// Question: Where is NimbusDDOS?
// Answer: We are a decentralized startup. Our official headquarters is located in Boston, where Mr. Shoemaker is located, but our engineers are scattered throughout the USA.

// Question: Is NimbusDDOS reputable? Aren't you just hackers?
// Answer: Yes we are reputable, and yes we are *ethical* hackers. All NimbusDDOS engineers are thoroughly vetted to ensure the highest level of qualification and that their background will not inhibit them from working for any of our customers. Many of our customers do business in sensitive areas (financial services, government, healthcare) that require the utmost discretion or special security clearances from our employees.

// Question: What is a DDoS attack?
// Answer: A Distributed Denial of Service (DDoS) attack is a type of network attack intended to make an organization's online resources unreachable to customers and legitimate users. Although these attacks have existed since the earliest days of the Internet, recent trends indicate the frequency of occurrence to be increasing at 100%-150% yearly. In recent years, the media has reported on well-known brands such as Sony, Microsoft, Visa, and Bank of America as being targeted and disrupted by DDoS attacks.

// Question: Should I be worried? Who is targeted by DDoS attacks?
// Answer: All businesses can be targeted and impacted by DDoS attacks. Recent trends indicate the frequency of occurrence to be increasing at 100%-150% yearly. In recent years, the media has reported on well-known brands such as Sony, Microsoft, Visa and Bank of America as being targeted and disrupted by DDoS attacks.

Below are some specific high-risk flags:

• High-risk industries (financial, healthcare, government, ecommerce, online media, gambling, adult entertainment)
• Business revenue is closely associated with online presence (example: e-commerce company)
• Businesses at risk of reputation damage
• Well-known brands are often targets of extortion

// Question: Won't my ISP/Firewall/IPS/... protect me from DDoS attacks?
// Answer: Maybe, but how do you know? In our experience, most customers are unaware of the DDoS weaknesses in their environment and has either been lucky or misdiagnosed previous DDoS attacks as software bugs or system outages. Generally, 90% of our new customers fail their first round of testing. However, the data we collect and the guidance we provide helps to strengthen an organization's defenses. NimbusDDOS helps organizations answer the unknown by providing a full lifecycle of DDoS preparedness solutions tailored to the unique risks of each customer.

// Question: What is a simulated DDoS attack?
// Answer: A simulated DDoS attack is a "real" DDoS attack performed under controlled conditions with the goal of answering specific questions about the target environment.

// Question: Why would I want to attack myself?
// Answer: It’s all about being prepared and finding the weaknesses in your environment before an attacker does. Discovering issues, or learning "on-the-fly" at 3am during a real attack does not work.

Specific benefits of testing include:

• Understanding the exact limits of the environment
• Finding misconfigurations and errors
• Provide a controlled environment to train IT staff in attack response

// Question: Is it legal to perform simulated DDoS attacks?
// Answer: Our position is that a simulated DDoS attack is legal when performed in a responsible manner.

Our commitment to responsible testing includes the following:

• Properly sizing simulated DDoS attacks to minimize impact beyond the intended target
• Require all customers to complete an authorization that proves they own or completely control the target
• Require all customers to notify their upstream ISP(s) of the proposed testing
• Provide multiple fail-safe mechanisms to deactivate a running DDoS attack simulation
• Our simulation "botnet" uses paid resources rather than hacked computers
• To prevent backscatter to innocent 3rd parties, our simulation "botnet" is incapable of performing DDoS attacks using spoofed/forged source IP addresses

// Question: Which types of simulated DDoS attacks are available?
// Answer: We offer simulations of dozens of common DDoS attacks that can be modified to a nearly limitless number of permutations to meet the unique needs of our customers.Additionally, our engineers are skilled in creating DDoS attacks, and are able to craft custom attacks specifically designed to exploit the weaknesses of a customer's environment. We can't list all of our attacks, but if you have heard of it we can do it.

A partial list of some of our most common attacks is included below:

• UDP bandwidth flood - volumetric DDoS
• ICMP bandwidth flood - volumetric DDoS
• Fragmented ICMP bandwidth flood - volumetric DDoS
• UDP DNS/NTP reflection and amplification bandwidth flood - volumetric DDoS
• Tsunami SYN flood - volumetric DDoS
• SYN flood - protocol DDoS
• HTTPS/SSL negotiation attack - protocol DDoS
• TCP connection attack - protocol DDoS
• HTTP/HTTPS SlowLoris attack - protocol DDoS
• HTTP GET/POST flood - layer7 DDoS
• HTTPS GET/POST flood - layer7 DDoS
• UDP DNS query flood - layer7 DDoS
• TCP DNS query flood - layer7 DDoS
• SMTP flood - layer7 DDoS

// Question: What simulated DDoS attacks should I perform?
// Answer: Prior to performing a simulated DDoS attack, we generally perform a DDoS risk assessment. By performing the risk assessment first, our engineers can identify high risk areas that the customer may be unaware of, and the simulated attacks can then be tailored to test those identified high risk areas.

// Question: How large/small can the simulated DDoS attacks be?
// Answer: NimbusDDOS has performed simulated DDoS attacks in excess of 100Gbps, and as small as 100Mbps. Our flexible cloud-based attack simulation platform allows for a nearly limitless range of attack sizes.

// Question: Where do you run the simulated DDoS attacks?
// Answer: The NimbusDDOS attack simulation platform leverages public cloud resources.

• Traffic can be sourced from anywhere globally
• Traffic can be directed anywhere globally

// Question: Do the simulated DDoS attacks have an emergency shutoff?
// Answer: Yes, we have two mechanisms for performing an emergency shutdown of a simulated DDoS attack. The first is an in-band mechanism using the normal communication pathways of the NimbusDDOS platform. The second method is an out-of-band mechanism that leverages the communication pathways of our cloud vendors. Both methods are capable of shutting down even our largest attacks in less than one minute.

// Question: How are simulated DDoS attacks different than load testing?
// Answer: The main distinction is that a load test is attempting to find the upper limit of an environment when exposed to normal traffic, whereas a simulated DDoS attack is specifically crafted to maximize the impact to the target. As an example, a load test tool may repeatedly load a website using behaviors intended to closely match a normal user with normal traversal through the site with pauses and such. A DDoS attack equivalent, however, might focus on a specific "edge case" like opening 10's of thousands of connections that intentionally send/receive data at a very slow rate.

// Question: What is a DDoS risk assessment?
// Answer: The NimbusDDOS risk assessment is a "black box" investigation by our engineers to identify DDoS risk areas within an organization. This testing is performed from the Internet with limited prior knowledge of the organization's environment. The intent of this testing is for our engineers to take the role of a theoretical attacker, and find the areas that an attacker might find.

// Question: How does the DDoS risk assessment differ from a penetration test or vulnerability scan?
// Answer: Penetration testing and vulnerability scanning is primarily focused on identifying areas where an attacker might gain unauthorized access to data, systems, or networks. In contrast a DDoS risk assessment is focused on identifying areas of weakness where an attacker can affect the availability of data. A DDoS attack doesn't require special access to do damage to an environment.

// Question: Do you resell any mitigation solutions, or sell any of your own?
// Answer: No! We are vendor neutral/agnostic.

We believe that all mitigation solutions have different strengths and weaknesses. We might recommend, for instance, a cloud solution, but we will not recommend a specific vendor.