On Mon, Jan 5, 2009 at 4:11 PM, Roland Dobbins rdobb...@cisco.com wrote:
In my experience, once one has an understanding of the performance envelopes
and has built a lab which contains examples of the functional elements of
the system (network infrastructure, servers, apps, databases, clients,
David Barak wrote:
Consider for a moment a large retail chain, with several hundred or a couple
thousand locations. How big a lab should they have before deciding to roll out
a new network something-or-other? Should their lab be 1:10 scale? A more
realistic figure is that they'll consider
Justin Shore wrote:
David Barak wrote:
Consider for a moment a large retail chain, with several hundred or a
couple thousand locations. How big a lab should they have before
deciding to roll out a new network something-or-other? Should their
lab be 1:10 scale? A more realistic figure is
--- On Tue, 1/6/09, Justin Shore jus...@justinshore.com wrote:
David Barak wrote:
Consider for a moment a large retail chain, with
several hundred or a couple thousand locations. How big a
lab should they have before deciding to roll out a new
network something-or-other? Should their lab
On Jan 7, 2009, at 1:05 AM, Stephen Sprunk wrote:
I've seen _many_ routing problems appear in large WANs that simply
can't be replicated with fewer than a hundred or even a thousand
routers.
Users can simulate many of these conditions themselves using various
open-source and commercial
RD Date: Wed, 7 Jan 2009 08:50:46 +0800
RD From: Roland Dobbins
RD I've seen _many_ routing problems appear in large WANs that simply
RD can't be replicated with fewer than a hundred or even a thousand
RD routers.
RD Users can simulate many of these conditions themselves using various
many
I propose that we create two Internets. One can be the testing
Internet, and the other can be production. To ensure that both
receive adequate treatment, they can trade places every few days. If
something breaks, it can be moved from production to testing.
The detection of hyperbole, sarcasm,
On Jan 7, 2009, at 9:40 AM, Edward B. DREGER wrote:
Even when a system is highly deterministic, such as a database, one
still expects _real-world_ testing. Traffic flows on large networks
are
highly stochastic... and this includes OPNs, which I posit are
futile to
attempt to model.
RD Date: Wed, 7 Jan 2009 09:48:16 +0800
RD From: Roland Dobbins
RD When one has a network/system in which the basic security BCPs
RD haven't been implemented, it makes little sense to expend scarce
RD resources testing when those resources could be better-employed
RD hardening and increasing the
On Mon, 05 Jan 2009 06:53:49 EST, Patrick W. Gilmore said:
Knowing whether the systems - internal _and_ external - can handle a
certain load (and figuring out why not, then fixing it) is vital to
many people / companies / applications. Despite the rhetoric here, it
is simply not
PWG Date: Mon, 5 Jan 2009 06:53:49 -0500
PWG From: Patrick W. Gilmore
PWG But back to your original point, how can you tell it is shit data?
AFAIK, RFC 3514 is the only standards document that has addressed this.
I have yet to see it implemented. ;-)
Eddy
--
Everquick Internet -
RD Date: Mon, 5 Jan 2009 15:54:50 +0800
RD From: Roland Dobbins
RD AUPs are a big issue, here..
And AUPs [theoretically] set forth definitions.
Of course, there exist colo providers with unlimited 10 Gbps bandwidth
whose AUPs read do not use 'too much' bandwith or we will get angry,
thus
FWIW, I'm primarily concerned about testing PPS loads and not brute
force bandwidth.
Best regards, Jeff
On Mon, Jan 5, 2009 at 12:51 PM, Edward B. DREGER
eddy+public+s...@noc.everquick.net wrote:
RD Date: Mon, 5 Jan 2009 15:54:50 +0800
RD From: Roland Dobbins
RD AUPs are a big issue, here..
TAB Date: Mon, 5 Jan 2009 11:54:06 -0500
TAB From: BATTLES, TIMOTHY A (TIM), ATTLABS
TAB assuming your somewhat scaled, I would think this could all be done
TAB in the lab.
And end up with a network that works in the lab. :-)
- bw * delay
- effects of flow caching, where applicable
- jitter
You could just troll people on IRC until you get DDOS'd. All the fun, none
of the work!
