Re: Attn MCI/UUNet - Massive abuse from your network
On Thu, 24 Jun 2004, Dr. Jeffrey Race wrote: On Thu, 24 Jun 2004 03:05:41 + (GMT), Christopher L. Morrow wrote: Sure, customer of a customer we got emailtools.com kicked from their original 'home' now they've moved off (probably several times since 2000) to another customer. This happens to every ISP, each time they appear we start the process to disconnect them. This is too flagrant to let pass without comment. This endless loop situation does NOT happen to every ISP, only to those who have not emplaced procedures to prevent serial signups of serial abusers. This is Sorry, you mistook my statement, or I mis-spoke it such that you would misunderstand it :( So, the point I was trying to make I'll try again with an example: (situtation not made up, parties made up) 1) spammer#12 signs up as a webhosting customer of Exodus who is a customer of As701 2) 701 gets complaints, notifies good customer Exodus who terms the spammer's website/box/blah 3) spammer#12 signs up with next 50$/month hosting site Abovenet off 1239 4) 1239 gets complaints notifies the good customer abovenet who terms the customer. . . . 12) spammer#12 signs up with webhosting group rackspace who is a 701 customer 13) return to step 2 This process happens repeatedly, spammers know they can get about a month of time (or more, depending on upstreams and hosting providers in question) of life, either way it's just 50 bucks At all times, they are not customers of 1239, 701, whomever... they are a customer of a customer. So, 701 or 1239 never know who the downstream is, in the particular case of emailtools.com this is the case... Or, that's what seems to have happened since they were a customer of some NYC based customer 4 years ago, and are now a customer of some TPA based customer now. trivially easy to do and your firm's failure to do so and to enforce this rule on your contracting parties definitively proves your management's decision to profit from spam rather than to stop spam. I'd also point out someting that any provider will tell you: Spammers never pay their bills. This is, in fact (for you nanae watchers), the reason that most of them get canceled by us FASTER... Sadly, non-payment is often a quicker and easier method to term a customer than 'abuse', less checks since there is no 'percieved revenue' :( -Chris
Re: Unplugging spamming PCs
Larry Pingree wrote: Can you suggest another method that would have more accuracy? I think it's ridiculous that every service on the internet is provided without any authentication and integrity services, if we allowed anyone to call from anywhere within the telephone network, you'd have rampant falsification, which is what we have today. It is these characteristics that has made the Internet work and grow the way it has. You comment about the telephone network; Erm, that's just the way it works today - the AAA is in the SS7/C7/etc. layer, similar to BGP in IP. The problem being raised in this thread is too old to solve this way. If e-mail was regulated from early on, then it may have worked. Now there are too many ways to get around any regulations proposed. Anyhow, I don't want my e-mail correspondants vetted and approved by a (never neutral) third party. Peter
Re: Attn MCI/UUNet - Massive abuse from your network
Chris why do you give me such easy ones? :) This situation has been known for years and it is I repeat trivially easy to solve. 1-There are relatively small numbers of serious spammers and of ISPs. 2-In your contract you require all your customers to know the true identities of their customers (if juridical entities, their officers and directors) and to impose this requirement on every subcontract. ISP violators will be terminated immediately. 3-The end-user contract must state that spamming is forbidden; there are penalties for infraction, notionally $500 for the first offense, $5,000 for the next, $50,000 for the third, AT WHATEVER CARRIER IN THE SYSTEMWIDE DATABASE. The end-user must provide a validated credit card. Customer agrees that violation will result in immediate termination with prejudice which will be logged in a system-wide shared database. 4-No applicant can be accepted without first checking this database and ROKSO. Violation of such a contract is not just a civil matter resulting in penalties (charged against the credit card which affects the applicant's credit history). It is also the criminal offense of fraud in the inducement because the perp signed the agreement with the prior intention to violate it. Therefore when your downstream terminates a perp, they enter him (by real name) in the system-wide database, collect the penalty, and file a police report and have him criminally prosecuted. If they refuse, you terminate the downstream. Poof! MCI spam problem goes away in 30 days. I went through all this with your counsel Neil Patel. Your company refused to do anything, because it wanted to continue to profit from spam.The adventure continues. Chris--nothing personal. It's just business. These are the facts. Lots of companies have procedures like this in place which is why they don't have spam problems. Jeffrey Race On Thu, 24 Jun 2004 06:34:25 + (GMT), Christopher L. Morrow wrote: On Thu, 24 Jun 2004, Dr. Jeffrey Race wrote: On Thu, 24 Jun 2004 03:05:41 + (GMT), Christopher L. Morrow wrote: Sure, customer of a customer we got emailtools.com kicked from their original 'home' now they've moved off (probably several times since 2000) to another customer. This happens to every ISP, each time they appear we start the process to disconnect them. This is too flagrant to let pass without comment. This endless loop situation does NOT happen to every ISP, only to those who have not emplaced procedures to prevent serial signups of serial abusers. This is Sorry, you mistook my statement, or I mis-spoke it such that you would misunderstand it :( So, the point I was trying to make I'll try again with an example: (situtation not made up, parties made up) 1) spammer#12 signs up as a webhosting customer of Exodus who is a customer of As701 2) 701 gets complaints, notifies good customer Exodus who terms the spammer's website/box/blah 3) spammer#12 signs up with next 50$/month hosting site Abovenet off 1239 4) 1239 gets complaints notifies the good customer abovenet who terms the customer. . . . 12) spammer#12 signs up with webhosting group rackspace who is a 701 customer 13) return to step 2 This process happens repeatedly, spammers know they can get about a month of time (or more, depending on upstreams and hosting providers in question) of life, either way it's just 50 bucks At all times, they are not customers of 1239, 701, whomever... they are a customer of a customer. So, 701 or 1239 never know who the downstream is, in the particular case of emailtools.com this is the case... Or, that's what seems to have happened since they were a customer of some NYC based customer 4 years ago, and are now a customer of some TPA based customer now. trivially easy to do and your firm's failure to do so and to enforce this rule on your contracting parties definitively proves your management's decision to profit from spam rather than to stop spam. I'd also point out someting that any provider will tell you: Spammers never pay their bills. This is, in fact (for you nanae watchers), the reason that most of them get canceled by us FASTER... Sadly, non-payment is often a quicker and easier method to term a customer than 'abuse', less checks since there is no 'percieved revenue' :(
Re: Unplugging spamming PCs
And again, much of this comes down to enforcement. When was the last time you heard of a spammer's domain being pulled? How about the last time you saw a spammer be even remotely bothered by having their domain pulled? Do you think they'll really care less about losing a mail server when they've got another dozen lined up ready and waiting? Well, just a couple of days ago I read about a Russian court in Chelyabinsk that sentenced a spammer to two years in prison. It's the first conviction under a Russian law that forbids the use of malicious software and the court felt that the spamming scripts used by this guy were malicious software. What he did was to send text messages to mobile phone subscribers of a single company by means of a web gateway. I think the main reason he was put on trial was because the mobile operator whose customers were getting the spam and whose gateway was being misused, went to the police and complained. How many ISPs in the USA go to the police and register official complaints about spammers? We have lots of smart people who can track down and identify spammers but it does no good unless the companies who suffer damage register an official police complaint. --Michael Dillon
Re: Attn MCI/UUNet - Massive abuse from your network
This process happens repeatedly, spammers know they can get about a month of time (or more, depending on upstreams and hosting providers in question) of life, either way it's just 50 bucks forgive my question, but why does it take a month? If you had a bad route causing an outage for the spammer, would it take a month for the involved ISPs to fix that? Geo.
Re: Attn MCI/UUNet - Massive abuse from your network
On Thu, 24 Jun 2004, Curtis Maurand wrote: spamhaus has gotten too agressive. Its now preventing too much legitimate email. Spammers have gotten too agressive. If you don't filter you would not see any legitimate email. -- William Leibzon Elan Networks [EMAIL PROTECTED]
Re: Attn MCI/UUNet - Massive abuse from your network
spamhaus has gotten too agressive. Its now preventing too much legitimate email. Spammers have gotten too agressive. If you don't filter you would not see any legitimate email. a couple of days before my primary email server crashed, so i configured a backup machine. the backup machine does not have spam filtering database at first. i managed to install bogofilter, but anyways, it became apparent that i get 50+ Mbytes of spams per day. what a waste of electrons! we need to conserve electrons!! itojun
Re: Attn MCI/UUNet - Massive abuse from your network
Dr. Jeffrey Race [EMAIL PROTECTED] writes: Poof! MCI spam problem goes away in 30 days. http://www.rhyolite.com/anti-spam/you-might-be.html I think the discussion is over. ---Rob
Re: Attn MCI/UUNet - Massive abuse from your network
[Thu, Jun 24, 2004 at 10:20:33AM +0700] Dr. Jeffrey Race Inscribed these words... On Thu, 24 Jun 2004 03:05:41 + (GMT), Christopher L. Morrow wrote: Sure, customer of a customer we got emailtools.com kicked from their original 'home' now they've moved off (probably several times since 2000) to another customer. This happens to every ISP, each time they appear we start the process to disconnect them. This is too flagrant to let pass without comment. This endless loop situation does NOT happen to every ISP, only to those who have not emplaced procedures to prevent serial signups of serial abusers. This is trivially easy to do and your firm's failure to do so and to enforce this rule on your contracting parties definitively proves your management's decision to profit from spam rather than to stop spam. I think you may be missing a major point. UUNET/MCI provides dedicated internet services to so many downstreams that it is impossible to stop spammers from signing up to those downstreams. Preventing spammers from signing up for UUNET/MCI services is, yes, trivial. Preventing spammers from signing up on a downstream of a downstream of a downstream etc is impossible. Jeffrey Race -- Stephen (routerg) irc.dks.ca
Re: Attn MCI/UUNet - Massive abuse from your network
On Thu, 24 Jun 2004 09:20:30 -0400, Stephen Perciballi wrote: I think you may be missing a major point. UUNET/MCI provides dedicated internet services to so many downstreams that it is impossible to stop spammers from signing up to those downstreams. Preventing spammers from signing up for UUNET/MCI services is, yes, trivial. Preventing spammers from signing up on a downstream of a downstream of a downstream etc is impossible. With this procedure (please re-read it carefully, everyone in the entire contractual chainv) is bound) they can sign up ONCE. After that they go in the common database. It is the same way credit reporting works: you mess up, you get no credit. Come on guys, you are all smart engineers. This is not rocket science. Jeffrey Race
Re: Attn MCI/UUNet - Massive abuse from your network
Is it possible for some people to chime in on backbone scaling issues that have a linksys cable modem router to test on? On Thu, 24 Jun 2004, Robert E. Seastrom wrote: Dr. Jeffrey Race [EMAIL PROTECTED] writes: Poof! MCI spam problem goes away in 30 days. http://www.rhyolite.com/anti-spam/you-might-be.html I think the discussion is over. ---Rob
Re: Unplugging spamming PCs
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Larry Pingree wrote: | Mail servers should be registered just like domains and shutdown by a | registrar if they are misusing their registered services. This really | needs to be handled by a multi-lateral legal solution, industry will not | fix it alone. Very bad, very unworkable solution. There's just too many mail servers out there (legitimate ones) for this to be even remotely feasible. Systems like SPF are on the right tracks but it's still not a very elegant solution. My vote is still for some kind of public key authentication built around already existing protocols (TLS for example). The free e-mail providers would be number one on my list to implement this! It'd still be a lot of work and require total cooperation from the Internet community, however. Of course, if I knew a total solution that'd please everyone I wouldn't be sitting here writing this. I'd be sitting on my private Island in the South Pacific sipping cocktails :-) Chris - -- Chris Horry KG4TSM You're original, with your own path [EMAIL PROTECTED] You're original, got your own way PGP: DSA/2B4C654E-- Leftfield -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFA2uFTnAAeGCtMZU4RAkB0AJ9Hg8Y/zK4KO7kBqqHyYrIMYqXlrACfbwnC owpXEEltr3LD7hdhEcMeitY= =G1Fw -END PGP SIGNATURE-
Re: Attn MCI/UUNet - Massive abuse from your network
It is the same way credit reporting works: you mess up, you get no credit. Come on guys, you are all smart engineers. This is not rocket science. If anyone really cared about SPAM, then the credit reporting companies would already be collecting information about SPAMmers and network operators would pay them for that info when they sign up new customers. But most people are happy with things the way they are. They love SPAM because it gives them something to complain about and get emotional about. Personally, I find SPAM to be a minor annoyance. I just delete the dozen or so messages a day that make their way through the SPAM filter. But what concerns me far more than SPAM is the fundamental insecurity of the email system which makes it impossible to trust the source of any email message unless you have some prior knowledge of the sender. Back in the old days, at least we had alternatives like Compuserve and MCI-Mail. Now there is only one email system and it is rotten at the core. If we would fix that then most of the time, SPAM would be a minor annoyance like graffitti or vandalism is in the real world. As it currently stands, SPAM is like terrorism circa 1999, i.e. it's escalating and you ain't seen nuthin' yet... --Michael Dillon
Re: Can a customer take IP's with them?
