Re: Re: ISP Policies

[Rohit Gupta]

James,

So this provider would select the path with the longer AS_PATH length and would advertise this one to its peers (if any). I believe then its for the others to decide if they want to take this route or not.

Is my understanding correct?

Thanks,
Rohit

Mtech Comp Sc. 
Institute of Technology
Banaras Hindu University 

- Original Message - 
From: "James" <[EMAIL PROTECTED]>
To: "Rohit Gupta" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Friday, September 10, 2004 11:42 AM
Subject: Re: ISP Policies

> 
> On Fri, Sep 10, 2004 at 11:36:58AM +0530, Rohit Gupta wrote:
>> On a related note : Do ISPs ever tweak around with Local Prefs and weights so as to select BGP paths with greater AS PATH length?
>> 
>> Would it ever make sense for a provider to chose a longer AS PATH length BGP route against a shorter AS PATH length route?
>> 
> 
> Yes many do -> Prefer your customer routes via customer interfaces, over
> transit and peering interfaces.
> 
> Higher LP over cust interfaces = more bits = more revenue. There is nothing
> wrong with this IMO, considering many of them who do this, also provide
> a community for customers to override this behaviour.
Indiatimes Email now powered by APIC Advantage. Help! HelpClick on the image to chat with me

Re: ISP Policies

[James]

On Fri, Sep 10, 2004 at 11:36:58AM +0530, Rohit Gupta wrote:
> On a related note : Do ISPs ever tweak around with Local Prefs and weights so as to 
> select BGP paths with greater AS PATH length?
> 
> Would it ever make sense for a provider to chose a longer AS PATH length BGP route 
> against a shorter AS PATH length route?
> 

Yes many do -> Prefer your customer routes via customer interfaces, over
transit and peering interfaces.

Higher LP over cust interfaces = more bits = more revenue. There is nothing
wrong with this IMO, considering many of them who do this, also provide
a community for customers to override this behaviour.

-J


-- 
James JunTowardEX Technologies, Inc.
Technical LeadNetwork Design, Consulting, IT Outsourcing
[EMAIL PROTECTED]  Boston-based Colocation & Bandwidth Services
cell: 1(978)-394-2867   web: http://www.towardex.com , noc: www.twdx.net

Re: ISP Policies

[Rohit Gupta]

On a related note : Do ISPs ever tweak around with Local Prefs and weights so as to select BGP paths with greater AS PATH length?

Would it ever make sense for a provider to chose a longer AS PATH length BGP route against a shorter AS PATH length route?

Rohit

MTech Comp Sc.
Institute of Technology
Banaras Hindu University

- Original Message - 
From: "Howard C. Berkowitz" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, September 09, 2004 11:27 PM
Subject: Re: ISP Policies


> 
> At 11:04 AM +0530 9/9/04, Tulip Rasputin wrote:
>>Hi Chris,
>>
>>>Or, you just don't want to send traffic through Bill Manning's ASN because
>>>you dislike his hawiian T-Shirt Policy? There are probably a few hundred
>>>reasosn why you'd avoid an ASN... In general though I'd think that like
>>>Michel said: "It's a pain and its doing something that bgp should do for
>>>you without lots of messing about"
>>
>>That's why i explicitly asked for some "social/political/etc." 
>>reasons where an ISP may not want his traffic to traverse some 
>>particular AS number(s). Something which is beyond BGP to determine 
>>as of now ! :-)
Indiatimes Email now powered by APIC Advantage. Help! HelpClick on the image to chat with me

Restoration after Hurricane Frances

[Sean Donelan]

In Florida after Hurricane Frances: 17 fatalities attributed to the
Hurricane and its affects.

Wireless companies are reporting 95% service restoration statewide.

Wireline companies have restored over half of the damaged lines statewide.
Bellsouth: 385,000 and Sprint: 177,000 out of service.  No figures
available from other individual wireline companies.

Adelphia reported it had restored 68% of its service.

Comcast reports "significant progress."

I heard of no reports of damage to any major co-location or Internet
data center in Florida due to Hurricane Frances.  NASA shutdown at least
a portion of its computer networks at the Kennedy Space Center in advance
of Hurricane Frances.

