mailing list archives
Re: Ethical DDoS drone network
From: "Patrick W. Gilmore" <patrick () ianai net>
Date: Mon, 5 Jan 2009 06:55:44 -0500
On Jan 5, 2009, at 2:54 AM, Roland Dobbins wrote:
On Jan 5, 2009, at 3:04 PM, Patrick W. Gilmore wrote:
I can think of several instances where it _must_ be external. For
instance, as I said before, knowing which intermediate networks are
incapable of handling the additional load is useful information.
AUPs are a big issue, here..
No, they are not.
AUPs do not stop me from sending traffic from my host to my host
across links I am paying for.
Without arguing that point (and there are lots of scenarios where
that is not at all necessary, IMHO), it does not change the fact
that external testing can be extremely useful after "air-gap"
You live in a very structured world.
The idea is to instantiate structure in order to reduce the chaos.
Most people live in reality-land where there are too many variables
to control, and not only is it impossible guarantee that everything
involved is strict to BCP, but the opposite is almost certainly true.
Nothing's perfect, but one must do the basics before moving on to
more advanced things. The low-hanging fruit, as it were (and of
course, this is where scale becomes a major obstacle, in many cases;
the fruit may be hanging low to the ground, but there can be a *lot*
of it to pick).
Perhaps we are miscommunicating.
You seem to think I am saying people should test externally before
they know whether their internal systems work. Of course that is a
That does not invalidate the need for external testing. Nor does it
guarantee everything will be "BCP compliant", especially since
"everything" includes things outside your control.
Re: Ethical DDoS drone network deleskie (Jan 05)