Can anyone DDOS my server with jmeter? Do they need a powerful server for that?

DDOS (Distributed Denial Of Service) implies that the attack is distributed, meaning from many sources. So by definition, one cannot DDOS from a single source; "a simple PC" as you put it. If the traffic came from one source it would be a DOS (Denial Of Service) attack. So, yes, if your jMeter implementation is distributed across many nodes it could be used to DDOS your web app.

Also, yes someone could possibly DOS you from a single source but it would have to be a very powerful server to bring down your web app (Depending obviously on the safeguards you have in place and the design of your web app).

The whole thing about DDOS is that it is able to direct a lot more traffic at your server since the traffic comes from multiple sources (Like an NTP server or misconfigured DNS server).


Yes they could. JMeter is distributed - the load can be injected by multiple slave servers controlled by the master controller server making it possible for a DDoS attack to be executed:

JMeter

This diagram shows a local IP range, but there is no reason that this could not be distributed over the internet. This means that a single, powerful sever is not needed.

Information from this doc: JMeter Distributed Testing Step-by-step.


if it is a layer 7 (d)dos and your application is badly designed or eats up resources quickly, then, yes it is possible to dos your server with a simple perftest-tool.

oh, and the good thing is: you can test yourself.

Tags:

Ddos