Next up, Hurricane Ivan.  The lower Florida Keys have evacuation orders
for non-residents, RV's, boats and parks starting on September 10.

Re: ISP Policies

[Peter Wohlers]

Once upon a career, I was involved with shipping cargo via ocean vessel 
to Kuwait (and other Arab countries). We had to provide signed 
affadavits from the ships owners that the carrying vessels were neither 
Israeli owned nor would call any Israeli ports during the voyage.

If Arab countries' ISP's were to follow the same political philosophy, I 
could see them filtering accordingly.

In short, politics.
Is it 'normal'?
Boy, is that a loaded question ;)
--Peter Wohlers
Tulip Rasputin wrote:
So can you give me an example of why and when would an ISP *not* want 
its traffic to flow via some other AS(es). Is it a normal policy to 
have, and do most of the ISPs have such policies in place?

Thanks,
Tulip
- Original Message - From: <[EMAIL PROTECTED]>
To: "Tulip Rasputin" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Thursday, September 09, 2004 10:07 AM
Subject: Re: ISP Policies

yes.
On Thu, Sep 09, 2004 at 09:58:52AM +0530, Tulip Rasputin wrote:
Hi,
I have a general policy question.
Do the ISPs ever look for some particular AS number in the BGP 
AS_PATH and
then decide what action/preference/priority they need to take/give 
based on
the AS number(s) present in the BGP AS_PATH_SEQ/SET? For instance, 
does it
happen that an ISP receives some BGP paths, but because of some 
political,
social, economical, DOS attack, etc. reasons decides that it doesn't 
want
to accept this path because some particular AS number is present in 
the BGP
UPDATE.

Basically, it doesn't want *its* traffic to flow via that particular AS
number(s).
Or, if there is a mutual disagreement between two ISPs, and one doesn't
want his traffic to traverse the other's AS number.
Does this sort of thing ever happen? Are such restrictive policies 
normal
in the ISP/IX scenarios?

Thanks,
Tulip


--
*
* Peter Wohlers *
[EMAIL PROTECTED]
*

Re: Verizon Sr. Manager in the NY/NJ Metro area

[Pete Schroebel]

Contact ChoiceNetworks and they can point you in the right direction, been
there too ;-)


>
> Anyone know the name/contact information of a relatively high Sr.
> manager at Verizon involved in their high-cap provisioning in the
> NY/NJ metro region?  I have a dedicated t1 going on its 4th month on
> the books without being provisioned properly.
> Please reply offlist .. thanks.
>
> Mike Sawicki
> ([EMAIL PROTECTED])
>
>

Re: OT: The bubble and the economy

[John Kinsella]

On Thu, Sep 09, 2004 at 04:00:33PM -0700, Conrad Watson wrote:
> With all the opinions on this list, I'm sure someone will give me a place to 
> start. Thank you.

Google.

Re: Verisign vs. ICANN

[Dan Hollis]

On Fri, 10 Sep 2004, Matthew Sullivan wrote:
> Dan Hollis wrote:
> >On Mon, 16 Aug 2004, Andre Oppermann wrote:
> >>PS: I will patent it myself to prevent Versign from doing this.
> >Wouldnt it be beautiful if a bunch of people patented the hell out of 
> >various ways to exploit dns wildcarding, thus preventing verisign from 
> >doing anything useful with it at all...
> It would only be useful if those people were also in a position to 
> vigorously defend said patents when (and if) they were infringed.
> / Mat

If the patent is strong enough, wouldnt some patent attorney be willing to 
defend it on a contingency basis?

With the potential $$ in a patent violation judgement against verisign, I 
would think attorneys would be all over it.

-Dan

OT: The bubble and the economy

[Conrad Watson]

Hi, I am preparing to write a research paper for my economics class on the 
effect of the internet bubble and burst on the economy. Also, what part (if 
any) it played in the most recent recession.

If anyone could point me to any sites with data on the economy at the time and 
after I would really appreciate it. I haven't looked myself yet but I wanted 
to try to run it by you guys first and see if I can get a good starting 
point.

With all the opinions on this list, I'm sure someone will give me a place to 
start. Thank you.

