Home page logo

nanog logo nanog mailing list archives

Re: Collateral Damage
From: "Scott McGrath" <mcgrath () fas harvard edu>
Date: Wed, 18 Jan 2006 20:31:00 -0500

1 Yes
2 No
3 No
4 No

-----Original Message-----

From:  "Patrick W. Gilmore" <patrick () ianai net>
Subj:  Collateral Damage
Date:  Tue Jan 17, 2006 4:44 pm
Size:  2K
To:  nanog () nanog org
cc:  "Patrick W. Gilmore" <patrick () ianai net>

My previous post sparked quite a bit of traffic (mostly to me  
personally).  It also sparked some confusion.  That's mostly my fault  
for writing e-mails far too late at night and mixing it with an  
emotionally charged thread.

So I would like to separate my questions out of the GoDaddy thread,  
write them slightly differently, and give a little more scope for  

These questions are designed as "yes/no", not "it depends".  The idea  
being if there are general circumstances (not billion-in-one corner  
cases) which would make the action in question acceptable, please  
answer yes, and move to the next question.

For instance, I would answer the first question as "yes", because  
there are circumstances which happen reasonably often where I would  
take down an innocent domain to stop network abuse.  (E.g. I would  
null-route a /24 that is sending gigabits of DoS traffic, even if  
there is an "innocent" mail server in that block.)

Anyway, on to the poll.  You are welcome and encouraged to send the  
answers to me privately, I will collate and post back to the list in  
a few days.

* Please answer yes/no.
   - Additional text is encouraged, but I need a yes/no to tabulate  
the vote.
* These questions are not regarding a specific provider or even  
specific abuse type.
   - You can consider spam, DoS, phishing, hacking, etc.
   - Please assume what you consider to be the "worst" abuse which is  
common on the Internet today.
* There is a basic assumption that due diligence has been applied.
   - You have investigated and are certain this is not a false  
positive or such.
   - I hope we can all agree that shutting someone down without doing  
proper investigation is a Bad Thing.
* There is a basic assumption of notification and grace period.
   - The provider in question knows Bad Things are happening.
   - The provider in question has had a reasonable amount of time to  
fix said Bad Things.
   - Bad Things are still happening.
* Please do not consider extremely rare occurrences or utra-extreme  
   - Null-routing an IP address to stop nuclear war is not in scope  
of this survey.

If you have any questions, please feel free to e-mail me.

1) Do you think it is ever acceptable to cause collateral damage to  
innocent bystanders if it will stop network abuse?

2) If yes, do you still think it is ever acceptable to take down a  
provider with 100s of innocent customers because one customer is  

3) If yes, do you still think it is ever acceptable if the  
"misbehaving" customer is not intentionally misbehaving - i.e.  
they've been hacked?

4) If yes, do you still think it is ever acceptable if the collateral  
damage (taking out 100s of innocent businesses) doesn't actually stop  
the spam run / DoS attack / etc.?

Thank you all for your time.


  By Date           By Thread  

Current thread:
  • Collateral Damage Patrick W. Gilmore (Jan 17)
    • <Possible follow-ups>
    • Re: Collateral Damage Scott McGrath (Jan 19)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]