nanog mailing list archives
Re: Fwd: Re: Digital Island sponsors DoS attempt?
From: "Christopher A. Woodfield" <rekoil () semihuman com>
Date: Thu, 25 Oct 2001 23:17:37 -0400
This brings up one of those age-old questions - how paranoid is too paranoid? I, for one, do not view pings in an of themselves as any sort of security threat or network abuse, even a couple hundred per hour (assuming these aren't 1500-byte packets coming in on a dialup). I personally will log and report SYNs coming in to port 139, 111, et al, but I could care less about ICMP or port 80 SYNs as long as they're not using a significant amount of bandwidth. Speaking from personal opinion, but working for a company that does network performance probing simlar to what DI's doing, I would hope for their sake that DI is only pinging hosts that have already been a destination IP for a not-insignificant number of packets traversing their network. If they're just doing random pinging, well, that's not real useful to begin with, and, as someone else stated, kinda rude. We don't target an IP for performance probes unless there's a decent amount of traffic going there from our customers already... -C On Thu, Oct 25, 2001 at 07:50:08PM -0700, James Thomason wrote:
On Thu, 25 Oct 2001, JC Dill wrote:Above.net's blocking of ORBS led to fewer and fewer networks using ORBS and IMHO it contributed to the weakness that allowed the lawsuit to happen and thrive. If ORBS had been a stronger service with more users, they might have done things differently before or during the lawsuit. What happens to Digital Island if networks (especially large networks) start blocking them because they won't stop repeatedly scanning when asked? Can it do them *any* good?I would assume they might develop a better probing methodology that is harder to detect or block. Is it really productive to deem the packets of others "dirty" when you willingly participate in a public-access medium? Are the probes creating more overhead than an ACL? Or is someone just pissed because they have their pager linked to tail -f ids.log?jc
-- --------------------------- Christopher A. Woodfield rekoil () semihuman com PGP Public Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xB887618B
Current thread:
- Re: Fwd: Re: Digital Island sponsors DoS attempt, (continued)
- Re: Fwd: Re: Digital Island sponsors DoS attempt Patrick W. Gilmore (Oct 29)
- RE: Fwd: Re: Digital Island sponsors DoS attempt? Christopher J. Wolff (Oct 25)
- RE: Fwd: Re: Digital Island sponsors DoS attempt? Dave Stewart (Oct 25)
- Re: Fwd: Re: Digital Island sponsors DoS attempt? Wojtek Zlobicki (Oct 25)
- Re: Fwd: Re: Digital Island sponsors DoS attempt? Dave Stewart (Oct 25)
- Re: Fwd: Re: Digital Island sponsors DoS attempt? JC Dill (Oct 25)
- Re: Fwd: Re: Digital Island sponsors DoS attempt? Andy Walden (Oct 25)
- Message not available
- Re: Fwd: Re: Digital Island sponsors DoS attempt? JC Dill (Oct 25)
- Re: Fwd: Re: Digital Island sponsors DoS attempt? Andy Walden (Oct 25)
- Re: Fwd: Re: Digital Island sponsors DoS attempt? James Thomason (Oct 25)
- Re: Fwd: Re: Digital Island sponsors DoS attempt? Christopher A. Woodfield (Oct 25)
- Re: Fwd: Re: Digital Island sponsors DoS attempt? Andy Walden (Oct 25)
- Re: Fwd: Re: Digital Island sponsors DoS attempt? Paul Vixie (Oct 25)
- Re: Fwd: Re: Digital Island sponsors DoS attempt? Steven J. Sobol (Oct 27)
- Re: Fwd: Re: Digital Island sponsors DoS attempt? Joe Abley (Oct 25)
- Re: Fwd: Re: Digital Island sponsors DoS attempt? Jonas Luster (Oct 26)
- Re: Fwd: Re: Digital Island sponsors DoS attempt? Alex Bligh (Oct 26)
- Re: Fwd: Re: Digital Island sponsors DoS attempt? Steve Schaefer (Oct 26)
- Re: Fwd: Re: Digital Island sponsors DoS attempt? Adam Herscher (Oct 26)
- Re: Fwd: Re: Digital Island sponsors DoS attempt? Valdis . Kletnieks (Oct 25)