Digital Island sponsors DoS attempt

Until there are standards and technology available to push subscriber
policy to the edge of the network and beyond, the subscriber has
explicitly accepted the overall terms and conditions by which the service
is to be provided.

no. i do not agree to receive a smurf attack, no matter whether my contract
with a nexthop fails to require them to prevent it from reaching me.

I am assuming in this discussion that when you refer to "benefit", you are
in fact refering to "financial benefit".

no, there's no known financial benefit to smurfing me, but the entities who
direct such attacks have positive motivation of some kind for doing so --
and i assure you that this benefit to them, whatever it is, is far greater
than the benefit to me (which would have to be expressed in negative terms.)

> another test for "welcome" is "if everybody did this, would the recipient
> be injured?"

An interesting hypothesis, but it is seldom the case that the sender of
traffic knows the details of the recipients infrastructure.

i think it's reasonable for a smurfer to know that my infrastructure cannot
tolerate multiplicitous input streams from tens of thousands of sources. just
as a spammer can indeed know, without doubt, that if millions of senders,
all at once, decided to send me unsolicited nonpersonal e-mail, that my inbox
would not hold up well.

no specific knowledge is required in those cases. in those cases and in other
cases where specific knowledge of my infrastructure is not necessary to
determine that the traffic would be "not welcome", then it ought not be sent.

> smurf, ddos in general, and spam also classify well by this criteria. it

Smurf and DDOS attacks are precisely that - attacks. They are
intentionally initiated for the purpose of disrupting infrastructure or
service. They are illegal.

in some places, they are illegal. in all places, they are "unwelcome." since
a sender of this (or any) traffic may not know the laws in force at the place
where the recipient host resides, the broader standard of "unwelcome" is more
widely applicable than the narrow standard of "illegal."

of course, illegal things ought also not be done. but that'd be a new thread.

no. i do not agree to receive a smurf attack, no matter whether my contract
with a nexthop fails to require them to prevent it from reaching me.

This is true, you do not explicitly agree to recieve the smurf. You do
however, agree to pay for it, because more generally it is "traffic" and
not "smurf traffic". This lack of distinction enables a) the sender
to send the smurf b) you to recieve it, which you have agreed to pay
for.

So, until your next-hop agreement DOES enforce service requirements
expect to get smurfs, spam, and all matter of other undesirables.

(We are of course, ignoring the fact that this is an "attack" not a
"request" or a "probe", or some other form of well intentioned traffic.)

no, there's no known financial benefit to smurfing me, but the entities who
direct such attacks have positive motivation of some kind for doing so --
and i assure you that this benefit to them, whatever it is, is far greater
than the benefit to me (which would have to be expressed in negative terms.)

i think it's reasonable for a smurfer to know that my infrastructure cannot
tolerate multiplicitous input streams from tens of thousands of sources. just
as a spammer can indeed know, without doubt, that if millions of senders,
all at once, decided to send me unsolicited nonpersonal e-mail, that my inbox
would not hold up well.

no specific knowledge is required in those cases. in those cases and in other
cases where specific knowledge of my infrastructure is not necessary to
determine that the traffic would be "not welcome", then it ought not be sent.

I can more or less agree with you here. Again, the distinction of
traffic types and service levels at the edge among providers would prevent
this.

Another solution could involve removing some of the human element in
internetworking - a topic sure to delight and astound NANOG readers.

in some places, they are illegal. in all places, they are "unwelcome." since
a sender of this (or any) traffic may not know the laws in force at the place
where the recipient host resides, the broader standard of "unwelcome" is more
widely applicable than the narrow standard of "illegal."

This is where we arrive at "Acceptable Use", which is why it is
required. But these policies need to be propogated and enforced at
smaller points of intervention. Why should not the authoritative owner of
64.0.0.0/24 be allowed to tell 63.0.0.0/24 that it will only accept
traffic type A (current scalability issues removed)?

Further, without a standard for agreeable parameters such a system would
represent chaos. This is where we arrive at Standards and Technology
again.

of course, illegal things ought also not be done. but that'd be a new thread.

Regards,
James

On Fri, Oct 26, 2001 at 12:45:11AM -0700, James Thomason stated:
[snip]

(We are of course, ignoring the fact that this is an "attack" not a
"request" or a "probe", or some other form of well intentioned traffic.)

the intention of the sender is immaterial. If intentions mattered, every
clueless marketing exec that spammed a couple hundred thousand people would
be instantly forgiven because he/she was "just trying to do business."

Intentions matter not at all. Only results of said traffic, the consequences
of which are borne entirely by the receiver. If the receiver doesn't want it,
the receiver should not have to receive it. Unless you're willing to come out
and state that being connected to the Internet is a de facto agreement to
receive anything and everything somebody wishes to send you (ghosts of open
relay arguments, anybody?)

the intention of the sender is immaterial. If intentions mattered, every
clueless marketing exec that spammed a couple hundred thousand people would
be instantly forgiven because he/she was "just trying to do business."

