Re: MIT network measurement probes
David, I respect your approach, letting us know about your bandwidth study and what each network operator can expect. The important part is that we get the opportunity to either opt-out, or find out a way to "opt-in" and help you acquire more information to complete your research. Too bad Digital Isle didn't follow the same approach. Regards, Christopher J. Wolff, CTO Broadband Laboratories ---------- Original Message ---------------------------------- From: "David G. Andersen" <dga@lcs.mit.edu> Date: Thu, 25 Oct 2001 23:51:44 -0400 (EDT)
Given the current thread about unwanted network probe traffic, I figured it would be a good idea to pre-announce this and let people have a chance to put their netblocks on a deny list in advance, if they so desire.
(Note: We'd really appreciate it if you'd let our probes go through! It's an important part of some of the research we're doing).
We're running some traceroutes and pings to observe the end-to-end reachability of sites around the times of BGP route changes. This means that if you have a stable network, you probably won't see too many probes from us, but if you flap all the time, you'll see up to a few probes per hour. (One probe == one traceroute).
The probes are extremely low-bandwidth and as non-invasive as we can make them, but if you'd like to be put on an exclusion list for this and any other probing experiments our research group runs, please send mail to:
mon-request@nms.lcs.mit.edu
Include all of the netblocks that you'd like excluded, preferably like:
18.31.0.0/24
Thanks,
-Dave Andersen
-- work: dga@lcs.mit.edu me: dga@pobox.com MIT Laboratory for Computer Science http://www.angio.net/
Christopher Wolff just mooed:
I respect your approach, letting us know about your bandwidth study and what each network operator can expect. The important part is that we get the opportunity to either opt-out, or find out a way to "opt-in" and help you acquire more information to complete your research.
All of our hosts will have http and finger servers running on them that send a brief text file describing what's going on and how to avoid it. Where we can, the ping hosts will have descriptive names, but we can't arrange that everywhere. Similarly, where possible, we're creating DNS TXT records that describe the experiments. I'd love to hear other suggestions for preemptive "this is what's going on" indications. I actually really like the Digital Isle "put a message in the ICMP messages" approach, since it seems to have at least gotten the message through in one occasion. Other ideas welcome; feel free to send to me and I'll summarize to the list. -Dave -- work: dga@lcs.mit.edu me: dga@pobox.com MIT Laboratory for Computer Science http://www.angio.net/
<rant> Digital Island is certainly not alone in their practice of assuming an opt-in stance. When Caida started their ping-a-thons, our IDS went absolutely bonkers, since they were sending pings from several hosts (3 IIRC) once an hour - if the target host responded, or a dozen (approx) per hour for each host that didn't respond. This may not sound like a lot, but at the time we were ISDN connected, so all traffic was being looked at pretty closely. After requesting an explanation from the originating network, we recieved a very polite reply explaining what they were doing, and asking permission to continue (and for us to open firewall holes so that the probes could get through). We did in fact feel this was a good use of our precious limited resources, and allowed it to both continue and go through our doors. Still, it rankled that nobody bothered to ask first if this was something we'd mind. Caida has grown, and so have we: they are now probing from (IIRC) 18 different hosts, and we are now connected with big fat pipes and don't freak at a few thousand "extra" packets per hour, but... We see a new player in the "probes are cool cause we assume you don't mind" game every couple of months. And to be frank, it gets old. If these folks would ask FIRST, they would in all likelyhood be let in with open arms, however, we have stopped trying to "work with" the new players that continually pop up. Simply put - I am tired of spending cycles on an involuntary basis, and I seriously doubt that I am alone in this. I would be very interested (off list please) in knowing if this is a mainstream position, or (as I have been so often told) if I am just spending too much time talking to my crack pipe :-) But either way, I believe that folks who want to send significant amounts of unsolicited traffic (significant is loosely UNdefined for the moment, OK?) would be better served by simply looking up the appropriate registry contacts for networks *they wish to use*, and _asking_ first. Hell, we might even say yes ;-) </rant> -- Yours, J.A. Terranson sysadmin@mfn.org If Governments really want us to behave like civilized human beings, they should give serious consideration towards setting a better example: Ruling by force, rather than consensus; the unrestrained application of unjust laws (which the victim-populations were never allowed input on in the first place); the State policy of justice only for the rich and elected; the intentional abuse and occassionally destruction of entire populations merely to distract an already apathetic and numb electorate... This type of demogoguery must surely wipe out the fascist United States as surely as it wiped out the fascist Union of Soviet Socialist Republics. The views expressed here are mine, and NOT those of my employers, associates, or others. Besides, if it *were* the opinion of all of those people, I doubt there would be a problem to bitch about in the first place... --------------------------------------------------------------------
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
<rant> Digital Island is certainly not alone in their practice of assuming an opt-in stance.
I think you know that for an operation like Digital Island or Akamai, asking every network operator permission to probe is for all practical purposes, impossible. Insisting on opt-in is insisting on these companies going out of business, or not even starting up at all. - --- "The avalanche has already begun. It is too late for the pebbles to vote" - Kosh -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com> iQA/AwUBO9mS/EksS4VV8BvHEQJq0ACdHC5+FC69wOchjJsFusDk5pwCQ2oAnRUy McS/Aa+dyGtcAjEiMhbFt+tu =lYS9 -----END PGP SIGNATURE-----
On Fri, 26 Oct 2001, Mike Batchelor wrote:
<rant> Digital Island is certainly not alone in their practice of assuming an opt-in stance. I think you know that for an operation like Digital Island or Akamai, asking every network operator permission to probe is for all practical purposes, impossible. Insisting on opt-in is insisting on these companies going out of business, or not even starting up at all.
I wonder if Digital Island "probes" .mil sites. -Dan -- [-] Omae no subete no kichi wa ore no mono da. [-]
PING www.army.mil (140.183.234.10): 56 data bytes ^C --- www.army.mil ping statistics --- 2 packets transmitted, 0 packets received, 100% packet loss Am I a terrorist now too? On Fri, 26 Oct 2001, Dan Hollis wrote:
On Fri, 26 Oct 2001, Mike Batchelor wrote:
<rant> Digital Island is certainly not alone in their practice of assuming an opt-in stance. I think you know that for an operation like Digital Island or Akamai, asking every network operator permission to probe is for all practical purposes, impossible. Insisting on opt-in is insisting on these companies going out of business, or not even starting up at all.
I wonder if Digital Island "probes" .mil sites.
-Dan -- [-] Omae no subete no kichi wa ore no mono da. [-]
On Fri, 26 Oct 2001, James Thomason wrote:
PING www.army.mil (140.183.234.10): 56 data bytes ^C --- www.army.mil ping statistics --- 2 packets transmitted, 0 packets received, 100% packet loss
Am I a terrorist now too?
The FBI, NSA and Secret Service have all been sent to your location.. (just kidding). In another time, the above would all be funny.
participants (7)
-
Christopher Wolff
-
Dan Hollis
-
David G. Andersen
-
James Thomason
-
measl@mfn.org
-
Mike Batchelor
-
mike harrison