RE: DDOS Simulation

[<frnkblk () iname com>]

If the customer has headroom on a 10G link, what's the harm with running a 1G volumetric DDoS across the Internet?  Or 
if it's application layer, anytime against prescribed lab devices?

Frank

-----Original Message-----
From: NANOG [mailto:nanog-bounces () nanog org] On Behalf Of Brett Watson
Sent: Tuesday, July 28, 2015 8:28 PM
To: nanog () nanog org
Subject: Re: DDOS Simulation


> On Jul 28, 2015, at 9:05 PM, jim deleskie <deleskie () gmail com> wrote:
>
> If anyone offers to "test" your DDoS devices across a network that you do
> not 100% own, you are risking legal issues.
>
> If they offer to test it across your own network, make sure you have in
> writing from you upper management that they understand the risk and approve
> it.
>
> If you choose to do it anyway then you are taking a LARGE risk.
>
>
> Testing should be in your lab and even then you should understand 100% what
> is happing to avoid leaking attack traffic into the internet.

in a previous job (we did ddos mitigation) customer asked all the time for simulation, and typically live across the 
internet. for all the reasons noted, we didn’t do it, but instead would do a lab/POC with pcaps replayed from previous 
attacks we had mitigated to show the customer how our platform worked, how we handled incident response, etc. 

agree with all comments about NOT doing it over the internet, that way lies madness.

-b