-Original Message-
From: Jeffrey Lyon [mailto:jeffrey.l...@blacklotus.net]
Sent: Monday, January 05, 2009 11:54 AM
To: na...@merit.edu
Subject: Re: Ethical DDoS drone network
FWIW, I'm primarily
JL Date: Mon, 5 Jan 2009 12:54:24 -0500
JL From: Jeffrey Lyon
JL FWIW, I'm primarily concerned about testing PPS loads and not brute
JL force bandwidth.
Which underscores my point: x bps with minimally-sized packets is even
higher pps than x bps with normal-sized packets, for any non-minimal
Until you get hit at 8GB/s and then don't have a nice 'off' button..
-r
-Original Message-
From: Michael Gazzerro [mailto:mike.gazze...@nobistech.net]
Sent: Monday, January 05, 2009 1:14 PM
To: 'Jeffrey Lyon'; na...@merit.edu
Subject: RE: Ethical DDoS drone network
You could just troll
Ray Corbin wrote:
Until you get hit at 8GB/s and then don't have a nice 'off' button..
However, it would very accurately simulate a real-world attack where you
don't get to have an off button.
~Seth
Subject: Re: Ethical DDoS drone network
Ray Corbin wrote:
Until you get hit at 8GB/s and then don't have a nice 'off' button..
However, it would very accurately simulate a real-world attack where you
don't get to have an off button.
~Seth
[mailto:jeffrey.l...@blacklotus.net]
Sent: Sunday, January 04, 2009 8:07 PM
To: na...@merit.edu
Subject: Ethical DDoS drone network
Say for instance one wanted to create an ethical botnet, how would
this be done in a manner that is legal, non-abusive toward other
networks, and unquestionably used for legitimate
On Jan 5, 2009, at 3:39 AM, Gadi Evron wrote:
On Sun, 4 Jan 2009, kris foster wrote:
On Jan 4, 2009, at 11:11 PM, Gadi Evron wrote:
On Mon, 5 Jan 2009, Patrick W. Gilmore wrote:
On Jan 5, 2009, at 1:33 AM, Roland Dobbins wrote:
On Jan 5, 2009, at 2:08 PM, Patrick W. Gilmore wrote:
I can
On Jan 5, 2009, at 2:54 AM, Roland Dobbins wrote:
On Jan 5, 2009, at 3:04 PM, Patrick W. Gilmore wrote:
I can think of several instances where it _must_ be external. For
instance, as I said before, knowing which intermediate networks are
incapable of handling the additional load is useful
FWIW, I'm primarily concerned about testing PPS loads and not
brute force bandwidth.
Simple solution.
Write some DDoS software that folks can install on their own
machines. Make its so that the software is only triggered by
commands from a device under the same administrative control,
i.e.
.
-Original Message-
From: Edward B. DREGER [mailto:eddy+public+s...@noc.everquick.net]
Sent: Monday, January 05, 2009 12:03 PM
To: na...@merit.edu
Subject: RE: Ethical DDoS drone network
TAB Date: Mon, 5 Jan 2009 11:54:06 -0500
TAB From: BATTLES, TIMOTHY A (TIM), ATTLABS
TAB assuming
BATTLES, TIMOTHY A (TIM), ATTLABS wrote:
True, real world events differ, but so do denial of service attacks.
Distribution in the network, PPS, BPS, Packet Type, Packet Size, etc..
Etc.. Etc.. So really I don't get the point either in staging a real
life do it yourself test. So, you put pieces
, BATTLES, TIMOTHY A (TIM), ATTLABS tmbatt...@att.com wrote:
From: BATTLES, TIMOTHY A (TIM), ATTLABS tmbatt...@att.com
Subject: RE: Ethical DDoS drone network
To: Edward B. DREGER eddy+public+s...@noc.everquick.net, na...@merit.edu
Date: Monday, January 5, 2009, 4:16 PM
True, real world events
On Jan 6, 2009, at 6:52 AM, Jack Bates wrote:
(or tell you up front that you'll crater their equipment).
This is the AUP danger to which I was referring earlier. Also, note
that the miscreants will attack intermediate systems such as routers
they identify via tracerouting from multiple
On Jan 6, 2009, at 7:23 AM, David Barak wrote:
In my opinion, the real thing you can puzzle out of this kind of
testing is the occasional hidden dependency.
