DDoS Service

Hello Azure Community,

I am Seyfullah KILIÇ, co-founder of SwordSec, a cybersecurity company specializing in Attack Surface Management and penetration testing services. We are planning to conduct controlled DDoS attack simulations using Azure servers. These simulations are crucial for testing the resilience of our clients' infrastructure against potential DDoS attacks.

Our clients do not use Azure; however, we will be using Azure servers to generate and manage the simulated attacks. We plan to use hping3 as our primary tool for this purpose. Each simulation will be strictly controlled, with a maximum duration of 1-2 hours, and will be conducted with our clients' explicit consent.

Given that these simulations involve generating network traffic that may resemble malicious activity, we want to ensure full compliance with Azure’s policies. We are seeking guidance on the following:

1. What is the process for obtaining approval to conduct DDoS simulations on Azure servers when the targets are non-Azure clients?
2. Are there any specific guidelines or best practices we should follow to avoid triggering security alarms or impacting Azure services during these tests?
3. How can we ensure that our simulations do not violate Azure’s acceptable use policies, especially since the targets are external to Azure?

Your advice on this matter would be highly appreciated. We want to ensure that all our activities align with Azure’s terms of service.

Thank you in advance for your support.

Best regards,