Lets say I need to load test a website of a client (with written permission of course) and we've used loadimpact and such, but want to know if we can resist a "real" ddos.
How would I accomplish this, without going to shady places like hf and such? (I need an invoice or a receipt for the finance department).