|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Fwd: Re: Digital Island sponsors DoS attempt
> 1) If I request a web page without first asking permission, is that > wrong? Is this a public page ? Are you trying to download my corporate directory? > 1a) If I then immediately reload it fetching it twice, is that > wrong? Were you authorized to get it (if yes, then fetch away). > 1b) If I wget the whole site, is that wrong? Sure is, I've given you no right to pull down my site. Copyright law rules here (depending on what the copyright of the site is). > 1c) wget it once an hour? You'll show up in my traffic logs, expect to be ACL'd. > 1d) Request web pages as fast as my system allows? If you're legitimately surfing, sure, if not, ACL once again. > 2) If I send e-mail to [email protected] containing a picture of > people in the office, which includes some women, and it happens > to forward to a server in Afghanistan where women can't be seen > without their face covered, is it my fault? They are not allowed to use the Internet in any case. > 3) If someone wget's my web server downloading several hundred megs > and I decide then to send a single ping back, and do a single > DNS lookup, is that wrong? Sure is, they have not authorized you to send such traffic. I've been downloading data from your web page, there is no reason for you to send ICMP traffic my way (one ICMP packet is one end of the extreme). > 3a) I ping every host in their netblock once, is that wrong? You bet ! I've given you no right to do so! > 3b) I leave a standard once-a-second ping running for a day to > check them out? I will ACL you and possibly complain to your upstream for abuse. > 3c) I flood ping them from all my hosts as fast as I can? See 3b above. > There is a long legal tradition in civil life that if you don't > want someone to do something, you must give them notice. Put a I don't need to tell anyone that they may not enter my hope and park their arse on my sofa. The also cannot start walking through my house and opening doors to see which rooms are occupied. I'd love to see someone take portscannig and probing and use tresspass or break and enter laws to prosecute. Probing and scanning has a place, the discression as to what is allowed must be from the receiving end. You have no right to decide what traffic my network is to receive. > The networking world is similar. Put up a web server and you can't > complain about someone downloading your web page once. Put up a > host, and someone pings you a small number of times, you can't > complain either. Make the front page of your web site say Why not ! I have not authorized you to probe my network ! Does your proposal scale ? What if I want to ping every host on the @Home network 100 times in a day (ooops thats 350 million ICMP packets that enter your network, is it a problem NOW?). > 'unauthorized access prohibited' and then someone gets the front > page and continues to spider the whole site, and you might have a > claim. If you filter pings, and someone still sends tons of them > your way, and you might have a claim. If someone SMURF floods you > that's a criminal matter as an attack, regardless. Where is the line drawn between a SMURF and a legitimate probe ? Who gets to draw the line ,the sender, I think not! > Also important is the notion of transaction, which seems to have > been lost in this discussion. If a user requests a web page it is > quite possible that the web server may attempt to use a mechanism > other than HTTP to communicate with the client. In the simple > example, consider a web server that for each page downloaded pings > the client once and uses that data to improve the client experience. > In my opinion, that ping is part of the transaction of getting the > web page that the user requested, and as such cannot be considered > abusive. This is particularly true when the volume is high. I've > seen queries before from sites hosting thousands of users accessing > popular sites who complain that the site then sends back a couple > of hundred pings. I know of no standard that incorporates ICMP probes with HTTP transfers. If I ask for HTTP data, thats all that I expect, nothing less, nothing more. I am not opposed to such a standard, but am opposed to people trying such schemes without my knowledge or permission. > person has so much free time as to investigate such things. If > you connect to the net you will get pinged from time to time. > Someone may traceroute to you. Heck, they might try to get a web > page from you. If you don't like it, block it. If they only try > once or twice and then go away, don't complain about it. They came > up, read the 'sign' as it were, and went away. I've got much better things to do than enter millions of hosts into an ACL. If one had to block all this traffic, routers would need hundreds of CPUs and Terabytes of memory (going through an ACL that is thousands of lines long takes a lot of power).
|