On Jan 15, 2009, at 3:54 AM, Andy Davidson wrote:
On 14 Jan 2009, at 16:06, Jeroen Massar wrote:
Simon Lockhart wrote:
(Yes, I'm in the minority that thinks that Randy hasn't done anything
Nah, I agree with Randy's experiment too. People should protect their
networks better and this is clearly showing that there are a lot of
vulnerable places in the core internet structure.
The end sometimes justifies the means, and someone in the research
community discovering flaws in bgp implementation (software, protocol, or
process - at the bgp stack, in my NOC tools, in the community's
understanding) before hackers/spammers/fraudsters do, then I count that as a
The 'researcher' does not get to decide whether the information gained by
yelling fire to see how quickly people react is worth the risk of someone
getting hurt, or even just missing the rest of the movie.
No reputable research institution's ethics committee would allow an
"experiment" to proceed which announced a prefix in such a way that every
network engineer on the planet would assume the prefix traveled through $ASN
even though the prefix had not, and the researcher did not even notify $ASN
of the experiment.