[110389] in North American Network Operators' Group
Re: Ethical DDoS drone network
daemon@ATHENA.MIT.EDU (Zach)
Sun Jan 4 23:00:32 2009
Date: Sun, 4 Jan 2009 22:00:27 -0600
From: Zach <admin@racksecurity.net>
To: "Gadi Evron" <ge@linuxbox.org>
In-Reply-To: <alpine.DEB.0.999999.0901042154480.20617@linuxbox.org>
Cc: Jeffrey Lyon <jeffrey.lyon@blacklotus.net>, nanog@merit.edu
Errors-To: nanog-bounces@nanog.org
Agreed, Gadi. It wouldn't be an attack if it were ethical. Technically,
that would be "load testing" or "stress testing".
Might I suggest this to help?
http://www.opensourcetesting.org/performance.php
On Sun, Jan 4, 2009 at 9:55 PM, Gadi Evron <ge@linuxbox.org> wrote:
> On Sun, 4 Jan 2009, John Kristoff wrote:
>
>> On Sun, 4 Jan 2009 21:06:34 -0500
>> "Jeffrey Lyon" <jeffrey.lyon@blacklotus.net> wrote:
>>
>> Say for instance one wanted to create an "ethical botnet," how would
>>> this be done in a manner that is legal, non-abusive toward other
>>> networks, and unquestionably used for legitimate internal security
>>> purposes? How does your company approach this dilemma?
>>>
>>
>> As long as some part of the system (hosts/networks) from the bots to
>> the target is not under your control or prepared for this sort of
>> activity, you may not get a satisfactory answer on this. Its quite
>> likely these days a third party playing the unwitting participant in
>> this botnet may find it objectionable.
>>
>> Is creating and running a botnet the answer? What exactly are you
>> trying to protect against? DDoS?
>>
>> There are potentially various sorts of penetration tests and design
>> reviews you could go through as an alternative to running a so-called
>> "ethical" botnet. Further information on what you're trying to protect
>> against may solicit some useful strategies.
>>
>
> A legal botnet is a distributed system you own.
>
> A legal DDoS network doesn't exist. The question is set wrong, no?
>
>
>
> John
>>
>>
>
