[atlas] HTTP UDM?
Daniel Karrenberg daniel.karrenberg at ripe.net
Fri Aug 3 17:45:14 CEST 2012
On 03.08.2012, at 17:36, Miles McCredie wrote: > On 8/3/12 02:37 , Daniel Karrenberg wrote: >> it will be very basic and definitely not be there to compete with >> widely available "web site testing". >> It will likely be very restrictive on the amount of data it fetches and the number of probes. RIPE Atlas is designed as a network level measurement tool and not an application tester. >> >> We are also somewhat concerned about consequences for our probe hosts. Consider what can happen if an atlas user causes your probe to access content that is considered inappropriate or even illegal where you live and run your probe. > Understood. > > Some thoughts: > - Restrict the UDM to retrieving /robots.txt. (Generally > innocuous/legal content and not too large?) > - Limit the UDM to retrieving 4500 bytes or so of data and then sending > a RST. (Enough data to confirm max MTU frames can be received but not > enough to contain inappropriate or illegal content?) > - Send a RST after receiving a SYN-ACK response. (Would be useful to > allow port configuration in this case to allow tests for filtering.) > > Thanks > -Miles In addition to those we thought about restricting to the HEAD method. This is currently our favorite. Any problems with that? Doing stuff on the TCP level is a complex thing to implement and get right, but possible. One concern remains that purely accessing a specific server/service may be regarded as inappropriate or illegal in certain places and saying "It was an Atlas probe and it only fetched robots.txt" is not going to be a viable defense. But again: what exactly are you trying to achieve/measure? Knowing that from you and others looking for HTTP UDMs would help us understand the problem space better and to propose a solution. Daniel