Re: Fwd: Re: Digital Island sponsors DoS attempt?
On 08:10 PM 10/25/2001 -0500, Andy Walden wrote:
On Thu, 25 Oct 2001, JC Dill wrote:
<cue twilight zone music>
This is the story of a network who didn't learn the lesson of above.net vs orbs.
</music>
I may not have the whole story, but I don't believe above.net had much to do with the demise of ORBS. Some in country lawsuit did.
Above.net's blocking of ORBS led to fewer and fewer networks using ORBS and IMHO it contributed to the weakness that allowed the lawsuit to happen and thrive. If ORBS had been a stronger service with more users, they might have done things differently before or during the lawsuit. What happens to Digital Island if networks (especially large networks) start blocking them because they won't stop repeatedly scanning when asked? Can it do them *any* good? jc
On Thu, 25 Oct 2001, JC Dill wrote:
Above.net's blocking of ORBS led to fewer and fewer networks using ORBS and IMHO it contributed to the weakness that allowed the lawsuit to happen and thrive. If ORBS had been a stronger service with more users, they might have done things differently before or during the lawsuit.
Maybe, but I think your reaching.. :)
What happens to Digital Island if networks (especially large networks) start blocking them because they won't stop repeatedly scanning when asked? Can it do them *any* good?
That I agree with. I expect its a mistake on their end and they will fix it. It wouldn't be very scalable to scan every network hundreds of times and hour. andy -- PGP Key Available at http://www.tigerteam.net/andy/pgp
On Thu, 25 Oct 2001, JC Dill wrote:
Above.net's blocking of ORBS led to fewer and fewer networks using ORBS and IMHO it contributed to the weakness that allowed the lawsuit to happen and thrive. If ORBS had been a stronger service with more users, they might have done things differently before or during the lawsuit.
What happens to Digital Island if networks (especially large networks) start blocking them because they won't stop repeatedly scanning when asked? Can it do them *any* good?
I would assume they might develop a better probing methodology that is harder to detect or block. Is it really productive to deem the packets of others "dirty" when you willingly participate in a public-access medium? Are the probes creating more overhead than an ACL? Or is someone just pissed because they have their pager linked to tail -f ids.log?
jc
This brings up one of those age-old questions - how paranoid is too paranoid? I, for one, do not view pings in an of themselves as any sort of security threat or network abuse, even a couple hundred per hour (assuming these aren't 1500-byte packets coming in on a dialup). I personally will log and report SYNs coming in to port 139, 111, et al, but I could care less about ICMP or port 80 SYNs as long as they're not using a significant amount of bandwidth. Speaking from personal opinion, but working for a company that does network performance probing simlar to what DI's doing, I would hope for their sake that DI is only pinging hosts that have already been a destination IP for a not-insignificant number of packets traversing their network. If they're just doing random pinging, well, that's not real useful to begin with, and, as someone else stated, kinda rude. We don't target an IP for performance probes unless there's a decent amount of traffic going there from our customers already... -C On Thu, Oct 25, 2001 at 07:50:08PM -0700, James Thomason wrote:
On Thu, 25 Oct 2001, JC Dill wrote:
Above.net's blocking of ORBS led to fewer and fewer networks using ORBS and IMHO it contributed to the weakness that allowed the lawsuit to happen and thrive. If ORBS had been a stronger service with more users, they might have done things differently before or during the lawsuit.
What happens to Digital Island if networks (especially large networks) start blocking them because they won't stop repeatedly scanning when asked? Can it do them *any* good?
I would assume they might develop a better probing methodology that is harder to detect or block.
Is it really productive to deem the packets of others "dirty" when you willingly participate in a public-access medium? Are the probes creating more overhead than an ACL?
Or is someone just pissed because they have their pager linked to tail -f ids.log?
jc
-- --------------------------- Christopher A. Woodfield rekoil@semihuman.com PGP Public Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xB887618B
participants (4)
-
Andy Walden
-
Christopher A. Woodfield
-
James Thomason
-
JC Dill