North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: How worried is too worried? Plus, a Global Crossing Story.

  • From: Alex Rubenstein
  • Date: Fri Oct 26 08:57:09 2001

On Fri, 26 Oct 2001, Adam Rothschild wrote:

>
> On Thu, Oct 25, 2001 at 10:46:37PM -0700, Christopher Wolff wrote:
> > I truely enjoyed the wide range of reponses to my Digital Island
> > post.  Everything from DI is perfectly justified to 'tell DI to
> > stick it' haha.
>
> Remember, an IDS is only useful as the operator.
>
> Perhaps it's time to re-think thresholds, response strategy, and what
> truly constitutes "abuse" in your book, before to complaining to NANOG
> that a content delivery provider's performance measuring hosts are

Rethink?

<perhaps my deranged opinion>

How about think in the first place?

Call me crazy, but, folks, this is the Internet. Protocols like ICMP were
designed here as a tool. Expect to be pinged, probed, proded, or anything
else.

Ask not of your peer to stop sending you off traffic, instead, ask what
your own systems can do to protect you from it.

IMHO, this entire belief that someone sending you a stray packet
constitutes a federal emergency with bells and whistles going off drives
[email protected] and [email protected] to suicide attempts.

Example, as recent as yesterday: An unnamed, but rather large bank, sent
[email protected] a complaint, based upon that fact that a dialup user of ours
sent an ICMP echo request to www.[that_large_bank].com. Yes, just one. Is
this really a problem? Are we so mad that we can't ping a host on the
Internet anymore?

</perhaps my deranged opinion>



-- Alex Rubenstein, AR97, K2AHR, [email protected], latency, Al Reuben --
--    Net Access Corporation, 800-NET-ME-36, http://www.nac.net   --