Conrad

Re: Verisign vs. ICANN

[Eric Brunner-Williams in Portland Maine]

> It would only be useful if those people were also in a position to 
> vigorously defend said patents when (and if) they were infringed.

assign the patents to icann, to the eff, to the registrar constituency ...

Re: Verisign vs. ICANN

[Matthew Sullivan]

Dan Hollis wrote:
On Mon, 16 Aug 2004, Andre Oppermann wrote:
 

PS: I will patent it myself to prevent Versign from doing this.
   

Wouldnt it be beautiful if a bunch of people patented the hell out of 
various ways to exploit dns wildcarding, thus preventing verisign from 
doing anything useful with it at all...
 

It would only be useful if those people were also in a position to 
vigorously defend said patents when (and if) they were infringed.

/ Mat

Re: "Intel calls for Internet overhaul"

[Peter H Salus]

You want to see the future of meritless products, you've
gotta look at the xri and xdi white papers from 
oasis-open.org.  ROTFL.

Peter

Re: "Intel calls for Internet overhaul"

[Tom (UnitedLayer)]

On Thu, 9 Sep 2004, Daniel Golding wrote:
> It has become trendy, in some circles,
> performance/congestion/non-deterministic nature/lack of security/ issue here>. After firmly denouncing the Internet, the company or
> individual then touts their product, which will fix/replace/augment the
> Internet.

Really? Vendors trying to sell useless products? no way!
Its amazing the level of internet snake oil that still persists; and even
more hillarious is what people pay for it. I thought the bubble bursting
would've cut that out, yet still people pay actual dollars for "optimized"
internet routing appliances, and craptacular PC's filled with duct tape
and glue software.

> In the mean time, I've decided to enjoy the Internet in the precious little
> time it has left. (yes, that was sarcasm)

Well, we can always enjoy Internet2...

Re: "Intel calls for Internet overhaul"

[Mehmet Akcin]

haha, correct
Mehmet Akcin
- Original Message - 
From: "Tom (UnitedLayer)" <[EMAIL PROTECTED]>
To: "Fergie (Paul Ferguson)" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Thursday, September 09, 2004 5:27 PM
Subject: Re: "Intel calls for Internet overhaul"


On Thu, 9 Sep 2004, Fergie (Paul Ferguson) wrote:
Layer 8.
- ferg
Sounds more like a burrito than the internet...

Re: "Intel calls for Internet overhaul"

[Tom (UnitedLayer)]

On Thu, 9 Sep 2004, Fergie (Paul Ferguson) wrote:
> Layer 8.
>
> - ferg

Sounds more like a burrito than the internet...

Re: "Intel calls for Internet overhaul"

[Rachael Treu-Gomes]

Indeed.  

So would this be...IP over IP?

And tunnels in tunnels in tunnels...

I see some deep recursion fun here.  (Now...to keep the 
underlying carrier networks up.  Perhaps we need an 
Undernet for the Internet to support this Overnet and 
its valid mode of delivery.)

Follow the white rabbit... 

heh,
--ra

On Thu, Sep 09, 2004 at 08:22:10PM +, Fergie (Paul Ferguson) said something to the 
effect of:
> 
> 
> Layer 8.
> 
> - ferg
> 
> 
> -- Paul Vixie <[EMAIL PROTECTED]> wrote:
> 
> update SAN FRANCISCO--The Internet needs to be upgraded with a new layer
> of abilities that will deal with imminent problems of capacity, security
> and reliability, Intel Chief Technology Officer Pat Gelsinger said
> Thursday.
> 
> Gelsinger pointed to PlanetLab, an experimental network that sits on top
> of the Internet, as a step in the right direction. Hewlett-Packard and
> Intel have begun work trying to commercialize the project, which was
> started in 2002, in order to overlay the Internet with intelligence and
> adaptability.  [...]
> 
> http://news.com.com/Intel+calls+for+Internet+overhaul/2100-1006_3-5359743.html?tag=nl
> 
> --
> "Fergie", a.k.a. Paul Ferguson
>  Engineering Architecture for the Internet
>  [EMAIL PROTECTED] or
>  [EMAIL PROTECTED]

-- 
rachael treu-gomes   [EMAIL PROTECTED]
..quis costodiet ipsos custodes?..

