Re: Fwd: Re: Digital Island sponsors DoS attempt
Until there are standards and technology available to push subscriber policy to the edge of the network and beyond, the subscriber has explicitly accepted the overall terms and conditions by which the service is to be provided.
no. i do not agree to receive a smurf attack, no matter whether my contract with a nexthop fails to require them to prevent it from reaching me.
I am assuming in this discussion that when you refer to "benefit", you are in fact refering to "financial benefit".
no, there's no known financial benefit to smurfing me, but the entities who direct such attacks have positive motivation of some kind for doing so -- and i assure you that this benefit to them, whatever it is, is far greater than the benefit to me (which would have to be expressed in negative terms.)
another test for "welcome" is "if everybody did this, would the recipient be injured?"
An interesting hypothesis, but it is seldom the case that the sender of traffic knows the details of the recipients infrastructure.
i think it's reasonable for a smurfer to know that my infrastructure cannot tolerate multiplicitous input streams from tens of thousands of sources. just as a spammer can indeed know, without doubt, that if millions of senders, all at once, decided to send me unsolicited nonpersonal e-mail, that my inbox would not hold up well. no specific knowledge is required in those cases. in those cases and in other cases where specific knowledge of my infrastructure is not necessary to determine that the traffic would be "not welcome", then it ought not be sent.
smurf, ddos in general, and spam also classify well by this criteria. it
Smurf and DDOS attacks are precisely that - attacks. They are intentionally initiated for the purpose of disrupting infrastructure or service. They are illegal.
in some places, they are illegal. in all places, they are "unwelcome." since a sender of this (or any) traffic may not know the laws in force at the place where the recipient host resides, the broader standard of "unwelcome" is more widely applicable than the narrow standard of "illegal." of course, illegal things ought also not be done. but that'd be a new thread.
On Fri, 26 Oct 2001, Paul A Vixie wrote:
no. i do not agree to receive a smurf attack, no matter whether my contract with a nexthop fails to require them to prevent it from reaching me.
This is true, you do not explicitly agree to recieve the smurf. You do however, agree to pay for it, because more generally it is "traffic" and not "smurf traffic". This lack of distinction enables a) the sender to send the smurf b) you to recieve it, which you have agreed to pay for. So, until your next-hop agreement DOES enforce service requirements expect to get smurfs, spam, and all matter of other undesirables. (We are of course, ignoring the fact that this is an "attack" not a "request" or a "probe", or some other form of well intentioned traffic.)
no, there's no known financial benefit to smurfing me, but the entities who direct such attacks have positive motivation of some kind for doing so -- and i assure you that this benefit to them, whatever it is, is far greater than the benefit to me (which would have to be expressed in negative terms.)
i think it's reasonable for a smurfer to know that my infrastructure cannot tolerate multiplicitous input streams from tens of thousands of sources. just as a spammer can indeed know, without doubt, that if millions of senders, all at once, decided to send me unsolicited nonpersonal e-mail, that my inbox would not hold up well.
no specific knowledge is required in those cases. in those cases and in other cases where specific knowledge of my infrastructure is not necessary to determine that the traffic would be "not welcome", then it ought not be sent.
I can more or less agree with you here. Again, the distinction of traffic types and service levels at the edge among providers would prevent this. Another solution could involve removing some of the human element in internetworking - a topic sure to delight and astound NANOG readers.
in some places, they are illegal. in all places, they are "unwelcome." since a sender of this (or any) traffic may not know the laws in force at the place where the recipient host resides, the broader standard of "unwelcome" is more widely applicable than the narrow standard of "illegal."
This is where we arrive at "Acceptable Use", which is why it is required. But these policies need to be propogated and enforced at smaller points of intervention. Why should not the authoritative owner of 64.0.0.0/24 be allowed to tell 63.0.0.0/24 that it will only accept traffic type A (current scalability issues removed)? Further, without a standard for agreeable parameters such a system would represent chaos. This is where we arrive at Standards and Technology again.
of course, illegal things ought also not be done. but that'd be a new thread.
Regards, James
On Fri, Oct 26, 2001 at 12:45:11AM -0700, James Thomason stated: [snip]
(We are of course, ignoring the fact that this is an "attack" not a "request" or a "probe", or some other form of well intentioned traffic.)
the intention of the sender is immaterial. If intentions mattered, every clueless marketing exec that spammed a couple hundred thousand people would be instantly forgiven because he/she was "just trying to do business." Intentions matter not at all. Only results of said traffic, the consequences of which are borne entirely by the receiver. If the receiver doesn't want it, the receiver should not have to receive it. Unless you're willing to come out and state that being connected to the Internet is a de facto agreement to receive anything and everything somebody wishes to send you (ghosts of open relay arguments, anybody?)
Regards, James
-- Scott Francis darkuncle@ [home:] d a r k u n c l e . n e t Systems/Network Manager sfrancis@ [work:] t o n o s . c o m UNIX | IP networks | security | sysadmin | caffeine | BOFH | general geekery GPG public key 0xCB33CCA7 illum oportet crescere me autem minui
On Fri, 26 Oct 2001, Scott Francis wrote:
the intention of the sender is immaterial. If intentions mattered, every clueless marketing exec that spammed a couple hundred thousand people would be instantly forgiven because he/she was "just trying to do business."
Intentions matter not at all. Only results of said traffic, the consequences of which are borne entirely by the receiver. If the receiver doesn't want it, the receiver should not have to receive it. Unless you're willing to come out and state that being connected to the Internet is a de facto agreement to receive anything and everything somebody wishes to send you (ghosts of open relay arguments, anybody?)
