Author: Graham Bleach Date: To: Hampshire LUG Discussion List Subject: Re: [Hampshire] Packet flooding tools or techniques
Hi Nick,
2009/4/20 Nick Chalk <nick@???>: > Can anyone suggest a tool or technique for
> generating a packet flood attack from a Linux box,
> or small group of them?
>
> I'm trying to test methods of mitigating packet
> flood attacks on Cisco routers, but I'm having
> trouble with my control test. Despite pushing the
> 7200 to 100% CPU load, I can't seem to cause much
> in the way of denial of service - BGP sessions
> stay up, and it still responds to telnet.
Are you pinging an address on the router? Not sure where this fits
into the scheduler priority on Ciscos; I have been told that
responding to ICMP echos for a local interface address is a lower
priority than routing traffic, although I can't currently find a
reference for this.
It may be worth testing a ping flood to a destination behind the
router, to see if this makes a difference.
> So far, I've not been able to generate more than
> about 1.5k packets/s - I'd like to go much higher,
> as we typically see 100k packets/s in real
> attacks.
>
> I'm currently playing with plain ping -f, using
> large packets, and hping2. I plan to look at
> hping3 which appears to have a flood option. Are
> there any other tools I could try?
Have you tried many instances of ping -f? I can imagine that one
single-threaded program would be unable to saturate modern links.
One tool that can reliably saturate reasonably high bandwidth links is
iperf. I'm not entirely convinced it's suitable for simulating a flood
attack, but it's one of my usual tools for network stress testing.
Requires one client and one server machine.
