On Wed, Jan 10, 2001 at 01:41:39PM -0600, Timothy J. Salo wrote:
I believe that legitimizing the use of "disconnectivity" techniques (whether they are routing-based or filter-based and whether they are "voluntary" [voluntary to whom?] or mandatory) to further policy objectives is a really bad thing.
It is not altogether obvious to me that the cure is not worse than the disease in this case.
What I find interesting is how different the technique is viewed based on the nature of the "problem" or "violation". For instance, "null routing" a small bit of address space is a well known way to do all of the following: * Stop part of a flooding attack. * Stop runway/resource hogging machines. * Temporarily disable "owned" machines. * Block open mail relays. * Block servers originating spam. * Block web servers supporting illegal/unacceptable content. * Be vindictive against the people who flamed you on nanog. * Attempt to persecute groups you don't like. If someone called their provider because they were being flooded in a smurf attack, or syn-flood, or similar and the provider told them they couldn't null route, filter, or otherwise alter the traffic that customer would probably be rather unhappy. As we've seen from this flood of e-mail, there are clearly people who view using the same techniques of null routing or filtering with the same distain as murder when applied to an abusive open relay scanner. "Disconnectivity" techniques are quite necessary, and legitimate in day to day operations. The problem is not with the technique, but with some of the content decisions made, and how well people are notified that they might be made. Many ISP's filter port 25 on all their dial ups, except to their own mail servers to cut down on spam. They generally also clearly state that they do this in their T&C's. If you want port 25 to go through, don't sign up with someone who does this for you. One thing that is very clear is that there is no consensus on where the lines in the sand should be drawn. Some people get paranoid of you send them a single packet, others will let you flood all day as acceptable behavior. For some, filtering mail servers is "content filtering", for others it is "infrastructure protection". Most of the arguments one way or another are pretty subjective, and colored by people's personal experiences. -- Leo Bicknell - bicknell@ufp.org Systems Engineer - Internetworking Engineer - CCIE 3440 Read TMBG List - tmbg-list-request@tmbg.org, www.tmbg.org