--On Friday, October 26, 2001 12:06 AM -0700 Jonas Luster <jluster@d-fensive.com> wrote:
It is also way more than necessary to gather any kind of statistics or improve any kind of routing. 441/120 == one every 20 seconds. I cannot possibly imagine any circumstances in which this amount of "testing" is necessary if the remote end is some site outside the influence of Digital Island.
Real-time congestion / behviour dependent routing. Of course whether it works or not is another question. If your IDS considers one ping packet every 20 seconds an 'intrusion' attempt, it is broken. You get one dialup user who wonders about packet loss to your site, and sets a ping going, once a second, for 20 mins and logs the results, and that's 20 times as much 'intrusion'. Either seems to me reasonable behaviour rather than network abuse, provided they stop if asked. Both are trying (possibly misguidedly) to improve connectivity between your site and theirs. -- Alex Bligh Personal Capacity