CLDAP stress test

Uses CLDAP reflection to throw amplified UDP responses at your target, validating that scrubbing absorbs one of the highest-ratio amplification vectors.

Run CLDAP test → All methods

56x

amplification factor

How it works

CLDAP runs over UDP, and a small query to an exposed Connectionless LDAP service returns a much larger response. By reflecting those responses toward the target, this method delivers a high-bandwidth flood with an amplification factor in the tens, so a modest request volume produces heavy inbound traffic. It tests whether your edge and upstream scrubbing can soak large reflected UDP volumes from port 389 before they saturate your link.

Parameters

rate600k ppsReflected response rate driving inbound bandwidth at the target.

duration30-300 sRun length to measure link saturation and recovery.

portvictim UDP portDestination port at the target receiving reflected traffic.

reflectorslist sizePool of reflection sources shaping total amplified volume.

Run it from the CLI

retro-cli

$ retro run cldap --target 203.0.113.45 --duration 120

CLDAP FAQ

Why is CLDAP such a strong amplification vector?+

A tiny CLDAP query can trigger a response many times its size, giving an amplification factor commonly cited in the tens. That lets a small amount of spoofed request traffic generate a large flood aimed at the target.

What does this method actually validate?+

It confirms whether your upstream scrubbing and link capacity can absorb a high-bandwidth reflected UDP flood without the origin going dark, and whether edge rules drop unsolicited responses from port 389.

How do I stop being part of the problem?+

Keep LDAP and CLDAP services off the public internet and apply ingress filtering so spoofed packets cannot leave your network and recruit your hosts as reflectors.