Home page logo
/

nanog logo nanog mailing list archives

Re: Ethical DDoS drone network
From: deleskie () gmail com
Date: Mon, 5 Jan 2009 02:32:06 +0000

If the drones send a few packets a seconds even say 1000's of pkts per second its value is not likely to be very 
meaningful, atleast no more so then building an on net resourse. To be meaningful you'd want/need something that could 
simulate a DDoS.  Maybe my assumptions are way off base.

 
You'd also have the concern that if someone 'owned' you 'ethical' botnet being potentially responsible for any damage 
it caused.

Maybe I'm just extra paranoid :)

-jim
------Original Message------
From: Mark Foster
To: deleskie () gmail com
Cc: Jeffrey Lyon
Cc: nanog () merit edu
Subject: Re: Ethical DDoS drone network
Sent: Jan 4, 2009 10:26 PM

Refer earlier posts.
End points ('drones') would have to be legitimate endpoints, not drones on 
random boxes.  That eliminates legal liability client-side.
If the traffic is non abusive then I don't see the risk for the network 
providers in the middle either.

If it's clearly established that the source (drones), destination (target) 
are all 'opted in' and there's no 'collateral damage' (in bandwidth terms 
or otherwise, being the ways in which I see other parties potentially 
being impacted) I don't know that it's anywhere near as risky as you 
imply.

You'd have to be careful not to trip IDS or similar for all the networks 
you transit, to avoid impacting on others in the event of some mis-fired 
responses...

What would be an example legitimate security purpose, except to perhaps 
drill responses to illegitimate botnets?

Mark.

On Mon, 5 Jan 2009, deleskie () gmail com wrote:

Super risky.  This would be a 99% legal worry plus.  Unless all the end points and networks they cross sign off on it 
the risk is beyond huge.

-jim
------Original Message------
From: Jeffrey Lyon
Sender:
To: nanog () merit edu
Subject: Ethical DDoS drone network
Sent: Jan 4, 2009 10:06 PM

Say for instance one wanted to create an "ethical botnet," how would
this be done in a manner that is legal, non-abusive toward other
networks, and unquestionably used for legitimate internal security
purposes? How does your company approach this dilemma?

Our company for instance has always relied on outside attacks to spot
check our security and i'm beginning to think there may be a more user
friendly alternative.

Thoughts?

-- 
Jeffrey Lyon, Leadership Team
jeffrey.lyon () blacklotus net | http://www.blacklotus.net
Black Lotus Communications of The IRC Company, Inc.

Look for us at HostingCon 2009 in Washington, DC on August 10th - 12th
at Booth #401.



Sent from my BlackBerry device on the Rogers Wireless Network


Sent from my BlackBerry device on the Rogers Wireless Network

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault