On Mon, Jan 5, 2009 at 4:11 PM, Roland Dobbins wrote:
> In my experience, once one has an understanding of the performance envelopes
> and has built a lab which contains examples of the functional elements of
> the system (network infrastructure, servers, apps, databases, clients, et.
> al.), one
RD> Date: Wed, 7 Jan 2009 09:48:16 +0800
RD> From: Roland Dobbins
RD> When one has a network/system in which the basic security BCPs
RD> haven't been implemented, it makes little sense to expend scarce
RD> resources testing when those resources could be better-employed
RD> hardening and increasing
On Jan 7, 2009, at 9:40 AM, Edward B. DREGER wrote:
Even when a system is highly deterministic, such as a database, one
still expects _real-world_ testing. Traffic flows on large networks
are
highly stochastic... and this includes OPNs, which I posit are
futile to
attempt to model.
Sure
I propose that we create two Internets. One can be the "testing"
Internet, and the other can be "production". To ensure that both
receive adequate treatment, they can trade places every few days. If
something breaks, it can be moved from "production" to "testing".
The detection of hyperbole, sa
RD> Date: Wed, 7 Jan 2009 08:50:46 +0800
RD> From: Roland Dobbins
RD> > I've seen _many_ routing problems appear in large WANs that simply
RD> > can't be replicated with fewer than a hundred or even a thousand
RD> > routers.
RD> Users can simulate many of these conditions themselves using various
On Jan 7, 2009, at 1:05 AM, Stephen Sprunk wrote:
I've seen _many_ routing problems appear in large WANs that simply
can't be replicated with fewer than a hundred or even a thousand
routers.
Users can simulate many of these conditions themselves using various
open-source and commercial
--- On Tue, 1/6/09, Justin Shore wrote:
> David Barak wrote:
> > Consider for a moment a large retail chain, with
> several hundred or a couple thousand locations. How big a
> lab should they have before deciding to roll out a new
> network something-or-other? Should their lab be 1:10 scale?
>
Justin Shore wrote:
David Barak wrote:
Consider for a moment a large retail chain, with several hundred or a
couple thousand locations. How big a lab should they have before
deciding to roll out a new network something-or-other? Should their
lab be 1:10 scale? A more realistic figure is tha
David Barak wrote:
Consider for a moment a large retail chain, with several hundred or a couple
thousand locations. How big a lab should they have before deciding to roll out
a new network something-or-other? Should their lab be 1:10 scale? A more
realistic figure is that they'll consider t
On Tue, Jan 6, 2009 at 12:52 PM, Michael Painter wrote:
>
> I watched the 'Demo Video' and the addresses shown were from AT&T and
> Comcast space. Any idea of what space they might be from in real life or
> is that part of their secret sauce?
>
J.Random ADSL / cable space I dare say. Though wh
- Original Message -
From: "Randy Bush"
Sent: Monday, January 05, 2009 7:30 PM
Subject: Re: Where there's a nanog thread there'll be a vendor solution ..Re:
Ethical DDoS drone network
I cant believe this .. http://www.iprental.com
sheesh! and i thought the ri
I cant believe this .. http://www.iprental.com
sheesh! and i thought the rirs had a monopoly on ip address rental. :)
randy
On Tue, Jan 6, 2009 at 10:54 AM, Jeffrey Lyon
wrote:
> This is new to you? Polymorphic anonymizers have been a way of life
> for a while now.
>
> Jeff
I just thought I'd cite an example. These have been around for a
while, as you say.
--
Suresh Ramasubramanian (ops.li...@gmail.com)
This is new to you? Polymorphic anonymizers have been a way of life
for a while now.
Jeff
On Mon, Jan 5, 2009 at 7:55 PM, Suresh Ramasubramanian
wrote:
> On Mon, Jan 5, 2009 at 10:24 PM, BATTLES, TIMOTHY A (TIM), ATTLABS
> wrote:
>> There are some assumptions here. First are you considering vo
On Jan 6, 2009, at 8:45 AM, Jack Bates wrote:
Sadly, I think money and time have a lot to do with this.
