New DDoS cannon for testing

Serverius has released an advanced software framework that can generate sophisticated DDoS attacks for testing purposes.

This development makes Serverius one of few European parties that can truly offer DDoS defense testing and large-scale application layer 7 stress tests as a service.

For numerous years, Serverius has been the only Dutch party able to deal with large-scale DDoS attacks. Every day, Serverius mitigates hundreds of gigabits of DDoS traffic for their clients. Qbine, Serverius’ newest website optimization, and protection service has made big waves in Europe. The number of parties that can offer this kind of distributed website protection is very limited – currently, Serverius is the largest party in the Netherlands as it has various kinds of additional services like security optimization, load balancing, web scanning, and others. Because of the extent of the services, it is even more important to stress test all these features to their limits This way Serverius’ clients know that Qbine can also perform under a heavy load.

The Serverius Qbine case

The Qbine platform is designed to be resilient against the largest attacks. To validate this claim, large-scale DDoS traffic generating was required. No one was able to test the platform at the required scale following the required procedures and legal boundaries. However, Serverius’ employee Stanislav Datskevych found a solution for this problem. With his extensive knowledge, Stanislav and the team were able to develop new software that can send out huge DDoS attacks. This gave Serverius the opportunity to test their own software and ambitious claims.

Stanislav Datskevych, NOC Engineer at Serverius
Stanislav Datskevych, NOC Engineer at Serverius

How does it work?

Stanislav Datskevych explains the DDoS cannon. “As we had to test our own technology, we have developed a cannon that can fire an advanced DDoS attack of hundreds of gigabits per second as a testing mechanism. How much can it handle until it’s overwhelmed? To test this, we have created software that can coordinate multiple servers to launch various types of attacks towards a single target”.

Datskevych and the team immediately came across several challenges within the development, Datskevych explains. “How do we coordinate a simultaneous start of the attack? More importantly, how do we quickly stop it when something goes wrong? We can’t just SSH to hundreds of servers/virtual machines and kill processes manually – so what do we do? And, if necessary, can we perhaps borrow CPU power and/or network capacity from any other major cloud providers when our own resources are not enough?”

As a result, the DDoS cannon was designed: A web application that sends commands to a message broker that fans them out to every server that has joined the swarm. Later, cloud instance provider support has been added. No additional power can be ordered for the stress tests in no time.

“A layer 7 attack is usually not very big by volume; however, it can be incredibly stressful for a web application – and that’s exactly what we needed to test”.

Layer 3, 4 and 7 attacks

The DDoS cannon can perform attacks on layer 3, 4 and 7 of the network stacks. Layer 3 and 4 DDoS attacks the network, where a layer 7 DDoS attacks the web application itself.

“The DDoS cannon attack tool is rather versatile: it can perform attacks on the network layers (3 and 4), as well as the application layer (7). A layer 7 attack is usually not very big by volume; however, it can be incredibly stressful for a web application – and that’s exactly what we needed to test”, explains Datskevych. “The main goal of the DDoS cannon is to see how certain web application platforms will perform under pressure. Qbine is aiming to be a protection solution for all layers of attacks.”

Hidde van der Heide, Head of R&D at Serverius, is very pleased with the developments around Qbine and the DDoS cannon. “Last year our R&D team has added an impressive list of new features and enhancements to the Qbine platform. Any increment to the central processing of traffic needs to be tested at scale and under high pressure. As the platform has reached a global scale and performance has increased tremendously, generating enough load to stress-test the applications has become a difficult challenge in itself. The new DDoS cannon tool lets our developers quickly validate performance sensitive increments, at any scale. This allows them to iterate much faster and improves the quality of the software”.

Hidde van der Heide, Head of R&D at Serverius

Why offer this as a service?

“A few of our clients have asked us to use the cannon in addition to their PEN tests”, says Van Der Heide. “Plenty of networks are never tested on a heavy load. More than 80% of all website owners in the Netherlands assume that when their website is under attack, their external hosting and/or DDoS protection service will protect when an attack takes place. Unfortunately, more than 70% are protected by systems and services that do not work. They cannot handle a broad amount of Mbps and, in addition to this, layer 7 protection technology is not in place. With our cannon service, we can easily show clients that it’s important to act upfront. Hence we started offering this service as a paid service.”

“But don’t think it’s a job easily done. No, this service can really harm the target and its environment. Therefore, a strict protocol & planning is in place, where all related parties are aware of how the stress test is performed. This includes the website owner (UBO), the hosting environment, the network, the DDoS protecting service, and Serverius”.

Worldwide availability

Serverius is adding new PoP’s at an increasing rate, many of which are outside Europe. The focus for Serverius as a European service for primarily European customers has not changed, but can now be claimed on a global scale. “By increasing our coverage of the globe we move closer to the clients of the applications we protect, but equally important, closer to the sources of the attacks. By mitigating the largest attacks close to their source, other parts of the world are not harmed and a high service level can be guaranteed”, says Van Der Heide.

European made software

In the last few months, the Qbine web application platform and the DDoS cannon have been thoroughly tested – and both getting fantastic results.

Qbine can filter over a million queries per second: just like the well-known services from the States. However, there is one main difference: Qbine is European based. Qbine is built by Serverius: a 100% Dutch, leading internet infrastructure company in Europe. The Qbine platform is currently used by thousands of users in the world to protect European based websites. With the new European regulations where the UBO must be based in Europe, it is more important than ever for Europe based companies to use European made and operated software. This makes Qbine the only European protection product capable of mitigating large Layer 7 DDoS attacks.