On Mon, 5 Jan 2009, Patrick W. Gilmore wrote:
On Jan 5, 2009, at 1:33 AM, Roland Dobbins wrote:
On Jan 5, 2009, at 2:08 PM, Patrick W. Gilmore wrote:
You want to 'attack' yourself, I do not see any problems. And I see lots
of possible benefits.
This can be done internally using various traffic-generation and
exploit-testing tools (plenty of open-source and commercial ones
available). No need to build a 'botnet', literally - more of a distributed
test-harness
And it must be *kept* internal; using non-routable space is key, along with
ensuring that application-layer effects like recursive DNS requests don't
end up leaking and causing problems for others.
We disagree.
I can think of several instances where it _must_ be external. For instance,
as I said before, knowing which intermediate networks are incapable of
handling the additional load is useful information.
But before any testing is done on production systems (during maintenance
windows scheduled for this type of testing, naturally), it should all be
done on airgapped labs, first, IMHO.
Without arguing that point (and there are lots of scenarios where that is not
at all necessary, IMHO), it does not change the fact that external testing
can be extremely useful after "air-gap" testing.
Fine test it by simulation on you or the transit end of the pipes. Do not
transmit your test sh?t data across the `net.
That solves that question?
:)