Fwd: Re: Digital Island sponsors DoS attempt?

Christopher A. Woodfield rekoil at semihuman.com
Fri Oct 26 03:17:37 UTC 2001


This brings up one of those age-old questions - how paranoid is too 
paranoid? I, for one, do not view pings in an of themselves as any sort of 
security threat or network abuse, even a couple hundred per hour (assuming 
these aren't 1500-byte packets coming in on a dialup). I personally will 
log and report SYNs coming in to port 139, 111, et al, but I could care 
less about ICMP or port 80 SYNs as long as they're not using a significant 
amount of bandwidth. 

Speaking from personal opinion, but working for a company that does 
network performance probing simlar to what DI's doing, I would hope for 
their sake that DI is only pinging hosts that have already been a destination 
IP for a not-insignificant number of packets traversing their network. If 
they're just doing random pinging, well, that's not real useful to begin with,
and, as someone else stated, kinda rude. We don't target an IP for performance
probes unless there's a decent amount of traffic going there from our 
customers already...

-C

On Thu, Oct 25, 2001 at 07:50:08PM -0700, James Thomason wrote:
> 
> 
> 
> On Thu, 25 Oct 2001, JC Dill wrote:
> 
> > Above.net's blocking of ORBS led to fewer and fewer networks using ORBS and 
> > IMHO it contributed to the weakness that allowed the lawsuit to happen and 
> > thrive.  If ORBS had been a stronger service with more users, they might 
> > have done things differently before or during the lawsuit.
> > 
> > What happens to Digital Island if networks (especially large networks) 
> > start blocking them because they won't stop repeatedly scanning when 
> > asked?  Can it do them *any* good?
> > 
> 
> I would assume they might develop a better probing methodology that is
> harder to detect or block. 
> 
> Is it really productive to deem the packets of others "dirty" when you
> willingly participate in a public-access medium?  Are the probes creating
> more overhead than an ACL?  
> 
> Or is someone just pissed because they have their pager linked to 
> tail -f ids.log?
> 
> 
> 
> > jc
> > 
> > 
> 

-- 
---------------------------
Christopher A. Woodfield		rekoil at semihuman.com

PGP Public Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xB887618B



More information about the NANOG mailing list