On Sun, 4 Jan 2009, John Kristoff wrote:
On Sun, 4 Jan 2009 21:06:34 -0500
"Jeffrey Lyon" <jeffrey.l...@blacklotus.net> wrote:
Say for instance one wanted to create an "ethical botnet," how would
this be done in a manner that is legal, non-abusive toward other
networks, and unquestionably used for legitimate internal security
purposes? How does your company approach this dilemma?
As long as some part of the system (hosts/networks) from the bots to
the target is not under your control or prepared for this sort of
activity, you may not get a satisfactory answer on this. Its quite
likely these days a third party playing the unwitting participant in
this botnet may find it objectionable.
Is creating and running a botnet the answer? What exactly are you
trying to protect against? DDoS?
There are potentially various sorts of penetration tests and design
reviews you could go through as an alternative to running a so-called
"ethical" botnet. Further information on what you're trying to protect
against may solicit some useful strategies.
A legal botnet is a distributed system you own.
A legal DDoS network doesn't exist. The question is set wrong, no?
John
