Agreed, Gadi. It wouldn't be an attack if it were ethical. Technically, that would be "load testing" or "stress testing". Might I suggest this to help? http://www.opensourcetesting.org/performance.php
On Sun, Jan 4, 2009 at 9:55 PM, Gadi Evron <g...@linuxbox.org> wrote: > On Sun, 4 Jan 2009, John Kristoff wrote: > >> On Sun, 4 Jan 2009 21:06:34 -0500 >> "Jeffrey Lyon" <jeffrey.l...@blacklotus.net> wrote: >> >> Say for instance one wanted to create an "ethical botnet," how would >>> this be done in a manner that is legal, non-abusive toward other >>> networks, and unquestionably used for legitimate internal security >>> purposes? How does your company approach this dilemma? >>> >> >> As long as some part of the system (hosts/networks) from the bots to >> the target is not under your control or prepared for this sort of >> activity, you may not get a satisfactory answer on this. Its quite >> likely these days a third party playing the unwitting participant in >> this botnet may find it objectionable. >> >> Is creating and running a botnet the answer? What exactly are you >> trying to protect against? DDoS? >> >> There are potentially various sorts of penetration tests and design >> reviews you could go through as an alternative to running a so-called >> "ethical" botnet. Further information on what you're trying to protect >> against may solicit some useful strategies. >> > > A legal botnet is a distributed system you own. > > A legal DDoS network doesn't exist. The question is set wrong, no? > > > > John >> >> >