On Thu, 2004-06-24 at 06:49, [EMAIL PROTECTED] wrote: On Wed, 23 Jun 2004 15:48:14 MDT, John Neiberger [EMAIL PROTECTED] said: IANAL, but it appears that from a contractual perspective it is clear that ARIN retains all 'ownership' rights to the address space. They subdivide it to those who are willing to contractually agree to their conditions, but the ownership is never transferred. I would think that that is an important distinction to make. IANAL either, but I believe that ARIN doesn't claim to own 32-bit integers. What they're providing is a *registry service* to keep track of what entities are using what ranges of 32-bit integers, to prevent duplication. There's no *requirement* that you use any particular address range, except that by community agreement, nobody wants to deal with non-registered addresses. If ARIN actually *owned* the address space, we'd not have the perennial flame-war regarding 1918-space source addresses on the global net - everybody would do a really fast and good job of implementing ingress/egress filtering because ARIN could sue you for using their addresses... :) I think you meant IANA there, not ARIN ;) Indeed nobody will complain if you setup your own RIR and start handing out addresses, it is a registry and those work as long as common believe is that they are the central sources of authority. The same goes for DNS and basically everything else. On another, related note: RFC2544 (C.2.2): 8-- The network addresses 192.18.0.0 through 198.19.255.255 are have been assigned to the BMWG by the IANA for this purpose. This assignment was made to minimize the chance of conflict in case a testing device were to be accidentally connected to part of the Internet. The specific use of the addresses is detailed below. --8 Thus 192.18.0.0/15 is IANA ?reserved? for the BMWG (btw note also the are have been ;), but in whois.arin.net: 8-- OrgName:Sun Microsystems, Inc OrgID: SUN Address:4150 Network Circle City: Santa Clara StateProv: CA PostalCode: 95054 Country:US NetRange: 192.18.0.0 - 192.18.194.255 CIDR: 192.18.0.0/17, 192.18.128.0/18, 192.18.192.0/23, 192.18.194.0/24 NetName:SUN1 NetHandle: NET-192-18-0-0-1 Parent: NET-192-0-0-0-0 NetType:Direct Allocation NameServer: NS1.SUN.COM NameServer: NS2.SUN.COM NameServer: NS7.SUN.COM NameServer: NS8.SUN.COM Comment: RegDate:1985-09-09 Updated:2003-10-10 -8 The RFC is from 1999, according to the above Sun owns and is using that block a lot longer what is correct? RFC1944 (from 1996) also notes that block. RFC1062 (from 1988) then again mentions SUN there ;) Anyone who has some thoughts about this? Because a /15 is a very nice testrange if you don't want to break connectivity to existing rfc1918 addresses and of course not to forget SUN if you like watching pictures of highend servers to name an example :) Greets, Jeroen signature.asc Description: This is a digitally signed message part
Suggestion: identify and thread trouble tickets
Many network operators have Trouble Ticket systems (as per RFC1297) which send mails notifying customers, peers and other interested parties of network problems, events and so on. Many of these mails cross my desk, so I thought it might be useful to make two small suggestions to trivially increase the functionality of these mails ... use the mail headers cleverly. Firstly, a lot of us receive a lot of tickets and to ease the workload we filter them into seperate mailboxes. To assist this process, rather than making us all use unreliable filters based on a sender address or a particular format to the subject, consider including a custom X-header, here at HEAnet we use: X-HEAnet-TicketID: [ticket id] X-HEAnet-Ticket-Distribution: [public|noc|personal ..] But only one is really neccessary (though I guess it depends on how easy you want to make subfiltering), and it should be committed to. No matter what you do to your trouble ticketing system the X header should remain. This would avoid the situation of breaking filtering on people when you change whatever unique subtlety they happen to be relying upon. Now secondly, after you've made it easy for people to distuingish your tickets from those of others, consider making it easy for people to distinguish your tickets from each other. For 1 year now, HEAnet have been issueing tickets with Message-ID's generated by our ticketing system, for example: To: [EMAIL PROTECTED] From: Colm MacCarthaigh [EMAIL PROTECTED] Subject: HEA-NOC/20040519-11 [OPEN] IPv6 packet loss on backbone X-HEAnet-TicketID: 20040519-11 X-HEAnet-Ticket-Distribution: public Message-ID: [EMAIL PROTECTED] And then subsequent updates to the ticket have headers such as: To: [EMAIL PROTECTED] From: Colm MacCarthaigh [EMAIL PROTECTED] Subject: HEA-NOC/20040519-11 [UPDATE] IPv6 packet loss on backbone X-HEAnet-TicketID: 20040519-11 X-HEAnet-Ticket-Distribution: public In-Reply-To: [EMAIL PROTECTED] References: [EMAIL PROTECTED] Message-ID: [EMAIL PROTECTED] I'm sure everyone can predict that the next mail would look like: To: [EMAIL PROTECTED] From: Colm MacCarthaigh [EMAIL PROTECTED] Subject: HEA-NOC/20040519-11 [UPDATE] IPv6 packet loss on backbone X-HEAnet-TicketID: 20040519-11 X-HEAnet-Ticket-Distribution: public In-Reply-To: [EMAIL PROTECTED] References: [EMAIL PROTECTED] Message-ID: [EMAIL PROTECTED] This simple feature has the effect of enabling mails concerning the same ticket to be threaded/grouped (and whatever gmail is calling it these days) in the users mail client, if their mail-client supports threaded viewing. We all know what it looks like :). If a user wants to see them chronologically instead, just turning the threaded viewing off is enough. We've had no reports of problems and many people have found it useful, and personally I find TT mails substantially more manageable in this form. If tickets are logged to a HTML archive, threaded mails can help there also by allowing a nice way to see all ticket updates relevant to a single issue. I would imagine that all ticketing systems already have a unique number per ticket (the ticket id) and incrementing a counter for each update/close is not hard, so it's a simple enough feature to add (though making sure the message ID's are in fact unique is critical). It's probably not a new idea, and it has almost certainly been implemented before but none of the trouble tickets I get implement it. So, my humble suggestion is to consider adding it in the next rewrite of your ticketing system, or requesting it as a feature from your TT system vendor. There may be problems we have not encountered in operation or I have not considered, if so - comments welcome. -- Colm
Re: Attn MCI/UUNet - Massive abuse from your network
On Thu, 24 Jun 2004, George Roettger wrote: This process happens repeatedly, spammers know they can get about a month of time (or more, depending on upstreams and hosting providers in question) of life, either way it's just 50 bucks forgive my question, but why does it take a month? If you had a bad route causing an outage for the spammer, would it take a month for the involved ISPs to fix that? spammer comes, starts work, spams, complaints arrive, downstream customer is notified of 'problem', they get their 3 strikes to deal with said problem, then the ip is null routed. Sometimes it's a month, sometimes less. It's situationally dependent :( I picked a round number because saying: Spammers get 9.759 days on average per webhosting adventure is cumbersome.
Re: Unplugging spamming PCs
That sentence is A joke 15000 subscribers affected Court Convicts Obscene Text Messager http://www.reuters.com/newsArticle.jhtml;jsessionid=IPQ4NZVA4P24ACRBAELCFEY?type=technologyNewsstoryID=5504916 --- [EMAIL PROTECTED] wrote: And again, much of this comes down to enforcement. When was the last time you heard of a spammer's domain being pulled? How about the last time you saw a spammer be even remotely bothered by having their domain pulled? Do you think they'll really care less about losing a mail server when they've got another dozen lined up ready and waiting? Well, just a couple of days ago I read about a Russian court in Chelyabinsk that sentenced a spammer to two years in prison. It's the first conviction under a Russian law that forbids the use of malicious software and the court felt that the spamming scripts used by this guy were malicious software. What he did was to send text messages to mobile phone subscribers of a single company by means of a web gateway. I think the main reason he was put on trial was because the mobile operator whose customers were getting the spam and whose gateway was being misused, went to the police and complained. How many ISPs in the USA go to the police and register official complaints about spammers? We have lots of smart people who can track down and identify spammers but it does no good unless the companies who suffer damage register an official police complaint. --Michael Dillon
Re: Can a customer take IP's with them?
