net.terrorism

• Previous message (by thread): net.terrorism
• Next message (by thread): net.terrorism
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Jan 10, 2001 at 01:41:39PM -0600, Timothy J. Salo wrote:
> 	I believe that legitimizing the use of "disconnectivity" techniques
> 	(whether they are routing-based or filter-based and whether they
> 	are "voluntary" [voluntary to whom?] or mandatory) to further
> 	policy objectives is a really bad thing.
> 
> It is not altogether obvious to me that the cure is not worse than the
> disease in this case.

	What I find interesting is how different the technique is viewed
based on the nature of the "problem" or "violation".  For instance, "null
routing" a small bit of address space is a well known way to do all of
the following:

* Stop part of a flooding attack.
* Stop runway/resource hogging machines.
* Temporarily disable "owned" machines.
* Block open mail relays.
* Block servers originating spam.
* Block web servers supporting illegal/unacceptable content.
* Be vindictive against the people who flamed you on nanog.
* Attempt to persecute groups you don't like.

	If someone called their provider because they were being flooded in 
a smurf attack, or syn-flood, or similar and the provider told them they
couldn't null route, filter, or otherwise alter the traffic that customer
would probably be rather unhappy.

	As we've seen from this flood of e-mail, there are clearly people
who view using the same techniques of null routing or filtering with the
same distain as murder when applied to an abusive open relay scanner.

	"Disconnectivity" techniques are quite necessary, and legitimate
in day to day operations.  The problem is not with the technique, but
with some of the content decisions made, and how well people are notified
that they might be made.  Many ISP's filter port 25 on all their dial ups,
except to their own mail servers to cut down on spam.  They generally also
clearly state that they do this in their T&C's.  If you want port 25
to go through, don't sign up with someone who does this for you.

	One thing that is very clear is that there is no consensus on where
the lines in the sand should be drawn.  Some people get paranoid of you
send them a single packet, others will let you flood all day as acceptable
behavior.  For some, filtering mail servers is "content filtering", for
others it is "infrastructure protection".  Most of the arguments one way
or another are pretty subjective, and colored by people's personal experiences.

-- 
Leo Bicknell - bicknell at ufp.org
Systems Engineer - Internetworking Engineer - CCIE 3440
Read TMBG List - tmbg-list-request at tmbg.org, www.tmbg.org

• Previous message (by thread): net.terrorism
• Next message (by thread): net.terrorism
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]