As per Relevance of the word connection, we have this rfc below:
Network Working Group M.
Request for Comments: 1273 University of
November 1991
A Measurement Study of Changes
Service-Level Reachability in the
TCP/IP Internet: Goals, Experimental Design
Implementation, and Policy
Status of this
This memo provides information for the Internet community. It
not specify an Internet standard. Distribution of this memo
unlimited
In this report we discuss plans to carry out a
measurement study of changes in service-level reachability in
global TCP/IP Internet. We overview our experimental design
considerations of network and remote site load, mechanisms used
control the measurement collection process, and network
use and privacy issues, including our efforts to inform
measured by this study. A list of references and information on
to contact the Principal Investigator are included
The global TCP/IP Internet interconnects millions of individuals
thousands of institutions worldwide, offering the potential
significant collaboration through network services and
information exchange. At the same time, such powerful
offers many avenues for security violations, as evidenced by a
of well publicized events over the past few years. In response,
sites have imposed mechanisms to limit their exposure to
intrusions, ranging from disabling certain inter-site services,
using external gateways that only allow electronic mail delivery,
gateways that limit remote interactions via access control lists,
disconnection from the Internet. While these measures are
to the damage that could occur from security violations, taken to
extreme they could eventually reduce the Internet to little more
a means of supporting certain pre-approved point-to-point
transfers. Such diminished functionality could hinder or prevent
deployment of important new types of network services, impeding
research and commercial advancement
To understand the evolution of this situation, we have designed
Schwartz [Page 1]
RFC 1273 A Measurement Study November 1991
study to measure changes in Internet service-level reachability
a period of one year. The study considers upper layer
reachability instead of basic IP connectivity because the
indicates the willingness of organizations to participate in inter
organizational computing, which will be an important component
future wide area distributed applications
The data we gather will contribute to Internet research
engineering planning activities in a number of ways. The data
indicate the mechanisms sites use to distance themselves
Internet connectivity, the types of services that sites are
to run (and hence the type of distributed collaboration they
willing to support), and variations in these characteristics as
function of geographic location and type of institution (commercial
educational, etc.). Understanding these trends will
application designers and network builders to more realistically
for how to support future wide area distributed applications such
digital library systems, information services, wide area
file systems, and conferencing and other collaboration-
systems. The measurements will also be of general interest, as
represent direct measurements of the evolution of a global
society
Clearly, a study of this nature and magnitude raises a number
potential concerns. In this note we overview our
design, considerations of network and remote site load,
used to control the measurement collection process, and our
to inform sites measured by this study, along with
network appropriate use and privacy issues
A point we wish to stress from the outset is that this is not a
of network security. The experiments do not attempt to probe
security mechanisms of any machine on the network. The study
concerned solely with the evolution of network connectivity
service reachability
Experimental
The study consists of a set of runs of a program over the span of
to two days each month, repeated bimonthly for a period of one
(in January 1992, March 1992, May 1992, July 1992, September 1992,
and November 1992). Each program run attempts to connect to 13
different TCP services at each of approximately 12,700
domains worldwide, recording the failure/success status of
attempt. The program will attempt no data transfers in
direction. If a connection is successful, it is simply closed
counted. (Note in particular that this means that the
mechanism behind individual network services will not be tested.)
Schwartz [Page 2]
RFC 1273 A Measurement Study November 1991
The machines on which connections are attempted will be selected
random from a large list of machines in the Internet,
such that at most 1 to 3 machines is contacted in any
domain
The services to which connections will be attempted are
__________________________________________________________________
Port Number Service Port Number
------------------------------------------------------------------
13 daytime 111 Sun
15 netstat 513
21 FTP 514
23 telnet 540
25 SMTP 543
53 Domain Naming System 544 krcmd,
79
_________________________________________________________________
This list was chosen to span a representative range of
types, each of which can be expected to be found on any machine in
site (so that probing random machines is meaningful). The
exception is the Domain Naming System, for which the
to probe are selected from information obtained from the
system itself. Only TCP services are tested, since the
connection mechanism allows one to determine if a server
running in an application-independent fashion
As an aside, it would be possible to retrieve "Well
Service" records from the Domain Naming System, as a somewhat
"invasive" measurement approach. However, these records are
required for proper network operation, and hence are far
complete or consistent in the Domain Naming System. The only
to collect the data we want is to measure them in the
described above
Network and Remote Site
The measurement software is quite careful to avoid
unnecessary internet packets, and to avoid congesting the
with too much concurrent activity. Once it has
connected to a particular service in a domain, the software
attempts to connect to that service on any machine in that
again, for the duration of the current measurement run (i.e.,
current 60 days). Once it has recorded 3 connection refusals at
machines in that domain for a service, it does not try that
at that domain again during the current measurement run. If
experiences 3 timeouts on any machine in a domain, it gives up on
Schwartz [Page 3]
RFC 1273 A Measurement Study November 1991
domain, possibly to be retried again a day later (to
transient network problems). In the worst case there will be 3
connection failures for each service at 3 different machines,
amounts to 37 connection requests per domain (3 for each of the 12
services other than the Domain Naming System, and one for the
Naming System). However, the average will be much less than this
To quantify the actual Internet load, we now present
measurements from test runs of the measurement software that
performed in August 1991. In total, 50,549 Domain Naming
lookups were performed, and 73,760 connections were attempted.
