by zeroBS: highest competence in the realm of DDoS-Assessments
Made in Germany

[ german version ]

zeroBS operates a dedicated, cloud-based platform for the implementation of DDoS-test-attacks on networks, appliances and applications. With the help of our platform we are able to check the effectiveness of your DDoS defense mechanisms.

In addition to team training and checking anti-DDoS measures, one of our main focus are basic functionality test, either after implementation or after major changes.

We have gained extensive experience in order to identify and test the individual parts of the entire dataflow-chain, from the BGP-side entry point, via anti-DDoS appliances, Targeted testing of firewalls, load balancers and application servers.

Flyer-Download (PDF)

A selection of manufacturers, technologies and providers we already tested:

 

   

 

 

 

 

 

Part of our stresstest are comprehensive analyzes (OSINT) in advance and integrated monitoring of attacked targets in order to be able to make qualitative, measurable statements on performance and limits.

Features

• volumetric attacks up to 100 GB/s or 100 Mio pps, TCP, UDP or ICMP
• Layer-7-Attacks with full-stack-browsers, up to 10 Mio RPS
• 50 locations and up to 100.000 dedicated IPs available
• IPv4 and IPv6
• full automated setup and orchestration
• dashboard and monitoring for clients
• monitoring-logfile and export for further analysis
• simulation of real-world-botnets (server, IoT, Mirai etc)
• customizable attacks, if necessary
• interactive dashboard: every attack is recorded and can be replayed for later analysis
• multi-location-monitoring

AttackModes

• Standard: Single-IP-Attacks, perfect for basic certificates of performance
• CarpetBombing: Attacks against whole Networks/CIDR-Ranges, necessary for advanced tests and increased threatlevels [1]
• ChewieAttack: CarpetBombing v 2.0; even more randomness, to tangle any statistic-based detection [2]
• ThorsHammer: an to the exact millisecond timed Attack (Thors Hammer), based on our own R&D with devastating success

Definition CarpetBombing von APNIC / Global DDoS attack trends 2018

Carpet bombing attacks are a new variant of the more common reflection or flooding attacks, where instead of focusing the attack on a single destination, the attacker attacks every destination within a specific subnet or CIDR block (for example, a /20). This will both make it more difficult to detect the attack and also to mitigate it, potentially resulting in outages due to the flood of attack traffic across network devices and internal links.

In addition, these attacks are often fragmented, resulting in a flood of non-initial IP fragments, which can be tricky to mitigate. The attacker will often shift their attacks from one subnet (or CIDR block) to another, complicating the detection and mitigation even further.

Definition ChewieAttack (CarpetBombing 2.0)

Very similar to CarpetBombing in terms of target selection, the Chewie-Attack-Mode brings more randomness into play by adding target, strength, vector and protocol completely random to be chosen.

This ensures that pure statistics-based detection methods completely confused, as the packet stream from an attack IP never lasts longer lasts than 30 seconds, stops for at least 120 seconds and then start again with a new target and pattern.

Only 25% of the bots of a botnet are active at any given time, but this attack is much more difficult to defend.

DDoS RedTeaming

We are able to recreate and execute sophisticated attacks, using the Recon and OSINT method of target analysis and selection... selected attacks on neuralgic points in order to a) test the defence a) to test the defence and b) to simulate a real "targeted attack". So it's more like a sniper than a mallet. The fact that this attacker behaviour is not uncommon, as we have seen in several DFIR analyses:

• DDoS-Sniper: sophisticated attacker analyzed
• DDoS-Incident-Response - Ein Bericht von der Front (german only)