Get Started

DoSing BookNerdSociety

Whitepaper:

Distributed Traffic Load Simulation & Defensive Analysis on BookNerdSociety.com

Author: Cysectools
Date: November 2025
Version: 1.0

Abstract

This whitepaper documents a controlled cybersecurity experiment designed to evaluate the resilience of BookNerdSociety.com against distributed traffic spikes, rate-limiting bypass attempts, slowloris-style socket exhaustion, and mixed behavioral request patterns.
The study involved developing a custom micro-botnet simulation tool in Python capable of spawning multiple nodes, executing concurrent asynchronous request workers, and applying different traffic modes (rapid, burst, drip, slowloris, and mixed).

The experiment measured:

  • server responsiveness

  • Vercel edge protection behavior

  • request failure modes

  • “Challenged” conditions

  • WAF activation thresholds

  • potential bottlenecks and exhaustion points

The results highlight key defensive mechanisms already protecting the system and introduce recommendations for application-layer, network-layer, and architectural improvements.

1. Introduction

Modern web services face increasing levels of automated traffic, ranging from benign crawlers to coordinated botnets capable of degrading or disabling APIs and websites.
To better understand resilience in real-world environments, penetration testers and developers often create controlled simulations to emulate hostile traffic.

This experiment aimed to answer:

  1. How well does the current infrastructure handle large bursts of distributed traffic?

  2. What happens when mixed request patterns strike simultaneously?

  3. How does Vercel respond to unknown user agents, irregular request signatures, and high concurrency?

  4. Which defensive mechanisms activate automatically, and which must be implemented manually?

The experiment was performed ethically on the author’s own infrastructure.

2. System Overview

2.1 Target System

  • Domain: booknerdsociety.com

  • Host Provider: Vercel

  • Backend: Serverless functions

  • Edge: Vercel Edge Firewall + WAF challenge system

  • Logging: Vercel analytics/edge logs

The site was not vulnerable by default; Vercel’s edge layer provided built-in DDoS resistance.

3. Micro-Botnet Simulation Tool

A custom Python botnet simulation program (micro_botnet.py) was developed to emulate distributed attack behavior.
It runs on Linux and uses:

  • Multiprocessing: to spawn independent simulation “nodes”

  • Asyncio + HTTPX: for high-concurrency HTTP requests

  • Configurable traffic modes: for realistic load simulation

3.1 Node Architecture

Each node represents a virtual machine in a botnet.

  • Independent process

  • Shared target

  • Own worker pool

  • Separate logs & metrics

  • Randomization to simulate natural variance

3.2 Traffic Modes Implemented

Mode Behavior Purpose
Rapid non-stop request bursts overload rate-limits, trigger WAF
Burst intermittent spikes test autoscaling and cooldown
Drip low & slow, steady pace test anomaly detection
Slowloris holds the socket open test connection-handling
Mixed randomized selection of all modes most realistic botnet emulation

Mixed Mode resulted in the most accurate simulation of real-world malicious traffic, combining high-speed bursts, slow alternative header sends, and randomized delays.

4. Experiment Configuration

Test Command Example

python3 micro_botnet.py \
--mode spawn-nodes \
--nodes 3 \
--concurrency 100 \
--requests-per-worker 20 \
--confirm

  • Nodes: 3

  • Concurrency: 100 workers per node

  • Total Potential Requests: ~6,000 per cycle

  • Traffic Mode: Mixed (randomized)

Observations

  • Each node attempted multiple request types.

  • Slowloris attempts were correctly blocked.

  • Rapid bursts triggered Vercel’s “Challenged” status.

  • Vercel rate-limited high-frequency requests before backend saturation occurred.

5. Experimental Results

5.1 Vercel “Challenged” Status

Screenshots showed Vercel returning “Challenged” for multiple request bursts.

This condition generally indicates:

✔ fingerprint anomaly detected
✔ repeated identical header patterns
✔ request intervals too uniform
✔ cloud-like behavior from a non-browser client
✔ suspected automation

Vercel enforced a JavaScript challenge/bot mitigation layer before allowing requests to the serverless backend.

5.2 WAF & Edge Detection Behavior

During testing, responses included:

  • 429 Too Many Requests

  • 503 Service Unavailable (edge-side)

  • Connection aborted (slowloris protection)

  • Challenged responses instead of direct errors

This confirmed the presence of:

  • edge rate-limiting

  • behavioral fingerprinting

  • burst throttling

  • automated challenge deployment

This protected the backend from any service interruption.

6. Attack Simulation Analysis

6.1 Rapid Mode Results

  • Rate-limit triggered instantly

  • Backend remained healthy

  • No service outage occurred

6.2 Burst Mode Results

  • Backend temporarily slowed

  • Edge layer caught up

  • No long-term throttling issues

6.3 Drip Mode Results

  • No impact on production

  • But useful for showing how long-term bot activity flies under typical radar systems

6.4 Slowloris Results

  • Vercel automatically killed idle connections

  • No socket depletion

  • No memory exhaustion

6.5 Mixed Mode Results

This was the most informative test.

Mixed mode led to:

  • dynamic response changes

  • challenge state activation

  • multi-vector detection

  • backend load stabilization via edge filtering

Mixed mode confirmed that Vercel filters malicious patterns before they reach the serverless runtime.

7. Defensive Techniques Identified or Implemented

This experiment reinforced several real-world defense strategies:

7.1 Application-Layer Protections

  • strict payload validation

  • header read timeouts

  • body read timeouts

  • max execution time enforcement

  • async non-blocking handlers

  • rate limits per user/session/IP

7.2 Network / Firewall Defenses

  • block datacenter ranges

  • throttle suspicious ASNs

  • connection caps per IP

  • SYN flood mitigation

  • slowloris protection via early disconnect

7.3 Cloud Provider Protections

Vercel provides:

  • fingerprint validation

  • challenge pages

  • global WAF rules

  • edge rate limiting

  • bot heuristics (user-agent, IP reputation, entropy checks)

7.4 Architectural Strategies

  • Serverless isolation prevents wide outages

  • CDN caching protects static assets

  • multi-region redundancy

  • queue-based backends prevent overload

  • Async DB queries reduce strain

8. Conclusions

The experiment demonstrates that:

  • Vercel’s edge protections are highly effective

  • The backend resistively handles diverse traffic patterns

  • Mixed-mode attacks are the most likely to reveal real vulnerabilities

  • Slowloris attacks are automatically neutralized

  • Application-level timeouts and rate limits remain necessary

  • Monitoring is essential for identifying slow drip attacks

This simulation provides a realistic model of how distributed malicious traffic behaves and confirms that BookNerdSociety.com is currently resilient against moderate botnet-scale pressure.

Picture of cysectools
cysectools
Just a Cyber-Dev.

Newsletter

Signup our newsletter to get update information, news, insight or promotions.

Latest Article