On Fri, 26 Oct 2001, Wojtek Zlobicki wrote:
Sure is, they have not authorized you to send such traffic. I've been downloading data from your web page, there is no reason for you to send ICMP traffic my way (one ICMP packet is one end of the extreme).
3a) I ping every host in their netblock once, is that wrong?
You bet ! I've given you no right to do so!
Think of it as freedom of speech. I can say whatever I like, and you have the option of listening. ICMP is a standard protocol I can use to solicit packet responses from hosts on the Internet. Until that changes, people will be sending you ICMP packets, and lots of them.
I will ACL you and possibly complain to your upstream for abuse.
Have mercy.
I don't need to tell anyone that they may not enter my hope and park their arse on my sofa. The also cannot start walking through my house and opening doors to see which rooms are occupied. I'd love to see someone take portscannig and probing and use tresspass or break and enter laws to prosecute.
An analogy - how clever. But wait, your home is private property, and your network is a public-access system. I can park my car in front of your house, and my dog can crap by your mailbox.
Why not ! I have not authorized you to probe my network ! Does your proposal scale ? What if I want to ping every host on the @Home network 100 times in a day (ooops thats 350 million ICMP packets that enter your network, is it a problem NOW?).
Nothing to my knowledge is preventing you from sending ICMP echo requests to every host on the @Home network 100 times a day. There would be little they could do about it, other than politely ask you to stop, or filter you.
Where is the line drawn between a SMURF and a legitimate probe ? Who gets to draw the line ,the sender, I think not!
A smurf is an intentional denial of service, an ICMP echo request is not.
I know of no standard that incorporates ICMP probes with HTTP transfers. If I ask for HTTP data, thats all that I expect, nothing less, nothing more. I am not opposed to such a standard, but am opposed to people trying such schemes without my knowledge or permission.
Yes they can. Its a Free Internet (tm).
I've got much better things to do than enter millions of hosts into an ACL. If one had to block all this traffic, routers would need hundreds of CPUs and Terabytes of memory (going through an ACL that is thousands of lines long takes a lot of power).
You might consider upgrading your IOS, it looks like you are going to need it.