Re: How worried is too worried? Plus, a Global Crossing Story.

[Alex Rubenstein <alex () nac net>]

On Fri, 26 Oct 2001, Adam Rothschild wrote:

> On Thu, Oct 25, 2001 at 10:46:37PM -0700, Christopher Wolff wrote:
> > I truely enjoyed the wide range of reponses to my Digital Island
> > post.  Everything from DI is perfectly justified to 'tell DI to
> > stick it' haha.
>
> Remember, an IDS is only useful as the operator.
>
> Perhaps it's time to re-think thresholds, response strategy, and what
> truly constitutes "abuse" in your book, before to complaining to NANOG
> that a content delivery provider's performance measuring hosts are

Rethink?

<perhaps my deranged opinion>

How about think in the first place?

Call me crazy, but, folks, this is the Internet. Protocols like ICMP were
designed here as a tool. Expect to be pinged, probed, proded, or anything
else.

Ask not of your peer to stop sending you off traffic, instead, ask what
your own systems can do to protect you from it.

IMHO, this entire belief that someone sending you a stray packet
constitutes a federal emergency with bells and whistles going off drives
abuse () nac net and legal () nac net to suicide attempts.

Example, as recent as yesterday: An unnamed, but rather large bank, sent
legal () nac net a complaint, based upon that fact that a dialup user of ours
sent an ICMP echo request to www.[that_large_bank].com. Yes, just one. Is
this really a problem? Are we so mad that we can't ping a host on the
Internet anymore?

</perhaps my deranged opinion>



-- Alex Rubenstein, AR97, K2AHR, alex () nac net, latency, Al Reuben --
--    Net Access Corporation, 800-NET-ME-36, http://www.nac.net   --