You have signed a de facto agreement to pay for traffic you receive, whether or not you intended to receive it. So if you do not wish to pay for traffic you did not intend to receive, intention matters. Further, the receiver already has the role of deciding whether or not to receive the traffic. The sender cannot force the receiver to listen, it does so voluntarily by default. You both pay for service, both providers are compensated, so all things are equal? No wait, the sender is getting free advertising. Intention matters. Either the settlment model is wrong, or the technology is incapable, or both. "Play nice" policies are only going to take us so far. Enforcing policy at the senders upstream is just one possibilty, there are many others.
Regards, James
-- Scott Francis darkuncle@ [home:] d a r k u n c l e . n e t Systems/Network Manager sfrancis@ [work:] t o n o s . c o m UNIX | IP networks | security | sysadmin | caffeine | BOFH | general geekery GPG public key 0xCB33CCA7 illum oportet crescere me autem minui
On Fri, 26 Oct 2001, Scott Francis wrote:
Intentions matter not at all. Only results of said traffic, the consequences of which are borne entirely by the receiver. If the receiver doesn't want it, the receiver should not have to receive it.
This is not how things are done elsewhere, so I don't see why it would have to be on the net. Also, how do you intend to inform everyone about everyone else's wishes in this regard? And it seems to me that if I send someone a request and they honor that request (to echo back the packet) this doesn't really indiciate that these kinds of requests are unwelcome. There are several ICMP messages that would convey this sentiment much more clearly.
Unless you're willing to come out and state that being connected to the Internet is a de facto agreement to receive anything and everything somebody wishes to send you
It is, "de facto". If you know that doing something has a certain result, and you do it, you can't really be surprised that the result ensues. Connecting to the net means you'll receive packets. If you don't like this, don't connect or filter out the unwanted packets. What we really need is something where you can have a system close to the source block the unwanted traffic. This would help a lot against all those stupid bandwidth-hungry worms.
On 12:45 AM 10/26/2001 -0700, James Thomason wrote:
(We are of course, ignoring the fact that this is an "attack" not a "request" or a "probe", or some other form of well intentioned traffic.)
I don't like using the term "well intentioned". Spammers repeatedly claim that they have good intentions when they send spam, because *some* people supposedly like getting their unsolicited email. It's not enough to have good intentions, you MUST put yourself in the shoes of the recipient and of those who transit your packets and see how THEY feel about the traffic before you can be said to have "good intentions" about sending it off. And that's what got Digital Island into this mess. They didn't really stop to think about what level of probe qualifies as unintrusive and "good intentioned" from the point of the recipient, only from their end as the entity that desires to send the probe. Because it's good for their needs, they assume the other end will see the "joint benefit" and not be bothered. But they were (obviously) wrong. Now that they know, they need to pull back and redesign their probes from point of view that is more sensitive to the needs and concerns of the recipient. For a start, they shouldn't probe any network that hasn't (yet) requested any content from them. Then, if they probe in response to a content request, the probe should SAY THAT so the recipient understands the mutual benefit. Finally, the procedure for stopping the probes needs to be reconfigured for ease of use for the recipient who wants it stopped NOW, not for the convenience of DI. jc
There is another issue here. I hope the DI has another method of gauging performance. We all know well that ICMP is being fully blocked by some. Is there no other way for DI to try to approximate the proximity of a customer to their servers? If a network is blocking ICMP, how is the decision of proximity made. ----- Original Message ----- From: "JC Dill" <nanog@vo.cnchost.com> To: <nanog@merit.edu> Sent: Friday, October 26, 2001 4:23 PM Subject: Re: Fwd: Re: Digital Island sponsors DoS attempt
On 12:45 AM 10/26/2001 -0700, James Thomason wrote:
(We are of course, ignoring the fact that this is an "attack" not a "request" or a "probe", or some other form of well intentioned traffic.)
I don't like using the term "well intentioned". Spammers repeatedly claim that they have good intentions when they send spam, because *some* people supposedly like getting their unsolicited email. It's not enough to have good intentions, you MUST put yourself in the shoes of the recipient and
of
those who transit your packets and see how THEY feel about the traffic before you can be said to have "good intentions" about sending it off.
And that's what got Digital Island into this mess. They didn't really stop to think about what level of probe qualifies as unintrusive and "good intentioned" from the point of the recipient, only from their end as the entity that desires to send the probe. Because it's good for their needs, they assume the other end will see the "joint benefit" and not be bothered. But they were (obviously) wrong. Now that they know, they need to pull back and redesign their probes from point of view that is more sensitive to the needs and concerns of the recipient.
For a start, they shouldn't probe any network that hasn't (yet) requested any content from them. Then, if they probe in response to a content request, the probe should SAY THAT so the recipient understands the mutual benefit. Finally, the procedure for stopping the probes needs to be reconfigured for ease of use for the recipient who wants it stopped NOW, not for the convenience of DI.
jc
At 17:56 -0400 2001-10-26, Wojtek Zlobicki wrote:
There is another issue here. I hope the DI has another method of gauging performance. We all know well that ICMP is being fully blocked by some. Is there no other way for DI to try to approximate the proximity of a customer to their servers? If a network is blocking ICMP, how is the decision of proximity made.
One assumes that would be proprietary information :) One would also assume that the more measurements they could make, the more accurate their models would become. So yes, they can probably "get by" without ICMP, but the optimization might not be so good. Of course, while the optimization is made on behalf of the CDN's customers, it's the requesting user-agents in your own networks that observe the benefits. --
participants (7)
-
Ian Cooper
-
Iljitsch van Beijnum
-
James Thomason
-
JC Dill
-
Paul A Vixie
-
Scott Francis
-
Wojtek Zlobicki