nanog mailing list archives
network policy (was Re: Stealth Blocking)
From: Paul Vixie <vixie () mfnx net>
Date: 25 May 2001 10:58:17 -0700
What's so bad about pre-emptive open-relay scanning is that if you feel that is justified, you pretty much have accepted that anybody who pleases may scan anybody else's network for any weakness he or she would like to probe for.Whether you like / agree with it or not, this is happening and you can't stop it.
That depends on the definition of "stop." If you mean, I can't stop it in all places for all time, that's true. If you mean, I can't stop it FROM all places at ANY time, that's also true. But if you mean, I can't stop it FROM a specific place AFTER a particular time, then it's false. Any network owner has the right to accept or reject traffic based on any criteria they select. If that criteria includes "reject all IP addresses ending in .42" then it will be inconvenient to be a customer of such a network but the owner is still within his or her rights to reject that traffic. (Such a network owner would soon have no customers, most likely.) But if a network owner gets port-scanned, or spammed, or relayspammed, or otherwise abused by some host or hosts, then she can absolutely complain to the owner of the network where those hosts are connected, and if she doesn't like their response to her complaint she can absolutely decide to reject all traffic from them. Perhaps her own customers will complain, and perhaps she will lose business. That's between her and her customers. A private matter. If the contract between the network owner and her customers does not allow this type of policy-level traffic rejection, then she may have to stop. At best this would be a matter for an arbitrator or civil court to determine. It's certainly not something that third parties, including third parties whose traffic is being rejected, to have any say in. Many restaurants have a "No shirt, no shoes, no service" sign out front. Perhaps they lose the business of shirtless and/or shoeless persons. But it's their business to lose. Outsider busybodies have no right to override the expressed wishes of business owners.
Current thread:
- Re: Scanning (was Re: Stealth Blocking), (continued)
- Re: Scanning (was Re: Stealth Blocking) William Allen Simpson (May 26)
- Re: Scanning (was Re: Stealth Blocking) Greg A. Woods (May 26)
- ORBS (Re: Scanning) E.B. Dreger (May 27)
- Re: ORBS (Re: Scanning) Randy Bush (May 27)
- Re: ORBS (Re: Scanning) J.D. Falk (May 27)
- Re: Scanning (was Re: Stealth Blocking) Steve Sobol (May 27)
- Re: Scanning (was Re: Stealth Blocking) Christopher A. Woodfield (May 27)
- Re: ORBS (Re: Scanning) Albert Meyer (May 27)
- RE: Stealth Blocking jlewis (May 24)
- RE: Stealth Blocking alex (May 24)
- network policy (was Re: Stealth Blocking) Paul Vixie (May 25)
- Re: network policy (was Re: Stealth Blocking) Paul Vixie (May 26)
- RE: Stealth Blocking David Schwartz (May 23)
- RE: Stealth Blocking David Schwartz (May 23)
- Re: Stealth Blocking Shawn McMahon (May 24)
- Re: Stealth Blocking Christopher B. Zydel (May 23)
- RE: Stealth Blocking David Schwartz (May 23)