network policy (was Re: Stealth Blocking)
Paul Vixie
vixie at mfnx.net
Fri May 25 17:58:17 UTC 2001
> > What's so bad about pre-emptive open-relay scanning is that if you feel
> > that is justified, you pretty much have accepted that anybody who pleases
> > may scan anybody else's network for any weakness he or she would like to
> > probe for.
>
> Whether you like / agree with it or not, this is happening and you can't
> stop it.
That depends on the definition of "stop." If you mean, I can't stop it in
all places for all time, that's true. If you mean, I can't stop it FROM all
places at ANY time, that's also true. But if you mean, I can't stop it FROM
a specific place AFTER a particular time, then it's false.
Any network owner has the right to accept or reject traffic based on any
criteria they select. If that criteria includes "reject all IP addresses
ending in .42" then it will be inconvenient to be a customer of such a
network but the owner is still within his or her rights to reject that
traffic. (Such a network owner would soon have no customers, most likely.)
But if a network owner gets port-scanned, or spammed, or relayspammed, or
otherwise abused by some host or hosts, then she can absolutely complain to
the owner of the network where those hosts are connected, and if she doesn't
like their response to her complaint she can absolutely decide to reject all
traffic from them. Perhaps her own customers will complain, and perhaps she
will lose business. That's between her and her customers. A private matter.
If the contract between the network owner and her customers does not allow
this type of policy-level traffic rejection, then she may have to stop. At
best this would be a matter for an arbitrator or civil court to determine.
It's certainly not something that third parties, including third parties
whose traffic is being rejected, to have any say in.
Many restaurants have a "No shirt, no shoes, no service" sign out front.
Perhaps they lose the business of shirtless and/or shoeless persons. But
it's their business to lose. Outsider busybodies have no right to override
the expressed wishes of business owners.
More information about the NANOG
mailing list