nanog mailing list archives
Re: Ethical DDoS drone network
From: "Patrick W. Gilmore" <patrick () ianai net>
Date: Mon, 5 Jan 2009 06:53:49 -0500
On Jan 5, 2009, at 3:39 AM, Gadi Evron wrote:
On Sun, 4 Jan 2009, kris foster wrote:On Jan 4, 2009, at 11:11 PM, Gadi Evron wrote:On Mon, 5 Jan 2009, Patrick W. Gilmore wrote:Fine test it by simulation on you or the transit end of the pipes. Do not transmit your test sh?t data across the `net.On Jan 5, 2009, at 1:33 AM, Roland Dobbins wrote:I can think of several instances where it _must_ be external. For instance, as I said before, knowing which intermediate networks are incapable of handling the additional load is useful information.On Jan 5, 2009, at 2:08 PM, Patrick W. Gilmore wrote:But before any testing is done on production systems (during maintenance windows scheduled for this type of testing, naturally), it should all be done on airgapped labs, first, IMHO.Without arguing that point (and there are lots of scenarios where that is not at all necessary, IMHO), it does not change the fact that external testing can be extremely useful after "air-gap" testing.How do you propose a model is built for the simulation if you can't collect data from the real world?This is not "sh?t data". Performance testing across networks is very real and happening now. The more knowledge I have of a path the better decisions I can make about that path.
I am sorry for joking, I was sure we were talking about DDoS testing?
I've been called by more one provider because I was "DDoS'ing" someone with traffic that someone requested. Strange how the word "DDoS" has morphed over time.
But back to your original point, how can you tell it is shit data? DDoSes frequently use valid requests or even full connections. If I send my web server port 80 SYNs, why would you complain?
Knowing whether the systems - internal _and_ external - can handle a certain load (and figuring out why not, then fixing it) is vital to many people / companies / applications. Despite the rhetoric here, it is simply not possible to "test" that in a lab. And I guarantee if you do not test it, there _will_ be unexpected problems when Bad Stuff happens.
As mentioned before, Reality Land is not clean and structured. -- TTFN, patrick
Current thread:
- Re: Ethical DDoS drone network, (continued)
- Re: Ethical DDoS drone network David Barak (Jan 06)
- Re: Ethical DDoS drone network Edward B. DREGER (Jan 06)
- Re: Ethical DDoS drone network deleskie (Jan 04)
- Re: Ethical DDoS drone network Mark Foster (Jan 04)
- Re: Ethical DDoS drone network Patrick W. Gilmore (Jan 04)
- Re: Ethical DDoS drone network Roland Dobbins (Jan 04)
- Re: Ethical DDoS drone network Patrick W. Gilmore (Jan 04)
- Re: Ethical DDoS drone network Gadi Evron (Jan 04)
- Re: Ethical DDoS drone network kris foster (Jan 04)
- Re: Ethical DDoS drone network Gadi Evron (Jan 05)
- Re: Ethical DDoS drone network Patrick W. Gilmore (Jan 05)
- Re: Ethical DDoS drone network Valdis . Kletnieks (Jan 05)
- Re: Ethical DDoS drone network Edward B. DREGER (Jan 05)
- Re: Ethical DDoS drone network Roland Dobbins (Jan 04)
- Re: Ethical DDoS drone network Patrick W. Gilmore (Jan 05)
- Re: Ethical DDoS drone network Edward B. DREGER (Jan 05)
- Re: Ethical DDoS drone network Jeffrey Lyon (Jan 05)
- RE: Ethical DDoS drone network Michael Gazzerro (Jan 05)
- RE: Ethical DDoS drone network Ray Corbin (Jan 05)
- Re: Ethical DDoS drone network Seth Mattinen (Jan 05)
- RE: Ethical DDoS drone network Ray Corbin (Jan 05)