measurement run completed in approximately 10 hours, never
more than 20 network operations (name lookups or connection attempts
concurrently. The total NSFNET backbone load from all
sources that month was approximately 5 billion packets. Therefore
the traffic from our measurement study amounted to less than .5%
this volume on the day that the measurements were collected.
the Internet contains several other backbones besides NSFNET,
proportionate increase in total Internet traffic was
less than .5%.
The cost to a remote site being measured is effectively zero.
the above measurements, on average we attempted 5.7 connections
remote domain. The cost of a connection open/close sequence is
small, particularly when compared to the cost of the many
mail and news transmissions that most sites experience on a
day
Control Over Measurement Collection
The measurement software evolved from an earlier set of
used to measure the reach of an experimental Internet white
tool called netfind [Schwartz & Tsirigotis 1991b], and has
evolved and tested extensively over a period of two years.
this time it has been used in a number of experiments of
scale. The software uses several redundant checks and
mechanisms to ensure that careful control is maintained over
network operations that are performed [Schwartz & Tsirigotis 1991a].
In addition, we monitor the progress and network loading of
measurements during the measurement runs, observing the log
connection requests in progress as well as physical and
level network status (which indicate the amount of concurrent
activity in progress). Finally, because the measurements
controlled from a single centralized location, it is quite easy
stop the measurements at any time
Schwartz [Page 4]
RFC 1273 A Measurement Study November 1991
Network Appropriate Use and Privacy
When we performed our initial test runs of this study, we
to inform site administrators at each study site about this study,
posting a message on the USENET newsgroup "alt.security" and
sending individual electronic mail messages to site administrators
We also informed the Computer Emergency Response Team (CERT) at
of the study. As a practical matter, informing all sites turned
to be quite difficult. Part of the problem was that no
exist to allow such information to be easily disseminated
Approximately half of the messages we sent to site
were returned by remote mail systems as undeliverable. Moreover,
network traffic and remote site administrative load caused by
study announcement messages far outstripped the network
administrative load required by the study itself. Some sites
that the announcement was an unnecessary imposition of their time
In addition to these practical problems, a broad announcement of
study could affect the measurements it attempts to gather.
sites would likely react to the announcement by changing
reachability of their services. Asking for explicit permission
sites would yield even worse methodological problems, as this
have provided a self-selected study group consisting of sites
are less likely to disconnect from the Internet
In contrast with our attempts to announce the study, running
study without announcing it caused only a small number of
administrators to notice the traffic and inquire about it to
the CERT or to one of the responsible network contacts at
University of Colorado. The remote site administrator and
overhead of announcing the the study, coupled with the practical
methodological problems of announcing the study, lead us to prefer
run the study without further broad announcements. Yet, to
causing alarm at a site detecting our network measurement activity
it makes sense to announce the study
To resolve this problem, we discussed the study with the
Activities Board, Internet Engineering Steering Group,
Science Foundation, representatives of several U.S.
