DDoS
I’ve heard a lot of more talk about this lately. In particular, how to test it? Now testing it, requires one of two things. Access to multiple connections with large bandwidth, which is expensive. Alternatively, access to a network of zombie hosts around the world, which is unethical. So testing is almost impossible. However, steps can be taken to counter this. Cisco offer a whitepaper on the very subject. And even the much maligned wikipedia offers some resources on how to prevent DDoS. It hints at using firewalls with ‘defender’ capabilities, switches with rate limiting, traffic shaping and deep packet inspection, and application front end hardware and IPS.
Have a look at what happened when there was a DDoS from Estonia
Testing is certainly doable via open-source or commercial traffic-generator tools, etc.
Firewalls are not DDoS mitigation devices, nor are IDS/IPS devices nor loadbalancers. Various sorts of techniques such as S/RTBH, QPPB, and dedicated DDoS mitigation appliances are well-regarded mitigation techniques.
Thanks for the comments and interesting remarks. I have to admit, I’ve not looked up some tools for DDoS testing when I wrote that. So thanks for the encouragement. The ISS document at http://documents.iss.net/whitepapers/ddos.pdf looks like a good place to start. But the tools mentioned like TFN, Trin00, TFN2K, and Stacheldraht use dirty networks of already 0wned PCs (unethical). And wouldn’t you need bandwidth, infrastructure and PCs to simulate a DDoS running traffic generator tools? (e.g. httptrafficgen)