Multi-source TCP flood (TCPM)
Distributed TCP flood from many Engarde nodes simulates botnet-like source diversity against a single target port.
How it works
- Each node generates independent TCP flows.
- Geo-distributed sources test geo-fencing and region-based rules.
- Aggregate PPS exceeds what a single source could produce.
Packet flow (illustrative)
Engarde node Target
Node Aβtraffic
Node Bβtraffic
Node Cβtraffic
Aggregate PPS β β single target
Illustrative flow β not a live capture.
Engarde TCPM type
Sources Multi-region nodes
Layer L4
What to watch in Engarde
- Regional traffic split in Attack Monitor.
- Geo-block side effects on legitimate regions.
Running this simulation
Enable multiple regions in node management, then run TCPM attack type against authorized target.
Mitigation perspective
Geo-aware rate limits and anycast scrubbing; validate multi-source behavior in reports.