Ethical DDoS drone network

Patrick W. Gilmore patrick at
Mon Jan 5 11:55:44 UTC 2009

On Jan 5, 2009, at 2:54 AM, Roland Dobbins wrote:
> On Jan 5, 2009, at 3:04 PM, Patrick W. Gilmore wrote:
>> I can think of several instances where it _must_ be external.  For  
>> instance, as I said before, knowing which intermediate networks are  
>> incapable of handling the additional load is useful information.
> AUPs are a big issue, here..

No, they are not.

AUPs do not stop me from sending traffic from my host to my host  
across links I am paying for.

>> Without arguing that point (and there are lots of scenarios where  
>> that is not at all necessary, IMHO), it does not change the fact  
>> that external testing can be extremely useful after "air-gap"  
>> testing.
> Agree completely.
>> You live in a very structured world.
> The idea is to instantiate structure in order to reduce the chaos.
> ;>
>> Most people live in reality-land where there are too many variables  
>> to control, and not only is it impossible guarantee that everything  
>> involved is strict to BCP, but the opposite is almost certainly true.
> Nothing's perfect, but one must do the basics before moving on to  
> more advanced things.  The low-hanging fruit, as it were (and of  
> course, this is where scale becomes a major obstacle, in many cases;  
> the fruit may be hanging low to the ground, but there can be a *lot*  
> of it to pick).

Perhaps we are miscommunicating.

You seem to think I am saying people should test externally before  
they know whether their internal systems work.  Of course that is a  
silly idea.

That does not invalidate the need for external testing.  Nor does it  
guarantee everything will be "BCP compliant", especially since  
"everything" includes things outside your control.


More information about the NANOG mailing list