On Jul 7, 2011, at 6:40 AM, J.A. Terranson wrote: > These old virtual routing platforms are cheap, easy to find on ebay or > ebay-like sales arenas, and if stacked in the hundreds could *easily* > simulate many hundreds of thousands of routers, while server farms cab be > injected at appropriate points to simulate the "local networks" residing > on these routers.
What they don't allow one to do is to launch attacks and test their effects on actual, modern, hardware-based routers and layer-3 switches. The viability of software-based Internet edge routers ended 7-8 years ago; any organization still relying on software-based edge routers can be taken down with a trivial DDoS attack, so no stress-testing of such architectures is really required, heh. Also, the use of software-based routers/switches limits the attack bandwidth (bps) and throughput (pps) which can be utilized; this seriously limits the scope of resilience testing with regards to DDoS attacks. On a side note, I've generally found that non-ironic use of the appellation 'cyber-' to be inversely proportional to actual security clue. Therefore, I'd urge the really smart folks at Breakingpoint and other knowledgeable folks to avoid using the term 'cyber-range'; 'attack lab', 'testbed', et. al. are more descriptive and accurate, and don't carry the taint of Big Security hand-waving. ;> ----------------------------------------------------------------------- Roland Dobbins <[email protected]> // <http://www.arbornetworks.com> The basis of optimism is sheer terror. -- Oscar Wilde _______________________________________________ Dailydave mailing list [email protected] https://lists.immunityinc.com/mailman/listinfo/dailydave
