1) If I request a web page without first asking permission, is that
wrong?
Is this a public page ? Are you trying to download my corporate directory?
1a) If I then immediately reload it fetching it twice, is that
wrong?
Were you authorized to get it (if yes, then fetch away).
1b) If I wget the whole site, is that wrong?
Sure is, I've given you no right to pull down my site. Copyright law rules
here (depending on what the copyright of the site is).
1c) wget it once an hour?
You'll show up in my traffic logs, expect to be ACL'd.
1d) Request web pages as fast as my system allows?
If you're legitimately surfing, sure, if not, ACL once again.
2) If I send e-mail to someone@pobox.com containing a picture of
people in the office, which includes some women, and it happens
to forward to a server in Afghanistan where women can't be seen
without their face covered, is it my fault?
They are not allowed to use the Internet in any case.
3) If someone wget's my web server downloading several hundred megs
and I decide then to send a single ping back, and do a single
DNS lookup, is that wrong?
Sure is, they have not authorized you to send such traffic. I've been
downloading data from your web page, there is no reason for you to send ICMP
traffic my way (one ICMP packet is one end of the extreme).
3a) I ping every host in their netblock once, is that wrong?
You bet ! I've given you no right to do so!
3b) I leave a standard once-a-second ping running for a day to
check them out?
I will ACL you and possibly complain to your upstream for abuse.
3c) I flood ping them from all my hosts as fast as I can?
See 3b above.
There is a long legal tradition in civil life that if you don't
want someone to do something, you must give them notice. Put a
I don't need to tell anyone that they may not enter my hope and park their
arse on my sofa. The also cannot start walking through my house and opening
doors to see which rooms are occupied. I'd love to see someone take
portscannig and probing and use tresspass or break and enter laws to
prosecute.
Probing and scanning has a place, the discression as to what is allowed must
be
from the receiving end. You have no right to decide what traffic my network
is to receive.
The networking world is similar. Put up a web server and you can't
complain about someone downloading your web page once. Put up a
host, and someone pings you a small number of times, you can't
complain either. Make the front page of your web site say
Why not ! I have not authorized you to probe my network ! Does your
proposal scale ? What if I want to ping every host on the @Home network 100
times in a day (ooops thats 350 million ICMP packets that enter your
network, is it a problem NOW?).
'unauthorized access prohibited' and then someone gets the front
page and continues to spider the whole site, and you might have a
claim. If you filter pings, and someone still sends tons of them
your way, and you might have a claim. If someone SMURF floods you
that's a criminal matter as an attack, regardless.
Where is the line drawn between a SMURF and a legitimate probe ? Who gets
to draw the line ,the sender, I think not!
Also important is the notion of transaction, which seems to have
been lost in this discussion. If a user requests a web page it is
quite possible that the web server may attempt to use a mechanism
other than HTTP to communicate with the client. In the simple
example, consider a web server that for each page downloaded pings
the client once and uses that data to improve the client experience.
In my opinion, that ping is part of the transaction of getting the
web page that the user requested, and as such cannot be considered
abusive. This is particularly true when the volume is high. I've
seen queries before from sites hosting thousands of users accessing
popular sites who complain that the site then sends back a couple
of hundred pings.
I know of no standard that incorporates ICMP probes with HTTP transfers. If
I ask for HTTP data, thats all that I expect, nothing less, nothing more. I
am not opposed to such a standard, but am opposed to people trying such
schemes without my knowledge or permission.
person has so much free time as to investigate such things. If
you connect to the net you will get pinged from time to time.
Someone may traceroute to you. Heck, they might try to get a web
page from you. If you don't like it, block it. If they only try
once or twice and then go away, don't complain about it. They came
up, read the 'sign' as it were, and went away.
I've got much better things to do than enter millions of hosts into an ACL.
If one had to block all this traffic, routers would need hundreds of CPUs
and Terabytes of memory (going through an ACL that is thousands of lines
long takes a lot of power).