DDOS experiment

Hey everyone, i'm relatively new to the forums here, but i've had my eye on them for a while. I'm a student at Eastern Michigan University studying Information Assurance.

Got a bit of a technical question for you all. I'm interested in putting together a simulation of a DDOS attack on a root server. My main problem is trying to figure out how to set up this experiment to scale it so that it makes sense. Honestly, i'm not sure if I could scale it enough to make the project worth while at all in terms of the types of security in place on a root server already and the potential damage that could be done by a large enough DDOS. I figure i'll preempt the question of safety by disclaiming here that I'm doing this in the safety of a lab without an outside network connection.

This idea is still in a sort of preliminary phase of planning, which means i'm still trying to determine the feasibility of such an experiment and exactly what the end result could possibly be, but i'll figure that all out later. Can anyone think of a way I can make something like this work in a scaled scenario?

Virtual Machines with Windows NT or lower. Windows NT has the capability to send packets bigger then the limit of newer windows OS'. By multiplying these virtual machines you will have a massive attack on a network.

Think of how many virtual machines you can have on a 10,000$ server.

Say

multiple Multi-core processors and 16GB ram.

Strikr wrote: Virtual Machines with Windows NT or lower. Windows NT has the capability to send packets bigger then the limit of newer windows OS'. By multiplying these virtual machines you will have a massive attack on a network.

Think of how many virtual machines you can have on a 10,000$ server.

Say

multiple Multi-core processors and 16GB ram.

I had considered virtualization, and I probably will end up using that way to run the sim. I guess I should have included in there that my means are extremely limited. I don't have any corporate backing for this project, or really any backing of any kind. Getting the virtualization to work will even be a challenge considering that I don't know how many copies of VMware I'll have at my disposal.

I'm also wondering exactly what the limitation of the networking will be (i.e. if I somehow manage to get 50 virtual machines onto say…10 different computers, what will the stress on the network hardware be with a DOS coming over each individual PC?) I know that question depends highly on the equipment i'm using, but I'm afraid that could be a snag when I go to set this all up.

Considering the older versions of windows, you do not need massive system requirements. All you need is a 100mbps or 1gbps switch and have 10 pc's with a number of VM's. It will do the same and you will see results.

I suppose I could more easily fashion the sim around some light weight unix VMs, but the big thing like I said in the first post is trying to figure out just how to scale it. I'm awful with math, so I have no idea how to even begin breaking down a large-scale attack on a root.

This whole idea came about from the theory that the Storm.d network and perhaps some other large virus networks that don't appear very active are all laying in wait just in case net neutrality collapses. The idea is that if that happens, then these networks would all be activated and try to kill the roots. The reason for this simulation would be to measure the effectiveness of an attack of that nature. Any idea what the numbers would look like for something like that?

logicbomb wrote: I suppose I could more easily fashion the sim around some light weight unix VMs, but the big thing like I said in the first post is trying to figure out just how to scale it. I'm awful with math, so I have no idea how to even begin breaking down a large-scale attack on a root.

This whole idea came about from the theory that the Storm.d network and perhaps some other large virus networks that don't appear very active are all laying in wait just in case net neutrality collapses. The idea is that if that happens, then these networks would all be activated and try to kill the roots. The reason for this simulation would be to measure the effectiveness of an attack of that nature. Any idea what the numbers would look like for something like that?

I lost my good post, pressed back by accident :(

to measure this effectiveness use different networks. Networks based off different speed (10mbps, 100mbps …), use different network security. Try DDOS against a Firewall and proxy. Try with and without port blocking / filtering. Try against authentication and encrption. Try against wireless networks and such.