On Sun, 4 Jan 2009 21:06:34 -0500 "Jeffrey Lyon" <jeffrey.lyon@blacklotus.net> wrote:
Say for instance one wanted to create an "ethical botnet," how would this be done in a manner that is legal, non-abusive toward other networks, and unquestionably used for legitimate internal security purposes? How does your company approach this dilemma?
As long as some part of the system (hosts/networks) from the bots to the target is not under your control or prepared for this sort of activity, you may not get a satisfactory answer on this. Its quite likely these days a third party playing the unwitting participant in this botnet may find it objectionable. Is creating and running a botnet the answer? What exactly are you trying to protect against? DDoS? There are potentially various sorts of penetration tests and design reviews you could go through as an alternative to running a so-called "ethical" botnet. Further information on what you're trying to protect against may solicit some useful strategies. John