Home page logo
/

nanog logo nanog mailing list archives

Collateral Damage
From: "Patrick W. Gilmore" <patrick () ianai net>
Date: Tue, 17 Jan 2006 16:43:30 -0500


My previous post sparked quite a bit of traffic (mostly to me personally). It also sparked some confusion. That's mostly my fault for writing e-mails far too late at night and mixing it with an emotionally charged thread.

So I would like to separate my questions out of the GoDaddy thread, write them slightly differently, and give a little more scope for clarity.

These questions are designed as "yes/no", not "it depends". The idea being if there are general circumstances (not billion-in-one corner cases) which would make the action in question acceptable, please answer yes, and move to the next question.

For instance, I would answer the first question as "yes", because there are circumstances which happen reasonably often where I would take down an innocent domain to stop network abuse. (E.g. I would null-route a /24 that is sending gigabits of DoS traffic, even if there is an "innocent" mail server in that block.)

Anyway, on to the poll. You are welcome and encouraged to send the answers to me privately, I will collate and post back to the list in a few days.


* Please answer yes/no.
- Additional text is encouraged, but I need a yes/no to tabulate the vote. * These questions are not regarding a specific provider or even specific abuse type.
  - You can consider spam, DoS, phishing, hacking, etc.
- Please assume what you consider to be the "worst" abuse which is common on the Internet today.
* There is a basic assumption that due diligence has been applied.
- You have investigated and are certain this is not a false positive or such. - I hope we can all agree that shutting someone down without doing proper investigation is a Bad Thing.
* There is a basic assumption of notification and grace period.
  - The provider in question knows Bad Things are happening.
- The provider in question has had a reasonable amount of time to fix said Bad Things.
  - Bad Things are still happening.
* Please do not consider extremely rare occurrences or utra-extreme scenarios. - Null-routing an IP address to stop nuclear war is not in scope of this survey.

If you have any questions, please feel free to e-mail me.


1) Do you think it is ever acceptable to cause collateral damage to innocent bystanders if it will stop network abuse?

2) If yes, do you still think it is ever acceptable to take down a provider with 100s of innocent customers because one customer is misbehaving?

3) If yes, do you still think it is ever acceptable if the "misbehaving" customer is not intentionally misbehaving - i.e. they've been hacked?

4) If yes, do you still think it is ever acceptable if the collateral damage (taking out 100s of innocent businesses) doesn't actually stop the spam run / DoS attack / etc.?


Thank you all for your time.

--
TTFN,
patrick


  By Date           By Thread  

Current thread:
  • Collateral Damage Patrick W. Gilmore (Jan 17)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]