[195751] in North American Network Operators' Group
Internet access for security consultants - pen tests, attack traffic,
daemon@ATHENA.MIT.EDU (Sean Pedersen)
Tue Sep 12 01:47:41 2017
X-Original-To: nanog@nanog.org
From: "Sean Pedersen" <spedersen.lists@gmail.com>
To: <nanog@nanog.org>
Date: Mon, 11 Sep 2017 15:40:34 -0700
Errors-To: nanog-bounces@nanog.org
We were recently approached by a company that does security consulting. Some
of the functions they perform include discovery scans, penetration testing,
bulk e-mail generation (phishing, malware, etc.), hosting fake botnets -
basically, they'd be generating a lot of bad network traffic. Targeted at
specific clients/customers, but still bad. As an ISP, this is new territory
for us and there are some concerns about potential impact, abuse reports,
reputation, authorization to perform such tests, etc.
Does anyone have experience in this area that would be willing to offer
advice?
