On Fri, 26 Oct 2001, Adam Rothschild wrote:
On Thu, Oct 25, 2001 at 10:46:37PM -0700, Christopher Wolff wrote:
I truely enjoyed the wide range of reponses to my Digital Island post. Everything from DI is perfectly justified to 'tell DI to stick it' haha.
Remember, an IDS is only useful as the operator.
Perhaps it's time to re-think thresholds, response strategy, and what truly constitutes "abuse" in your book, before to complaining to NANOG that a content delivery provider's performance measuring hosts are
Rethink? <perhaps my deranged opinion> How about think in the first place? Call me crazy, but, folks, this is the Internet. Protocols like ICMP were designed here as a tool. Expect to be pinged, probed, proded, or anything else. Ask not of your peer to stop sending you off traffic, instead, ask what your own systems can do to protect you from it. IMHO, this entire belief that someone sending you a stray packet constitutes a federal emergency with bells and whistles going off drives abuse@nac.net and legal@nac.net to suicide attempts. Example, as recent as yesterday: An unnamed, but rather large bank, sent legal@nac.net a complaint, based upon that fact that a dialup user of ours sent an ICMP echo request to www.[that_large_bank].com. Yes, just one. Is this really a problem? Are we so mad that we can't ping a host on the Internet anymore? </perhaps my deranged opinion> -- Alex Rubenstein, AR97, K2AHR, alex@nac.net, latency, Al Reuben -- -- Net Access Corporation, 800-NET-ME-36, http://www.nac.net --