Re: DDOS Simulation

["Roland Dobbins" <rdobbins () arbor net>]

On 29 Jul 2015, at 5:19, alvin nanog wrote:

> as previously noted by others, legit corp will ask you for lots of
> legal paperwork  for their "get out of jail card" for DDoS'ing your 
> servers
> and all the other ISP's routers along the way that had to transport
> those gigabyte/terabyte of useless ddos packets

No company can provide a 'get out of jail card' for illegal activities, 
irrespective of how they arrange their paperwork.

DDoS testing across the Internet is a Big No-No due to legal 
considerations, potential liabilities, potential for catastrophic error, 
etc.

Doing it across one's own network which one controls is certainly 
viable.  There are some companies which do that, and which take a 
belt-and-suspenders approach to ensure that simulated attack traffic 
doesn't leak, etc.

Simulated DDoS attacks and testing of defenses should be part of any 
real development environment, along with scalability testing in general. 
 Sadly, this is rarely the case.

The best way to learn how to defend something is to learn how to attack 
it.  Organizations with substantial Internet properties should develop 
their own organic capabilities to perform such testing in a safe and 
responsible manner, as it will also enhance the skills needed to defend 
said properties.

-----------------------------------
Roland Dobbins <rdobbins () arbor net>