At 7:29 PM -0400 6/23/04, Robert Blayzor wrote: Howard C. Berkowitz wrote: This would absolutely have to be challenged on cross-examination. Were I the attorney, especially if the plaintiff had mentioned telephone number portability, I would ask the plaintiff to explain what additional work had to be done to the POTS network to implement portability. Should the plaintiff start mumbling, I'd impugn his credibility, and then ask a bunch of hard questions about SS7 (including the TCAP mechanism for portable number translation), how IP routing works, how IP routing has no authoritative mechanism for global translation, etc. I'd interrogate the customer about DNS and why they weren't able to solve their portability requirement with it. I'd look for detailed familiarity with RFC 2071 and 2072. I wouldn't expect the customer to be able to answer many of these. As the defendant, I would expect to bring in my own expert witness who is very good at explaining these differences, and how the telephone and IP routing environments are different. Apples and Oranges. My point exactly, that enough explanation will show there is no operational or protocol equivalent to number portability. The defendant has to be prepared to shoot down that argument. There is something called DNS which handles how hosts are known by. The whole reason behind DNS is so a user owns a name but doesn't matter what number they have. Well, yes. In the telco world you do not have this option since many businesses advertise their telephone number. (ie: yellow page ads, business cards, advertisements, etc.) When it comes to the net IP addresses are irrelevant as people are known by name, names which are transparently resolved to IP addresses. The technology exists so that people don't have to bring IP space with them. The routing tables are big enough as it is and the last thing we need is a bunch of judges comparing number portability to IP space portability. Again, I don't see how we are in disagreement. What I was describing was an approach to getting the judge and/or jury to see they are NOT the same thing.
Re: Unplugging spamming PCs
That sentence is A joke 15000 subscribers affected A joke? Doing hard time is no joke. http://www.reuters.com/newsArticle.jhtml; jsessionid=IPQ4NZVA4P24ACRBAELCFEY?type=technologyNewsstoryID=5504916 Maybe I read the Russian wrong here http://www.echel.ru/news/?page=2id=3421#3421 but it seemed to me like he was sentenced to two years with the possibility of early release after one year. Nevertheless, when you read the details of what he actually did, this is a real wakeup call for anyone in Russia who sends spam. The police take it as seriously as releasing viruses or worms. Wouldn't we all like to see our courts treat spammers this way? Write a few lines of PERL to pump out SPAM and go to jail. --Michael Dillon
Re: .ORG DNS Problem?
Seems to be working fine now: % dig nanog.org ns +trace ; DiG 9.2.2-P3 nanog.org ns +trace ;; global options: printcmd . 298767 IN NS C.ROOT-SERVERS.NET. . 298767 IN NS D.ROOT-SERVERS.NET. . 298767 IN NS E.ROOT-SERVERS.NET. . 298767 IN NS F.ROOT-SERVERS.NET. . 298767 IN NS G.ROOT-SERVERS.NET. . 298767 IN NS H.ROOT-SERVERS.NET. . 298767 IN NS I.ROOT-SERVERS.NET. . 298767 IN NS J.ROOT-SERVERS.NET. . 298767 IN NS K.ROOT-SERVERS.NET. . 298767 IN NS L.ROOT-SERVERS.NET. . 298767 IN NS M.ROOT-SERVERS.NET. . 298767 IN NS A.ROOT-SERVERS.NET. . 298767 IN NS B.ROOT-SERVERS.NET. ;; Received 404 bytes from 64.246.100.1#53(64.246.100.1) in 4 ms org.172800 IN NS TLD1.ULTRADNS.NET. org.172800 IN NS TLD2.ULTRADNS.NET. ;; Received 109 bytes from 192.33.4.12#53(C.ROOT-SERVERS.NET) in 9 ms NANOG.ORG. 172800 IN NS DNS2.MERIT.NET. NANOG.ORG. 172800 IN NS DNS.MERIT.NET. NANOG.ORG. 172800 IN NS DNS3.MERIT.NET. ORG.86400 IN NS TLD2.ULTRADNS.NET. ORG.86400 IN NS TLD1.ULTRADNS.NET. ;; Received 180 bytes from 204.74.112.1#53(TLD1.ULTRADNS.NET) in 10 ms -Adam Quoting Adam Kujawski [EMAIL PROTECTED]: Anybody else having problems resolving .ORG domains via TLD1.ULTRADNS.NET (204.74.112.1) and TLD2.ULTRADNS.NET. (204.74.113.1). I'm seeing slow respones, or no responses. Traceroutes look fine: % tcptraceroute 204.74.112.1 53 Selected device fxp0, address 64.246.100.1, port 55786 for outgoing packets Tracing the path to 204.74.112.1 on TCP port 53, 30 hops max 1 fastethernet-0-0.angola-gw.amplex.net (64.246.100.126) 9.403 ms 7.361 ms 9.148 ms 2 dtrtmi1wce1-ser2-5-5.wcg.net (65.77.89.53) 9.801 ms 8.061 ms 9.917 ms 3 brvwil1wcx2-pos14-1.wcg.net (64.200.240.33) 9.748 ms 8.341 ms 9.612 ms 4 chcgil9lcx1-pos6-0-oc48.wcg.net (64.200.103.118) 10.001 ms 9.172 ms 8.762 ms 5 ge-4-3-0.r00.chcgil06.us.bb.verio.net (206.223.119.12) 9.646 ms 8.960 ms 9.502 ms 6 ge-0-3-0.r02.chcgil06.us.bb.verio.net (129.250.2.121) 9.323 ms 9.071 ms 9.039 ms 7 ge-1-1.a00.chcgil07.us.ra.verio.net (129.250.25.136) 9.848 ms 9.306 ms 9.003 ms 8 fa-2-1.a00.chcgil07.us.ce.verio.net (128.242.186.134) 9.679 ms 9.697 ms 9.684 ms 9 tld1.ultradns.net (204.74.112.1) [open] 10.296 ms 10.625 ms 9.537 ms -AND - % tcptraceroute 204.74.113.1 53 Selected device fxp0, address 64.246.100.1, port 55792 for outgoing packets Tracing the path to 204.74.113.1 on TCP port 53, 30 hops max 1 fastethernet-0-0.angola-gw.amplex.net (64.246.100.126) 5.402 ms 7.282 ms 9.738 ms 2 dtrtmi1wce1-ser2-5-5.wcg.net (65.77.89.53) 9.973 ms 7.958 ms 9.909 ms 3 brvwil1wcx2-pos14-1.wcg.net (64.200.240.33) 9.800 ms 10.295 ms 8.835 ms 4 chcgil9lcx1-pos6-0-oc48.wcg.net (64.200.103.118) 8.878 ms 8.786 ms 9.187 ms 5 fe9-2.IR1.Chicago2-IL.us.xo.net (206.111.2.149) 9.512 ms 8.964 ms 8.869 ms 6 p5-0-0.RAR2.Chicago-IL.us.xo.net (65.106.6.137) 9.580 ms 9.214 ms 9.120 ms 7 p4-1-0.MAR2.Chicago-IL.us.xo.net (65.106.6.154) 9.512 ms 10.285 ms 9.594 ms 8 p15-0.CHR1.Chicago-IL.us.xo.net (207.88.84.14) 10.126 ms 9.517 ms 9.472 ms 9 10.11.102.1 (10.11.102.1) 10.990 ms 9.808 ms 10.182 ms 10 tld2.ultradns.net (204.74.113.1) [open] 9.933 ms 10.124 ms 9.778 ms Source IP for the traceroutes is 64.246.100.1. Dig's don't get very far: % dig nanog.org +trace ; DiG 9.2.2-P3 nanog.org +trace ;; global options: printcmd . 300086 IN NS C.ROOT-SERVERS.NET. . 300086 IN NS D.ROOT-SERVERS.NET. . 300086 IN NS E.ROOT-SERVERS.NET. . 300086 IN NS F.ROOT-SERVERS.NET. . 300086 IN NS G.ROOT-SERVERS.NET. . 300086 IN NS H.ROOT-SERVERS.NET. . 300086 IN NS I.ROOT-SERVERS.NET. . 300086 IN NS J.ROOT-SERVERS.NET. . 300086 IN NS K.ROOT-SERVERS.NET. . 300086 IN NS L.ROOT-SERVERS.NET. . 300086 IN NS M.ROOT-SERVERS.NET. . 300086 IN NS A.ROOT-SERVERS.NET. . 300086 IN NS B.ROOT-SERVERS.NET. ;; Received 388 bytes from
Re: .ORG DNS Problem?
Hi, ...on Thu, Jun 24, 2004 at 11:18:26AM -0400, Adam Kujawski wrote: Anybody else having problems resolving .ORG domains via TLD1.ULTRADNS.NET (204.74.112.1) and TLD2.ULTRADNS.NET. (204.74.113.1). I'm seeing slow respones, or no responses. Same here, until a few minutes ago. Didn't work (connection timed out) from various places in Europe, while I had no problems when coming from a host in the US. Alex. -- AB54-RIPE
RE: .ORG DNS Problem?
rant A reminder to folks giving status reports on anycasted DNS deployments, don't forget to mention which node you are querying. For the F root (and other BIND implementations): dig +norec @f.root-servers.net hostname.bind chaos txt For UltraDNS: dig +norec @tld1.ultradns.net whoareyou.ultradns.net in a /rant I'm seeing no problems with tld1.ultradns.net (udns2pxpa.ultradns.net) or tld2.ultradns.net (udns2eqsj.ultradns.net). -Mike -Original Message- From: Alexander Bochmann [mailto:[EMAIL PROTECTED] Sent: Thursday, June 24, 2004 7:49 AM To: [EMAIL PROTECTED] Subject: Re: .ORG DNS Problem? Hi, ...on Thu, Jun 24, 2004 at 11:18:26AM -0400, Adam Kujawski wrote: Anybody else having problems resolving .ORG domains via TLD1.ULTRADNS.NET (204.74.112.1) and TLD2.ULTRADNS.NET. (204.74.113.1). I'm seeing slow respones, or no responses. Same here, until a few minutes ago. Didn't work (connection timed out) from various places in Europe, while I had no problems when coming from a host in the US. Alex. -- AB54-RIPE
Re: .ORG DNS Problem?
