Subject: Re: Melting down your network [Subject changed]
To: None <tech-kern@NetBSD.org>
From: der Mouse <mouse@Rodents.Montreal.QC.CA>
List: tech-kern
Date: 03/28/2005 23:31:58
>>> I used the word 'evil' advisedly and literally.  It may may even
>>> well be a crime or liable under civil law, in some jurisdictions.
>> What jurisdiction would criminalize redlining your own network?
> But what about: On anyone else's network?

Yes, misusing it that way quite likely would be.  But the same goes for
a whole passel of other things, from ping -f to nmap to crack.

> As I have said elsewhere, I want Emmnauel to remove his application
> from pkgsrc, making it truly private.  Then he can do whatever he
> wants with it.

Why?  Just because it can be misused?  If you remove everything that
can be misused, there won't be much left of pkgsrc.

> As a fallback, I would probably settle for having his pkgsrc
> application described as what it is: an non-rate-adaptive,
> non-congestion-responsive application which deliberately *tries* to
> melt down whichever network it is run on.

If it's not already described that way, yes, that needs to be fixed.
Package descriptions should always be accurate, especially ones that
stress anything near its limits or are otherwise dangerous.

> While I guess it can be used as an information-dissemination tool, on
> a completely dedicated network, it is more accurately described as a
> DDOS tool.

Not as the DDoS term is usually used; DDoS usually refers to
distributed attackers DoSing a central victim, which is not something
Emmanuel's tool would do especially well (at least not based on the
descriptions I've seen); its data flow goes in the other direction,
from a central sender to many recipients, which must be at least
minimally willing recipients (they have to join a multicast group).

There's also the matter of intent and fitness; a paper clip can be used
to pick locks, but you won't get arrested for possession of burglary
tools for having a paper clip in your pocket, even in circumstances
where you would for carrying a kit of lockpicks.  And while Emmanuel's
program can be used as a DoS tool, it is not intended for that, nor any
better suited to the purpose than necessary to accomplish its primary
intended function of data streaming to many recipients without source
bandwidth multiplication.  (Again, that's based purely on the
descriptions I've read.)

/~\ The ASCII				der Mouse
\ / Ribbon Campaign
 X  Against HTML	       mouse@rodents.montreal.qc.ca
/ \ Email!	     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B