Trying not to get this locked and thrown away instantly for mentioning botnets, but for a security course I'm on and to tie in with my Website project, I need to have protection against DDoS attacks. I have done some coding and tested it with a few mates attacking, but I'll need at least 20 PC's with a reasonable connection. The more the better obviously, as long as it maxes out my server. Is there any way to hire a botnet for legit purposes?
Just from memory, botnets are illegal by nature, unless the computers are linked by a legitimate distributed computing system.... Perhaps just hire people to let you use their computers a while, or get some help from a school IT admin....
My college is unwilling to do anything of the sort, although I setup an entire room to DDoS it for a moment, it was quickly blocked. I know botnets are illegal, but I don't think there's a name for the legal sort and couldn't think of another way to word it.
cant you just setup a virtual envirnment to do it? other wise i would just call it computer security testing and not let them know the details
Are you trying to prevent DDoS or just DoS? If you don't need the 'distributed' bit, you could just install your server software on a really old computer, then connect two really fast computers as clients and try DoSing with that setup.
or for multiple pcs - decently fast connection, and whack some virtual machines on some decent rigs (as yakyb said) you should be able to fit 12 "tinyxp" or "xsos" imagines on 4Gb of ram... RwD
I'd go with the local virtualisation tactic - It's a lot more controllable than trying to direct an actual botnet, and since it'd be a closed system, it'd be a lot more legal. Also, running a virtualised system you could easily demonstrate the differences between different attacks, and how your proposed system would deal with them. Seeing as this is supposedly for a security course, doccumentation should be of the utmost importance to this task.
I think there are some services online that will do this sort of testing for you. a quick search: http://www.google.co.uk/search?q=se...ervice&btnG=Search&hl=en&safe=off&num=20&sa=2
You can't replicate a DOS attack from any local VM setup. No matter how good your code is, you'll need a LOT of bandwidth to replicate a true DOS. And without a dedicated system in the infrastrastructure, are you sure you're protecting against something upstream getting overloaded? We run our servers with a dedicated LB & IDS but hardware to protect against a DOS is a different kettle of fish
