Research - Valid Data Gathering vs. Annoying Other

Daniel Reed n at ml.org
Fri Aug 6 21:37:55 UTC 2004


I echo many of the sentiments expressed already in trashing your response,
and want to add the following:

On 2004-08-06T15:05-0500, Robert Bonomi wrote:
) If you want to claim that the testing "isn't wrong" because it only costs
) any testee an 'insignificant' amount,  You better be prepared to accept
) all the traffic from the spammers who use exactly the same 'defense'.

The problem is scale. If network usage is kept to a reasonable minimum, it
is not a problem. If every machine in the world connected to a cablemodem is
involved in "network research," network research becomes a problem.


Research and testing goes on all the time in the real world, at the shared
expense of highway drivers, tax payers, utility consumers, etc.  We trust
the researchers and testers to exert reasonable control over the scope of
their activities, and hence keep the actual shared expense to insignificant
levels.

The use of unsecured hosts to send, to every address on the Internet, 20
copies of a message in no way demonstrates reasonable control or concern for
shared expense.

The content and intent are both irrelevant to this (and most) discussions.



) Executive summary:
)    Method of choice:       "Get Permission. *FIRST*."

This does not scale.


)    If that fails, try:     "Buy Access."

This is not practical.


)    If =that= fails, then   "Don't Do it!"

This hurts science.

If you are really hung up on content and intent, there are existing common
practices for notifying network operators of the intent of your "network
probes."

To the original poster and others: Do host a web server on port 80 of the
machines involved in the probe. Name the machines after your project (do not
call them "www" or else people might indeed think it is a compromised
machine!). If your testing involves HTTP requests, or any other protocol
that allows for "referer" or other human-visible information, provide a URL
and/or project name. If your testing involves packets with unused content,
use URLs or free-form text instead of zeroes or random bytes.

Above all, follow common sense. Make it as easy as possible for most people
to figure out what you are doing, and have templated responses describing
your project, what network resources it will use, and what general benefit
you hope to provide ready for when Robert Bonomi complains.

-- 
Daniel Reed <n at ml.org>	http://people.redhat.com/djr/	http://naim.n.ml.org/
Authority without wisdom is like a heavy axe without an edge, fitter to
bruise than polish. -- Anne Bradstreet



More information about the NANOG mailing list