mailing list archives
Re: Ethical DDoS drone network
From: John Kristoff <jtk () cymru com>
Date: Sun, 4 Jan 2009 21:53:18 -0600
On Sun, 4 Jan 2009 21:06:34 -0500
"Jeffrey Lyon" <jeffrey.lyon () blacklotus net> wrote:
Say for instance one wanted to create an "ethical botnet," how would
this be done in a manner that is legal, non-abusive toward other
networks, and unquestionably used for legitimate internal security
purposes? How does your company approach this dilemma?
As long as some part of the system (hosts/networks) from the bots to
the target is not under your control or prepared for this sort of
activity, you may not get a satisfactory answer on this. Its quite
likely these days a third party playing the unwitting participant in
this botnet may find it objectionable.
Is creating and running a botnet the answer? What exactly are you
trying to protect against? DDoS?
There are potentially various sorts of penetration tests and design
reviews you could go through as an alternative to running a so-called
"ethical" botnet. Further information on what you're trying to protect
against may solicit some useful strategies.