We are implementing a Web service via Cloudflare using CNAME Setup for our customer, and we would like to simulate some DDOS attack.
Are there any tools available or recommended to test this?
Would Cloudflare block or disable my account for performing such act?
Unless otherwise expressly permitted in writing by Cloudflare, you will not and you have no right to:
(b) interfere with, disrupt, alter, or modify the Services or any part thereof, or create an undue burden on the Services or the networks or services connected to the Services, including, but not limited to, causing (whether directly or indirectly) traffic for your Cloudflare-proxied domain to be sent to an IP address that was not assigned by Cloudflare for the domain;
(f) perform or publish any benchmark tests or analyses relating to the Services without Cloudflare’s written consent;
I have tried many times, but I guess they don’t. For ddos you need Linux and you. Get many python script online. But I think cloud providers like AWS blocks you. So you need some professional services to do ddos attack
I think that making a simulation is the best way to determine if you are dealing with a snake oil salesmen or not. Due to the fancy wording that all vendors have to use, it’s very hard to tell which one is relevant (this applies to all security fields really).
I advise reaching out to Cloudflare and asking them for permission to perform a controlled attack on your domain, chances are that they won’t mind about it.
Note that you want to hire a professional service for this, using online tools or sketchy services won’t give you any real insight nor feedback other than “welp, my site is now unavailable!” or “everything works, great!”.
If you need something to work from, Link11 has a great service that achieves DDoS testing that adapts to what you’d see in real-world attacks.