[182675] in North American Network Operators' Group
RE: DDOS Simulation
daemon@ATHENA.MIT.EDU (frnkblk@iname.com)
Wed Jul 29 11:30:28 2015
X-Original-To: nanog@nanog.org
From: <frnkblk@iname.com>
To: "'Brett Watson'" <brett@the-watsons.org>,
<nanog@nanog.org>
In-Reply-To: <12A60E2B-76CE-4190-9FCD-A1DDB44F165C@the-watsons.org>
Date: Wed, 29 Jul 2015 10:30:20 -0500
Reply-To: frnkblk@iname.com
Errors-To: nanog-bounces@nanog.org
If the customer has headroom on a 10G link, what's the harm with running =
a 1G volumetric DDoS across the Internet? Or if it's application layer, =
anytime against prescribed lab devices?
Frank
-----Original Message-----
From: NANOG [mailto:nanog-bounces@nanog.org] On Behalf Of Brett Watson
Sent: Tuesday, July 28, 2015 8:28 PM
To: nanog@nanog.org
Subject: Re: DDOS Simulation
> On Jul 28, 2015, at 9:05 PM, jim deleskie <deleskie@gmail.com> wrote:
>=20
> If anyone offers to "test" your DDoS devices across a network that you =
do
> not 100% own, you are risking legal issues.
>=20
> If they offer to test it across your own network, make sure you have =
in
> writing from you upper management that they understand the risk and =
approve
> it.
>=20
> If you choose to do it anyway then you are taking a LARGE risk.
>=20
>=20
> Testing should be in your lab and even then you should understand 100% =
what
> is happing to avoid leaking attack traffic into the internet.
in a previous job (we did ddos mitigation) customer asked all the time =
for simulation, and typically live across the internet. for all the =
reasons noted, we didn=E2=80=99t do it, but instead would do a lab/POC =
with pcaps replayed from previous attacks we had mitigated to show the =
customer how our platform worked, how we handled incident response, etc. =
agree with all comments about NOT doing it over the internet, that way =
lies madness.
-b
