I'm testing a newly purchased VPS for DDoS vulnerability using hping3.
If I do not use --flood, everything goes fine and I see close to 0% packet loss every time. But If I do use --flood, then the packet loss is always 100%. Is this normal?
I think that hping3 is not waiting for enough time to receive the ACK and is just flooding the VPS with SYN requests. Could this be the case or are the SYN requests not being sent at all?
When using --flood it does not measure response packets, packet loss will always be 100%. Do not use the packet loss # to gauge the success of your attack.
I always ping the target from another computer on another network to gauge the success of the attack, sometimes your own router will drop the packets if it has a firewall and small home switches/routers can sometimes get congested by --flood. This leads you to thinking the target is down, when it's really just your own network messing you up.
From just this it is impossible to tell. Look at a packet trace on the receiving end.
Your test is also odd... hping3 is a good tool for SYN flooding, but this is not DDoS; the first D there is for distributed, meaning multiple hosts. You are testing against DoS.
Depending on where you are testing from, your ISP or the transit provider serving your VPS or your VPS host might be blocking the traffic automatically... the latter two are what you want, right?
