MARS Experiment from Level7


The main goal of the MARS experiment is to test the effectiveness of its infrastructure that prevents DDOS attacks, comparing a scenario without DDOS defenses to another one where Level7 is using the MARS solution to prevent the attack.

To simulate a DDOS attack scenario, Level7 has used two main components, each one in a different testbed. The first one is a server located on the FOKUS testbed and targeted by the attacker. The second is a component situated on the Ericsson testbed that simulates a legitimate and a malicious flow of packets.

This DDOS prevention has been achieved using a distributed approach based on probes and filters located over the network. Probes distinguish bad packets from good packets and filters block malicious packets flow.

To best implement this scenario, SoftFIRE offers OpenVPN tunnels to simulate the routing functionality to specific devices. In this case, MARS experimenters had used this feature to route all packets flow through probes and filters.

Each experiment has been evaluated in terms of percentage of bad packets identified and dropped, good packets identified and not dropped, and reaction time: those values are four KPIs established before the beginning of the experiment to verify the improvement obtained by the Level7 using their own solution. To collect data log to verify KPIs threshold experimenters have installed an iperf component on the Ericsson testbed.

Results show that all the target values have been hit, demonstrating that a distributed approach is effective defending resources and services from DDOS attacks.