Fwd: Re: Digital Island sponsors DoS attempt

• Previous message (by thread): Fwd: Re: Digital Island sponsors DoS attempt
• Next message (by thread): Fwd: Re: Digital Island sponsors DoS attempt
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Paul,

Some very valid points here.  I would be interested to see just what the legal definition of "network intrusion" is on a federal level with all of the recent computer-crime and anti-terrorism legislation sailing through the legislative branch.

Regards,
Christopher

---------- Original Message ----------------------------------
From: Paul A Vixie <vixie at vix.com>
Date: Fri, 26 Oct 2001 00:07:05 -0700

>
>> Until there are standards and technology available to push subscriber
>> policy to the edge of the network and beyond, the subscriber has
>> explicitly accepted the overall terms and conditions by which the service
>> is to be provided.
>
>no.  i do not agree to receive a smurf attack, no matter whether my contract
>with a nexthop fails to require them to prevent it from reaching me.
>
>> I am assuming in this discussion that when you refer to "benefit", you are
>> in fact refering to "financial benefit".
>
>no, there's no known financial benefit to smurfing me, but the entities who
>direct such attacks have positive motivation of some kind for doing so --
>and i assure you that this benefit to them, whatever it is, is far greater
>than the benefit to me (which would have to be expressed in negative terms.)
>
>> > another test for "welcome" is "if everybody did this, would the recipient
>> > be injured?" 
>> 
>> An interesting hypothesis, but it is seldom the case that the sender of
>> traffic knows the details of the recipients infrastructure. 
>
>i think it's reasonable for a smurfer to know that my infrastructure cannot
>tolerate multiplicitous input streams from tens of thousands of sources.  just
>as a spammer can indeed know, without doubt, that if millions of senders,
>all at once, decided to send me unsolicited nonpersonal e-mail, that my inbox
>would not hold up well.  
>
>no specific knowledge is required in those cases.  in those cases and in other
>cases where specific knowledge of my infrastructure is not necessary to
>determine that the traffic would be "not welcome", then it ought not be sent.
>
>> > smurf, ddos in general, and spam also classify well by this criteria.  it
>> 
>> Smurf and DDOS attacks are precisely that - attacks.  They are
>> intentionally initiated for the purpose of disrupting infrastructure or
>> service.  They are illegal.
>
>in some places, they are illegal.  in all places, they are "unwelcome."  since
>a sender of this (or any) traffic may not know the laws in force at the place
>where the recipient host resides, the broader standard of "unwelcome" is more
>widely applicable than the narrow standard of "illegal."
>
>of course, illegal things ought also not be done.  but that'd be a new thread.
>

• Previous message (by thread): Fwd: Re: Digital Island sponsors DoS attempt
• Next message (by thread): Fwd: Re: Digital Island sponsors DoS attempt
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]