On Jan 15, 2009, at 3:54 AM, Andy Davidson wrote:
On 14 Jan 2009, at 16:06, Jeroen Massar wrote:
(Yes, I'm in the minority that thinks that Randy hasn't done anything bad) Nah, I agree with Randy's experiment too. People should protect
Simon Lockhart wrote: their networks better and this is clearly showing that there are a lot of vulnerable places in the core internet structure.
The end sometimes justifies the means, and someone in the research community discovering flaws in bgp implementation (software, protocol, or process - at the bgp stack, in my NOC tools, in the community's understanding) before hackers/spammers/fraudsters do, then I count that as a result.
We disagree. The 'researcher' does not get to decide whether the information gained by yelling fire to see how quickly people react is worth the risk of someone getting hurt, or even just missing the rest of the movie. No reputable research institution's ethics committee would allow an "experiment" to proceed which announced a prefix in such a way that every network engineer on the planet would assume the prefix traveled through $ASN even though the prefix had not, and the researcher did not even notify $ASN of the experiment. -- TTFN, patrick