Ethical DDoS drone network
Gadi Evron
ge at linuxbox.org
Mon Jan 5 07:11:09 UTC 2009
On Mon, 5 Jan 2009, Patrick W. Gilmore wrote:
> On Jan 5, 2009, at 1:33 AM, Roland Dobbins wrote:
>> On Jan 5, 2009, at 2:08 PM, Patrick W. Gilmore wrote:
>>
>>> You want to 'attack' yourself, I do not see any problems. And I see lots
>>> of possible benefits.
>>
>> This can be done internally using various traffic-generation and
>> exploit-testing tools (plenty of open-source and commercial ones
>> available). No need to build a 'botnet', literally - more of a distributed
>> test-harness
>>
>> And it must be *kept* internal; using non-routable space is key, along with
>> ensuring that application-layer effects like recursive DNS requests don't
>> end up leaking and causing problems for others.
>
> We disagree.
>
> I can think of several instances where it _must_ be external. For instance,
> as I said before, knowing which intermediate networks are incapable of
> handling the additional load is useful information.
>
>
>> But before any testing is done on production systems (during maintenance
>> windows scheduled for this type of testing, naturally), it should all be
>> done on airgapped labs, first, IMHO.
>
> Without arguing that point (and there are lots of scenarios where that is not
> at all necessary, IMHO), it does not change the fact that external testing
> can be extremely useful after "air-gap" testing.
Fine test it by simulation on you or the transit end of the pipes. Do not
transmit your test sh?t data across the `net.
That solves that question?
:)
More information about the NANOG
mailing list