Loadtesting websites & DoS attacks
I'm keen to run some tests against my website to tweak caching & measure metrics under duress.
Pretty sure I can manage the technical side of that. Less sure about whether LES style providers are OK with that & how sensitive the DDoS protections are. Anyone have any experience / insights to share with on that?
.
- Good plan?1 vote
- Yes0.00%
- No0.00%
- Nuke it from orbit100.00%
Comments
DDOS is generally very different from load testing. You aren't going to generate any meaningful load at couple hundred RPS that will trigger any hosts DDOS protections.
There are various tools that are used in industry -- jmeter, vyatta, etc. If you want to really try to blow up your website, or do >1000 rps, serverless artillery is fun.
If you try to benchmark your website as you do a DNS reflection attack, a host would take issue.
Ionswitch.com | High Performance VPS in Seattle and Dallas since 2018
That's comforting.
I tried the free tier of loader.io before, but that doesn't have sufficient firepower & the paid one starts at 100 bucks. So current plan is to using azure server(s) with siege. Raw throughput between the two is good for just over a gigabit but I'm guessing perf3 throughput doesn't translate to http serving throughput.
Now there is an idea.
What is serverless artillery?
I think this is what he refers to: https://github.com/Nordstrom/serverless-artillery
"Humanity is f*cked up" - Jay
The level of load usually used to measure caching metrics is not a DDoS by most peoples metrics. Even if mitigation does activate on your site/service it's not likely to cost your upstream anything and therefore not be cared about.
X4B - DDoS Protection: Affordable Anycast DDoS protection including Layer 7 mitigation with PoPs in the Europe, Asia, North and South America.
Latest Offer: Brazil Launch 2020 Offer
Speak with your provider - nothing better than agreement in advance.
Clouvider Limited - Our LES Exclusive Unmetered Dedicated Server Offers