Introduction
Our client, a leading DNS provider, was offering management and registration of a number of global top-level domains and wanted to make sure that the new infrastructure could withstand both peak load and a DNS-based DDoS attack before going live. They commissioned a DDoS attack testing service to ensure that their mitigation, reporting, and monitoring tools were working properly.
Due to the fact that the systems being tested are considered part of the internet infrastructure, the potential cost to the business in terms of reputational damage and loss of revenue was very high. Babble was selected to provide two 90-minute DDoS tests.
The task
After the NDAs and commercial agreements were completed, Babble engineers held a detailed technical consultation to establish the key test parameters.
Load balancer and server rate limiting were in place to restrict the number of requests that could be made over a period of time. These were removed before the tests so that stress tests could also be run.
Key Test Parameters include:
- Required compliance to code of best practice
- Test objectives
- Systems, people, and risk assessment review
- DDoS attack types and parameters
The Test
The initial attack vector was 500,000 DNS queries per second to FQDNs supplied in a text file, with a mix of UDP-based record lookups using normal and DNSSec-based queries.
On the test date, all key stakeholders connected to a live web conference to communicate with the Babble operations team and view the DDoS attack test portal. The customer could activate the emergency stop procedure at any time to halt the test within seconds.
The volumetric tests measured how many requests per second the infrastructure could handle. The types of requests sent were varied to see how latency and end-user response rates changed under system load.
After the initial tests, a further round of testing was conducted on other smaller data centres to confirm their load and attack capacity.
