Home page logo
/

nanog logo nanog mailing list archives

Re: Ethical DDoS drone network
From: "Justin M. Streiner" <streiner () cluebyfour org>
Date: Sun, 4 Jan 2009 21:31:46 -0500 (EST)

On Sun, 4 Jan 2009, Jeffrey Lyon wrote:

Say for instance one wanted to create an "ethical botnet," how would
this be done in a manner that is legal, non-abusive toward other
networks, and unquestionably used for legitimate internal security
purposes? How does your company approach this dilemma?

The company I work for has not approached this particular dilemma yet.

I'm not sure what legitimate internal security purposes you're looking to fulfill, but I think you need to ask yourself a few questions first (not an all-inclusive list, but food for thought nonetheless):

1. What is the purpose of this legit botnet? In other words, what business objective does it achieve?

2. Do you have the people in-house to write the software, or would you be willing to take a chance on using something that exists 'in the wild'? Depending on how security-minded your shop is, your corporate security folks and legal counsel might take a dim view toward using untrusted software on your internal network, especially if source code is not available. That particular monster can get out of control very quickly.

3. Do you have a sufficient number of machines that are controlled by you to populate this botnet and achieve my goals (see point 1)?

4. How will this botnet be isolated from the rest of your internal network, and would that isolation limit or even negate the botnet's usefulness?

5. If the answer to question 4 is "no isolation", how will you demonstrably control the botnet's propagation?

6. Depending on the answer to question 5, there might be regulatory compliance (HIPAA, FERPA, GLB, SOX, internal security/privacy policies, contractual obligations, etc...) issues to consider.

Our company for instance has always relied on outside attacks to spot
check our security and i'm beginning to think there may be a more user
friendly alternative.

Infection, even for ethical purposes, is still infection.

jms


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault