INTERNET-DRAFT Charles H. Lindsey
Usenet Format Working Group University of Manchester
July 2001
9.2.1. Denial of Service
Previous Up Next
9.2.1. Denial of Service
The proper functioning of individual newsgroups can be disrupted by
the massive posting of "noise" articles, by the repeated posting of
identical or near identical articles, by posting followups unrelated
to their precursors, or which quote their precursors in full with the
addition of minimal extra material (especially if this process is
iterated), and by crossposting to, or setting followups to, totally
unrelated newsgroups.
Many have argued that "spam", massively multiposted (and to a lesser
extent massively crossposted) articles, usually for advertising
purposes, also constitutes a DoS attack in its own regard. This may
be so.
Such articles intended to deny service, or other articles of an
inflammatory nature, may also have their From or Reply-To addresses
set to valid but incorrect email addresses, thus causing large
volumes of mail to descend on the true owners of those addresses.
It is a violation of this standard for a poster to use as his address
a mailbox which he is not entitled to use. Even addresses with an
invalid local-part but a valid domain can cause disruption to the
administrators of such domains. Posters who wish to remain anonymous
or to prevent automated harvesting of their addresses, but who do not
care to take the additional precautions of using more sophisticated
anonymity measures, should avoid that violation by the use of
addresses ending in the ".invalid" top-level-domain (see 5.2).
A malicious poster may also prevent his article being seen at a
particular site by preloading that site into the Path header (5.6.1)
and may thus prevent the true owner of a forged From or Reply-To
addresse from ever seeing it.
Administrative agencies with responsibility for establishing policies
in particular hierarchies can and should set bounds upon the
behaviour that is considered acceptable within those hierarchies (for
example by promulgating charters for individual newsgroups, and other
codes of conduct).
Whilst this standard places an onus upon injecting agents to bear
responsibility for the misdemeanours of their posters, (which
includes non-adherence to established policies of the relevant
hierarchies as provided in section 8.2), and to provide assistance to
the rest of the network by making proper use of the Injector-Info
(6.19) and Complaints-To (6.20) headers, it makes no provision for
enforcement, which may in consequence be patchy. Nevertheless,
injecting sites which persistently fail to honour their
respobsibilities or to comply with generally accpted standards of
behaviour are likely to find themselves blacklisted, with their
articles refused progagation and even subject to cancellation, and
other relaying sites would be well advised to withdraw peering
arrangements from them.
Previous Up Next
Previous draft (04): 9.2.1. Denial of Service
Diffs to previous draft
--- {draft-04} Wed Jul 11 21:56:22 2001
+++ {draft-05} Wed Jul 11 21:56:22 2001
@@ -3,7 +3,7 @@
the massive posting of "noise" articles, by the repeated posting of
identical or near identical articles, by posting followups unrelated
to their precursors, or which quote their precursors in full with the
- addition of minimal extra meterial (especially if this process is
+ addition of minimal extra material (especially if this process is
iterated), and by crossposting to, or setting followups to, totally
unrelated newsgroups.
@@ -12,6 +12,8 @@
purposes, also constitutes a DoS attack in its own regard. This may
be so.
+
+
Such articles intended to deny service, or other articles of an
inflammatory nature, may also have their From or Reply-To addresses
set to valid but incorrect email addresses, thus causing large
@@ -26,7 +28,6 @@
anonymity measures, should avoid that violation by the use of
addresses ending in the ".invalid" top-level-domain (see 5.2).
-
A malicious poster may also prevent his article being seen at a
particular site by preloading that site into the Path header (5.6.1)
and may thus prevent the true owner of a forged From or Reply-To
@@ -39,15 +40,16 @@
codes of conduct).
Whilst this standard places an onus upon injecting agents to bear
- responsibility for the misdemeanours of its posters, (which include
- non-adherence to established policies of the relevant hierarchies as
- provided in section 8.2), and to provide assistance to the rest of
- the network by making proper use of the Injector-Info (6.19) and
- Complaints-To (6.20) headers, it makes no provision for enforcement,
- which may in consequence be patchy. Nevertheless, injecting sites
- which persistently fail to honour their respobsibilities or to comply
- with generally accpted standards of behaviour are likely to find
- themselves blacklisted, with their articles refused progagation and
- even subject to cancellation, and other relaying sites would be well
- advised to withdraw peering arrangements from them.
+ responsibility for the misdemeanours of their posters, (which
+ includes non-adherence to established policies of the relevant
+ hierarchies as provided in section 8.2), and to provide assistance to
+ the rest of the network by making proper use of the Injector-Info
+ (6.19) and Complaints-To (6.20) headers, it makes no provision for
+ enforcement, which may in consequence be patchy. Nevertheless,
+ injecting sites which persistently fail to honour their
+ respobsibilities or to comply with generally accpted standards of
+ behaviour are likely to find themselves blacklisted, with their
+ articles refused progagation and even subject to cancellation, and
+ other relaying sites would be well advised to withdraw peering
+ arrangements from them.