DDoS Testing Your Infrastructure, including IPv6 SYN floods

When connecting to the Internet we immediately receive traffic from unknown sources. We should consider testing our infrastructure using active pentest methods, to verify robustness. This talk will be about doing port scans for discovery of infrastructures and detailed advice how to perform active DDoS simulation to find bottlenecks in the network. The attack tools will be already known tools like Nmap and Hping3 with IPv6 patches. The focus is on the process and experiences doing this over many years.

Networks are insecure, and often not as robust as we wish. There is a high risk that networks are vulnerable to one or more DDoS attack vectors, if not tested and verified. When setting up networks we often ignore the built-in features available, and we often have to select which features to enable on specific devices. The vendors tell us they can do everything in every box, but the truth is that attackers can often use more resources than we have available.

This presentation will take a holistic view on networking infrastructure, but due to time limits focus on hosting web services and providing services to the Internet. The process and advice would transfer to other services and can thus be applied by a practitioner afterwards on their own.

The main content in this presentation is about performing structured DDoS testing, what to attack, what to expect, how to reduce the number of vulnerable scenarios – with existing infrastucture devices. The presentation will provide some specific configurations and recommendations using example devices found in normal networks.