Vernon Schryver
vjs@calcite.rhyolite.com
Thu Jun 30 01:32:17 UTC 2005
> From: Bob Johannessen > Could you maybe Cc reports here, or at least post blacklist deltas > a week or two before they go into effect? That way we (the DCC users) > will have a chanse to sort things out with our ISPs before we're cut > off... That sounds reasonable. It would require adding another step consisting of "fix it or you'll be added to the published pending blacklisting list." Something related might be a good idea for the current DCC client blacklist entries. ] From: Paul Vixie ] because this just escalates to fingerpointing, the end result will be ] a black eye for DCC, and a number of potential users going elsewhere, ] and irresponsible ISP's, as has ever been the case, getting away free. ] ] i think you might want to do something more insideous than blacklisting, ] which is ignore all checksums you're sent from these address blocks, ] and always respond with MANY when asked a question from these address ] blocks. I appreciate the trick of marking all mail from customers of misbehaving ISPs as if it were spam on the DCC server-side. That's an idea that might have applications elsewhere. However, if the black eye for the DCC matters, making the data not merely selectively unavailable but wrong sounds worse. Should I understand that you are really saying it is a bad idea? None of the current blacklist entries do not matter to the blacklisted organizations, because the entries affect networks with sick firewalls that pass outgoing DCC requests but filter returning DCC answers. Blacklisting them is invisible to them, because they're own firewalls effectively blacklist them. The public DCC server blacklist saves cycles and bandwidth on the servers by letting them not bother responding with answers that won't be heard. This new notion differs in two ways. If it works, it would be because it would be noticed. It also is not purely about protecting the couple dozen public DCC servers but other servers. General protection was the main idea for the blacklist file that dccd scans, but it has rarely been used that way. } From: "John Scully" } I see no problem with your plan. } } The public DCC servers are provided free of charge as a public service. No } one has the right to abuse this platform, and any action you take to protect } the integrity of the network should be acceptable to all legitimate users. I should mention that as far as I know, this threat is only to my own bandwidth and logs. The log entries warning that unauthorized anonymous clients are trying to use my DCC server irritate me beyond reason (if not as much as condescending lessons in French on IP addresses) and obscure potentially important log complaints about the new version I'm always testing. I'm beginning to think that it is a bad idea. Maybe I can do something else to suppress the messages in my logs. They are generally good to detect the legitimate but apparently anonymous users of a private DCC server with anonymous access turned off. What can you do about irresponsible ISPs and the users who patronize them? Nuking 'em from orbit doesn't seem practical just yet. Vernon Schryver vjs@rhyolite.com
More information about the DCC
mailing list