Intentions matter not at all. Only results of said traffic, the consequences
of which are borne entirely by the receiver. If the receiver doesn't want it,
the receiver should not have to receive it. Unless you're willing to come out
and state that being connected to the Internet is a de facto agreement to
receive anything and everything somebody wishes to send you (ghosts of open
relay arguments, anybody?)

You have signed a de facto agreement to pay for traffic you receive,
whether or not you intended to receive it. So if you do not wish to pay
for traffic you did not intend to receive, intention matters.

Further, the receiver already has the role of deciding whether or not to
receive the traffic. The sender cannot force the receiver to listen, it
does so voluntarily by default. You both pay for service, both providers
are compensated, so all things are equal? No wait, the sender is getting
free advertising. Intention matters.

Either the settlment model is wrong, or the technology is incapable, or
both.

"Play nice" policies are only going to take us so far. Enforcing policy
at the senders upstream is just one possibilty, there are many others.

Intentions matter not at all. Only results of said traffic, the consequences
of which are borne entirely by the receiver. If the receiver doesn't want it,
the receiver should not have to receive it.

This is not how things are done elsewhere, so I don't see why it would
have to be on the net. Also, how do you intend to inform everyone about
everyone else's wishes in this regard?

And it seems to me that if I send someone a request and they honor that
request (to echo back the packet) this doesn't really indiciate that these
kinds of requests are unwelcome. There are several ICMP messages that
would convey this sentiment much more clearly.

Unless you're willing to come out
and state that being connected to the Internet is a de facto agreement to
receive anything and everything somebody wishes to send you

It is, "de facto". If you know that doing something has a certain result,
and you do it, you can't really be surprised that the result ensues.
Connecting to the net means you'll receive packets. If you don't like
this, don't connect or filter out the unwanted packets.

What we really need is something where you can have a system close to the
source block the unwanted traffic. This would help a lot against all those
stupid bandwidth-hungry worms.

I don't like using the term "well intentioned". Spammers repeatedly claim that they have good intentions when they send spam, because *some* people supposedly like getting their unsolicited email. It's not enough to have good intentions, you MUST put yourself in the shoes of the recipient and of those who transit your packets and see how THEY feel about the traffic before you can be said to have "good intentions" about sending it off.

And that's what got Digital Island into this mess. They didn't really stop to think about what level of probe qualifies as unintrusive and "good intentioned" from the point of the recipient, only from their end as the entity that desires to send the probe. Because it's good for their needs, they assume the other end will see the "joint benefit" and not be bothered. But they were (obviously) wrong. Now that they know, they need to pull back and redesign their probes from point of view that is more sensitive to the needs and concerns of the recipient.

For a start, they shouldn't probe any network that hasn't (yet) requested any content from them. Then, if they probe in response to a content request, the probe should SAY THAT so the recipient understands the mutual benefit. Finally, the procedure for stopping the probes needs to be reconfigured for ease of use for the recipient who wants it stopped NOW, not for the convenience of DI.

jc

There is another issue here. I hope the DI has another method of gauging
performance. We all know well that ICMP is being fully blocked by some. Is
there no other way for DI to try to approximate the proximity of a customer
to their servers? If a network is blocking ICMP, how is the decision of
proximity made.

One assumes that would be proprietary information

One would also assume that the more measurements they could make, the more accurate their models would become. So yes, they can probably "get by" without ICMP, but the optimization might not be so good.

Of course, while the optimization is made on behalf of the CDN's customers, it's the requesting user-agents in your own networks that observe the benefits.

> Intentions matter not at all. Only results of said traffic, the
> consequences of which are borne entirely by the receiver. If the
> receiver doesn't want it, the receiver should not have to receive it.

This is not how things are done elsewhere, so I don't see why it would
have to be on the net.

on the net, recipients pay for part of the transport of traffic to them.

elsewhere, senders pay for all of the transport of traffic to them.

that's why it has to be different on the net than elsewhere.

                        Also, how do you intend to inform everyone about
everyone else's wishes in this regard?

that would be impractical, unscalable, and unnecessary.

> Unless you're willing to come out
> and state that being connected to the Internet is a de facto agreement to
> receive anything and everything somebody wishes to send you

It is, "de facto". If you know that doing something has a certain result,
and you do it, you can't really be surprised that the result ensues.

so if i have an IP address than i ought not be surprised when it's pingflooded?

and if i have an e-mail inbox i ought not be surprised when it's spammed?

elsewhere, this ideology is called "blame the victim", and is not respected.