Home page logo

nanog logo nanog mailing list archives

Re: Ethical DDoS drone network
From: "Patrick W. Gilmore" <patrick () ianai net>
Date: Mon, 5 Jan 2009 06:55:44 -0500

On Jan 5, 2009, at 2:54 AM, Roland Dobbins wrote:
On Jan 5, 2009, at 3:04 PM, Patrick W. Gilmore wrote:

I can think of several instances where it _must_ be external. For instance, as I said before, knowing which intermediate networks are incapable of handling the additional load is useful information.

AUPs are a big issue, here..

No, they are not.

AUPs do not stop me from sending traffic from my host to my host across links I am paying for.

Without arguing that point (and there are lots of scenarios where that is not at all necessary, IMHO), it does not change the fact that external testing can be extremely useful after "air-gap" testing.

Agree completely.

You live in a very structured world.

The idea is to instantiate structure in order to reduce the chaos.


Most people live in reality-land where there are too many variables to control, and not only is it impossible guarantee that everything involved is strict to BCP, but the opposite is almost certainly true.

Nothing's perfect, but one must do the basics before moving on to more advanced things. The low-hanging fruit, as it were (and of course, this is where scale becomes a major obstacle, in many cases; the fruit may be hanging low to the ground, but there can be a *lot* of it to pick).

Perhaps we are miscommunicating.

You seem to think I am saying people should test externally before they know whether their internal systems work. Of course that is a silly idea.

That does not invalidate the need for external testing. Nor does it guarantee everything will be "BCP compliant", especially since "everything" includes things outside your control.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]