Or if you can't reach em, even good old traceroute can be useful... Ray On Thu, Jun 24, 2004 at 09:45:24AM -0700, Mike Damm wrote: rant A reminder to folks giving status reports on anycasted DNS deployments, don't forget to mention which node you are querying. For the F root (and other BIND implementations): dig +norec @f.root-servers.net hostname.bind chaos txt For UltraDNS: dig +norec @tld1.ultradns.net whoareyou.ultradns.net in a /rant I'm seeing no problems with tld1.ultradns.net (udns2pxpa.ultradns.net) or tld2.ultradns.net (udns2eqsj.ultradns.net). -Mike -Original Message- From: Alexander Bochmann [mailto:[EMAIL PROTECTED] Sent: Thursday, June 24, 2004 7:49 AM To: [EMAIL PROTECTED] Subject: Re: .ORG DNS Problem? Hi, ...on Thu, Jun 24, 2004 at 11:18:26AM -0400, Adam Kujawski wrote: Anybody else having problems resolving .ORG domains via TLD1.ULTRADNS.NET (204.74.112.1) and TLD2.ULTRADNS.NET. (204.74.113.1). I'm seeing slow respones, or no responses. Same here, until a few minutes ago. Didn't work (connection timed out) from various places in Europe, while I had no problems when coming from a host in the US. Alex. -- AB54-RIPE -- Ray Wong [EMAIL PROTECTED]
MTU discovery
Is it just me, or are more sites breaking pmtud these days? It's getting tempting to hack up ietf-pmtud-method support even before it becomes standard... Eddy -- EverQuick Internet - http://www.everquick.net/ A division of Brotsman Dreger, Inc. - http://www.brotsman.com/ Bandwidth, consulting, e-commerce, hosting, and network building Phone: +1 785 865 5885 Lawrence and [inter]national Phone: +1 316 794 8922 Wichita _ DO NOT send mail to the following addresses: [EMAIL PROTECTED] -*- [EMAIL PROTECTED] -*- [EMAIL PROTECTED] Sending mail to spambait addresses is a great way to get blocked.
Re: MTU discovery
no, its not just you. i've had issues with couple customers having problems visiting two large sites due to pMTUd breakage. it was discouraging to see some fortune100 web sites breaking their filtering too much over the line. -J On Thu, Jun 24, 2004 at 05:25:09PM +, Edward B. Dreger wrote: Is it just me, or are more sites breaking pmtud these days? It's getting tempting to hack up ietf-pmtud-method support even before it becomes standard... Eddy -- EverQuick Internet - http://www.everquick.net/ A division of Brotsman Dreger, Inc. - http://www.brotsman.com/ Bandwidth, consulting, e-commerce, hosting, and network building Phone: +1 785 865 5885 Lawrence and [inter]national Phone: +1 316 794 8922 Wichita _ DO NOT send mail to the following addresses: [EMAIL PROTECTED] -*- [EMAIL PROTECTED] -*- [EMAIL PROTECTED] Sending mail to spambait addresses is a great way to get blocked. -- James JunTowardEX Technologies, Inc. Technical LeadNetwork Design, Consulting, IT Outsourcing [EMAIL PROTECTED] Boston-based Colocation Bandwidth Services cell: 1(978)-394-2867 web: http://www.towardex.com , noc: www.twdx.net
Re: MTU discovery
no, its not just you. i've had issues with couple customers having problems visiting two large sites due to pMTUd breakage. it was discouraging to see some fortune100 web sites breaking their filtering too much over the line. in many cases, those companies put web load-balancing device, and the device prevents PMTU from working. maybe identify vendor which ships 'drop all icmp6' and teach them nicely? itojun
RE: Homeland Security now wants to restrict outage notifications
I did read the article and having worked for gov't agencies twice in my career a proposal like the one floated by DHS is just the camel's nose. I should hope the carriers oppose this. Now a call comes into our ops center I cant reach my experiment at Stanford. Ops looks up the outages Oh yeah there's a fiber cut affecting service we will let you know when it's fixed. They check it's fixed they call the customer telling them to try it now. Under the proposed regime We know its dead do not know why or when it will be fixed because it' classified information This makes for absolutely wonderful customer service and it protects public safety how?. Scott C. McGrath On Thu, 24 Jun 2004, Tad Grosvenor wrote: Did you read the article? The DHS is urging that the FCC drop the proposal to require outage reporting for significant outages. This isn't the DHS saying that outage notifications should be muted. The article also mentions: Telecom companies are generally against the proposed new reporting requirements, arguing that the industry's voluntary efforts are sufficient. -Tad -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Scott McGrath Sent: Thursday, June 24, 2004 12:58 PM To: [EMAIL PROTECTED] Subject: Homeland Security now wants to restrict outage notifications See http://www.theregister.co.uk/2004/06/24/network_outages/ for the gory details. The Sean Gorman debacle was just the beginning this country is becoming more like the Soviet Union under Stalin every passing day in its xenophobic paranoia all we need now is a new version of the NKVD to enforce the homeland security directives. Scott C. McGrath
Re: Attn MCI/UUNet - Massive abuse from your network
On Thu, 24 Jun 2004 15:22:02 +0700, Dr. Jeffrey Race [EMAIL PROTECTED] said: Not at all. You can terminate for actions prejudicial to the safety and security of the system. Has nothing to do with anti-trust. I suspect that the spammer can find a lawyer who is willing to argue the idea that the safety and security of the AS701 backbone was not prejudiced by the spammer's actions, unless AS701 is able to show mtrg graphs and the like showing that the spammer was actually sending enough of a volume to swamp their core routers And of course, none of the Tier-1's wants to argue in court that one spammer is able to present enough of a load to jeopardize their network stability, when even large DDoS attacks usually aren't much of a blip except near the victim node... pgpTCGZWkwbxZ.pgp Description: PGP signature
RE: Homeland Security now wants to restrict outage notifications
I agree, there are much more important things to protect than this information. It would be almost impossible to manage, and even more unlikely to ever have a positive effect. Besides, if someone with ill intentions has the abilities to act so quickly on such short notice, then we have much greater failures of our intelligence system that would need to be addressed. LP Best Regards, Larry Larry Pingree Visionary people, are visionary, partly because of the great many things they never get to see. - Larry Pingree -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Scott McGrath Sent: Thursday, June 24, 2004 11:06 AM To: [EMAIL PROTECTED] Subject: RE: Homeland Security now wants to restrict outage notifications I did read the article and having worked for gov't agencies twice in my career a proposal like the one floated by DHS is just the camel's nose. I should hope the carriers oppose this. Now a call comes into our ops center I cant reach my experiment at Stanford. Ops looks up the outages Oh yeah there's a fiber cut affecting service we will let you know when it's fixed. They check it's fixed they call the customer telling them to try it now. Under the proposed regime We know its dead do not know why or when it will be fixed because it' classified information This makes for absolutely wonderful customer service and it protects public safety how?. Scott C. McGrath On Thu, 24 Jun 2004, Tad Grosvenor wrote: Did you read the article? The DHS is urging that the FCC drop the proposal to require outage reporting for significant outages. This isn't the DHS saying that outage notifications should be muted. The article also mentions: Telecom companies are generally against the proposed new reporting requirements, arguing that the industry's voluntary efforts are sufficient. -Tad -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Scott McGrath Sent: Thursday, June 24, 2004 12:58 PM To: [EMAIL PROTECTED] Subject: Homeland Security now wants to restrict outage notifications See http://www.theregister.co.uk/2004/06/24/network_outages/ for the gory details. The Sean Gorman debacle was just the beginning this country is becoming more like the Soviet Union under Stalin every passing day in its xenophobic paranoia all we need now is a new version of the NKVD to enforce the homeland security directives. Scott C. McGrath
RE: Unplugging spamming PCs
But if you telnet from an IP that is not registered, you would be denied. Thus at least eliminating many of the erroneous email servers out there on the DSL, dial-up and other broadband connections, this has been tried in the open with such things as MABS RBL, etc by blocking common spamming IP's and mail servers. But since it is not mandatory, it falls apart too easily. LP Best Regards, Larry Larry Pingree Visionary people, are visionary, partly because of the great many things they never get to see. - Larry Pingree -Original Message- From: Joe Hamelin [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 23, 2004 5:26 PM To: Larry Pingree Cc: [EMAIL PROTECTED] Subject: Re: Unplugging spamming PCs On Wed, 23 Jun 2004 16:40:23 -0700, Larry Pingree [EMAIL PROTECTED] wrote: I agree with you it's a hard problem to solve. But unless there is mandatory cooperation within mail server software (which can be monitored) to interface with a registry of acceptable/registered sites, then this model could work. I can telnet to a mailserver and send mail to that host without much thought. What good will a registry do? What will solve spam is getting some of these virus writers to actually write some code that will trash disks of poorly patched (if a at all) hosts. Let Darwin take over. -Joe
Re: Homeland Security now wants to restrict outage notifications
I think you (and possibly The Register) are overreacting. The DHS is doing what it is paid to do: Look for the worst case scenario, predict the damage. And the reporting requirements that the DHS is arguing against _aren't even in effect yet._ ** Reply to message from Scott McGrath [EMAIL PROTECTED] on Thu, 24 Jun 2004 14:05:56 -0400 (EDT) I did read the article and having worked for gov't agencies twice in my career a proposal like the one floated by DHS is just the camel's nose. I should hope the carriers oppose this. Now a call comes into our ops center I cant reach my experiment at Stanford. Ops looks up the outages Oh yeah there's a fiber cut affecting service we will let you know when it's fixed. They check it's fixed they call the customer telling them to try it now. Under the proposed regime We know its dead do not know why or when it will be fixed because it' classified information This makes for absolutely wonderful customer service and it protects public safety how?. Scott C. McGrath On Thu, 24 Jun 2004, Tad Grosvenor wrote: Did you read the article? The DHS is urging that the FCC drop the proposal to require outage reporting for significant outages. This isn't the DHS saying that outage notifications should be muted. The article also mentions: Telecom companies are generally against the proposed new reporting requirements, arguing that the industry's voluntary efforts are sufficient. -Tad -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Scott McGrath Sent: Thursday, June 24, 2004 12:58 PM To: [EMAIL PROTECTED] Subject: Homeland Security now wants to restrict outage notifications See http://www.theregister.co.uk/2004/06/24/network_outages/ for the gory details. The Sean Gorman debacle was just the beginning this country is becoming more like the Soviet Union under Stalin every passing day in its xenophobic paranoia all we need now is a new version of the NKVD to enforce the homeland security directives. Scott C. McGrath -- Jeff Shultz A railfan pulls up to a RR crossing hoping that there will be a train.
