Score:0

(Theoretical view) In a DDoS attack via docker, no correlation found between the amount of sent packets and the number of virtualized containers

cn flag

I have been testing a DDoS attack in my local network via docker. Each image has loaded with an "evil" DDoS file.

I tested simultaneously several containers attacking at the same time. On the image below it is possible to see 6 attacks (peaks). 1,2,3,4, 10, and 15 containers respectively running at the same time (each attack represents one peak).

What caught my attention is, the peak of the attacks has not been significantly changed by the number of containers attacking at the same time.

Why is that?

My hypothesis:

I. Dockers process are being executed not in parallel but in a serialized way.

II. Or, the saturation of packets sent on the gateway is already reached by the first container. Therefore doesn't make a difference in running more containers.

What do you guys think?

Wireshark packets analysis

Score:0
cn flag

Maxing out after 2 containers is not a great indication for scaling out to many processes. Not enough information to tell why that is, performance bottlenecks could the application, the network stack, or the hardware. For example, the clients could have polite behavior of waiting for application level responses, rather then push requests as fast as possible.

Find out how many packets per second these can do with the simplest possible application. iperf is a classic tool for this kind of maximum bandwidth test. Significantly higher PPS would indicate a bottleneck closer to the application than the network stack.

Regarding the point of this exercise, a distributed denial of service cannot be easily simulated with (presumably) one physical host. Usually the objective is a volume attack, many hosts sending far more application requests or raw packets than your infrastructure can handle. Or from so many IP addresses source blocking is not feasible.

However, even a relatively small attack from just a few hosts can in theory still bog down a service. Depends on the application and the resources of the server it runs on.

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.