RE: "Intel calls for Internet overhaul"

[Lucy E. Lynch]

On Thu, 9 Sep 2004, Brance Amussen :)_S wrote:

>
> Yeah, great, lots of backbone, but get me fiber to my house, maybe I'll be
> excited..
> Nice marketing, but, um, still only as good as its weakest link..
> HDTV over IP bwhaaa haaa hong long did it take to get VOIP to work?? 10
> years?  A bit of forshadowing I'd say..


oh, the fine folks at NSF will be funding that (7.5mil):

http://www.nsf.gov/awardsearch/showAward.do?AwardNumber=0331653
http://news.cs.cmu.edu/Releases/demo/123.html

and Internet2 will deploy:

http://www.internet2.edu/about/related-projects.html
http://100x100network.org/

> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of
> Paul Vixie
> Sent: Thursday, September 09, 2004 4:12 PM
> To: [EMAIL PROTECTED]
> Subject: "Intel calls for Internet overhaul"
>
>
>
> update SAN FRANCISCO--The Internet needs to be upgraded with a new layer
> of abilities that will deal with imminent problems of capacity, security
> and reliability, Intel Chief Technology Officer Pat Gelsinger said
> Thursday.
>
> Gelsinger pointed to PlanetLab, an experimental network that sits on top
> of the Internet, as a step in the right direction. Hewlett-Packard and
> Intel have begun work trying to commercialize the project, which was
> started in 2002, in order to overlay the Internet with intelligence and
> adaptability.  [...]
>
> http://news.com.com/Intel+calls+for+Internet+overhaul/2100-1006_3-5359743.ht
> ml?tag=nl
>

RE: "Intel calls for Internet overhaul"

[Brance Amussen :)_S]

Yeah, great, lots of backbone, but get me fiber to my house, maybe I'll be
excited..
Nice marketing, but, um, still only as good as its weakest link..
HDTV over IP bwhaaa haaa hong long did it take to get VOIP to work?? 10
years?  A bit of forshadowing I'd say..

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of
Paul Vixie
Sent: Thursday, September 09, 2004 4:12 PM
To: [EMAIL PROTECTED]
Subject: "Intel calls for Internet overhaul"



update SAN FRANCISCO--The Internet needs to be upgraded with a new layer
of abilities that will deal with imminent problems of capacity, security
and reliability, Intel Chief Technology Officer Pat Gelsinger said
Thursday.

Gelsinger pointed to PlanetLab, an experimental network that sits on top
of the Internet, as a step in the right direction. Hewlett-Packard and
Intel have begun work trying to commercialize the project, which was
started in 2002, in order to overlay the Internet with intelligence and
adaptability.  [...]

http://news.com.com/Intel+calls+for+Internet+overhaul/2100-1006_3-5359743.ht
ml?tag=nl

New IANA IPv6 allocation for RIPE NCC (2001:5000::/20)

[Doug Barton]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Greetings,
This is to inform you that the IANA has allocated the following
eight (8) IPv6 /23 blocks to the RIPE NCC:
  2001:5000::/23RIPE NCC
  2001:5200::/23RIPE NCC
  2001:5400::/23RIPE NCC
  2001:5600::/23RIPE NCC
  2001:5800::/23RIPE NCC
  2001:5A00::/23RIPE NCC
  2001:5C00::/23RIPE NCC
  2001:5E00::/23RIPE NCC
For a full list of IANA IPv6 allocations please see:

- --
Doug Barton
General Manager, The Internet Assigned Numbers Authority
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.5 (FreeBSD)
iD8DBQFBQMQKwtDPyTesBYwRApYAAJ9Hcp2S2wPrTHIh4pGE3jGR3YHdKwCdG2KB
8U+gB3PS1sW5nrAtkW8hllY=
=4TnN
-END PGP SIGNATURE-

Re: "Intel calls for Internet overhaul"

[Randy Bush]

> Which is ironic given that many visible trends (optical cores, mpls, l2 ip 
> dslams) point to dumber network devices not smarter ones. maybe they're in 
> the business of selling microprocessors?

so we can have a marketing war between those who would save the net
using micro network processors, those who would save the net using
mpls, those who would save the net using ipv6, ...