Re: Attn MCI/UUNet - Massive abuse from your network
- Original Message - From: Dr. Jeffrey Race [EMAIL PROTECTED] To: Robert E. Seastrom [EMAIL PROTECTED] Cc: Christopher L. Morrow [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Thursday, June 24, 2004 9:59 AM Subject: Re: Attn MCI/UUNet - Massive abuse from your network On 24 Jun 2004 09:26:15 -0400, Robert E. Seastrom wrote: Dr. Jeffrey Race [EMAIL PROTECTED] writes: -- snip -- We see this all the time on Spam-L. It shows up quickly in the numbers when there is a management decision. perhaps we can move this discussion there, then? paul
RE: Unplugging spamming PCs
--On Thursday, June 24, 2004 11:17 AM -0700 Larry Pingree [EMAIL PROTECTED] wrote: Hi Joe, If only those who are approved email senders are allowed to be accepted, this allows police, FBI, or DHS to go after only those who are registered and abusing it. It's for the same purpose that we administer car registrations, so that at the end of the day, someone is responsible for the car. In this case, someone can be responsible for the domain and mail server. In its current state, we are left way in the open. I don't disagree that government control is un-desirable, but remember, at least in my mind, even though it may be undesirable, it may be a necessary action. Anyone know why we have to get a drivers license? How about a passport? What about a SSN? All of these things are ways in which we can have accountability. Without accountability we will remain in anarchy. All that government does is bridge a gap when corporations, which only do things for profit, will not collaborate on an appropriate solution to a problem, even though one exists. But why stop at email servers? spam is only one of the unsociable and illegal acts happening on the Internet. Why not license ownership of every IP capable device? That'll stop all forms of DoS (DDoS and otherwise too). Just to make sure, let's require that all vendors both inspect the license from their customers *and* notify the government on every purchase or upgrade. Hmm. Which government though? Better to be safe... you can't be sure which country the device is being installed in, or which country the packets flowing through the device will also visit. So let's require licenses from every country... and vendors to notify every government on every purchase or upgrade. Yep, that'll do the trick.
Boston UUNET Issue(s)
Did anyone notice any network related issues on the Boston UUNET network earlier this morning (4:00AM PST - 8:30 AM PST). What we observed was high latency for the following network 208.254.32.0/20? Regards, Ken Williams
Re: Unplugging spamming PCs
And all the spammers move to China where the FBI, DHS and police have no authority. Oh wait - you say they already have? ** Reply to message from Larry Pingree [EMAIL PROTECTED] on Thu, 24 Jun 2004 11:17:37 -0700 Hi Joe, If only those who are approved email senders are allowed to be accepted, this allows police, FBI, or DHS to go after only those who are registered and abusing it. It's for the same purpose that we administer car registrations, so that at the end of the day, someone is responsible for the car. In this case, someone can be responsible for the domain and mail server. In its current state, we are left way in the open. I don't disagree that government control is un-desirable, but remember, at least in my mind, even though it may be undesirable, it may be a necessary action. Anyone know why we have to get a drivers license? How about a passport? What about a SSN? All of these things are ways in which we can have accountability. Without accountability we will remain in anarchy. All that government does is bridge a gap when corporations, which only do things for profit, will not collaborate on an appropriate solution to a problem, even though one exists. -- Jeff Shultz A railfan pulls up to a RR crossing hoping that there will be a train.
Re: Homeland Security now wants to restrict outage notifications
On 6/24/2004 11:57 AM, Scott McGrath wrote: http://www.theregister.co.uk/2004/06/24/network_outages/ http://www.securityfocus.com/news/8966 is the original, for those of us who have our doubts about the register as a news source To summarize: there are existing FCC requirements to report major voice outages the FCC ran a proposal up the flag pole to extend this to data and wireless networks DHS did their job by analyzing the proposal and suggesting that it might not be a good idea to make the additional data too public Further: If the FCC is going to mandate reporting, the DHS argued, it should channel the data to a more circumspect group: the Telecom ISAC (Information Sharing and Analysis Center), an existing voluntary clearinghouse for communications-related vulnerability information, whose members include several government agencies and all the major communications carriers. Data exchanged within the Telecom-ISAC is protected from public disclosure. Presumably the FCC will take this opinion into consideration and weigh it alongside clear-headed debates as: this country is becoming more like the Soviet Union under Stalin every passing day in its xenophobic paranoia all we need now is a new version of the NKVD to enforce the homeland security directives. At least the paranoia is right -- Eric A. Hallhttp://www.ehsco.com/ Internet Core Protocols http://www.oreilly.com/catalog/coreprot/
RE: Unplugging spamming PCs
Hi John, I'm not taking it to extremes. I'm talking about the middle of the road, and certainly spam is the on the top of the scales on everyone's statistics. I'm certainly not condoning or suggesting that the government control everything, and I'm not for absolutely no government involvement either. A balanced approach is most appropriate just as with anything there also can be regional registries similar to how ARIN is setup that allow inter-continental and inter-country registration. Unless someone can come up with a better idea, I see no other choice. FYI, we do already license IP's, through ARIN, APNIC, etc so that's already been done :) LP Best Regards, Larry Larry Pingree Visionary people, are visionary, partly because of the great many things they never get to see. - Larry Pingree -Original Message- From: John Payne [mailto:[EMAIL PROTECTED] Sent: Thursday, June 24, 2004 11:40 AM To: Larry Pingree Cc: [EMAIL PROTECTED] Subject: RE: Unplugging spamming PCs --On Thursday, June 24, 2004 11:17 AM -0700 Larry Pingree [EMAIL PROTECTED] wrote: Hi Joe, If only those who are approved email senders are allowed to be accepted, this allows police, FBI, or DHS to go after only those who are registered and abusing it. It's for the same purpose that we administer car registrations, so that at the end of the day, someone is responsible for the car. In this case, someone can be responsible for the domain and mail server. In its current state, we are left way in the open. I don't disagree that government control is un-desirable, but remember, at least in my mind, even though it may be undesirable, it may be a necessary action. Anyone know why we have to get a drivers license? How about a passport? What about a SSN? All of these things are ways in which we can have accountability. Without accountability we will remain in anarchy. All that government does is bridge a gap when corporations, which only do things for profit, will not collaborate on an appropriate solution to a problem, even though one exists. But why stop at email servers? spam is only one of the unsociable and illegal acts happening on the Internet. Why not license ownership of every IP capable device? That'll stop all forms of DoS (DDoS and otherwise too). Just to make sure, let's require that all vendors both inspect the license from their customers *and* notify the government on every purchase or upgrade. Hmm. Which government though? Better to be safe... you can't be sure which country the device is being installed in, or which country the packets flowing through the device will also visit. So let's require licenses from every country... and vendors to notify every government on every purchase or upgrade. Yep, that'll do the trick.
Re: Attn MCI/UUNet - Massive abuse from your network
At 11:16 AM 6/24/2004, [EMAIL PROTECTED] wrote: On Thu, 24 Jun 2004 15:22:02 +0700, Dr. Jeffrey Race [EMAIL PROTECTED] said: Not at all. You can terminate for actions prejudicial to the safety and security of the system. Has nothing to do with anti-trust. I suspect that the spammer can find a lawyer who is willing to argue the idea that the safety and security of the AS701 backbone was not prejudiced by the spammer's actions, unless AS701 is able to show mtrg graphs and the like showing that the spammer was actually sending enough of a volume to swamp their core routers Likewise, I imagine MCI could argue that the damage is to their core product; namely, the trust of other ISPs and their willingness to exchange traffic with MCI. ~Ben --- Ben Browning [EMAIL PROTECTED] The River Internet Access Co. WA Operations Manager 1-877-88-RIVER http://www.theriver.com
Re: Attn MCI/UUNet - Massive abuse from your network
Chris, To start off, thank you for taking this issue seriously and investigating it. At 08:05 PM 6/23/2004, Christopher L. Morrow wrote: The sbl lists quite a few /32 entries, while this is nice for blocking spam if you choose to use their RBL service I'm not sure it's a good measure of 'spamhaus size'. I'm not sure I know of a way to take this measurement, but given size and number if IPs that terminate inside AS701 there certainly are scope issues. Netmasks aside, a spammer is a spammer. One spammer sending 100,000 emails from 4 machines is functionally equivalent to one sending 100,000 from 1 machine. All that said, I'm certainly not saying spam is good, I also believe that over the last 4.5 years uunet's abuse group has done quite a few good things with respect to the main spammers. That's possible, I suppose, but the view from outside sees only the bad(and there's plenty). As an example, I see a posting that says emailtools.com was alive on 206.67.63.41 in 2000. They aren't there any more... But now: [EMAIL PROTECTED] telnet mail.emailtools.com 25 Trying 65.210.168.34... Connected to mail.emailtools.com. Escape character is '^]'. Sure, customer of a customer we got emailtools.com kicked from their original 'home' now they've moved off (probably several times since 2000) to another customer. This happens to every ISP, each time they appear we start the process to disconnect them. I'm checking on the current status of their current home to see why we have either: 1) not gotten complaints about them, 2) have not made progress kicking them again. Excellent! I (and I am sure the rest of the antispam community) will be looking forward to hearing how all this pans out, and I am very glad I could bring some of this to your attention. On Mon, 21 Jun 2004, Ben Browning wrote: Allow me to rephrase- I wanted it to be read and hoped someone would act on complaints. I have no doubt MCI is serious about stopping DDOS and other abusive traffic of that ilk- when it comes to proxy hijacking and spamming, though, abuse@ turns a blind eye. What other conclusion can I draw from the This is not true, the action might not happen in the time you'd like, but there are actions being taken. I'd be the first to admit that the timelinees are lengthy :( but part of that is the large company process, getting all the proper people to realize that this abuse is bad and the offendors need to be dealt with. A lengthy timeline for action to be taken, from the viewpoint of the attacked, is indistinguishable from tacit approval of the attacks. I don't imagine MCI has a lengthy timeline when replying to sales email or billing issues. 200ish SBL entries under MCI's name? Why else would emailtools.com(for example) still be around despite their wholesale raping of misconfigured proxies? emailtools will be around in one form or another, all the owner must do is purchase 9$ virtual-hosting from some other poor ISP out there who needs the money... they may not even know who emailtools is, if that ISP is a uunet/mci customer then we'll have to deal with them as well, just like their current home. you must realize you can't just snap your fingers and make these things go away. Omaha Steaks has been there for 3+ weeks (since being added to the SBL). Scott Richter has likewise been spamming from there for a month. Do you need a permission slip to terminate him? Does it take a month to get one? I can snap my fingers many times in a month! According to ARIN records, both of these are swipped space only one step below yours(IE not a customer-of-a-customer). It's nice to say Oh well they move around and we can't stop them, but the point is that if they got terminated in a timely fashion (measured in hours or days at the most, *not* weeks and months) they would not keep moving around on your network; they would find another one to abuse instead. As it stands, they get a month to spam, then they have to move- that's pink gold in spammerland. All I want is a couple of straight-up answers. Why do complaints to uunet go unanswered and the abusers remain connected if, in fact, the complaints I believe you do get an answer, if not the auto-acks are off still from a previous mail flood ;( An auto-ack is not an answer. Please let me know if you are NOT getting ticket numbers back. They might be connected still if there were: 1) not enough info in the complaints to take action on them I've never been asked to furnish more info. 2) not enough complaints to terminate the account, but working with the downstream to get the problem resolved I've never been looped into this process either. What is the window you guys give your downstreams for ceasing such activities? 3) action is awaiting proper approvals. What's the timeframe on these approvals happening? Do you need such approvals in the event of a DDOS or other abuse? are read? Why has MCI gone from 111 SBL listings as of January 1 to 190 as I think the answer is
