible display of how much DNS
traffic is received vs. HTTP traffic, however there is no ability to parse
the individual microflows within the DNS traffic, for example to identify
the malicious DNS traffic vs. the good DNS traffic
- Large amount of issues with the Web based GUI, which will cause the
end-user considerable frustration when you have to continually reopen the
application due to hangs, etc.
This is just a small sample of the issues I've encountered. All I'm saying
is don't say I didn't warn you. This is *NOT* the box for DDoS testing.
Stefan Fouant, CISSP, JNCIE-M/T
www.shortestpathfirst.net
GPG Key ID: 0xB5E3803D
I use all the testing tools out there for DDOS testing (you name it I've
most likely have used or currently have in the lab). The only way I've been
able to whack anti-DDOS solutions is by build a couple of racks of servers
to emulate a DDOS Botnet.
Hey Barry,
What program do you use to simulate the DDOS Botnet? Is it a custom program or something off
the shelf?
Brandon Kim wrote:
Hey Barry,
What program do you use to simulate the DDOS Botnet? Is it a custom program or something off
the shelf?
Don't you just set up an IRC server and then say something inflammatory to the wrong person?
Matthew Kaufman
Or let your users post something on their blog that person x y z might not like =)
For a slightly more interesting packet mix, go over to 4chan and get anon
ticked at you.
(Written on a blackberry - please don't flame me for top posting.)
Depends on what kind of DoS - cause your more likely to experience a phone DoS moreso then an Internet DoS. Hope you don't need to make or receive any calls for a week or two 
You can always get DNS hosting from Ultra. You're apt to experience some
noise in that scenario too 
Stefan Fouant, CISSP, JNCIE-M/T
www.shortestpathfirst.net
GPG Key ID: 0xB5E3803D