Ethical DDoS drone network

Justin M. Streiner streiner at cluebyfour.org
Mon Jan 5 02:31:46 UTC 2009


On Sun, 4 Jan 2009, Jeffrey Lyon wrote:

> Say for instance one wanted to create an "ethical botnet," how would
> this be done in a manner that is legal, non-abusive toward other
> networks, and unquestionably used for legitimate internal security
> purposes? How does your company approach this dilemma?

The company I work for has not approached this particular dilemma yet.

I'm not sure what legitimate internal security purposes you're looking to 
fulfill, but I think you need to ask yourself a few questions first (not 
an all-inclusive list, but food for thought nonetheless):

1. What is the purpose of this legit botnet?  In other words, what 
business objective does it achieve?

2. Do you have the people in-house to write the software, or would you be 
willing to take a chance on using something that exists 'in the wild'?
Depending on how security-minded your shop is, your corporate security 
folks and legal counsel might take a dim view toward using untrusted 
software on your internal network, especially if source code is not 
available.  That particular monster can get out of control very quickly.

3. Do you have a sufficient number of machines that are controlled by 
you to populate this botnet and achieve my goals (see point 1)?

4. How will this botnet be isolated from the rest of your internal 
network, and would that isolation limit or even negate the botnet's 
usefulness?

5. If the answer to question 4 is "no isolation", how will you 
demonstrably control the botnet's propagation?

6. Depending on the answer to question 5, there might be regulatory 
compliance (HIPAA, FERPA, GLB, SOX, internal security/privacy policies, 
contractual obligations, etc...) issues to consider.

> Our company for instance has always relied on outside attacks to spot
> check our security and i'm beginning to think there may be a more user
> friendly alternative.

Infection, even for ethical purposes, is still infection.

jms




More information about the NANOG mailing list