Re: your mail

[Nick Phillips <nwp () CHECKAPRICE COM>]

On Thu, Oct 26, 2000 at 08:39:12AM -0600, Mike Lewinski wrote:

> Heh, this thing wants to portscan us, plus check that the webserver it's
> sending the client to is actually up. Probably DNS resolution takes so long
> that the "client" is sitting there repeatedly hitting the refresh button and
> bitching at their ISP (who's servers are being packet flooded by load
> balancers at the moment....)

I don't know that this is the place to discuss this, but...

There seem to be so many of these idiots out there making so many assumptions,
would it not be a Good Thing to sit down and thrash out a standard which would
enable all the loadbalancers to get what they need (and no more) from
clients without triggering alarm bells.

If someone (?) could come up with a protocol which would enable them to send
a packet to the client which would elicit a useful response from any client
(compliant or not - I guess your average home user wouldn't need to run the
service, whereas a firewall/proxy/whatever might get better value if they did),
then maybe we could all stop wasting our time on them, and they'd get more
useful data back. And everyone would have less rubbish floating around the
net.

If you defined maximum permissible request quantities and rates, some way
to say "sod off, I don't want you probing for this information", and that "no
response" definitely means that you shouldn't keep trying, that should about
do it. Shouldn't it?

Maybe a firewall/router could do some kind of transparent proxying and
give a response back that tells the requestor that the response is valid
for a whole netblock (or several) if it wanted to, too.

Just a thought...




Nick