RFC 1262 (rfc1262) - Page 2 of 3
Guidelines for Internet Measurement Activities
Alternative Format: Original Text Document
RFC 1262 Measurement Guidelines October 1991
or research goals with minimal impact. In some cases, data may be
collected continuously, for example to measure packet counts or the
distribution of use of specific applications. In other cases, the
planned investigations will be too demanding to be undertaken
continuously, because of the intensity of effort required by the
researcher or the traffic load on the underlying network
infrastructure. Any data collection activity should be designed with
careful consideration of this type of issue, and should be tested
thoroughly before being deployed on the Internet. Any individual
initiating a network measurement activity should alert the relevant
service providers using mechanisms such as bulletin boards, mailing
lists and individual mail communications.
Furthermore, the data being collected must not be gathered using
break-ins to network systems or other illegal or unethical
techniques. If a measurement activity might be construed as a
possible security intrusion, the researcher should make it easy for a
system administrator at a remote site to determine that the activity
is not a break in attempt, by informing the CERT, making information
about the study easily available by anonymous FTP or other means
[1,2,3].
More specifically, an individual attempting a network measurement
activity should ensure that the following conditions are met:
1) the data collected will not violate privacy, security, or
acceptable use concerns,
2) if the aggregated data has a potential for privacy intrusions,
the researcher must protect privacy, for example by limiting
published statistics in such a fashion that individual users or
institutions are not identified,
3) if the data collection activity may be construed to be a
security violation, the researchers are strongly advised to
inform the CERT in advance, and, if applicable, request some
guidance,
4) the data collection does not unduly load or otherwise interfere
with the network or attached machines, in particular, if at all
feasible, non-invasive measurement, like passive monitoring,
should be considered as the first choice,
5) if there is an operational impact, the service providers must be
contacted,
6) the study goals, methodology, and plans are widely available, in
a fashion that requires minimal effort to locate and retrieve,
Internet Activities Board