1
I'm implementing an algorithm to detect HTTP GET Flooding Attacks. I have used Bonesi as a bonet traffic generator to launch attack traffic. However, I need a real trace of a normal web traffic (or web traffic generating tools) for my testbed to compute the false positive rate.
Any suggestion for me?
Sarah G.
Posted 2017-06-13T16:03:53.557
Reputation: 11
1
You can setup a PC in LAN to simulate multiple IP and MAC to simulate DDoS.
It seems somebody already wrote the answer in serverfault. (I can't guarantee all those tools will works).
A local area network DDoS on a Gigabit network is enough to show you the effect. As a reminder, DO NOT RUN DDoS SIMULATION. You will either get banned or the ISP may cut off your line.
(Update): HTTP Sync attack is something that about making proper handshake and GET request without response to the server request. Since FP is doing otherwise, you can try to find tools that simulate multiple 'curl' or 'wget'.
mootmoot
Posted 2017-06-13T16:03:53.557
Reputation: 111
I've already used Bonesi to simulate HTTP Get Flood Attacks with thousands of bots (only in LAN). However, what i need is a normal traffic of a web server to compute the false positive rate of my algorithm. How can I launch a normal traffic in my testbed? – None – 2017-06-13T17:01:01.433
don't you have logs? replay a week's worth of traffic in 5 mins. – None – 2017-06-14T16:08:24.283
@dandavis: Could you provide me some logs? And how can I replay the traffic as you said in 5 mins? – None – 2017-06-15T03:25:38.437
Peter - just capture your own logs from your own network. And play them back as fast as you need. – Rory Alsop – 2017-06-15T10:15:48.650