On Mon, 2009-04-20 at 23:25 +0100, Hugo Mills wrote:
> On Mon, Apr 20, 2009 at 10:21:38PM +0000, Nick Chalk wrote:
> > Can anyone suggest a tool or technique for
> > generating a packet flood attack from a Linux box,
> > or small group of them?
> >
> > I'm trying to test methods of mitigating packet
> > flood attacks on Cisco routers, but I'm having
> > trouble with my control test. Despite pushing the
> > 7200 to 100% CPU load, I can't seem to cause much
> > in the way of denial of service - BGP sessions
> > stay up, and it still responds to telnet.
> >
> > So far, I've not been able to generate more than
> > about 1.5k packets/s - I'd like to go much higher,
> > as we typically see 100k packets/s in real
> > attacks.
> >
> > I'm currently playing with plain ping -f, using
> > large packets, and hping2. I plan to look at
> > hping3 which appears to have a flood option. Are
> > there any other tools I could try?
>
> If I remember aright, there's a packet generator, for test
> purposes, in the netfilter code in the kernel. Might be worth a look?
>
> Hugo.
>
> --
> Please post to: Hampshire@???
> Web Interface: https://mailman.lug.org.uk/mailman/listinfo/hampshire
> LUG URL: http://www.hantslug.org.uk
> --------------------------------------------------------------
A gentleman of ill repute once mentioned this which also spoofs the
source IP - I cannot say that I have tried it myself so it may be
worthless;
hping –a 10.10.10.3 –S 10.10.10.10 –p 80 –i u10000
There is also a program (scan Freshmeat) called 'TCPJunk' which is a
much noisier offering. Again I've not tried it, it just comes up in
discussion.
Please share any success you have with these.
Richard
