Ethical DDoS drone network
admin at racksecurity.net
Mon Jan 5 04:00:27 UTC 2009
Agreed, Gadi. It wouldn't be an attack if it were ethical. Technically,
that would be "load testing" or "stress testing".
Might I suggest this to help?
On Sun, Jan 4, 2009 at 9:55 PM, Gadi Evron <ge at linuxbox.org> wrote:
> On Sun, 4 Jan 2009, John Kristoff wrote:
>> On Sun, 4 Jan 2009 21:06:34 -0500
>> "Jeffrey Lyon" <jeffrey.lyon at blacklotus.net> wrote:
>> Say for instance one wanted to create an "ethical botnet," how would
>>> this be done in a manner that is legal, non-abusive toward other
>>> networks, and unquestionably used for legitimate internal security
>>> purposes? How does your company approach this dilemma?
>> As long as some part of the system (hosts/networks) from the bots to
>> the target is not under your control or prepared for this sort of
>> activity, you may not get a satisfactory answer on this. Its quite
>> likely these days a third party playing the unwitting participant in
>> this botnet may find it objectionable.
>> Is creating and running a botnet the answer? What exactly are you
>> trying to protect against? DDoS?
>> There are potentially various sorts of penetration tests and design
>> reviews you could go through as an alternative to running a so-called
>> "ethical" botnet. Further information on what you're trying to protect
>> against may solicit some useful strategies.
> A legal botnet is a distributed system you own.
> A legal DDoS network doesn't exist. The question is set wrong, no?
More information about the NANOG