BoNeSi, the DDoS Botnet Simulator is a Tool to simulate Botnet Traffic in a testbed environment on the wire. It is designed to study the effect of DDoS attacks.

BoNeSi generates ICMP, UDP and TCP (HTTP) flooding attacks from a defined botnet size (different IP addresses). BoNeSi is highly configurable and rates, data volume, source IP addresses, URLs and other parameters can be configured.

There are plenty of other tools out there to spoof IP addresses with UDP and ICMP, but for TCP spoofing, there is no solution. BoNeSi is the first tool to simulate HTTP-GET floods from large-scale bot networks. BoNeSi also tries to avoid to generate packets with easy identifiable patterns (which can be filtered out easily).

BoNeSi sniffs for TCP packets on the network interface and responds to all packets in order to establish TCP connections. For this feature, it is necessary, that all traffic from the target webserver is routed back to the host running BoNeSi. 

On an AMD Opteron with 2Ghz we were able to generate up to 150,000 packets per second. BoNeSi  tested against state-of-the-art commercial DDoS mitigation systems and where able to either crash them or hiding the attack from being detected.

Subscribe Top Hacker Stories via email