Subject: Re: Melting down your network [Subject changed]
To: der Mouse <mouse@Rodents.Montreal.QC.CA>
From: Jonathan Stone <jonathan@dsg.stanford.edu>
List: tech-kern
Date: 03/28/2005 22:19:27
In message <200503290449.XAA07109@Sparkle.Rodents.Montreal.QC.CA>,
der Mouse writes:
... snip lots I dont have time for bug which I may reply to in a
day or so...:
>> As a fallback, I would probably settle for having his pkgsrc
>> application described as what it is: an non-rate-adaptive,
>> non-congestion-responsive application which deliberately *tries* to
>> melt down whichever network it is run on.
>
>If it's not already described that way, yes, that needs to be fixed.
>Package descriptions should always be accurate, especially ones that
>stress anything near its limits or are otherwise dangerous.
Well, thank you for agreeing with me on that. (sincerely: no sarcasm.)
>> While I guess it can be used as an information-dissemination tool, on
>> a completely dedicated network, it is more accurately described as a
>> DDOS tool.
>
>Not as the DDoS term is usually used; [...]
When talking about multicast transport, the term DDOS is frequently
used the that way I used it. I concede separate terms, for many hosts
attacking one central host or path, versus (or more) hosts attacking
multiple hosts and network paths with the same multicast traffic, may
be desirable. But its not gone that way, yet.
>There's also the matter of intent and fitness; a paper clip can be used
>to pick locks, but you won't get arrested for possession of burglary
>tools for having a paper clip in your pocket, even in circumstances
>where you would for carrying a kit of lockpicks.
No, but I am told these days you can be arrested for carrying an
electrical toolkit containing alligator clips, or which contain one of
those funky multipurpose pliers/wrench/screwdriver things --- unless
you can show that you have a trade which requires them.
>And while Emmanuel's
>program can be used as a DoS tool, it is not intended for that, nor any
>better suited to the purpose than necessary to accomplish its primary
>intended function of data streaming to many recipients without source
>bandwidth multiplication. (Again, that's based purely on the
>descriptions I've read.)
I think I have rather more expertise in this field than you, and my
expert opinion is that I'd have a hard time defending the proposition
that Emmanuel's app has any legitimate purpose, outside of toy domains
like NETBLT, other than as a DDOS [sensu moi].
Although it's unicast, the closest analogy I know of is NETBLT.
AFAIK, the authors of NETBLT have never released the implementation.
A long-term colleague of those authors once told me that nobody with
access to source ever has or ever will allowed it to be deployed,
because nobody wanted to be known as the person who _completely_
melted down the Internet.
... Actually, thinking about it: ignore my opinion on the legitmacy or
otherwise of Manu's tool. If the designers of NETBLT say: forget it,
it's just a research tool, it shouldn't be deployed (and I beleive
Lixia Zhang said basically just that, about 2 years ago on e2e), then
that's a *very* strong indication that Emmanuel's tool should not be
distributed, either. (I'd say tha applies even more strongly to
Emmauel's tool, as it uses multicast, whereas NETBLT is unicast).
And thats it from me tonight.