Ethical DDoS drone network
Jack Bates
jbates at brightok.net
Mon Jan 5 22:52:42 UTC 2009
BATTLES, TIMOTHY A (TIM), ATTLABS wrote:
> True, real world events differ, but so do denial of service attacks.
> Distribution in the network, PPS, BPS, Packet Type, Packet Size, etc..
> Etc.. Etc.. So really I don't get the point either in staging a real
> life do it yourself test. So, you put pieces of your network in
> jeopardy night after night during maintenance windows to determine if
> what?? Your vulnerable to DDOS? We all know we are, it's just a question
> of what type and how much right? So we identify our choke points. We all
<snip>
> packet types. What I don't get is what you would be doing trying to
> accomplish this on a production network. Worse case is you break
> something. Best case is you don't. So if best case scenario is reach,
> what have you learned? Nothing! So what do you do next ramp it up? Seems
> silly.
I'll personally agree with you, though there are fringe cases. For
example, one or more of your peers might falter before you do. While I'm
sure they won't enjoy you hurting their other customers, knowing that
your peer's router is going to crater before your expensive piece of
hardware is usually good knowledge. Since it's controlled, you can
minimize the damage of testing that fact.
Another test is automatic measures and how well they perform. This may
or may not be useful in a closed environment, though in a closed
environment, they'll definitely need to mirror the production
environment depending on what criteria they use for automatic measures.
A non-forging botnet which sends packets (valid or malformed) to an
accepting recipient is strictly another internet app, and has a harm
ratio related to some p2p apps. IP forging, of course, could cause
unintended blowback, which could have severe legal ramifications.
That being said, I'd quit calling it a botnet. I'd call it a distributed
application that stress tests DDoS protection measures, and it's
advisable to let your direct peers know when you plan to run it. They
might even be interested in monitoring their equipment (or tell you up
front that you'll crater their equipment).
Jack
More information about the NANOG
mailing list