Home page logo

nanog logo nanog mailing list archives

Re: Ethical DDoS drone network
From: Stephen Sprunk <stephen () sprunk org>
Date: Tue, 06 Jan 2009 11:05:14 -0600

Justin Shore wrote:
David Barak wrote:
Consider for a moment a large retail chain, with several hundred or a couple thousand locations. How big a lab should they have before deciding to roll out a new network something-or-other? Should their lab be 1:10 scale? A more realistic figure is that they'll consider themselves lucky to be between 1:50 and 1:100, and that lab is probably understaffed at best. Having a dedicated lab manager is often seen as an expensive luxury, and many businesses don't have the margin to support it.

At the very least they should have a complete mock location (for an IT perspective) in a lab. Identical copies of all local servers and a carbon copy of their official template network. This is how AOL does it. Every change is tested in the mock remote site before the official template is changed and the template is pushed out to all the production sites.

That's useful for testing changes to the remote site itself, but it doesn't do anything for testing changes to the entire WAN. I've seen _many_ routing problems appear in large WANs that simply can't be replicated with fewer than a hundred or even a thousand routers. The vendors may have tools to simulate such, since they need them for their own QA, support, etc. but they rarely give them to customers because that'd be another product they have to support...


Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]