October 2, 2017
Self Serve Testing
Q: How is self-serve training delivered?
A: Training is required (always included) for the self-serve portal. It needs to be refreshed every 6 months.
Q: What is the portal URL?
The portal supports multi-factor authentication and can even be limited to logins from a single IP. So authentication is safe.
Q: What safety limits can you put on a self-serve account?
A: We can put limiters in that can ensure that even if someone can log in, we can restrict things like:
Restrict which targets (IP’s, domains, URL’s) they can test
Restrict WHEN a target can be tested (date window, time of day)
Restrict testing to production systems unless a specific permission is given BUT allow testing to RedWolf test systems (this allows tests to be experimented with but does not allow them to test anything in production)
etc…. (we can implement pretty much any business rule)
When you first start self-service testing you will be limited to 5 Gigabit/sec for volumetric attacks. This limit can be manually removed after you run several successful self-serve tests.
Q: Do you support IPV6?
A: Yes for many (but not all) attack vectors. Not all cloud providers we use support IPV6. Contact RedWolf for the current IPV6 capable list.
Q: Can RedWolf launch attacks using real web browsers?
A: Yes RedWolf can script complex attacks in Chrome, Firefox, Internet Explorer and Microsoft Edge.
Q: Can multiple attack vectors be run simultaneously?
A: Yes multiple attacks can be blended per-attacker. We suggest keeping volumetric land layer 7 attack vectors separate. We also suggest keeping ‘good traffic’ monitors and generators separate from attackers.
Q: Can multiple targets be attacked simultaneously?
A: Yes multiple targets can be attacked simultaneously. It can be very difficult for local operations to monitor multiple targets simultaneously so for first few tests we suggest keeping the number of targets to one or two (max) until Operations gets used to doing these kinds of exercises.
Q: Can targets be changed during an attack?
A: Yes you can change targets live during an test. It is possible to add/remove registered targets with no limit. Maximum traffic (bandwidth) sent to each target can be controlled on a per-target basis.
Q: Can vectors be changed during an attack?
A: Yes you can change attack vectors (and parameters) live during a test.
Q: Can new IP’s be added/removed during an attack?
A: Yes you can add/remove IP’s live during a test in a number of ways:
1. You can ‘increase/decrease’ the number of agents running a vector.
2. You can ‘include/exclude’ specific agent IP addresses.
3. You can ‘include/exclude’ agents by tags like ‘provider’, ‘region’, etc… This lets you control the geographic region actions run from
Q: How Safe is DDoS Testing?
A: RedWolf has developed a methodology to make this type of testing extremely safe. RedWolf is trusted to test live production networks of many Fortune 100 companies. RedWolf recommends starting tests at very low levels, measuring any impact, and then carefully ramping-up in precisely controlled levels.
Q: If we see an outage, how long does it take to restore services?