Agreed, Gadi. It wouldn't be an attack if it were ethical. Technically, that would be "load testing" or "stress testing". Might I suggest this to help? http://www.opensourcetesting.org/performance.php On Sun, Jan 4, 2009 at 9:55 PM, Gadi Evron <ge@linuxbox.org> wrote:
On Sun, 4 Jan 2009, John Kristoff wrote:
On Sun, 4 Jan 2009 21:06:34 -0500 "Jeffrey Lyon" <jeffrey.lyon@blacklotus.net> wrote:
Say for instance one wanted to create an "ethical botnet," how would
this be done in a manner that is legal, non-abusive toward other networks, and unquestionably used for legitimate internal security purposes? How does your company approach this dilemma?
As long as some part of the system (hosts/networks) from the bots to the target is not under your control or prepared for this sort of activity, you may not get a satisfactory answer on this. Its quite likely these days a third party playing the unwitting participant in this botnet may find it objectionable.
Is creating and running a botnet the answer? What exactly are you trying to protect against? DDoS?
There are potentially various sorts of penetration tests and design reviews you could go through as an alternative to running a so-called "ethical" botnet. Further information on what you're trying to protect against may solicit some useful strategies.
A legal botnet is a distributed system you own.
A legal DDoS network doesn't exist. The question is set wrong, no?
John