July 31, 2017

What should I expect if a system is overloaded?

Almost every RedWolf test can result in some sort of system limit being reached. It is very important that production systems recover effectively.


1. Slightly Degraded performance
– RedWolf suggests slowly increasing attack intensity from very, very low levels. As the intensity increases operations teams should monitor the increased load and performance of the full-stack (router to application) – any of these elements may fail first.  RedWolf can monitor the performance from the Internet, and from on-site monitors and identify the exact point where systems become degraded. Even with a DDoS appliance or upstream WAF some attack traffic can leak through and degrade the site. It is okay to live with degraded performance under a DDoS attack so long as the user experience is not too bad.

2. Moderately Degraded Performance – When performance degrades and regular users will know the site is operating slowly, but still usable. It may take many seconds to open a page, but a business transaction can still function. This condition occurs if the attack-mitigation leaks too much attack traffic through. One positive outcome of DDoS testing is to optimize DDoS mitigation activation thresholds to begin protecting services before this point is reached.

3. Severely Degraded Performance – When a site has long periods of failed requests and can not service.

4. Servers Hang or Crash — Servers taken out of pool – Enterprise application servers

5. Auto-scaling events

Meet RedWolf at RSA Conference 2019

Sharjil Khan, Principal Consultant at Redwolf Security Inc will be giving a presentation ‘How to Design and Operate a DDOS Testing Program’ on March 6th between 1:30pm and 4:30pm.

Click here to learn more