Blog DDoS Skills DDoS Testing

Commercial vs. Open-Source DDoS Testing

By Red Button
February 27, 2020

Today, multiple open-source tools can be used to run a DDoS test. This raises the question: Can those tools can be used to replace commercial DDoS testing, thereby reducing the test cost?

Open-source tools include tools like ‘hping’, ‘ab (Apache Benchmark)’, Cisco’s ‘TRex’ and other tools that can be classified as packet generators, traffic generators and DDoS tools. Most of the popular tools are not designed for DDoS but do have DDoS functionality, like the ‘—flood’ option in hping.

To understand the difference between open-source and commercial services, let’s first examine the difference in the DDoS testing process.

DDoS testing process 

Full DDoS testing is a process with three parts: planning, test execution and summary. Here are the differences in the process when you use an open-source service as compared to a commercial service.

Phase Description Open-Source DIY Commercial DDoS Services
PLANNING During this phase, the DDoS service provider and the customer go over the network and service structure, assemble technical details, and define clear goals and the exact schedule of the test.
X
Organizations typically do not possess the knowledge to properly plan an effective attack.
DDoS testing providers have vast experience correctly planning a DDoS test.
CONTROLLED DDOS ATTACKS In this phase, the DDoS attack is executed per the plan.
SUMMARY & RECOMMENDATION The summary phrase includes a written report and, typically, a summary meeting. The report includes a test summary, analysis and recommendations.
X
Organizations do not necessarily understand the full meaning of the results they experience and what recommendations to draw from them.
Phase Description Open-Source DIY Commercial DDoS Services
PLANNING During this phase, the DDoS service provider and the customer go over the network and service structure, assemble technical details, and define clear goals and the exact schedule of the test.
X
Organizations typically do not possess the knowledge to properly plan an effective attack.
DDoS testing providers have vast experience correctly planning a DDoS test.
CONTROLLED DDOS ATTACKS In this phase, the DDoS attack is executed per the plan.
SUMMARY & RECOMMENDATION The summary phrase includes a written report and, typically, a summary meeting. The report includes a test summary, analysis and recommendations.
X
Organizations do not necessarily understand the full meaning of the results they experience and what recommendations to draw from them.

Real-life Simulation

The other interesting comparison between open-source and commercial DDoS testing is how close the attack is to the real, malicious attack.

The goal of a DDoS attack is to create “the real thing” – an attack that is as close as possible to a real DDoS attack (but, of course, one that can be controlled and stopped at any time).

This table shows the difference between open-source and commercial attacks.

Category Open-Source Commercial
Attack Vectors
Partial

Open-source tools typically have only a small portion of DDoS attacks.
Comprehensive

Most DDoS testing vendors have dozens and hundreds of attack vectors covering most of the DDoS spectrum.
Number of Bots One, few or multiple bots in a single physical server. Commercial DDoS testing can include dozens, hundreds and even thousands of bots.
Geographical distribution
X

Typically running from a single location.

Like real DDoS botnets, the bots are spread all over the world in various geographical locations.
Category Open-Source Commercial
Attack Vectors
Partial

Open-source tools typically have only a small portion of DDoS attacks.
Comprehensive

Most DDoS testing vendors have dozens and hundreds of attack vectors covering most of the DDoS spectrum.
Number of Bots One, few or multiple bots in a single physical server. Commercial DDoS testing can include dozens, hundreds and even thousands of bots.
Geographical distribution
X

Typically running from a single location.

Like real DDoS botnets, the bots are spread all over the world in various geographical locations.

Summary

Open-source DDoS testing can be useful in some scenarios. It maintains the advantages of being free and able to be used at will.

However, when using open-source tools for DDoS testing, you must keep in mind that the generated attack is not realistic and that you must base it on your own DDoS expertise, rather than rely on experts to guide you through the entire process.

Use Open-Source DDoS Tools
Use Commercial DDoS Testing
• Test is a lab environment.
• Test can be repeated again and again.
• Testing is required for very specific, well-defined validation.
• Testing production
• Test windows are very small and cannot be repeated again and again
• POC
• The planning and summary are critical to the test and require DDoS expertise
• Test must simulate real-life DDoS attacks
Use Open-Source DDoS Tools
Use Commercial DDoS Testing
• Test is a lab environment.
• Test can be repeated again and again.
• Testing is required for very specific, well-defined validation.
• Testing production
• Test windows are very small and cannot be repeated again and again
• POC
• The planning and summary are critical to the test and require DDoS expertise
• Test must simulate real-life DDoS attacks