Hello friends, My IDS was just tripped over 300 times. The decoded packet says: mailto:abuse@digisle.com for questions This ICMP ECHO REQUEST/REPLY is part of the real-time network monitoring performed by Digital Island Inc. It is not an attack. If you have questions please contact abuse@digisle.com........................................................... ............................................................................ ............................................................................ ............................................................................ ............................................................................ ............................................................................ ............................................................................ ............................................................................ ............................................................................ ............................................................................ ............................................................................ ............................................................................ ............................................................................ ............................................................................ ............................................................................ ............................................... We are not on their network or in any way affiliated with Digital Island, I'm just curious if anyone else has seen this anomaly, if it is legit, or if it is a real attack being spoofed from Digital Island...no response from abuse@digisle.com yet. Regards, Christopher J. Wolff, VP, CIO Broadband Laboratories, Inc. http://www.bblabs.com email:chris@bblabs.com phone:520.622.4338 x234
I don't know anything about what digital island is doing in particular, but for a long time people have struggled with the issue of how to offer better quality connectivity to sites off of their network. The communal nature of the Internet in times gone by provided altruistic desires (usually) to provide good connectivity, but as the quality becomes directly tied to cost, it is likely to suffer. I suspect that DI, like many other companies, is actively monitoring external sites to track, study, and hopefully improve connectivity quality to them. -alan Thus spake Christopher J. Wolff (chris@bblabs.com) on or about Thu, Oct 25, 2001 at 03:58:22PM -0700:
Hello friends,
My IDS was just tripped over 300 times. The decoded packet says:
mailto:abuse@digisle.com for questions This ICMP ECHO REQUEST/REPLY is part of the real-time network monitoring performed by Digital Island Inc. It is not an attack. If you have questions please contact abuse@digisle.com...........................................................
[removed]
...............................................
We are not on their network or in any way affiliated with Digital Island, I'm just curious if anyone else has seen this anomaly, if it is legit, or if it is a real attack being spoofed from Digital Island...no response from abuse@digisle.com yet.
Regards, Christopher J. Wolff, VP, CIO Broadband Laboratories, Inc. http://www.bblabs.com email:chris@bblabs.com phone:520.622.4338 x234
If everyone sent out "feelers" we would all have OC3's just to accept the feelers...forget customers. Reid Fishler Lightning.net At 08:24 PM 10/25/2001 -0500, Alan Hannan wrote:
I don't know anything about what digital island is doing in particular, but for a long time people have struggled with the issue of how to offer better quality connectivity to sites off of their network.
The communal nature of the Internet in times gone by provided altruistic desires (usually) to provide good connectivity, but as the quality becomes directly tied to cost, it is likely to suffer.
I suspect that DI, like many other companies, is actively monitoring external sites to track, study, and hopefully improve connectivity quality to them.
-alan
Thus spake Christopher J. Wolff (chris@bblabs.com) on or about Thu, Oct 25, 2001 at 03:58:22PM -0700:
Hello friends,
My IDS was just tripped over 300 times. The decoded packet says:
mailto:abuse@digisle.com for questions This ICMP ECHO REQUEST/REPLY is part of the real-time network monitoring performed by Digital Island Inc. It is not an attack. If you have questions please contact
abuse@digisle.com........................................................... [removed]
...............................................
We are not on their network or in any way affiliated with Digital Island, I'm just curious if anyone else has seen this anomaly, if it is legit, or if it is a real attack being spoofed from Digital Island...no response from abuse@digisle.com yet.
Regards, Christopher J. Wolff, VP, CIO Broadband Laboratories, Inc. http://www.bblabs.com email:chris@bblabs.com phone:520.622.4338 x234
On Thu, 25 Oct 2001, Alan Hannan wrote: : : I suspect that DI, like many other companies, is actively monitoring : external sites to track, study, and hopefully improve connectivity : quality to them. So, you suspect that Digisle has come up with a scheme for jiving latency/path efficiency with as-paths, and integrating that into their own routing policies? Noone has done this well yet. Those who have tried have failed to realize the need for standardization, or have decided to ignore such in the interest of developing a patented, proprietary scheme (which is, based solely on common sense, doomed). Conclusion: Digisle's probes are not at all justified. Hopefully, they're listening. Admittedly, I may be misreading your theory. If so, please elaborate. cheers, brian
Hi Brian, I know that an ISP can learn infornation about path quality off of its network. I also know that many ISPs have no interest in learning about quality off of their network. You are right that discretely mapping empirical behaviour to datum such as AS Path, external_peering_link, and other various variables like Time of Day, etc... is difficult. Some folks have made progress on this, and use it to make things better, some in a manual fashion, some in a more and more automated fashion. Some people would suggest to solve off-net quality problems by a/ blaming, or b/ suggesting that the other network increase bandwidth, or c/ rerouting. In order to do c/ sometimes it is helpful to learn information about different paths, from different vantage points. So, I don't really want to delve too deep into the theory of what exactly DI is doing, I suspect they'll tell us if they are as clever as they seem to be. I do know, however, that the gaining information about external performance can be useful for optimizing egress traffic flows, both on a micro, mid, and macro basis. With regards to your suggestion below about standardization, I think it would be great if stuff like IPPM, IPDR and such were done in the realm of off-net performance. However, let's not confuse operational implementations (for example, off-net brains thinking about what to do) with standardized protocols required for interacting with others. Egress flow optimization can be done autonomous of standards, and is, today :-) -alan Thus spake Brian Wallingford (brian@meganet.net) on or about Thu, Oct 25, 2001 at 11:41:20PM -0400:
On Thu, 25 Oct 2001, Alan Hannan wrote:
: : I suspect that DI, like many other companies, is actively monitoring : external sites to track, study, and hopefully improve connectivity : quality to them.
