On 29 Jul 2015, at 5:19, alvin nanog wrote:
as previously noted by others, legit corp will ask you for lots of legal paperwork for their "get out of jail card" for DDoS'ing your servers and all the other ISP's routers along the way that had to transport those gigabyte/terabyte of useless ddos packets
No company can provide a 'get out of jail card' for illegal activities, irrespective of how they arrange their paperwork. DDoS testing across the Internet is a Big No-No due to legal considerations, potential liabilities, potential for catastrophic error, etc. Doing it across one's own network which one controls is certainly viable. There are some companies which do that, and which take a belt-and-suspenders approach to ensure that simulated attack traffic doesn't leak, etc. Simulated DDoS attacks and testing of defenses should be part of any real development environment, along with scalability testing in general. Sadly, this is rarely the case. The best way to learn how to defend something is to learn how to attack it. Organizations with substantial Internet properties should develop their own organic capabilities to perform such testing in a safe and responsible manner, as it will also enhance the skills needed to defend said properties. ----------------------------------- Roland Dobbins <rdobbins@arbor.net>