Yes - but if your lab accurately reflects production, you can discover
this kind of thing in the lab (and one ought to already have
-- On Mon, 1/5/09, Roland Dobbins rdobb...@cisco.com wrote:
From: Roland Dobbins rdobb...@cisco.com
Subject: Re: Ethical DDoS drone network
To: NANOG list na...@merit.edu
Date: Monday, January 5, 2009, 6:39 PM
On Jan 6, 2009, at 7:23 AM, David Barak wrote:
In my opinion, the real thing
On Jan 6, 2009, at 8:01 AM, David Barak wrote:
The types of problems that the ultra-large DoS can ferret out are
the kind which *don't* show up in anything smaller than a 1:1 or 1:2
scale model.
In my experience, once one has an understanding of the performance
envelopes and has built a
Roland Dobbins wrote:
In my experience, once one has an understanding of the performance
envelopes and has built a lab which contains examples of the functional
elements of the system (network infrastructure, servers, apps,
databases, clients, et. al.), one can extrapolate pretty accurately
On Mon, Jan 5, 2009 at 10:24 PM, BATTLES, TIMOTHY A (TIM), ATTLABS
tmbatt...@att.com wrote:
There are some assumptions here. First are you considering volumetric
DDOS attacks? Second, if you plan on harvesting wild bots and using them
to serve your purpose then I don't see how this can be
This is new to you? Polymorphic anonymizers have been a way of life
for a while now.
Jeff
On Mon, Jan 5, 2009 at 7:55 PM, Suresh Ramasubramanian
ops.li...@gmail.com wrote:
On Mon, Jan 5, 2009 at 10:24 PM, BATTLES, TIMOTHY A (TIM), ATTLABS
tmbatt...@att.com wrote:
There are some assumptions
I cant believe this .. http://www.iprental.com
sheesh! and i thought the rirs had a monopoly on ip address rental. :)
randy
- Original Message -
From: Randy Bush
Sent: Monday, January 05, 2009 7:30 PM
Subject: Re: Where there's a nanog thread there'll be a vendor solution ..Re:
Ethical DDoS drone network
I cant believe this .. http://www.iprental.com
sheesh! and i thought the rirs had a monopoly on ip
On Tue, Jan 6, 2009 at 12:52 PM, Michael Painter tvhaw...@shaka.com wrote:
I watched the 'Demo Video' and the addresses shown were from ATT and
Comcast space. Any idea of what space they might be from in real life or
is that part of their secret sauce?
J.Random ADSL / cable space I dare
Say for instance one wanted to create an ethical botnet, how would
this be done in a manner that is legal, non-abusive toward other
networks, and unquestionably used for legitimate internal security
purposes? How does your company approach this dilemma?
Our company for instance has always relied
I would say to roll your own binary hardcoded to only hit 1 IP address, and
have it held on a law enforcement approved network under the supervision of
a qualified agent. 0.02
On Sun, Jan 4, 2009 at 8:06 PM, Jeffrey Lyon jeffrey.l...@blacklotus.netwrote:
Say for instance one wanted to create an
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Sun, Jan 4, 2009 at 6:06 PM, Jeffrey Lyon jeffrey.l...@blacklotus.net
wrote:
Say for instance one wanted to create an ethical botnet, how would
this be done in a manner that is legal, non-abusive toward other
networks, and unquestionably used
Super risky. This would be a 99% legal worry plus. Unless all the end points
and networks they cross sign off on it the risk is beyond huge.
-jim
--Original Message--
From: Jeffrey Lyon
Sender:
To: na...@merit.edu
Subject: Ethical DDoS drone network
Sent: Jan 4, 2009 10:06 PM
Say
Am 05.01.2009 um 03:06 schrieb Jeffrey Lyon:
Say for instance one wanted to create an ethical botnet, how would
this be done in a manner that is legal, non-abusive toward other
networks, and unquestionably used for legitimate internal security
purposes? How does your company approach this
:
Super risky. This would be a 99% legal worry plus. Unless all the end points
and networks they cross sign off on it the risk is beyond huge.