So, you suspect that Digisle has come up with a scheme for jiving latency/path efficiency with as-paths, and integrating that into their own routing policies? Noone has done this well yet. Those who have tried have failed to realize the need for standardization, or have decided to ignore such in the interest of developing a patented, proprietary scheme (which is, based solely on common sense, doomed).
Conclusion: Digisle's probes are not at all justified. Hopefully, they're listening.
Admittedly, I may be misreading your theory. If so, please elaborate.
cheers, brian
I certainly wouldn't dispute DI's right to measure performance to other places on the Internet. After all, ICMP is an application too, and as long as it doesn't negatively impact performance, there shouldn't be anything wrong with it. However, I would think it common courtesy to contact the network administrator of a site you intend to measure, particularly if your measurement tools are likely to trip security alarms. On Thu, Oct 25, 2001 at 10:19:10PM -0500, Alan Hannan reportedly typed:
Hi Brian,
I know that an ISP can learn infornation about path quality off of its network. I also know that many ISPs have no interest in learning about quality off of their network.
You are right that discretely mapping empirical behaviour to datum such as AS Path, external_peering_link, and other various variables like Time of Day, etc... is difficult.
Some folks have made progress on this, and use it to make things better, some in a manual fashion, some in a more and more automated fashion.
Some people would suggest to solve off-net quality problems by a/ blaming, or b/ suggesting that the other network increase bandwidth, or c/ rerouting. In order to do c/ sometimes it is helpful to learn information about different paths, from different vantage points.
So, I don't really want to delve too deep into the theory of what exactly DI is doing, I suspect they'll tell us if they are as clever as they seem to be.
I do know, however, that the gaining information about external performance can be useful for optimizing egress traffic flows, both on a micro, mid, and macro basis.
With regards to your suggestion below about standardization, I think it would be great if stuff like IPPM, IPDR and such were done in the realm of off-net performance. However, let's not confuse operational implementations (for example, off-net brains thinking about what to do) with standardized protocols required for interacting with others. Egress flow optimization can be done autonomous of standards, and is, today :-)
-alan
Thus spake Brian Wallingford (brian@meganet.net) on or about Thu, Oct 25, 2001 at 11:41:20PM -0400:
On Thu, 25 Oct 2001, Alan Hannan wrote:
: : I suspect that DI, like many other companies, is actively monitoring : external sites to track, study, and hopefully improve connectivity : quality to them.
So, you suspect that Digisle has come up with a scheme for jiving latency/path efficiency with as-paths, and integrating that into their own routing policies? Noone has done this well yet. Those who have tried have failed to realize the need for standardization, or have decided to ignore such in the interest of developing a patented, proprietary scheme (which is, based solely on common sense, doomed).
Conclusion: Digisle's probes are not at all justified. Hopefully, they're listening.
Admittedly, I may be misreading your theory. If so, please elaborate.
cheers, brian
-- Dave Siegel HOME 520-877-2593 dave at siegelie dot com WORK 520-877-2628 dsiegel at gblx dot net Director, IP Engineering, Global Crossing
On Fri, 26 Oct 2001 08:58:41 PDT, Dave Siegel said:
However, I would think it common courtesy to contact the network administrator of a site you intend to measure, particularly if your measurement tools are likely to trip security alarms.
Now if we only knew how to get (for example) things to work right if the contact would look like: "Hi, we have an F5 load balancer, and one of your users just contacted us, and we were wondering if it were OK for us to try to provide better service for your user by measuring network latencies before we send the content they asked us for...." And I suppose we really *should* also ask all the transit AS's as well... -- Valdis Kletnieks Operating Systems Analyst Virginia Tech
participants (7)
-
Alan Hannan
-
Brian Wallingford
-
Christopher J. Wolff
-
Dave Siegel
-
Randy Bush
-
Reid Fishler
-
Valdis.Kletnieks@vt.edu