Re: Attn MCI/UUNet - Massive abuse from your network
At 11:34 PM 6/23/2004, Christopher L. Morrow wrote: I'd also point out someting that any provider will tell you: Spammers never pay their bills. Yes, but this is not a problem for a large carrier, as the people that receive it sure do. In other words, the money you lose on the spammer is subsidized by all the people that pay you to receive it. This is, in fact (for you nanae watchers), the reason that most of them get canceled by us FASTER... Sadly, non-payment is often a quicker and easier method to term a customer than 'abuse', less checks since there is no 'percieved revenue' :( A revenue check has no place in abuse terminations. --- Ben Browning [EMAIL PROTECTED] The River Internet Access Co. WA Operations Manager 1-877-88-RIVER http://www.theriver.com
Re: Homeland Security now wants to restrict outage notifications
On Thu, 24 Jun 2004 11:27:10 PDT, Jeff Shultz [EMAIL PROTECTED] said: The DHS is doing what it is paid to do: Look for the worst case scenario, predict the damage. At some point, somebody with some sanity needs to look at the proposal, and say If we think we have to resort to this, then the terrorists have already won. And the reporting requirements that the DHS is arguing against _aren't even in effect yet._ Wander over to www.chillingeffects.org or Ed Felton's www.freedom-to-tinker.org or any number of other sites that keep track of just how much trouble can be caused by the *threat* or *suggestion* of something pgpXgAYKYfofl.pgp Description: PGP signature
RE: Unplugging spamming PCs
--On Thursday, June 24, 2004 12:08 PM -0700 Larry Pingree [EMAIL PROTECTED] wrote: Hi John, I'm not taking it to extremes. I'm talking about the middle of the road, and certainly spam is the on the top of the scales on everyone's statistics. I'm certainly not condoning or suggesting that the government control everything, and I'm not for absolutely no government involvement either. A balanced approach is most appropriate just as with anything there also can be regional registries similar to how ARIN is setup that allow inter-continental and inter-country registration. Unless someone can come up with a better idea, I see no other choice. FYI, we do already license IP's, through ARIN, APNIC, etc so that's already been done :) No. As much as I hate spam... it's not on the top of the list of things to fix. If the ARIN, APNIC, RIPE, LANIC, etc registries are so upto date and accurate, why would you need to license anything at layer 4 or above? You've already got the contact details for people responsible for routing packets to those devices. LP Best Regards, Larry Larry Pingree Visionary people, are visionary, partly because of the great many things they never get to see. - Larry Pingree -Original Message- From: John Payne [mailto:[EMAIL PROTECTED] Sent: Thursday, June 24, 2004 11:40 AM To: Larry Pingree Cc: [EMAIL PROTECTED] Subject: RE: Unplugging spamming PCs --On Thursday, June 24, 2004 11:17 AM -0700 Larry Pingree [EMAIL PROTECTED] wrote: Hi Joe, If only those who are approved email senders are allowed to be accepted, this allows police, FBI, or DHS to go after only those who are registered and abusing it. It's for the same purpose that we administer car registrations, so that at the end of the day, someone is responsible for the car. In this case, someone can be responsible for the domain and mail server. In its current state, we are left way in the open. I don't disagree that government control is un-desirable, but remember, at least in my mind, even though it may be undesirable, it may be a necessary action. Anyone know why we have to get a drivers license? How about a passport? What about a SSN? All of these things are ways in which we can have accountability. Without accountability we will remain in anarchy. All that government does is bridge a gap when corporations, which only do things for profit, will not collaborate on an appropriate solution to a problem, even though one exists. But why stop at email servers? spam is only one of the unsociable and illegal acts happening on the Internet. Why not license ownership of every IP capable device? That'll stop all forms of DoS (DDoS and otherwise too). Just to make sure, let's require that all vendors both inspect the license from their customers *and* notify the government on every purchase or upgrade. Hmm. Which government though? Better to be safe... you can't be sure which country the device is being installed in, or which country the packets flowing through the device will also visit. So let's require licenses from every country... and vendors to notify every government on every purchase or upgrade. Yep, that'll do the trick.
Re: Homeland Security now wants to restrict outage notifications
I think you (and possibly The Register) are overreacting. With the current state of the government and it's previous legislation, I would consider that not overreacting at all... We as NANOG'ers need to make sure that we're in the clue. The issue of non-information leads for longer troubleshooting, and more irate customers. To each his own, however.. Thanks, Adam Adam 'Starblazer' Romberg Appleton: 920-738-9032 System Administrator Valley Fair: 920-968-7713 ExtremePC LLC-=- http://www.extremepcgaming.net
RE: Homeland Security now wants to restrict outage notifications
I also believe that critical infrastructure needs to be protected and I am charged with protecting a good chunk of it. Also as a Ham operator I work in concert with the various emergency management organizations in dealing with possible worst case scenarios. No, not everyone who asks about some piece of infrastructure under my control gets an answer but for now we can still choose who receives an answer without you having to contact a govt agency and ask whether I can respond to a query from Joe Shmoe. Unfortunately information=power and control of information is power^2 and many people in the permanent bureaucracy are there only in pursuit of power over others and 9/11 was a wonderful excuse to extend their scope of control over people's everyday lives. Right now in Boston cameras are now illegal in the subway for 'security reasons' who hasnt had a picture taken with their friends on the way to/from a gathering on the subway. Back when I was younger the only places with restrictions like that were the countries Iron Curtain. In the 50's my family helped resettle refugees from Hungary in the aftermath of the failed Hungarian Revolution freedom is a valuable thing unfortunately we are losing it bit by bit. Scott C. McGrath On Thu, 24 Jun 2004, Harris, Michael C. wrote: Scott McGrath said: See http://www.theregister.co.uk/2004/06/24/network_outages/ for the gory details. The Sean Gorman debacle was just the beginning this country is becoming more like the Soviet Union under Stalin every passing day in its xenophobic paranoia all we need now is a new version of the NKVD to enforce the homeland security directives. Scott C. McGrath -- Ask and you shall receive! Fresh from the DHS website yesterday morning. (quoting the end of the 4th paragraph below) In addition, HSIN-CI network, in partnership with the FBI, provides a reporting feature that allows the public to submit information about suspicious activities through the FBI Tips Program that is then shared with the Department's HSOC. Just call the party hotline and report your neighbors, coworkers and friends... Don't get me wrong, I am a supporter of protecting critical infrastructure. There are already programs, Infragard is an example, that perform the same kind of information sharing by choice rather than decree. Infragard is supported by public private and sectors both, with similar support from the FBI. (yes, I am an Infragard member just to be 100% above board) Mike Harris Umh.edu -- http://www.dhs.gov/dhspublic/display?content=3748 Homeland Security Launches Critical Infrastructure Pilot Program to Bolster Private Sector Security - Dallas First of Four Pilot Communities Sharing Targeted Threat Information For Immediate Release Office of the Press Secretary Contact: 202-282-8010 June 23, 2004 Homeland Security Information Network - Critical Infrastructure The U.S. Department of Homeland Security in partnership with local private sector and the Federal Bureau of Investigation, today launched the first Homeland Security Information Network-Critical Infrastructure (HSIN-CI) Pilot Program in Dallas, Texas with locally operated pilot programs in Seattle, Indianapolis and Atlanta to follow. The pilot program will operate throughout the course of this year to determine the feasibility of using this model for other cities across the country. The HSIN-CI pilot program, modeled after the FBI Dallas Emergency Response Network expands the reach of the Department's Homeland Security Information Network (HSIN) initiative--a counterterrorism communications tool that connects 50 states, five territories, Washington, D.C., and 50 major urban areas to strengthen the exchange of threat information--to critical infrastructure owners and operators in a variety of industries and locations, first responders and local officials. As part of the HSIN-CI pilot program, more than 25,000 members of the network will have access to unclassified sector specific information and alert notifications on a 24/7 basis. The Homeland is more secure when each hometown is more secure, said Secretary of Homeland Security Tom Ridge. HSIN-CI connects our communities - the government community to the private sector community to the law enforcement community -- the better we share information between our partners, the more quickly we are able to implement security measures where necessary. The HSIN-CI network allows local and regional areas to receive targeted alerts and notifications in real-time from Department's Homeland Security Operations Center (HSOC) using standard communication devices including wired and wireless telephones, email, facsimile and text pagers. The network requires no additional hardware or software for
Re: Homeland Security now wants to restrict outage notifications
On 6/24/2004 2:24 PM, [EMAIL PROTECTED] wrote: On Thu, 24 Jun 2004 11:27:10 PDT, Jeff Shultz [EMAIL PROTECTED] said: And the reporting requirements that the DHS is arguing against _aren't even in effect yet._ or any number of other sites that keep track of just how much trouble can be caused by the *threat* or *suggestion* of something Was it really your intention to imply that this recommendation (and which should have been expected, given the DHS' job) is some kind of a threat? -- Eric A. Hallhttp://www.ehsco.com/ Internet Core Protocols http://www.oreilly.com/catalog/coreprot/
Re: Attn MCI/UUNet - Massive abuse from your network
On Thu, 24 Jun 2004, Ben Browning wrote: like showing that the spammer was actually sending enough of a volume to swamp their core routers Likewise, I imagine MCI could argue that the damage is to their core product; namely, the trust of other ISPs and their willingness to exchange traffic with MCI. you mean the phone companies we do business with?
