Re: How worried is too worried? Plus, a Global Crossing Story.

[Adam Rothschild <asr () asr org>]

On Thu, Oct 25, 2001 at 10:46:37PM -0700, Christopher Wolff wrote:
> I truely enjoyed the wide range of reponses to my Digital Island
> post.  Everything from DI is perfectly justified to 'tell DI to
> stick it' haha.

Remember, an IDS is only useful as the operator.

Perhaps it's time to re-think thresholds, response strategy, and what
truly constitutes "abuse" in your book, before to complaining to NANOG
that a content delivery provider's performance measuring hosts are
pinging you without prior consent.  These complaints not only distract
from real abuse, they have the potential to get innocent parties in
trouble for things they didn't do.

If people who are going to make security complaints would take the
opportunity to first try and find a legitimate explanation, it would
make world a better place.  In this case, Digital Island went above
and beyond the call of duty by specifically padding "probe" packets
with useful identifying info...

> I partner with companies that share my view of network management.
> Recently I had an issue with a customer that was claiming poor
> throughput.  Global crossing did everything in their power to
> analyze their network, my network, and my customers server farm
> [...]

Not bad.  Bonus points if you can have the same folks at Global
Crossing ACL out ICMP echo-requests heading your way so we can end
this thread already.

-adam