0

I've an application deployed on a Google compute engine, which is being load balanced using Google's HTTPS Load Balancer. And according to this article ,

With global HTTP(S) load balancing, the first Google Cloud Platform (GCP) service to support Cloud Armor, you get built-in defense against infrastructure DDoS attacks. No additional configuration, other than to configure load balancing, is required.

So I've tried to do a simple DOS attack on my application using Jmeter. I've configured Jmeter with following configuraiton

  • Total number of threads : 1500
  • Rampup time : 10 sec
  • Loop count : forever

I've ran this above configuration for around 5 min, after some time, I was able to see from the response that Load balancer is returning 502. But the server was down & I can't even able to access my application from machine's other than where I've setup Jmeter. So if google's security is in place I should be able to see the page from other machine. and the machine from where I've done the DOS attach, that machine should've been block listed.

I might be wrong , but there is no documentation available on google cloud to verify the behavior of Load balancer's DDOS security using cloud Armor.

So if anyone can help me, that will be great.

Carlos
  • 1,385
  • 8
  • 15
Pratik Shah
  • 101
  • 1
  • 4

1 Answers1

1

A response to your question is posted on this thread which I quote it here, in case anyone else ineterested:

As per the linked best practices document “ Successfully thwarting and handling DDoS attacks for your GCP deployment is a shared responsibility between Google Cloud Platform and you. DDoS defense involves deploying detection systems, implementing barriers and being able to absorb attacks by scaling in order to prevent attackers from overwhelming or disabling access to your services or applications. Google Cloud Platform provides several of these mechanisms automatically and you can follow the best practices detailed ( in the same document) on your end to help secure your GCP deployment”

That said, you should implement other methods in addition to using the load balancer that “mitigates and absorbs many Layer 4 and below attacks, such as SYN floods, IP fragment floods, port exhaustion”

On the other hand, and since this platform is for general inquiries, and to test this behavior, I encourage you to open an issue tracker report. Doing so, please include the above and all detailed reproduction steps.

Milad Tabrizi
  • 327
  • 1
  • 7
  • Link-only questions are frowned upon here. Please cite the important details of the answer here directly so if the link breaks the answer is still useful. – ceejayoz Jun 15 '18 at 20:32