Test with simulation partners
It’s a good practice to test your assumptions about how your services will respond to an attack by conducting periodic simulations. During testing, validate that your services or applications continue to function as expected and there’s no disruption to the user experience. Identify gaps from both a technology and process standpoint and incorporate them in the DDoS response strategy. We recommend that you perform such tests in staging environments or during non-peak hours to minimize the impact to the production environment.
Simulations help you:
- Validate how Azure DDoS Protection helps protect your Azure resources from DDoS attacks.
- Optimize your incident response process while under DDoS attack.
- Document DDoS compliance.
- Train your network security teams.
Azure DDoS simulation testing policy
You may only simulate attacks using our approved testing partners:
- BreakingPoint Cloud: a self-service traffic generator where your customers can generate traffic against DDoS Protection-enabled public endpoints for simulations.
- Red Button: work with a dedicated team of experts to simulate real-world DDoS attack scenarios in a controlled environment.
Our testing partners' simulation environments are built within Azure. You can only simulate against Azure-hosted public IP addresses that belong to an Azure subscription of your own, which will be validated by Azure Active Directory (Azure AD) before testing. Additionally, these target public IP addresses must be protected under Azure DDoS Protection.
BreakingPoint Cloud and Red Button are only available for the Public cloud.
- Before you can complete the steps in this tutorial, you must first create a Azure DDoS Standard protection plan with protected public IP addresses.
- For BreakingPoint Cloud, you must first create an account.
Configure a DDoS test attack
Enter or select the following values, then select Start test:
Setting Value Target IP address Enter one of your public IP address you want to test. Port Number Enter 443. DDoS Profile Possible values include
TCP SYN Flood,
UDP 64B Flood,
UDP 128B Flood,
UDP 256B Flood,
UDP 512B Flood,
UDP 1024B Flood,
UDP 1514B Flood,
Test Size Possible values include
100K pps, 50 Mbps and 4 source IPs,
200K pps, 100 Mbps and 8 source IPs,
400K pps, 200Mbps and 16 source IPs,
800K pps, 400 Mbps and 32 source IPs.
Test Duration Possible values include
It should now appear like this:
Monitor and validate
- Log in to https://portal.azure.com and go to your subscription.
- Select the Public IP address you tested the attack on.
- Under Monitoring, select Metrics.
- For Metric, select Under DDoS attack or not.
Once the resource is under attack, you should see that the value changes from 0 to 1, like the following picture:
BreakingPoint Cloud API Script
This API script can be used to automate DDoS testing by running once or using cron to schedule regular tests. This is useful to validate that your logging is configured properly and that detection and response procedures are effective. The scripts require a Linux OS (tested with Ubuntu 18.04 LTS) and Python 3. Install prerequisites and API client using the included script or by using the documentation on the BreakingPoint Cloud website.
Red Button’s DDoS Testing service suite includes three stages:
- Planning session: Red Button experts meet with your team to understand your network architecture, assemble technical details, and define clear goals and testing schedules. This includes planning the DDoS test scope and targets, attack vectors, and attack rates. The joint planning effort is detailed in a test plan document.
- Controlled DDoS attack: Based on the defined goals, the Red Button team launches a combination of multi-vector DDoS attacks. The test typically lasts between three to six hours. Attacks are securely executed using dedicated servers and are controlled and monitored using Red Button’s management console.
- Summary and recommendations: The Red Button team provides you with a written DDoS Test Report outlining the effectiveness of DDoS mitigation. The report includes an executive summary of the test results, a complete log of the simulation, a list of vulnerabilities within your infrastructure, and recommendations on how to correct them.
Here's an example of a DDoS Test Report from Red Button:
Submit and view feedback for