Fwd: Re: Digital Island sponsors DoS attempt
James Thomason
james at divide.org
Fri Oct 26 17:11:37 UTC 2001
On Fri, 26 Oct 2001, Wojtek Zlobicki wrote:
> Sure is, they have not authorized you to send such traffic. I've been
> downloading data from your web page, there is no reason for you to send ICMP
> traffic my way (one ICMP packet is one end of the extreme).
>
>
> > 3a) I ping every host in their netblock once, is that wrong?
>
> You bet ! I've given you no right to do so!
>
Think of it as freedom of speech. I can say whatever I like, and you have
the option of listening.
ICMP is a standard protocol I can use to solicit packet responses from
hosts on the Internet. Until that changes, people will be sending you ICMP
packets, and lots of them.
> I will ACL you and possibly complain to your upstream for abuse.
Have mercy.
> I don't need to tell anyone that they may not enter my hope and park their
> arse on my sofa. The also cannot start walking through my house and opening
> doors to see which rooms are occupied. I'd love to see someone take
> portscannig and probing and use tresspass or break and enter laws to
> prosecute.
An analogy - how clever. But wait, your home is private property, and
your network is a public-access system. I can park my car in front of
your house, and my dog can crap by your mailbox.
> Why not ! I have not authorized you to probe my network ! Does your
> proposal scale ? What if I want to ping every host on the @Home network 100
> times in a day (ooops thats 350 million ICMP packets that enter your
> network, is it a problem NOW?).
Nothing to my knowledge is preventing you from sending ICMP echo requests
to every host on the @Home network 100 times a day. There would be little
they could do about it, other than politely ask you to stop, or filter
you.
> Where is the line drawn between a SMURF and a legitimate probe ? Who gets
> to draw the line ,the sender, I think not!
A smurf is an intentional denial of service, an ICMP echo request is not.
>
> I know of no standard that incorporates ICMP probes with HTTP transfers. If
> I ask for HTTP data, thats all that I expect, nothing less, nothing more. I
> am not opposed to such a standard, but am opposed to people trying such
> schemes without my knowledge or permission.
Yes they can. Its a Free Internet (tm).
> I've got much better things to do than enter millions of hosts into an ACL.
> If one had to block all this traffic, routers would need hundreds of CPUs
> and Terabytes of memory (going through an ACL that is thousands of lines
> long takes a lot of power).
You might consider upgrading your IOS, it looks like you are going to
need it.
>
>
>
More information about the NANOG
mailing list