Code on a cell phone and laptop screen

What are IP stressers/booters?

IP stressers or booters are services that can be used with no technical expertise and for little money to carry out overload attacks on websites, web applications, APIs, and IT infrastructure.

Myra Services on this topic: Fully automated protection against overload attacks requiring minimal effort with Myra DDoS Protection
Statistics on a cell phone screen


A definition of IP stresser/booter

IP stresser or booter services enable overload attacks on websites, servers, or networks. They can be rented as a service for a modest fee from dubious providers, dozens of which abound on the internet and can be found via a simple web search. Their clientele consists primarily of criminals with no technical knowledge who want to take down websites or web applications with a few clicks via distributed denial of service (DDoS) attacks, for example, to blackmail the operators or distract them from other attacks.

Sequence of a DDoS attack by means of IP stresser/booter


How does an IP stresser/booter work?

IP stresser or booter services often offer a variety of different attack vectors to put together attacks using a modular principle. They usually offer a subscription model: Depending on the type of subscription, criminals can launch single attacks, a limited number of attacks, or an unlimited number of attacks lasting a few seconds to several hours. Prices range from a low double-digit amount to several hundred euros – depending on the duration and number of simultaneous attacks carried out. Payment is made anonymously in the form of cryptocurrencies such as Bitcoin.

Providers of DDoS-for-hire services are adopting an increasingly professional approach. Services range from an intuitive user interface to customer support and video tutorials. With just a few clicks in the web interface, criminal customers can select the desired type of attack, specify their target’s IP address, and launch the attack using the booter service’s attack infrastructure. A mass of automated requests or data packets deliberately overloads the system and network resources of websites, web applications, APIs, or IT infrastructure, rendering them completely unavailable or only available to a limited extent for legitimate users.

In the past, operators of web-based IP stresser or booter services rented a handful of servers from hosting providers, which they concealed behind proxies and used for targeted DDoS attacks on behalf of their clientele. Their firepower was thus limited by the number and performance of the servers used. DDoS-for-hire service providers now primarily offer easy access to self-operated or rented botnets, which have a significantly higher potential for damage. Such botnets can consist of hundreds of thousands of compromised computers and IoT devices that are remotely exploited for illicit activities such as DDoS attacks.


Are IP stressers/booters legal?

Most DDoS-for-hire service providers lend themselves a legal veneer by advertising their services as a stress test tool for website operators. This is also where the term “IP stresser” comes from. But by not requiring proof of identity when used and offering anonymous payment options, the providers open the floodgates to the illegal use of their services while also making law enforcement more difficult. As a general rule, stress tests performed on a company’s own IT infrastructure are perfectly legal. However, the unauthorized use of IP stresser or booter services against third-party targets is against the law in most countries. In Germany, this is considered computer sabotage under Section 303b of the German Criminal Code (StGB) and is subject to criminal prosecution. According to Europol, anyone who carries out a DDoS attack or develops, offers, or uses DDoS-for-hire services faces prison sentences and/or fines.


Known examples of IP stressers/booters

As previously mentioned, prosecuting users and operators of illegal IP stresser or booter services remains difficult. Nevertheless, investigators have repeatedly been successful in shutting down DDoS-for-hire services in the past few years:


Until its closure in the fall of 2016, vDoS was considered the most reliable and powerful booter service in the cybercrime scene. According to research carried out by investigative journalist and IT security expert Brian Krebs, it was responsible for of more than two million DDoS attacks in total. According to the report, in the four months from April to July 2016 alone, vDoS generated 277 million seconds of DDoS traffic, equivalent to more than eight years overall. The service advertised attacks of up to 50 GBit/s – more than enough to take down websites or infrastructure without dedicated DDoS protection. In return, vDoS charged subscription fees of around $20 to $200 per month, which could be paid in Bitcoin or via PayPal. The two then 18-year-old operators of the illegal stress test provider were arrested in Israel in 2016 on behalf of the FBI. They also allegedly rented out their attack infrastructure to other booter services such as Lizard Stresser and PoodleStresser, earning more than $600,000 over a two-year period. In 2020, an Israeli court sentenced each of the two defendants to a minimum of six months of community service in light of their being minors at the time of the crime. was one of the world’s largest and most active DDoS-for-hire services before being taken offline by law enforcement in the internationally coordinated “Power Off” operation at the end of April 2018. For a subscription fee starting at $15 per month, criminals were able to launch multi-gigabit DDoS attacks via the service. According to Europol, shortly before its closure, had more than 136,000 registered users and by then was responsible for around four million DDoS attacks. According to the German Federal Office for Information Security (BSI), they included overload attacks on several banks and numerous other financial and government service providers in the Netherlands in 2018, resulting in customers being unable to access their bank accounts for days on end.

Quantum Stresser

In a concerted effort by international law enforcement agencies, Quantum Stresser was shut down along with 14 other booter services in late 2018. According to the FBI, it had been active since 2012, making it one of the longest-running services of its kind. Quantum Stresser had more than 80,000 subscribers and was reportedly used to carry out roughly 50,000 DDoS attacks in 2018 alone. Investigators were able to track down the operator because he used the same email address for ordering home delivery of pizza that he had used to register his criminal attack service. In February 2020, due to his poor health, the then 24-year-old from the U.S. state of Pennsylvania was given a relatively lenient sentence of five years’ probation.

Network connections


What risks are posed by IP stresser and booter services?

DDoS-for-hire tools such as IP stressers and booters make it increasingly easy for even less technically savvy criminals to carry out effective overload attacks. As the BSI pointed out in 2019 in its situation report on IT security in Germany, a veritable “service industry for Cybercrime-as-a-Service” had arisen in the previous few years. Easier access to botnets via booter services and the increasing professionalization of illegal services are key factors in the continuing rise of the number of DDoS attacks.

IP stressers and booters enable attacks on the network layer (Layer 3/4) as well as on the application layer (Layer 7). Criminals are also increasingly combining several types of attacks into multi-vector attacks that target different network layers concurrently. The intention behind DDoS attacks is usually to blackmail the intended targets or to prepare, carry out, or cover up other criminal activities – the theft or manipulation of data, for example.


How can DDoS attacks be fended off?

DDoS attacks carried out by means of IP stresser or booter services pose a serious threat to companies in particular. To avoid financial damage and loss of reputation due to attack-related disruptions or outages, companies should take preventive measures to secure their web resources and IT infrastructure with dedicated DDoS protection for Layers 3, 4, and 7. Appropriate protection solutions can, for instance, be purchased as a managed service. They offer dynamic attack detection and filter out harmful traffic from the incoming data stream even before it reaches the company servers. As a service for companies and operators of larger websites, the BSI provides an overview of qualified DDoS mitigation service providers.

Code on a screen


What you need to know about IP stressers/booters

IP stressers or booters are DDoS-for-hire services that can even be used by people with no technical expertise and in just a few clicks to carry out overload attacks on websites, web applications, APIs, and IT infrastructure. In return, the illegal services usually only charge a few euros in cryptocurrency for a subscription package. The increasing spread and professionalization of such Cybercrime-as-a-Service offerings are leading to a steady rise in DDoS attacks, which pose huge potential for damage. That is why companies should take preventive measures to protect themselves against them, with dedicated DDoS protection, for example.

About Myra DDoS Protection