On Fri, Aug 06, 2004 at 05:37:55PM -0400, Daniel Reed wrote:
To the original poster and others: Do host a web server on port 80 of the machines involved in the probe. Name the machines after your project (do not call them "www" or else people might indeed think it is a compromised machine!). If your testing involves HTTP requests, or any other protocol that allows for "referer" or other human-visible information, provide a URL and/or project name. If your testing involves packets with unused content, use URLs or free-form text instead of zeroes or random bytes.
Above all, follow common sense. Make it as easy as possible for most people to figure out what you are doing, and have templated responses describing your project, what network resources it will use, and what general benefit you hope to provide ready for when Robert Bonomi complains.
And, especially, make sure that your provider is aware of what you're doing. Specifically that whoever answers abuse/security@your-domain, and abuse/security@your-provider knows what you're doing. There will always be GWFs[1] who send frivolous complaints to you or your provider, regardless of how benign the traffic is. You ideally want to be in the situation where your providers abuse desk blows them off, rather than anyone expending any more time than it takes to hit delete in the ticketing system. Also be very sure that you understand what you're doing, and that it will not cause others operational problems. Be prepared to apologize, grovel and possibly offer financial compensation when your screwup actually does inflict significant costs on someone else. If you're not convinced enough that you're not going to break other peoples systems that the idea of financial compensation scares you, you shouldn't be sending the traffic in the first place. While I can't imagine how any of the legitimate surveys would cause anyone real operational costs (as opposed to the oversensitive IDS or anal log reader problems) I have seen systems knocked offline in the past by a postgrad "research project" that was run with more naive enthusiasm than technical talent. Heck, the googlebot fell into a lot of infinite trees and made webservers fall over before they got it right, back when it was an academic research project. Cheers, Steve [1] Goober With Firewall. Originally from internal jargon at abuse@above.net - a complaint, for example, that "ns1.above.net is hackoring my port 53!" would be, and should still be, closed with the sole annotation being "GWF".