Ethical DDoS drone network

Jack Bates jbates at brightok.net
Mon Jan 5 16:52:42 CST 2009


BATTLES, TIMOTHY A (TIM), ATTLABS wrote:
>  True, real world events differ, but so do denial of service attacks.
> Distribution in the network, PPS, BPS, Packet Type, Packet Size, etc..
> Etc.. Etc.. So really I don't get the point either in staging a real
> life do it yourself test.  So, you put pieces of your network in
> jeopardy night after night during maintenance windows to determine if
> what?? Your vulnerable to DDOS? We all know we are, it's just a question
> of what type and how much right? So we identify our choke points. We all
<snip>

> packet types. What I don't get is what you would be doing trying to
> accomplish this on a production network. Worse case is you break
> something. Best case is you don't. So if best case scenario is reach,
> what have you learned? Nothing! So what do you do next ramp it up? Seems
> silly. 


I'll personally agree with you, though there are fringe cases. For 
example, one or more of your peers might falter before you do. While I'm 
sure they won't enjoy you hurting their other customers, knowing that 
your peer's router is going to crater before your expensive piece of 
hardware is usually good knowledge. Since it's controlled, you can 
minimize the damage of testing that fact.

Another test is automatic measures and how well they perform. This may 
or may not be useful in a closed environment, though in a closed 
environment, they'll definitely need to mirror the production 
environment depending on what criteria they use for automatic measures.

A non-forging botnet which sends packets (valid or malformed) to an 
accepting recipient is strictly another internet app, and has a harm 
ratio related to some p2p apps. IP forging, of course, could cause 
unintended blowback, which could have severe legal ramifications.

That being said, I'd quit calling it a botnet. I'd call it a distributed 
application that stress tests DDoS protection measures, and it's 
advisable to let your direct peers know when you plan to run it. They 
might even be interested in monitoring their equipment (or tell you up 
front that you'll crater their equipment).



Jack




More information about the NANOG mailing list