'cept i am not sure the net needs saving

randy

Re: "Intel calls for Internet overhaul"

[Daniel Golding]

On 9/9/04 4:21 PM, "Petri Helenius" <[EMAIL PROTECTED]> wrote:

> 
> Paul Vixie wrote:
> 
>> update SAN FRANCISCO--The Internet needs to be upgraded with a new layer
>> of abilities that will deal with imminent problems of capacity, security
>> and reliability, Intel Chief Technology Officer Pat Gelsinger said
>> Thursday.
>> 
>>  
>> 
> There is confusion in the air about the roles of "hosts" and "network" here?
> 
> Pete
> 

It has become trendy, in some circles, to lament the Internet's poor
performance/congestion/non-deterministic nature/lack of security/. After firmly denouncing the Internet, the company or individual
then touts their product, which will fix/replace/augment the Internet.

Truth usually doesn't factor into the denunciation, which is where you get
things like the recent conference on "Preventing the Internet Meltdown" -
(http://www.pfir.org/meltdown), which suggested that some sort of electronic
catastrophe is, dare we hope, imminent.

In the mean time, I've decided to enjoy the Internet in the precious little
time it has left. (yes, that was sarcasm)

-- 
Daniel Golding
Network and Telecommunications Strategies
Burton Group

Re: "Intel calls for Internet overhaul"

[Joel Jaeggli]

On Thu, 9 Sep 2004, Paul Vixie wrote:
update SAN FRANCISCO--The Internet needs to be upgraded with a new layer
of abilities that will deal with imminent problems of capacity, security
and reliability, Intel Chief Technology Officer Pat Gelsinger said
Thursday.
Gelsinger pointed to PlanetLab, an experimental network that sits on top
of the Internet, as a step in the right direction. Hewlett-Packard and
Intel have begun work trying to commercialize the project, which was
started in 2002, in order to overlay the Internet with intelligence and
adaptability.  [...]
Which is ironic given that many visible trends (optical cores, mpls, l2 ip 
dslams) point to dumber network devices not smarter ones. maybe they're in 
the business of selling microprocessors?

http://news.com.com/Intel+calls+for+Internet+overhaul/2100-1006_3-5359743.html?tag=nl
--
-- 
Joel Jaeggli  	   Unix Consulting 	   [EMAIL PROTECTED] 
GPG Key Fingerprint: 5C6E 0104 BAF0 40B0 5BD3 C38B F000 35AB B67F 56B2

Re: "Intel calls for Internet overhaul"

[Fergie (Paul Ferguson)]

Layer 8.

- ferg


-- Paul Vixie <[EMAIL PROTECTED]> wrote:

update SAN FRANCISCO--The Internet needs to be upgraded with a new layer
of abilities that will deal with imminent problems of capacity, security
and reliability, Intel Chief Technology Officer Pat Gelsinger said
Thursday.

Gelsinger pointed to PlanetLab, an experimental network that sits on top
of the Internet, as a step in the right direction. Hewlett-Packard and
Intel have begun work trying to commercialize the project, which was
started in 2002, in order to overlay the Internet with intelligence and
adaptability.  [...]

http://news.com.com/Intel+calls+for+Internet+overhaul/2100-1006_3-5359743.html?tag=nl

--
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 [EMAIL PROTECTED] or
 [EMAIL PROTECTED]

Re: "Intel calls for Internet overhaul"

[Dan Mahoney, System Admin]

On Thu, 9 Sep 2004, Paul Vixie wrote:
Adaptability, capacity, security.   Wait, isn't that what ipv6 was 
supposed to do?

