I have been testing a DDoS attack in my local network via docker. Each image has loaded with an "evil" DDoS file.
I tested simultaneously several containers attacking at the same time. On the image below it is possible to see 6 attacks (peaks). 1,2,3,4, 10, and 15 containers respectively running at the same time (each attack represents one peak).
What caught my attention is, the peak of the attacks has not been significantly changed by the number of containers attacking at the same time.
Why is that?
My hypothesis:
I. Dockers process are being executed not in parallel but in a serialized way.
II. Or, the saturation of packets sent on the gateway is already reached by the first container. Therefore doesn't make a difference in running more containers.
What do you guys think?