DDOSIM - Application Layer DDOS Simulator

DDOSIM - Layer 7 DDOS Simulator

DDOSIM is a tool that can be used in a laboratory environment to simulate a distributed denial of service (DDOS) attack against a target server. The test will show the capacity of the server to handle application specific DDOS attacks.

It is written in C++ and runs on Linux.

It simulates several zombie hosts (having random IP addresses) which create full TCP connections to the target server. After completing the connection, DDOSIM starts the conversation with the listening application (e.g. HTTP server).


  • HTTP DDoS with valid requests
  • HTTP DDoS with invalid requests (similar to a DC++ attack)
  • TCP connection flood on random port
In order to simulate such an attack in a lab environment, you need to setup a network like this:


./ddosim [Options]


-d IP            Target IP address

-p PORT          Target port

[-k NET]         Source IP from class C network (ex.

[-i IFNAME]      Output interface name

[-c COUNT]       Number of connections to establish

[-w DELAY]       Delay (in milliseconds) between SYN packets

[-r TYPE]        Request to send after TCP 3-way handshake. 
                 TYPE can be HTTP_VALID or HTTP_INVALID or SMTP_EHLO

[-t NRTHREADS]   Number of threads to use when sending packets (default 1)

[-n]             Do not spoof source address (use local address)

[-v]             Verbose mode (slower)

[-h]             Print this help message


  • Establish 10 TCP connections from random IP addresses to www server and send invalid HTTP requests (similar to a DC++ based attack):
./ddosim   -d   -p 80   -c 10   -r HTTP_INVALID  -i eth0

  • Establish infinite connections from source network to SMTP server and send EHLO requests:
./ddosim   -d   -p 25   -k   -c 0   -r SMTP_EHLO  -i eth0

  • Establish infinite connections at higher speed to www server and make HTTP valid requests:
./ddosim   -d   -p 80   -c 0   -w 0   -t 10   -r HTTP_VALID  -i eth0

  • Establish infinite TCP connections (without sending a Layer 7 request)  from local address to a POP3 server:
./ddosim   -d   -p 110   -c 0  -i eth0

No comments

Powered by Blogger.