Home page logo
/

nanog logo nanog mailing list archives

Re: Ethical DDoS drone network
From: Jack Bates <jbates () brightok net>
Date: Mon, 05 Jan 2009 16:52:42 -0600

BATTLES, TIMOTHY A (TIM), ATTLABS wrote:
 True, real world events differ, but so do denial of service attacks.
Distribution in the network, PPS, BPS, Packet Type, Packet Size, etc..
Etc.. Etc.. So really I don't get the point either in staging a real
life do it yourself test.  So, you put pieces of your network in
jeopardy night after night during maintenance windows to determine if
what?? Your vulnerable to DDOS? We all know we are, it's just a question
of what type and how much right? So we identify our choke points. We all
<snip>

packet types. What I don't get is what you would be doing trying to
accomplish this on a production network. Worse case is you break
something. Best case is you don't. So if best case scenario is reach,
what have you learned? Nothing! So what do you do next ramp it up? Seems
silly.


I'll personally agree with you, though there are fringe cases. For example, one or more of your peers might falter before you do. While I'm sure they won't enjoy you hurting their other customers, knowing that your peer's router is going to crater before your expensive piece of hardware is usually good knowledge. Since it's controlled, you can minimize the damage of testing that fact.

Another test is automatic measures and how well they perform. This may or may not be useful in a closed environment, though in a closed environment, they'll definitely need to mirror the production environment depending on what criteria they use for automatic measures.

A non-forging botnet which sends packets (valid or malformed) to an accepting recipient is strictly another internet app, and has a harm ratio related to some p2p apps. IP forging, of course, could cause unintended blowback, which could have severe legal ramifications.

That being said, I'd quit calling it a botnet. I'd call it a distributed application that stress tests DDoS protection measures, and it's advisable to let your direct peers know when you plan to run it. They might even be interested in monitoring their equipment (or tell you up front that you'll crater their equipment).



Jack


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault