Commercial vs. Open-Source DDoS Testing

By Red Button

February 27, 2020

Today, multiple open-source tools can be used to run a DDoS test. This raises the question: Can those tools can be used to replace commercial DDoS testing, thereby reducing the test cost?

Open-source tools include tools like ‘hping’, ‘ab (Apache Benchmark)’, Cisco’s ‘TRex’ and other tools that can be classified as packet generators, traffic generators and DDoS tools. Most of the popular tools are not designed for DDoS but do have DDoS functionality, like the ‘—flood’ option in hping.

To understand the difference between open-source and commercial services, let’s first examine the difference in the DDoS testing process.

DDoS testing process

Full DDoS testing is a process with three parts: planning, test execution and summary. Here are the differences in the process when you use an open-source service as compared to a commercial service.

Phase	Description	Open-Source DIY	Commercial DDoS Services
PLANNING	During this phase, the DDoS service provider and the customer go over the network and service structure, assemble technical details, and define clear goals and the exact schedule of the test.	XOrganizations typically do not possess the knowledge to properly plan an effective attack.	✓DDoS testing providers have vast experience correctly planning a DDoS test.
CONTROLLED DDOS ATTACKS	In this phase, the DDoS attack is executed per the plan.	✓	✓
SUMMARY & RECOMMENDATION	The summary phrase includes a written report and, typically, a summary meeting. The report includes a test summary, analysis and recommendations.	XOrganizations do not necessarily understand the full meaning of the results they experience and what recommendations to draw from them.	✓

Phase	Description	Open-Source DIY	Commercial DDoS Services
PLANNING	During this phase, the DDoS service provider and the customer go over the network and service structure, assemble technical details, and define clear goals and the exact schedule of the test.	XOrganizations typically do not possess the knowledge to properly plan an effective attack.	✓DDoS testing providers have vast experience correctly planning a DDoS test.
CONTROLLED DDOS ATTACKS	In this phase, the DDoS attack is executed per the plan.	✓	✓
SUMMARY & RECOMMENDATION	The summary phrase includes a written report and, typically, a summary meeting. The report includes a test summary, analysis and recommendations.	XOrganizations do not necessarily understand the full meaning of the results they experience and what recommendations to draw from them.	✓

Real-life Simulation

The other interesting comparison between open-source and commercial DDoS testing is how close the attack is to the real, malicious attack.

The goal of a DDoS attack is to create “the real thing” – an attack that is as close as possible to a real DDoS attack (but, of course, one that can be controlled and stopped at any time).

This table shows the difference between open-source and commercial attacks.

Category	Open-Source	Commercial
Attack Vectors	Partial Open-source tools typically have only a small portion of DDoS attacks.	Comprehensive Most DDoS testing vendors have dozens and hundreds of attack vectors covering most of the DDoS spectrum.
Number of Bots	One, few or multiple bots in a single physical server.	Commercial DDoS testing can include dozens, hundreds and even thousands of bots.
Geographical distribution	X Typically running from a single location.	✓ Like real DDoS botnets, the bots are spread all over the world in various geographical locations.

Category	Open-Source	Commercial
Attack Vectors	Partial Open-source tools typically have only a small portion of DDoS attacks.	Comprehensive Most DDoS testing vendors have dozens and hundreds of attack vectors covering most of the DDoS spectrum.
Number of Bots	One, few or multiple bots in a single physical server.	Commercial DDoS testing can include dozens, hundreds and even thousands of bots.
Geographical distribution	X Typically running from a single location.	✓ Like real DDoS botnets, the bots are spread all over the world in various geographical locations.

Summary

Open-source DDoS testing can be useful in some scenarios. It maintains the advantages of being free and able to be used at will.

However, when using open-source tools for DDoS testing, you must keep in mind that the generated attack is not realistic and that you must base it on your own DDoS expertise, rather than rely on experts to guide you through the entire process.

Use Open-Source DDoS Tools	Use Commercial DDoS Testing
• Test is a lab environment. • Test can be repeated again and again. • Testing is required for very specific, well-defined validation.	• Testing production • Test windows are very small and cannot be repeated again and again • POC • The planning and summary are critical to the test and require DDoS expertise • Test must simulate real-life DDoS attacks

Use Open-Source DDoS Tools	Use Commercial DDoS Testing
• Test is a lab environment. • Test can be repeated again and again. • Testing is required for very specific, well-defined validation.	• Testing production • Test windows are very small and cannot be repeated again and again • POC • The planning and summary are critical to the test and require DDoS expertise • Test must simulate real-life DDoS attacks