Skip to content


Article: Is It Legal To Perform DDoS Attack Tests?

DDoS attacks can be devastating to your company by blocking traffic to your environment for current and future customers, or by attackers extorting a ransom under threat of attack. An excellent way to prevent such dangers is a DDoS attack test. DDoS attack tests are real, controlled attacks that identify weaknesses in your environment and help you create a plan to protect your company.

However, as you may know, DDoS attacks are illegal. If a DDoS attack test is a real attack, is a test illegal as well? We will explain the law behind DDoS attack illegality and why you can have peace of mind about DDoS attack tests.

The Law

DDoS attacks are illegal. According to the Federal Computer Fraud and Abuse Act, an unauthorized DDoS attack can lead to up to 10 years in prison and a $500,000 fine. Conspiring to do so can lead to 5 years and $250,000.

However, these serious consequences are applicable to attacks launched without permission. DDoS attack tests are done in a controlled manner by professionals with the client's knowledge and consent.

The Order

While a DDoS attack test is a real attack, it is done in a controlled manner. We are committed to responsibly testing your environment by taking the following measures:
  • Minimizing impact. We scale our attacks in a manner that they have a real effect on your environment, but do not disrupt your business.
  • Authorization. We require all of our customers to complete authorization forms to prove they control and own the environment being targeted.
  • Fail-safes. NimbusDDOS provides multiple fail-safe mechanisms that are there to immediately stop a test if needed.
  • Botnet quality. An attacker's botnet uses hacked computers. Our botnet uses legitimate public cloud resources to generate the DDoS attack test traffic.
  • Backscatter prevention. We protect innocent third parties by making our "botnet" incapable of performing DDoS attacks using spoofed/forged source IP addresses.

With these precautions, you can be assured the test is being performed in a legal, safe manner.

Your Peace of Mind

Our first priority at NimbusDDOS is to keep you safe from unexpected cybersecurity risks. One of those risks should not be risking a prison sentence or a fine for conducting a DDoS attack. Companies should take care not to use illegal botnets to perform their testing, and avoid botnet-for-hire and dark web market offers for DDoS attack testing. We take every precaution to ensure the attack is authorized, controlled and is in place to help protect you and your customers.

NimbusDDOS has been recognized as a leader in the industry of DDoS attack protection and knows the ins and out of "ethical hacking." As a result, you can have peace of mind that the test is conducted in a legal manner.

Protecting Your Company

If you have further questions, or would like to protect your system from DDoS attacks, . We are here to help ensure you have peace of mind about all aspects of your DDoS attack security.

Note: This blog does not constitute legal advice; all customers should consult local laws and legal counsel.