Ethical DDoS drone network
blakjak at blakjak.net
Sun Jan 4 20:26:03 CST 2009
Refer earlier posts.
End points ('drones') would have to be legitimate endpoints, not drones on
random boxes. That eliminates legal liability client-side.
If the traffic is non abusive then I don't see the risk for the network
providers in the middle either.
If it's clearly established that the source (drones), destination (target)
are all 'opted in' and there's no 'collateral damage' (in bandwidth terms
or otherwise, being the ways in which I see other parties potentially
being impacted) I don't know that it's anywhere near as risky as you
You'd have to be careful not to trip IDS or similar for all the networks
you transit, to avoid impacting on others in the event of some mis-fired
What would be an example legitimate security purpose, except to perhaps
drill responses to illegitimate botnets?
On Mon, 5 Jan 2009, deleskie at gmail.com wrote:
> Super risky. This would be a 99% legal worry plus. Unless all the end points and networks they cross sign off on it the risk is beyond huge.
> ------Original Message------
> From: Jeffrey Lyon
> To: nanog at merit.edu
> Subject: Ethical DDoS drone network
> Sent: Jan 4, 2009 10:06 PM
> Say for instance one wanted to create an "ethical botnet," how would
> this be done in a manner that is legal, non-abusive toward other
> networks, and unquestionably used for legitimate internal security
> purposes? How does your company approach this dilemma?
> Our company for instance has always relied on outside attacks to spot
> check our security and i'm beginning to think there may be a more user
> friendly alternative.
> Jeffrey Lyon, Leadership Team
> jeffrey.lyon at blacklotus.net | http://www.blacklotus.net
> Black Lotus Communications of The IRC Company, Inc.
> Look for us at HostingCon 2009 in Washington, DC on August 10th - 12th
> at Booth #401.
> Sent from my BlackBerry device on the Rogers Wireless Network
More information about the NANOG