Fwd: Re: Digital Island sponsors DoS attempt?

• Previous message (by thread): Fwd: Re: Digital Island sponsors DoS attempt?
• Next message (by thread): Fwd: Re: Digital Island sponsors DoS attempt?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

--On Friday, October 26, 2001 12:06 AM -0700 Jonas Luster 
<jluster at d-fensive.com> wrote:

> It is also way more than necessary to gather any kind of statistics or
> improve any kind of routing. 441/120 == one every 20 seconds. I cannot
> possibly imagine any circumstances in which this amount of "testing" is
> necessary if the remote end is some site outside the influence of
> Digital Island.

Real-time congestion / behviour dependent routing. Of course whether
it works or not is another question.

If your IDS considers one ping packet every 20 seconds an 'intrusion'
attempt, it is broken. You get one dialup user who wonders about
packet loss to your site, and sets a ping going, once a second,
for 20 mins and logs the results, and that's 20 times as
much 'intrusion'. Either seems to me reasonable behaviour rather
than network abuse, provided they stop if asked. Both are
trying (possibly misguidedly) to improve connectivity between
your site and theirs.

--
Alex Bligh
Personal Capacity

• Previous message (by thread): Fwd: Re: Digital Island sponsors DoS attempt?
• Next message (by thread): Fwd: Re: Digital Island sponsors DoS attempt?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]