mailing list archives
Re: Collateral Damage
From: "Scott McGrath" <mcgrath () fas harvard edu>
Date: Wed, 18 Jan 2006 20:31:00 -0500
From: "Patrick W. Gilmore" <patrick () ianai net>
Subj: Collateral Damage
Date: Tue Jan 17, 2006 4:44 pm
To: nanog () nanog org
cc: "Patrick W. Gilmore" <patrick () ianai net>
My previous post sparked quite a bit of traffic (mostly to me
personally). It also sparked some confusion. That's mostly my fault
for writing e-mails far too late at night and mixing it with an
emotionally charged thread.
So I would like to separate my questions out of the GoDaddy thread,
write them slightly differently, and give a little more scope for
These questions are designed as "yes/no", not "it depends". The idea
being if there are general circumstances (not billion-in-one corner
cases) which would make the action in question acceptable, please
answer yes, and move to the next question.
For instance, I would answer the first question as "yes", because
there are circumstances which happen reasonably often where I would
take down an innocent domain to stop network abuse. (E.g. I would
null-route a /24 that is sending gigabits of DoS traffic, even if
there is an "innocent" mail server in that block.)
Anyway, on to the poll. You are welcome and encouraged to send the
answers to me privately, I will collate and post back to the list in
a few days.
* Please answer yes/no.
- Additional text is encouraged, but I need a yes/no to tabulate
* These questions are not regarding a specific provider or even
specific abuse type.
- You can consider spam, DoS, phishing, hacking, etc.
- Please assume what you consider to be the "worst" abuse which is
common on the Internet today.
* There is a basic assumption that due diligence has been applied.
- You have investigated and are certain this is not a false
positive or such.
- I hope we can all agree that shutting someone down without doing
proper investigation is a Bad Thing.
* There is a basic assumption of notification and grace period.
- The provider in question knows Bad Things are happening.
- The provider in question has had a reasonable amount of time to
fix said Bad Things.
- Bad Things are still happening.
* Please do not consider extremely rare occurrences or utra-extreme
- Null-routing an IP address to stop nuclear war is not in scope
of this survey.
If you have any questions, please feel free to e-mail me.
1) Do you think it is ever acceptable to cause collateral damage to
innocent bystanders if it will stop network abuse?
2) If yes, do you still think it is ever acceptable to take down a
provider with 100s of innocent customers because one customer is
3) If yes, do you still think it is ever acceptable if the
"misbehaving" customer is not intentionally misbehaving - i.e.
they've been hacked?
4) If yes, do you still think it is ever acceptable if the collateral
damage (taking out 100s of innocent businesses) doesn't actually stop
the spam run / DoS attack / etc.?
Thank you all for your time.
- Collateral Damage Patrick W. Gilmore (Jan 17)
- <Possible follow-ups>
- Re: Collateral Damage Scott McGrath (Jan 19)