nanog mailing list archives
Re: Ethical DDoS drone network
From: Jack Bates <jbates () brightok net>
Date: Mon, 05 Jan 2009 16:52:42 -0600
BATTLES, TIMOTHY A (TIM), ATTLABS wrote:
True, real world events differ, but so do denial of service attacks. Distribution in the network, PPS, BPS, Packet Type, Packet Size, etc.. Etc.. Etc.. So really I don't get the point either in staging a real life do it yourself test. So, you put pieces of your network in jeopardy night after night during maintenance windows to determine if what?? Your vulnerable to DDOS? We all know we are, it's just a question of what type and how much right? So we identify our choke points. We all
<snip>
packet types. What I don't get is what you would be doing trying to accomplish this on a production network. Worse case is you break something. Best case is you don't. So if best case scenario is reach, what have you learned? Nothing! So what do you do next ramp it up? Seemssilly.
I'll personally agree with you, though there are fringe cases. For example, one or more of your peers might falter before you do. While I'm sure they won't enjoy you hurting their other customers, knowing that your peer's router is going to crater before your expensive piece of hardware is usually good knowledge. Since it's controlled, you can minimize the damage of testing that fact.
Another test is automatic measures and how well they perform. This may or may not be useful in a closed environment, though in a closed environment, they'll definitely need to mirror the production environment depending on what criteria they use for automatic measures.
A non-forging botnet which sends packets (valid or malformed) to an accepting recipient is strictly another internet app, and has a harm ratio related to some p2p apps. IP forging, of course, could cause unintended blowback, which could have severe legal ramifications.
That being said, I'd quit calling it a botnet. I'd call it a distributed application that stress tests DDoS protection measures, and it's advisable to let your direct peers know when you plan to run it. They might even be interested in monitoring their equipment (or tell you up front that you'll crater their equipment).
Jack
Current thread:
- Re: Ethical DDoS drone network, (continued)
- Re: Ethical DDoS drone network macbroadcast (Jan 04)
- Re: Ethical DDoS drone network Justin M. Streiner (Jan 04)
- Re: Ethical DDoS drone network John Kristoff (Jan 04)
- Re: Ethical DDoS drone network Gadi Evron (Jan 04)
- Re: Ethical DDoS drone network Zach (Jan 04)
- Re: Ethical DDoS drone network bmanning (Jan 04)
- Re: Ethical DDoS drone network James Hess (Jan 04)
- Re: Ethical DDoS drone network Gadi Evron (Jan 04)
- RE: Ethical DDoS drone network BATTLES, TIMOTHY A (TIM), ATTLABS (Jan 05)
- RE: Ethical DDoS drone network Edward B. DREGER (Jan 05)
- RE: Ethical DDoS drone network BATTLES, TIMOTHY A (TIM), ATTLABS (Jan 05)
- Re: Ethical DDoS drone network Jack Bates (Jan 05)
- Re: Ethical DDoS drone network Roland Dobbins (Jan 05)
- RE: Ethical DDoS drone network David Barak (Jan 05)
- Re: Ethical DDoS drone network Roland Dobbins (Jan 05)
- Re: Ethical DDoS drone network David Barak (Jan 05)
- Re: Ethical DDoS drone network Roland Dobbins (Jan 05)
- Re: Ethical DDoS drone network Jack Bates (Jan 05)
- Re: Ethical DDoS drone network Roland Dobbins (Jan 05)
- RE: Ethical DDoS drone network Edward B. DREGER (Jan 05)
- Re: Ethical DDoS drone network Bill Stewart (Jan 07)
- Re: Ethical DDoS drone network Justin Shore (Jan 06)
- Re: Ethical DDoS drone network Stephen Sprunk (Jan 06)