If the customer has headroom on a 10G link, what's the harm with running a 1G volumetric DDoS across the Internet? Or if it's application layer, anytime against prescribed lab devices? Frank -----Original Message----- From: NANOG [mailto:nanog-bounces@nanog.org] On Behalf Of Brett Watson Sent: Tuesday, July 28, 2015 8:28 PM To: nanog@nanog.org Subject: Re: DDOS Simulation
On Jul 28, 2015, at 9:05 PM, jim deleskie <deleskie@gmail.com> wrote:
If anyone offers to "test" your DDoS devices across a network that you do not 100% own, you are risking legal issues.
If they offer to test it across your own network, make sure you have in writing from you upper management that they understand the risk and approve it.
If you choose to do it anyway then you are taking a LARGE risk.
Testing should be in your lab and even then you should understand 100% what is happing to avoid leaking attack traffic into the internet.
in a previous job (we did ddos mitigation) customer asked all the time for simulation, and typically live across the internet. for all the reasons noted, we didn’t do it, but instead would do a lab/POC with pcaps replayed from previous attacks we had mitigated to show the customer how our platform worked, how we handled incident response, etc. agree with all comments about NOT doing it over the internet, that way lies madness. -b