Re: SprintPCS spam policies
I just wanted to give everyone a heads-up on the antispam policies of SprintPCS, so that you will know what to expect if you start getting blocked by their mx.messaging.sprintpcs.com mail servers. As a non-sprint-related side note, I know of somebody whose ATT Wireless phone service was rendered completely unusable by incoming spam via the email-to-SMS gateway. The typical rate was one message every 30 minutes, the only solution offered by customer service was to change the phone number. Has anyone ever encountered spammers doing a dictionary attack (emailing all phone numbers in a NXX) via email-to-SMS gateways?
Re: Homeland Security now wants to restrict outage notifications
Consider the source of policy makers that make these decisions, are clueless to networks and infrastructure themselves. They fail to understand any costing metrics by adding another loop of useless people to he cycle at the expense of everyone, which will in the long run be damaging to the economy of those companies who will then move those centers offshore to remove the DHS from their loop, which causes job loss and skill base destruction beyond what it already is in the US. My vote on this proposal is no and contact my gov rep and complain. -Henry --- Adam 'Starblazer' Romberg [EMAIL PROTECTED] wrote: I think you (and possibly The Register) are overreacting. With the current state of the government and it's previous legislation, I would consider that not overreacting at all... We as NANOG'ers need to make sure that we're in the clue. The issue of non-information leads for longer troubleshooting, and more irate customers. To each his own, however.. Thanks, Adam Adam 'Starblazer' Romberg Appleton: 920-738-9032 System Administrator Valley Fair: 920-968-7713 ExtremePC LLC-=- http://www.extremepcgaming.net
Re: Attn MCI/UUNet - Massive abuse from your network
Ben Browning said: snip A lengthy timeline for action to be taken, from the viewpoint of the attacked, is indistinguishable from tacit approval of the attacks. I don't imagine MCI has a lengthy timeline when replying to sales email or billing issues. You ARE kidding, right? -- Grant A. Kirkwood - grant(at)tnarg.org Fingerprint = D337 48C4 4D00 232D 3444 1D5D 27F6 055A BF0C 4AED
Re: Attn MCI/UUNet - Massive abuse from your network
On Thu, 24 Jun 2004, Ben Browning wrote: At 11:34 PM 6/23/2004, Christopher L. Morrow wrote: I'd also point out someting that any provider will tell you: Spammers never pay their bills. Yes, but this is not a problem for a large carrier, as the people that receive it sure do. In other words, the money you lose on the spammer is subsidized by all the people that pay you to receive it. this is not entirely true, a majority of these far-end customers are paying the same price regardless of utilization. Even the utilization charged customers are not having their 95th Percentile changed because of spam, or that'd be my guess. In the end there is no money for mci from spammers. -chris
Re: Attn MCI/UUNet - Massive abuse from your network
On Thu, 24 Jun 2004, Grant A. Kirkwood wrote: Ben Browning said: snip A lengthy timeline for action to be taken, from the viewpoint of the attacked, is indistinguishable from tacit approval of the attacks. I don't imagine MCI has a lengthy timeline when replying to sales email or billing issues. You ARE kidding, right? Sorry, I'll reply to ben's message part here: Actually getting sales involved is a timely process from my perspective :( I used to know a sales person I could count on, he got RIF'd so now finding someone to help a customer that needs an upgrade is a very difficult task. Keep in mind, this is a very large corporation, Abuse/Security is in an entirely different arm of the beast than the Sales/marketting folks :( Affecting change from either direction is often times 'challenging'. -Chris
Re: Attn MCI/UUNet - Massive abuse from your network
- Original Message - From: Christopher L. Morrow [EMAIL PROTECTED] To: Ben Browning [EMAIL PROTECTED] Cc: Dr. Jeffrey Race [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Thursday, June 24, 2004 5:55 PM Subject: Re: Attn MCI/UUNet - Massive abuse from your network --- snipped --- this is not entirely true, a majority of these far-end customers are paying the same price regardless of utilization. Even the utilization charged customers are not having their 95th Percentile changed because of spam, or that'd be my guess. In the end there is no money for mci from spammers. agreed, in the majority of the cases. on the other had, implementing the FUSSP jrace proposed would cost mci (or any other carrier) revenue as they would be seen as frothing-at-the-mouth fanatics that present a business risk when used for upstream transit even for folks that run clean networks and deal with abuse complaints properly. and yes, it's time for this thread to die. paul
Re: Attn MCI/UUNet - Massive abuse from your network
On Thu, 24 Jun 2004 [EMAIL PROTECTED] wrote: But most people are happy with things the way they are. They love SPAM because it gives them something to complain about and get emotional about. I unfortunately have to agree there. There's a large portion of the internet who has nothing better to do than sit around and do essentially nothing. Be it IRC, read email, spam, complain about spam, complain about hijacked netblocks, complain about how slow their dialup is, complain about how slow their cablemodem is, complain about how slow their computer is, etc... Spammers and Spamcomplainers belong to eachother, eventually they'll get their own private intarweb, and they can torment eachother directly :)
Re: Attn MCI/UUNet - Massive abuse from your network
On Thu, 24 Jun 2004, Ben Browning wrote: This is, in fact (for you nanae watchers), the reason that most of them get canceled by us FASTER... Sadly, non-payment is often a quicker and easier method to term a customer than 'abuse', less checks since there is no 'percieved revenue' :( A revenue check has no place in abuse terminations. That would be nice, but this is the real world. We (presumably technical people) don't get to make all of the choices in life. If we did, things might be a lot better, but then again maybe only 10-15% of us would still be employed :)
Re: Attn MCI/UUNet - Massive abuse from your network
At 02:36 PM 6/24/2004, Christopher L. Morrow wrote: On Thu, 24 Jun 2004, Ben Browning wrote: like showing that the spammer was actually sending enough of a volume to swamp their core routers Likewise, I imagine MCI could argue that the damage is to their core product; namely, the trust of other ISPs and their willingness to exchange traffic with MCI. you mean the phone companies we do business with? No, I mean the internet. (Hence, ISPs). Your product, in the context of this discussion anyways, is access to the internet. When the actions of a downstream damage that product(IE more and more networks nullroute UUNet traffic), I would assume that you have appropriate privilege to toss them overboard in the contracts. IANAL, though. ~Ben --- Ben Browning [EMAIL PROTECTED] The River Internet Access Co. WA Operations Manager 1-877-88-RIVER http://www.theriver.com
RE: Attn MCI/UUNet - Massive abuse from your network
At 02:36 PM 6/24/2004, Christopher L. Morrow wrote: On Thu, 24 Jun 2004, Ben Browning wrote: [ SNIP ] this discussion anyways, is access to the internet. When the actions of a downstream damage that product(IE more and more networks nullroute UUNet traffic), [ Operations content: ] Do you know of any ISP's null routing AS701? -M
Teaching/developing troubleshooting skills
I'm working on trying to teach others in my group (usually less-experienced, but not always) how to improve their large-network troubleshooting skills (the techniques of isolating a problem, etc). It's been so long since I learned network troubleshooting techniques I can't remember how I learned them or even how I used to do it (so poorly). Does anyone have experience with developing a skills-improvement program on this topic? If you've tried such a thing, what worked/didn't work for you? Outside training? Books? Mentoring? Motivational posters? I'm particularly sensitive to the I got my CCNA, therefore I know everything there is to know about troubleshooting perspective, and how to encourage improving troubleshooting skills without making it insultingly basic. Thanks for your help. Pete.
RE: Teaching/developing troubleshooting skills
Hi Pete, If you have a test lab, a good thing would be to setup a complete functional network. Show the engineer how it's configured. Then have them leave the room and then break it. Send them back in to look at what is wrong. As they move through the process, help them by guiding them through the troubleshooting process in a mentoring fashion, help them analyze and break apart the problem. LP Best Regards, Larry Larry Pingree Visionary people, are visionary, partly because of the great many things they never get to see. - Larry Pingree -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Pete Kruckenberg Sent: Thursday, June 24, 2004 4:09 PM To: [EMAIL PROTECTED] Subject: Teaching/developing troubleshooting skills I'm working on trying to teach others in my group (usually less-experienced, but not always) how to improve their large-network troubleshooting skills (the techniques of isolating a problem, etc). It's been so long since I learned network troubleshooting techniques I can't remember how I learned them or even how I used to do it (so poorly). Does anyone have experience with developing a skills-improvement program on this topic? If you've tried such a thing, what worked/didn't work for you? Outside training? Books? Mentoring? Motivational posters? I'm particularly sensitive to the I got my CCNA, therefore I know everything there is to know about troubleshooting perspective, and how to encourage improving troubleshooting skills without making it insultingly basic. Thanks for your help. Pete.
Re: Teaching/developing troubleshooting skills
Pete Kruckenberg wrote: I'm working on trying to teach others in my group (usually less-experienced, but not always) how to improve their large-network troubleshooting skills (the techniques of isolating a problem, etc). There are several vendors that offer these types of courses, and I am sure that if you search for courseware, you can find some good materials you could use to teach your own sessions in house. Jon -- Jon R. Kibler Chief Technical Officer A.S.E.T., Inc. Charleston, SC USA (843) 849-8214 == Filtered by: TRUSTEM.COM's Email Filtering Service http://www.trustem.com/ No Spam. No Viruses. Just Good Clean Email.
