Custom DDoS Attacks

Our DDoS Testing and Validation platform supports many types of test pattern. However we can add many more bespoke test patterns and methods through custom coding.

These are especially useful if you have non-HTTP/HTTPS resources or if you have concerns about the efficacy of your mitigation platform to unusual attacks.

We have chosen to limit the information we provide on some of these esoteric attacks to minimise tool development but we can discuss them under NDA. The links for these therefore will not open the page to the public so please contact us for further information.

We can also playback canned responses for certain tests – such as DNS AXFR or DNS ANY testing. This can also be useful for controlled replay of real attacks, or load testing for new and existing services. Where a test requires us to request a number of parameters (such as specific sequences of URL or particular combinations of DNS RRs) from the target host, this can be scripted.

As part of the custom coding development, we will undertake small evaluation tests so we can confirm to you our attack capability in Packets, Connections, or Queries per second, or in bandwidth, as appropriate.

Fragmented ACK Attack

This is an attack at layer 4

This uses large (often 1500 byte) ACK packets with the fragment bit set to bypass mitigation equipment and cause the target machine to consume resources and bandwidth building packets that contain no useful information. Similar conceptually to the ACK Flood, this can sometimes be combined with a final fragment containing the PSH bit set.

ICMP Redirect Attack

This is an attack at layer 4

A simple attack using multiple forged source addresses with packets that contain an ICMP redirect which alters the apparent next hop for an incoming IP address. This can be very effective if the attack targets the geographic address space used, for example, by a primarily UK ecommerce site.

IP FLAG Attack

This is an attack at layer 4

Non-public details are available after NDA.

IP Protocol Attack

This is an attack at layer 3

Non-public details are available after NDA.

Other IP or TCP or UDP Protocols

It is not only HTTP or HTTPS that can be attack destinations, which is why we can script attacks in the following protocols and others:

  • BGP
  • FTP
  • DNS (we have tested to >500,000 queries per second of DNS and DNSSec, and have the capability to do much more)
  • GRE
  • IKE
  • IMAP
  • ISAKMP
  • LDAP
  • POP3
  • RTSP
  • SIP
  • NTP
  • SMTP
  • SSH
  • TELNET
  • TFTP

Please feel free to contact us if you require an attack against an IP based protocol we have not listed.

RBIT Attack

This is an attack at layer 4

Non-public details are available after NDA.

Real Browser Attack

This is an attack at layer 4

Using higher powered nodes we can send HTTP(S) requests to a target web server with complete custom scripted responses, including the ability to navigate Java and other challenges.

Sockstress Zero Attack

This is an attack at layer 4

This tells the target that the sender cannot accept data after making a connection. This therefore exhausts the connection slots on the target machine.

Wikipedia have a specific page on Sockstress.

Sockstress Small Window

This is an attack at layer 4

This tells the target that the sender can only accept a small amount of data at a time, this again acts to keep open connection slots.

Wikipedia have a specific page on Sockstress.

Xerxes

This is an attack at layer 7

A combination of the Slowloris and RUDY attacks together with a TCP Slow Read to keep connections in use and thereby exhaust resources on the target.

Zero Attack

This is an attack at layer 4

Non-public details are available after NDA.