LATEST NEWS: Stop sky gazing, and sign up to a Micron21 Cloud today - VIDEO More NEWS Here

IP Stress Test - Infomation and Results

We recently launched a number of targeted network stress tests against our network by utilising what we believe is an incredible free tool which is provided by ipstresser.com
Below you will find our results of each test that we conducted including the information regarding the tests and some associated comments of our findings.

In short this tool is amazingly powerful, far more powerful than it advertises itself as and should be used with extreme caution when conducting any network stress testing.
The tool is totally anonymous from both a controller point of view and being able to trace where the test originated from. Anybody can create an account and launch a network stress test without any form of email verification.

In fact this tool is so dangerous; that in the hands of someone 'war driving' for an anonymous internet connection with malicious intent could do serious miscellaneous damage simultaneously to hosting operators across Australia, something that we believe is extremely scary!

We conducted both Layer4 and Layer7 tests however all the Layer7 tests failed to generate a result which could be measured in both capacity and packets per second. The Layer4 tests conducted were, DRDoS, UDP, UDP-Lag and SYN

stress test network

We conducted numerous tests as can be seen below, testing both single /32 targets and also multiple /32 targets simultaneously to see if bandwidth and packets per second is dedicated to each host target or shared across the platform.

The result is quite clear that the more /32 you simultaneously test the more diluted the testing capacity that this service provides.

The downside is the advertised test size was extremely under-rated when selecting a 200mbit test. We found that such a test is a lot closer to 900mbits per second with a total of 60,000 packets per second. This is enough test traffic to cause issues for the vast majority of Australian networks. ip tester

Where did the test traffic originate from ?

When running a single /32 test towards our network we saw about 800mbits come in from our international transit capacity and around 100mbits come in domestically.

The test traffic for DRDoS tests is truly distributed across the world from over 3500 IP address from 682 AS networks. That being said, the majority of the test traffic originates from China and Korea. The international traffic was seen coming across all our international interfaces spread across 140+ international BGP peers that our network interconnects with converging towards the target test within our Kilsyth Datacentre.

IPs Within Each AS
Top 10 ASN where the test DRDoS traffic originate from
708
The amount of data DDoS Protection applied to your services
CHINANET-BACKBONE No.31,Jin-rong Street (CN) (AS4134)
326
The amount of data DDoS Protection applied to your services
LGDACOM LG DACOM Corporation (KR) (AS3786)
170
The amount of data DDoS Protection applied to your services
CHINA169-BACKBONE CNCGROUP China169 Backbone (CN) (AS4837)
117
The amount of data DDoS Protection applied to your services
CNNIC-ALIBABA-CN-NET-AP Hangzhou Alibaba Advertising Co.,Ltd. (CN) (AS37963)
94
The amount of data DDoS Protection applied to your services
HANARO-AS Hanaro Telecom Inc. (KR) (AS9318)
65
The amount of data DDoS Protection applied to your services
CHINANET-SH-AP China Telecom (Group) (CN) (AS4812)
55
The amount of data DDoS Protection applied to your services
CABLE-NET-1 - Cablevision Systems Corp. (US) (AS6128)
53
The amount of data DDoS Protection applied to your services
KRNIC-ASBLOCK-AP KRNIC (KR) (AS17858)
49
The amount of data DDoS Protection applied to your services
HINET Data Communication Business Group (TW) (AS3462)
49
The amount of data DDoS Protection applied to your services
COMCAST-7922 - Comcast Cable Communications, Inc. (US) (AS7922)

 

International IP Stress Traffic - DRDoS Test Results

ip stress test ddos attack

The above graph shows 1/3 (Host 1) of the international traffic when targeting three /32 targets.

 

ip stress test ddos attack

The above graph shows 1/3 (Host 2) of the international traffic when targeting three /32 targets.

ip stress test ddos attack

 

The above graph shows test traffic targeting a single /32 (Host 3) and then 1/3 of the traffic towards (Host 3) when targeting three /32 targets.

 

test 4

The above graph shows regardless if you target 1 x /32 or 3 x /32 target IP addresses the test size has the throughput.

 

ads usa pps

 

The above graph shows regardless if you target 1 x /32 or 3 x /32 target IP addresses the test size in both packets per second.

 

Domestic IP Stress Traffic

Whilst collecting data we separated local traffic from international traffic where we saw about 1/9 of the volume come in locally, the results are below.

Domestic test traffic was seen coming in all of our Australian points of interconnect, across Australia aggregating towards the test target within our Kilsyth Datacentre.

aust ip test 1

 

aus ip test 2

ip stress test 3

 

ip stress test 4

The above graph shows regardless if you target 1 x /32 or 3 x /32 target IP addresses the test size has the throughput.

ads aus pps test

 

The above graph shows regardless if you target 1 x /32 or 3 x /32 target IP addresses the test size in both packets per second.

The SYN test which is a low volume high packet per second equating to 90,000 packets per second distributed from 103 IP addresses across 58 AS networks. What is interesting with this test is a lot of IP addresses come from networks which don’t display public AS information.

The UDP test which is high bandwidth low packet per second was 500 mbits about 35,000 packets per second distributed from 115 IP addresses across 54 AS networks.

syn-test

 

Top 10 ASN where the test SYN traffic came from
CHINANET-BACKBONE No.31,Jin-rong Street (CN) (AS4134)
GIGAINFRA Softbank BB Corp. (JP) (AS17676)
UUNET - MCI Communications Services, Inc. d/b/a Verizon Business (US) (AS701)
SITA SITA (EU) (AS2647)
MERIT-AS-14 - Merit Network Inc. (US) (AS237)
DNIC-ASBLK-00721-00726 - DoD Network Information Center (US) (AS721)
WA-K20 - Washington State K-20 Telecommunications Network (US) (AS10430)
VOCUS-BACKBONE-AS Vocus Connect International Backbone (AU) (AS4826)
MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation (US) (AS8075)
APPLE Apple Inc (US) (AS714)

 

Real Time Packet Capture Investigation

Further investigation is underway looking at packets during the tests understanding fragment size and protocol information to further understand the nature of the network stress tests

pcap

 

Interesting Information

The test results have also uncovered some very interesting information with reference to networks which don’t publicly display AS information which are precipitating in the network stress test, which include the following.

Telecom Italia S.p.A.
DoD Network Information Center
Ernst & Young LLP
City of Regina
KomInvest route
DoD Network Information Center
AT&T Services, Inc.
LSI Corporation
African Network Information Center - (AfriNIC Ltd)
Unknown
Jinan UPNET Science And Technology Co.,Ltd.
DoD Network Information Center
Hewlett-Packard Company
The Prudential Insurance Company of America
Internet Assigned Numbers Authority
KWH PLAST
Asia Pacific Network Information Centre
Allen Edmonds (allenedmonds.com)
Unallocated and unassigned in LACNIC block: 190.111.153.6
Computer Sciences Corporation
Internet Assigned Numbers Authority
African Internet Numbers Registry
Asia Pacific Network Information Centre
OJSC "Vimpelcom"
Verizon Online LLC
JPMorgan Chase

 

We will be updating this site over the next few hours and days with more information as we continue to analyse the information we have collected.

 

Micron21 Support


UECOMMCiscoAPNICJuniperYes OptusPipeNetworks