Even more than this, it's a skillset and mindset issue. Many
organizations don't know enough about how the underlying technologies
work to understand that they need to incorporate thes
On Mon, Jan 5, 2009 at 10:24 PM, BATTLES, TIMOTHY A (TIM), ATTLABS
wrote:
> There are some assumptions here. First are you considering volumetric
> DDOS attacks? Second, if you plan on harvesting wild bots and using them
> to serve your purpose then I don't see how this can be ethical unless
> th
Roland Dobbins wrote:
In my experience, once one has an understanding of the performance
envelopes and has built a lab which contains examples of the functional
elements of the system (network infrastructure, servers, apps,
databases, clients, et. al.), one can extrapolate pretty accurately wel
On Jan 6, 2009, at 8:01 AM, David Barak wrote:
The types of problems that the ultra-large DoS can ferret out are
the kind which *don't* show up in anything smaller than a 1:1 or 1:2
scale model.
In my experience, once one has an understanding of the performance
envelopes and has built a
-- On Mon, 1/5/09, Roland Dobbins wrote:
> From: Roland Dobbins
> Subject: Re: Ethical DDoS drone network
> To: "NANOG list"
> Date: Monday, January 5, 2009, 6:39 PM
> On Jan 6, 2009, at 7:23 AM, David Barak wrote:
>
> > In my opinion, the real thing yo
On Jan 6, 2009, at 7:23 AM, David Barak wrote:
In my opinion, the real thing you can puzzle out of this kind of
testing is the occasional hidden dependency.
Yes - but if your lab accurately reflects production, you can discover
this kind of thing in the lab (and one ought to already have a
On Jan 6, 2009, at 6:52 AM, Jack Bates wrote:
(or tell you up front that you'll crater their equipment).
This is the AUP danger to which I was referring earlier. Also, note
that the miscreants will attack intermediate systems such as routers
they identify via tracerouting from multiple p
on, 1/5/09, BATTLES, TIMOTHY A (TIM), ATTLABS wrote:
> From: BATTLES, TIMOTHY A (TIM), ATTLABS
> Subject: RE: Ethical DDoS drone network
> To: "Edward B. DREGER" , na...@merit.edu
> Date: Monday, January 5, 2009, 4:16 PM
> True, real world events differ, but so do denial of s
BATTLES, TIMOTHY A (TIM), ATTLABS wrote:
True, real world events differ, but so do denial of service attacks.
Distribution in the network, PPS, BPS, Packet Type, Packet Size, etc..
Etc.. Etc.. So really I don't get the point either in staging a real
life do it yourself test. So, you put pieces
t ramp it up? Seems
silly.
-Original Message-
From: Edward B. DREGER [mailto:eddy+public+s...@noc.everquick.net]
Sent: Monday, January 05, 2009 12:03 PM
To: na...@merit.edu
Subject: RE: Ethical DDoS drone network
TAB> Date: Mon, 5 Jan 2009 11:54:06 -0500
TAB> From: "BAT
> FWIW, I'm primarily concerned about testing PPS loads and not
> brute force bandwidth.
Simple solution.
Write some DDoS software that folks can install on their own
machines. Make its so that the software is only triggered by
commands from a device under the same administrative control,
i.e.
@merit.edu
Subject: Re: Ethical DDoS drone network
Ray Corbin wrote:
> Until you get hit at 8GB/s and then don't have a nice 'off' button..
>
However, it would very accurately simulate a real-world attack where you
don't get to have an "off" button.
~Seth
Ray Corbin wrote:
Until you get hit at 8GB/s and then don't have a nice 'off' button..
However, it would very accurately simulate a real-world attack where you
don't get to have an "off" button.
~Seth
Until you get hit at 8GB/s and then don't have a nice 'off' button..
-r
-Original Message-
From: Michael Gazzerro [mailto:mike.gazze...@nobistech.net]
Sent: Monday, January 05, 2009 1:14 PM
To: 'Jeffrey Lyon'; na...@merit.edu
Subject: RE: Ethical DDoS drone netw
JL> Date: Mon, 5 Jan 2009 12:54:24 -0500
JL> From: Jeffrey Lyon
JL> FWIW, I'm primarily concerned about testing PPS loads and not brute
JL> force bandwidth.
Which underscores my point: bps with minimally-sized packets is even
higher pps than bps with "normal"-sized packets, for any non-minimal
You could just troll people on IRC until you get DDOS'd. All the fun, none
of the work!
-Original Message-
From: Jeffrey Lyon [mailto:jeffrey.l...@blacklotus.net]
Sent: Monday, January 05, 2009 11:54 AM
To: na...@merit.edu
Subject: Re: Ethical DDoS drone network
FWIW, I'm
TAB> Date: Mon, 5 Jan 2009 11:54:06 -0500
TAB> From: "BATTLES, TIMOTHY A (TIM), ATTLABS"
TAB> assuming your somewhat scaled, I would think this could all be done
TAB> in the lab.