-jim
--Original Message--
From: Jeffrey Lyon
Sender:
To: na...@merit.edu
Subject: Ethical DDoS drone network
Sent: Jan 4, 2009 10:06 PM
Say
On Sun, 4 Jan 2009, Jeffrey Lyon wrote:
Say for instance one wanted to create an ethical botnet, how would
this be done in a manner that is legal, non-abusive toward other
networks, and unquestionably used for legitimate internal security
purposes? How does your company approach this dilemma?
Jan 2009, deles...@gmail.com wrote:
Super risky. This would be a 99% legal worry plus. Unless all the end
points and networks they cross sign off on it the risk is beyond huge.
-jim
--Original Message--
From: Jeffrey Lyon
Sender:
To: na...@merit.edu
Subject: Ethical DDoS drone
On Sun, 4 Jan 2009 21:06:34 -0500
Jeffrey Lyon jeffrey.l...@blacklotus.net wrote:
Say for instance one wanted to create an ethical botnet, how would
this be done in a manner that is legal, non-abusive toward other
networks, and unquestionably used for legitimate internal security
purposes?
On Sun, 4 Jan 2009, John Kristoff wrote:
On Sun, 4 Jan 2009 21:06:34 -0500
Jeffrey Lyon jeffrey.l...@blacklotus.net wrote:
Say for instance one wanted to create an ethical botnet, how would
this be done in a manner that is legal, non-abusive toward other
networks, and unquestionably used for
Agreed, Gadi. It wouldn't be an attack if it were ethical. Technically,
that would be load testing or stress testing.
Might I suggest this to help?
http://www.opensourcetesting.org/performance.php
On Sun, Jan 4, 2009 at 9:55 PM, Gadi Evron g...@linuxbox.org wrote:
On Sun, 4 Jan 2009, John
On Sun, Jan 04, 2009 at 09:55:20PM -0600, Gadi Evron wrote:
A legal botnet is a distributed system you own.
A legal DDoS network doesn't exist. The question is set wrong, no?
kind of depends on what the model is. a botnet for hire
to red-team my network might be just the
. And I see
lots of possible benefits. Hell, just figuring out which intermediate
networks cannot handle the added load is useful information.
--
TTFN,
patrick
--Original Message--
From: Jeffrey Lyon
Sender:
To: na...@merit.edu
Subject: Ethical DDoS drone network
Sent: Jan 4, 2009
On Sun, Jan 4, 2009 at 10:27 PM, bmann...@vacation.karoshi.com wrote:
On Sun, Jan 04, 2009 at 09:55:20PM -0600, Gadi Evron wrote:
A legal botnet is a distributed system you own.
A legal DDoS network doesn't exist. The question is set wrong, no?
kind of depends on what the model is. a
On Jan 5, 2009, at 2:08 PM, Patrick W. Gilmore wrote:
You want to 'attack' yourself, I do not see any problems. And I see
lots of possible benefits.
This can be done internally using various traffic-generation and
exploit-testing tools (plenty of open-source and commercial ones
On Jan 5, 2009, at 1:33 AM, Roland Dobbins wrote:
On Jan 5, 2009, at 2:08 PM, Patrick W. Gilmore wrote:
You want to 'attack' yourself, I do not see any problems. And I
see lots of possible benefits.
This can be done internally using various traffic-generation and
exploit-testing tools
On Mon, 5 Jan 2009, Patrick W. Gilmore wrote:
On Jan 5, 2009, at 1:33 AM, Roland Dobbins wrote:
On Jan 5, 2009, at 2:08 PM, Patrick W. Gilmore wrote:
You want to 'attack' yourself, I do not see any problems. And I see lots
of possible benefits.
This can be done internally using various
On Jan 4, 2009, at 11:11 PM, Gadi Evron wrote:
On Mon, 5 Jan 2009, Patrick W. Gilmore wrote:
On Jan 5, 2009, at 1:33 AM, Roland Dobbins wrote:
On Jan 5, 2009, at 2:08 PM, Patrick W. Gilmore wrote:
I can think of several instances where it _must_ be external. For
instance, as I said
On Jan 5, 2009, at 3:04 PM, Patrick W. Gilmore wrote:
I can think of several instances where it _must_ be external. For
instance, as I said before, knowing which intermediate networks are
incapable of handling the additional load is useful information.
AUPs are a big issue, here..
55 matches
Mail list logo