The DDoS Testbed is a platform with which DDoS attacks can be simulated with a small volume. It was orginally developed to pilot the DDoS Clearing House without the need for datasharing agreements or liability waivers. You can read about it in our blog1, blog2.
Since its development the pilots of the DDoS Clearing House in The Netherlands and Italy have picked up traction. Now the DDoS Testbed is mainly used to demonstrate the DDoS Clearing House and as a playground for small-scale DDoS drills and attack fingerprinting.
The testbed consists of
- A web-based dashboard
- VMs that simulate attack nodes in a botnet
- Ansible playbooks that connect the dashboard to the attack nodes
1. Dashboard
The dashboard is a Flask application on which organizations can initiate (and stop) a simulated attack on themselves. It is hosted in docker containers using docker-compose. See the readme for more information and instructions.
We use 5 small VMs located across the world to send DDoS traffic to a specified target on the testbed. The nodes are set up and instructed using ansible. See the ansible directory for the set up scripts and attack commands.
Ansible is a tool used mainly to automate the deployment and instruction of multiple systems simultaneously. The testbed uses Ansible to setup the attack nodes and to provide them the instructions to start or stop an attack.
The attack node setup is done using Ansible; follow this instructions in the corresponding README.
Follow the instructions in the dashboard's README.
- Follow instructions for the ansible part.
- Follow instructions for the dashboard part.