And end up with a network that works in the lab. :-)
- bw * delay
- effects of flow caching, where applicable
- jitte
FWIW, I'm primarily concerned about testing PPS loads and not brute
force bandwidth.
Best regards, Jeff
On Mon, Jan 5, 2009 at 12:51 PM, Edward B. DREGER
wrote:
> RD> Date: Mon, 5 Jan 2009 15:54:50 +0800
> RD> From: Roland Dobbins
>
> RD> AUPs are a big issue, here..
>
> And AUPs [theoretically]
RD> Date: Mon, 5 Jan 2009 15:54:50 +0800
RD> From: Roland Dobbins
RD> AUPs are a big issue, here..
And AUPs [theoretically] set forth definitions.
Of course, there exist colo providers with "unlimited 10 Gbps bandwidth"
whose AUPs read "do not use 'too much' bandwith or we will get angry",
thus
PWG> Date: Mon, 5 Jan 2009 06:53:49 -0500
PWG> From: Patrick W. Gilmore
PWG> But back to your original point, how can you tell it is shit data?
AFAIK, RFC 3514 is the only standards document that has addressed this.
I have yet to see it implemented. ;-)
Eddy
--
Everquick Internet - http://www.e
On Mon, 05 Jan 2009 06:53:49 EST, "Patrick W. Gilmore" said:
> Knowing whether the systems - internal _and_ external - can handle a
> certain load (and figuring out why not, then fixing it) is vital to
> many people / companies / applications. Despite the rhetoric here, it
> is simply not po
There are some assumptions here. First are you considering volumetric
DDOS attacks? Second, if you plan on harvesting wild bots and using them
to serve your purpose then I don't see how this can be ethical unless
they are just clients from your own network making it less distributed.
You would the
On Jan 5, 2009, at 2:54 AM, Roland Dobbins wrote:
On Jan 5, 2009, at 3:04 PM, Patrick W. Gilmore wrote:
I can think of several instances where it _must_ be external. For
instance, as I said before, knowing which intermediate networks are
incapable of handling the additional load is useful i
On Jan 5, 2009, at 3:39 AM, Gadi Evron wrote:
On Sun, 4 Jan 2009, kris foster wrote:
On Jan 4, 2009, at 11:11 PM, Gadi Evron wrote:
On Mon, 5 Jan 2009, Patrick W. Gilmore wrote:
On Jan 5, 2009, at 1:33 AM, Roland Dobbins wrote:
On Jan 5, 2009, at 2:08 PM, Patrick W. Gilmore wrote:
I can thin
On Sun, 4 Jan 2009, kris foster wrote:
On Jan 4, 2009, at 11:11 PM, Gadi Evron wrote:
On Mon, 5 Jan 2009, Patrick W. Gilmore wrote:
On Jan 5, 2009, at 1:33 AM, Roland Dobbins wrote:
On Jan 5, 2009, at 2:08 PM, Patrick W. Gilmore wrote:
I can think of several instances where it _must_ be exte
On Jan 5, 2009, at 3:04 PM, Patrick W. Gilmore wrote:
I can think of several instances where it _must_ be external. For
instance, as I said before, knowing which intermediate networks are
incapable of handling the additional load is useful information.
AUPs are a big issue, here..
Withou
On Jan 4, 2009, at 11:11 PM, Gadi Evron wrote:
On Mon, 5 Jan 2009, Patrick W. Gilmore wrote:
On Jan 5, 2009, at 1:33 AM, Roland Dobbins wrote:
On Jan 5, 2009, at 2:08 PM, Patrick W. Gilmore wrote:
I can think of several instances where it _must_ be external. For
instance, as I said before,
On Mon, 5 Jan 2009, Patrick W. Gilmore wrote:
On Jan 5, 2009, at 1:33 AM, Roland Dobbins wrote:
On Jan 5, 2009, at 2:08 PM, Patrick W. Gilmore wrote:
You want to 'attack' yourself, I do not see any problems. And I see lots
of possible benefits.
This can be done internally using various traf
On Jan 5, 2009, at 1:33 AM, Roland Dobbins wrote:
On Jan 5, 2009, at 2:08 PM, Patrick W. Gilmore wrote:
You want to 'attack' yourself, I do not see any problems. And I
see lots of possible benefits.