Re: SprintPCS spam policies
On Jun 24, 2004, at 2:44 PM, Eric Kuhnke wrote: Has anyone ever encountered spammers doing a dictionary attack (emailing all phone numbers in a NXX) via email-to-SMS gateways? If they didn't before, they surely will now. -davidu David A. Ulevitch - Founder, EveryDNS.Net http://david.ulevitch.com -- http://everydns.net
Re: Attn MCI/UUNet - Massive abuse from your network
On Thu, 24 Jun 2004, Ben Browning wrote: At 02:36 PM 6/24/2004, Christopher L. Morrow wrote: On Thu, 24 Jun 2004, Ben Browning wrote: like showing that the spammer was actually sending enough of a volume to swamp their core routers Likewise, I imagine MCI could argue that the damage is to their core product; namely, the trust of other ISPs and their willingness to exchange traffic with MCI. you mean the phone companies we do business with? whoops, forgot my smilies :( No, I mean the internet. (Hence, ISPs). Your product, in the context of this discussion anyways, is access to the internet. When the actions of a I'm not sure that there are many who are wholesale null routing uunet ip space, if they do they might be causing their customers unnecessary outages. downstream damage that product(IE more and more networks nullroute UUNet traffic), I would assume that you have appropriate privilege to toss them overboard in the contracts.
Re: Attn MCI/UUNet - Massive abuse from your network
On Thu, 24 Jun 2004, Ben Browning wrote: you mean the phone companies we do business with? No, I mean the internet. (Hence, ISPs). Your product, in the context of this discussion anyways, is access to the internet. When the actions of a downstream damage that product(IE more and more networks nullroute UUNet traffic), I would assume that you have appropriate privilege to toss them overboard in the contracts. I think you'll be hard pressed to find anyone running a real ISP who will null route any/all of UUNet. UUNet is a large organization, network wise, and people wise. The fact that they don't have people dedicated to jumping on customers who you consider to be spamming, should not be suprising nor expected.
Re: Teaching/developing troubleshooting skills
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Pete Kruckenberg wrote: | I'm working on trying to teach others in my group (usually | less-experienced, but not always) how to improve their | large-network troubleshooting skills (the techniques of | isolating a problem, etc). | | It's been so long since I learned network troubleshooting | techniques I can't remember how I learned them or even how I | used to do it (so poorly). | | Does anyone have experience with developing a | skills-improvement program on this topic? If you've tried | such a thing, what worked/didn't work for you? Outside | training? Books? Mentoring? Motivational posters? | | I'm particularly sensitive to the I got my CCNA, therefore | I know everything there is to know about troubleshooting | perspective, and how to encourage improving troubleshooting | skills without making it insultingly basic. | If you are looking for some courses on just analytical troubleshooting and/or problem solving techniques, you might want to look at the Kepner Tregoe stuff (www.kepner-tregoe.com). It is not network specific but rather teaches techniques. Some of their courses include: Problem Solving and Decision Making Analytic Trouble Shooting Implementing Corrective and Preventive Actions - -- = bep -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2 (MingW32) iD8DBQFA23J8E1XcgMgrtyYRAun6AKCmtmTkq8Pyq5xYBud478424x67kACeP6w9 uBUJo/El3rVXRC7TBkpb2DA= =q+YH -END PGP SIGNATURE-
Re: Attn MCI/UUNet - Massive abuse from your network
spamhaus has gotten too agressive. Its now preventing too much legitimate email. that's funny, really funny. s/spamhaus/maps/ or s/spamhaus/sorbs/ or indeed look at any receiver-side filtering mechanism that gets a little traction, and sooner or later folks will say it's too aggressive and prevents too much legitimate e-mail. the internet as a disintermediator is going to cause more things like maps and spamhaus and sorbs to be created and to become successful/effective over time. the only way to remain a successful sender of e-mail is to find a way to thread all of those needles at once, plus new ones that come along later. same thing for anti-spam features of common MTA's. once in a while someone can't get e-mail to me because they don't have a DNS-PTR or DNS-MX, or because their SMTP-HELO doesn't match their DNS-PTR, and they complain, quite rightly, that RFC821 doesn't require them to do it and that i'm in violation of the protocol by rejecting their e-mail. i usually respond by telling them my fax number. they usually respond by changing their DNS or SMTP configuration to conform to my violations of the protocol. lather, rinse, repeat. somebody told me the other day that we couldn't implement graylisting here because a lot of mail relays wouldn't retry for way too long, or would retry too quickly, or would retry from a different ip address each time, or etc. i said our fax number is on the web page, so senders will have recourse. spam is fundamentally an exercise in unilateral cost shifting, by advertisers toward eyeballs, with all kinds of middlemen. to cope with this, these costs are going to have to be shifted elsewhere. it would be loverly to shift them back toward advertisers, with fines and lawsuits and lost connectivity and increased transit disconnection/reconnection fees, but that's not working. (compare the u.s. federal anti-spam law with california's to see what i mean.) so, the costs are being shifted toward legitimate e-mail senders. oh well. if somebody can't reach you because they don't know how to thread the needle, then send them your fax number or postal address. getting legitimate e-mail has to become the sender's problem, because receiver costs are too high now. i'm not preaching that this should be so; i'm explaining that it's become so. it's like with chris and sean not being able to disco their spewing endsystems: just because the source-provider or transit-provider doesn't make connectivity less available to these spewers, doesn't mean it won't become less available. all it does is change who does it, and it usually ends up getting done by folks whose tools aren't as sharp as the (source|transit)-provider's. it's a very twisted variation on you broke it, you bought it.
Re: Attn MCI/UUNet - Massive abuse from your network
On Thu, 24 Jun 2004 14:16:49 -0400, [EMAIL PROTECTED] wrote: I suspect that the spammer can find a lawyer who is willing to argue the idea that the safety and security of the AS701 backbone was not prejudiced by the spammer's actions, OK, let them sue. If you are against spam, you have to stand up in court and say so. Anyway all the spamming is now in violation of contracts. These people would come to court with 'dirty hands' in the term of art, and the court would not look favorably on any case they might try to make Jeffrey Race
Re: Attn MCI/UUNet - Massive abuse from your network
On Thu, 24 Jun 2004 21:33:35 + (GMT), Christopher L. Morrow wrote: This is true. The 'security' or 'safety' of the backbone is not affected by: 1) portscaning by morons for openshares 2) spam mail sending 3) spam mail recieving (atleast not to my view, though I'm no lawyer, just a chemical engineer) So, the issue of termination for this reason isn't really valid. Hence the off-topic-ness of this thread. Compromise to connectivity due to harboring spammers is a security and safety issue by any reasonable definition.Being a vector for trojan horse mechanisms is a security issue.
RE: Unplugging spamming PCs
Hi, Mail servers should be registered just like domains and shutdown by a registrar if they are misusing their registered services. This really needs to be handled by a multi-lateral legal solution, industry will not fix it alone. No, I don't think this is good solution First of all, we could not ask customers to register everything they planned with leased line without legal reasons. Second, if I hire DSL/leased_line service from ISP and set up domain name for myself, ISP could not ask me to tell them which port should be opened as I'm not taking a firewalling service, I'm not a member of my service provider. I should be able to do anything that are not perhibited by law or affact someothers. Blocking_port_25 indicates ISP pre-assume that customers will SPAM their network. But, SPAMmer is just a very small group of people. Maybe most of them comes from other countries ( what happens in China). To me, the proper way of anti-spam may ask cooperation between ISPs and Email service providers. Anyway, strengthening anti-spam ability in Email server is a must. regards Joe LP Best Regards, Larry Cool Things Happen When Mac Users Meet! Join the community in Boston this July: www.macworldexpo.com
RE: Attn MCI/UUNet - Massive abuse from your network
On Thu, 24 Jun 2004 19:26:10 -0600, Smith, Donald wrote: Are you offering to finance ISP's legal battles against spammers? No, it's their network and their legal responsibility to keep it clean. However I did voluntarily prepare a case for Neil Patel to file on behalf of UUNET under the Va computer crimes act, and he refused. I would have been a witness. At this point (esp when he said the matter lay with Mr Ebbers, who is now up on other criminal charges) it became obvious what was the ethical level of this firm's management. Jeffrey Race
Re: SprintPCS spam policies
Eric Kuhnke writes on 6/25/2004 5:44 AM: As a non-sprint-related side note, I know of somebody whose ATT Wireless phone service was rendered completely unusable by incoming spam via the email-to-SMS gateway. The typical rate was one message every 30 minutes, the only solution offered by customer service was to change the phone number. Has anyone ever encountered spammers doing a dictionary attack (emailing all phone numbers in a NXX) via email-to-SMS gateways? I used to run an email to sms gateway at a previous job (where we consulted for one of india's largest mobile phone providers) I was seeing multiple instances of this even 4..5 years ago. srs -- suresh ramasubramanian [EMAIL PROTECTED] gpg EDEDEFB9 manager, security and antispam operations, outblaze ltd
RE: Attn MCI/UUNet - Massive abuse from your network
I am not a lawyer. I am not aware of the law that requires uunet to go to court to prevent spammers who are not their direct customers from using their network. Spammers use many differnt means to send their spam. Most ISPs use AUP's to prevent spamming but afaik no isp has successfully sued a spammer and recovered any reasonable percentage of their expenses in fighting this same spam. When that becomes a method to pay for combating spam I am sure most ISPs will pursue it. This is a money issue. NSP/ISP have shareholders who desire a return on their investment. When I notify the abuse team at uunet of a spammer they act promptly shutting down any account that I can show is being used for spam. Chris is a very trusted and active member of the NSP community, to his credit is a detailed document on blackhole filtering one of the primary tools used by other NSP/ISP's for stopping bad traffic. AFAIK he can not authorize legal action against spammers. [EMAIL PROTECTED] my opinions are mine and do not reflect qwest policy. -Original Message- From: Dr. Jeffrey Race To: Smith, Donald Cc: [EMAIL PROTECTED] Sent: 6/24/2004 9:40 PM Subject: RE: Attn MCI/UUNet - Massive abuse from your network On Thu, 24 Jun 2004 19:26:10 -0600, Smith, Donald wrote: Are you offering to finance ISP's legal battles against spammers? No, it's their network and their legal responsibility to keep it clean. However I did voluntarily prepare a case for Neil Patel to file on behalf of UUNET under the Va computer crimes act, and he refused. I would have been a witness. At this point (esp when he said the matter lay with Mr Ebbers, who is now up on other criminal charges) it became obvious what was the ethical level of this firm's management. Jeffrey Race
RE: Attn MCI/UUNet - Massive abuse from your network
On Thu, 24 Jun 2004 21:39:26 -0600, Smith, Donald wrote: I am not a lawyer. I am not aware of the law that requires uunet to go to court to prevent spammers who are not their direct customers from using their network. Doctrine of attractive nuisance
AOL Orders the Spam Special
And just when things looked dismal this had to happen to make it more so http://www.washingtonpost.com/wp-dyn/articles/A1898-2004Jun24.html?referrer=email -Henry