networks, and a number of individuals involved with network security
including the Computer Emergency Response Team, members of
Internet Engineering Task Force Security and Advisory Group, and
member of the Lawrence Livermore National Laboratory
Incident Advisory Capability. The first part of our efforts
in the production of Internet Request For Comments (RFC) number 1262
[Cerf 1991]. Beyond this, we have agreed that the appropriate
at this point is to announce the study well ahead of running it
the current RFC, augmented with an electronic posting that
Schwartz [Page 5]
RFC 1273 A Measurement Study November 1991
describes the study goals and methodology and points to this RFC
That announcement will be posted to the Internet Engineering
Force mailing list, the comp.protocols.tcp-ip USENET bulletin board
and the Computer Emergency Response Team's cert-tools mailing list
Moreover, in case a site misses these announcements, we will run
measurement software in a fashion intended to minimize the effort
site administrator might expend to determine the nature of
activity after detecting it. In particular, we will run the
from an account called "testnet" on a machine with few other
logged in. "Fingering" [Zimmerman 1990] this machine will
the testnet login. "Fingering" the testnet login will
information about this study
The data collected by this study is somewhat sensitive to privacy
security concerns, in the sense that it might be used as a "road map
of accessible network services. We will treat the raw data
private information, publishing measurements only in
statistical terms, divorced from the actual sites that make up
underlying data points. We previously carried out a study with
larger privacy implications than the current study [Schwartz &
1991], and successfully masked the data to protect
privacy
For Further
Information about the general research program within which
study fit is available by anonymous FTP from latour.cs.colorado.edu
in pub/RD.Papers. This directory contains a "README" file
describes the overall research project (which focuses on
discovery), and includes a bibliography. Particularly relevant are
o [Schwartz 1991b], a project overview
o [Schwartz 1991a], about an earlier, simpler version of
current study
o [Schwartz & Tsirigotis 1991b], about the netfind white
tool
o [Schwartz & Tsirigotis 1991a], which considers a number
the techniques used in this experiment, including those
controlling the progress of the measurements
o [Schwartz & Wood 1991], about an earlier study we carried
that raises significant potential privacy questions,
which we carefully masked the underlying data, presenting
Schwartz [Page 6]
RFC 1273 A Measurement Study November 1991
results without sacrificing individual privacy
Also
o [Cerf 1991], IAB guidelines for Internet
activity
Once the results of this study are complete, we will publish them
a conference or journal, as well as by anonymous FTP
Communication With Principal
If you would like to have your site removed from this study, or
would like to be added to the list of people who receive results
this study, or you would like to communicate with the
Investigator for some other reason, please send electronic mail
schwartz@cs.colorado.edu
[Cerf 1991]
Cerf, V., Editor, "Guidelines for Internet
Activities", RFC 1262, IAB, October 1991.
[Schwartz & Tsirigotis 1991a
Schwartz M., and P. Tsirigotis, "Techniques
Supporting Wide Area Distributed Applications",
Report CU-CS-519-91, Department of Computer Science
University of Colorado, Boulder, Colorado, February 1991;
Revised August 1991. Submitted for publication
[Schwartz & Tsirigotis 1991b
Schwartz M., and P. Tsirigotis "Experience with
Semantically Cognizant Internet White Pages
Tool", Journal of Internetworking: Research and Experience
2(1), pp. 23-50, March 1991.
[Schwartz 1991a
Schwartz, M., "The Great Disconnection?", Technical
CU-CS-521-91, Department of Computer Science, University
Colorado, Boulder, Colorado, February 1991.
[Schwartz & Wood 1991]
Schwartz M., and D. Wood, "A Measurement Study
Organizational Properties in the Global Electronic
Community", Technical Report CU-CS- 482-90, Department
Computer Science, University of Colorado, Boulder, Colorado
August 1990; Revised July 1991. Submitted for publication
Schwartz [Page 7]
RFC 1273 A Measurement Study November 1991
[Schwartz 1991b
Schwartz, M., "Resource Discovery in the Global Internet",
Technical Report CU-CS-555-91, Department of
Science, University of Colorado, Boulder, Colorado
November 1991. Submitted for publication
[Zimmerman 1990]
Zimmerman, D., "The Finger User Information Protocol",
RFC 1194, Center for Discrete Mathematics and
Computer Science, November 1990.
Security
Security issues are discussed in the "Network Appropriate Use
Privacy Issues" section
Author's
Michael F.
Department of Computer
Campus Box 430
University of
Boulder, Colorado 80309-0430
Phone: (303) 492-3902
EMail: schwartz@cs.colorado.
Schwartz [Page 8]
if you see any problems within the linking, don't worry be happy,
this is version 0.1 of the Relevance System and you gotta expect some crappy subroutines sometimes,
just be content we did not write this in Java, which would have made this "bigger and better" HAHAHHA.
RFC documents can be found at I.E.T.F.
Relevance System Copyright © 2002 Spectrum WorldResearch
other technical nosh by ServerMasters Corporation
collaboration of BobX