This can be done internally using various traffic-generation and
exploit-testing tools (pl
On Jan 5, 2009, at 2:08 PM, Patrick W. Gilmore wrote:
You want to 'attack' yourself, I do not see any problems. And I see
lots of possible benefits.
This can be done internally using various traffic-generation and
exploit-testing tools (plenty of open-source and commercial ones
availabl
On Sun, Jan 4, 2009 at 10:27 PM, wrote:
> On Sun, Jan 04, 2009 at 09:55:20PM -0600, Gadi Evron wrote:
>> A legal botnet is a distributed system you own.
>> A legal DDoS network doesn't exist. The question is set wrong, no?
>kind of depends on what the model is. a botnet for hire
>
On Jan 4, 2009, at 9:18 PM, deles...@gmail.com wrote:
Super risky. This would be a 99% legal worry plus. Unless all the
end points and networks they cross sign off on it the risk is beyond
huge.
Since when do I need permission of "networks they cross" to send data
from a machine I (legi
On Sun, Jan 04, 2009 at 09:55:20PM -0600, Gadi Evron wrote:
>
> A legal botnet is a distributed system you own.
>
> A legal DDoS network doesn't exist. The question is set wrong, no?
>
kind of depends on what the model is. a botnet for hire
to "red-team" my network might be jus
Agreed, Gadi. It wouldn't be an attack if it were ethical. Technically,
that would be "load testing" or "stress testing".
Might I suggest this to help?
http://www.opensourcetesting.org/performance.php
On Sun, Jan 4, 2009 at 9:55 PM, Gadi Evron wrote:
> On Sun, 4 Jan 2009, John Kristoff wrote:
On Sun, 4 Jan 2009, John Kristoff wrote:
On Sun, 4 Jan 2009 21:06:34 -0500
"Jeffrey Lyon" wrote:
Say for instance one wanted to create an "ethical botnet," how would
this be done in a manner that is legal, non-abusive toward other
networks, and unquestionably used for legitimate internal secur
On Sun, 4 Jan 2009 21:06:34 -0500
"Jeffrey Lyon" wrote:
> Say for instance one wanted to create an "ethical botnet," how would
> this be done in a manner that is legal, non-abusive toward other
> networks, and unquestionably used for legitimate internal security
> purposes? How does your company
y off base.
You'd also have the concern that if someone 'owned' you 'ethical' botnet being
potentially responsible for any damage it caused.
Maybe I'm just extra paranoid :)
-jim
--Original Message--
From: Mark Foster
To: deles...@gmail.com
Cc: Jeffrey Lyon
Cc: n
On Sun, 4 Jan 2009, Jeffrey Lyon wrote:
Say for instance one wanted to create an "ethical botnet," how would
this be done in a manner that is legal, non-abusive toward other
networks, and unquestionably used for legitimate internal security
purposes? How does your company approach this dilemma?
Refer earlier posts.
End points ('drones') would have to be legitimate endpoints, not drones on
random boxes. That eliminates legal liability client-side.
If the traffic is non abusive then I don't see the risk for the network
providers in the middle either.
If it's clearly established that t
Am 05.01.2009 um 03:06 schrieb Jeffrey Lyon:
Say for instance one wanted to create an "ethical botnet," how would
this be done in a manner that is legal, non-abusive toward other
networks, and unquestionably used for legitimate internal security
purposes? How does your company approach this dil
Super risky. This would be a 99% legal worry plus. Unless all the end points
and networks they cross sign off on it the risk is beyond huge.
-jim
--Original Message--
From: Jeffrey Lyon
Sender:
To: na...@merit.edu
Subject: Ethical DDoS drone network
Sent: Jan 4, 2009 10:06 PM
Say for
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Sun, Jan 4, 2009 at 6:06 PM, Jeffrey Lyon
wrote:
> Say for instance one wanted to create an "ethical botnet," how would
> this be done in a manner that is legal, non-abusive toward other
> networks, and unquestionably used for legitimate internal
I would say to roll your own binary hardcoded to only hit 1 IP address, and
have it held on a law enforcement approved network under the supervision of
a qualified agent. 0.02
On Sun, Jan 4, 2009 at 8:06 PM, Jeffrey Lyon wrote:
> Say for instance one wanted to create an "ethical botnet," how woul
57 matches
Mail list logo