-Dan

update SAN FRANCISCO--The Internet needs to be upgraded with a new layer
of abilities that will deal with imminent problems of capacity, security
and reliability, Intel Chief Technology Officer Pat Gelsinger said
Thursday.
Gelsinger pointed to PlanetLab, an experimental network that sits on top
of the Internet, as a step in the right direction. Hewlett-Packard and
Intel have begun work trying to commercialize the project, which was
started in 2002, in order to overlay the Internet with intelligence and
adaptability.  [...]
http://news.com.com/Intel+calls+for+Internet+overhaul/2100-1006_3-5359743.html?tag=nl
--
"I'll commit ritual suicide before I whore myself out to Disney."
--Emi Bryant
  April 26, 2004
  On the animation industry
Dan Mahoney
Techie,  Sysadmin,  WebGeek
Gushi on efnet/undernet IRC
ICQ: 13735144   AIM: LarpGM
Site:  http://www.gushi.org
---

Re: "Intel calls for Internet overhaul"

[Petri Helenius]

Paul Vixie wrote:
update SAN FRANCISCO--The Internet needs to be upgraded with a new layer
of abilities that will deal with imminent problems of capacity, security
and reliability, Intel Chief Technology Officer Pat Gelsinger said
Thursday.
 

There is confusion in the air about the roles of "hosts" and "network" here?
Pete

Re: "Intel calls for Internet overhaul"

[Randy Bush]

> Gelsinger pointed to PlanetLab, an experimental network that sits on top
> of the Internet, as a step in the right direction.

ROFL!

[ and i use planetlab ]

randy

"Intel calls for Internet overhaul"

[Paul Vixie]

update SAN FRANCISCO--The Internet needs to be upgraded with a new layer
of abilities that will deal with imminent problems of capacity, security
and reliability, Intel Chief Technology Officer Pat Gelsinger said
Thursday.

Gelsinger pointed to PlanetLab, an experimental network that sits on top
of the Internet, as a step in the right direction. Hewlett-Packard and
Intel have begun work trying to commercialize the project, which was
started in 2002, in order to overlay the Internet with intelligence and
adaptability.  [...]

http://news.com.com/Intel+calls+for+Internet+overhaul/2100-1006_3-5359743.html?tag=nl

Re: ISP Policies

[Howard C. Berkowitz]

At 11:04 AM +0530 9/9/04, Tulip Rasputin wrote:
Hi Chris,
Or, you just don't want to send traffic through Bill Manning's ASN because
you dislike his hawiian T-Shirt Policy? There are probably a few hundred
reasosn why you'd avoid an ASN... In general though I'd think that like
Michel said: "It's a pain and its doing something that bgp should do for
you without lots of messing about"
That's why i explicitly asked for some "social/political/etc." 
reasons where an ISP may not want his traffic to traverse some 
particular AS number(s). Something which is beyond BGP to determine 
as of now ! :-)

I believe with the responses that i received both on the list and 
offline, that it is indeed quite normal for ISPs to filter routes 
based on the AS Paths for 'other' reasons. Reasons, quite beyond BGP 
as a protocol to handle! And this can happen, when an ISP doesnt 
want its traffic to traverse some AS(es).

Thanks,
Tulip
IIRC, at some long ago time, there was a Canadian policy, derived 
from a policy on telco transit, that two Canadian providers could not 
use transit through the USA to get to one another. This is long gone.

I can't say if it is still the case, but, at one point, the PRC would 
drop routes that used Taiwan as transit.

Re: who's next?

[Howard C. Berkowitz]

At 12:12 PM -0700 9/8/04, Fred Baker wrote:
At 04:29 PM 09/08/04 +, Paul Vixie wrote:
i guess this is progress.  the press keeps bleating about stopping 
spam from being received -- perhaps if they start paying attention 
to how it gets sent and how many supposedly-legitimate businesses 
profit from the sending, there could be some flattening of the spam 
growth curve.
I think both approaches have value.
Consider this by comparison to the "war against drugs". One line of 
reasoning says "if there is no supply, there will be no market". 
Another line of reasoning says "if there is no demand, there will be 
no market". A third line of reasoning notes that with purveyance of 
such come a multitude of other social ills, and focuses on the 
"businessmen" in the trade: "if there is no way for supply and 
demand to meet, the market will fail."
The solution lies in a combination of the two. If enough spammers 
take enough drugs, they will be unable to spam. Properly propagated 
rumors may variously suggest:

  1. Becoming a spammer will put you into drug rehab at best.
  2. Spammers now become a target for no-knock raids by the Drug
 Enforcement Administration.


Where this gets interesting is with so-called "legitimate spam". At 
least under US law, if you and I have a relationship as buyer and 
seller, the seller has a right to advertise legitimate services and 
products to the buyer. I travel in a vertical direction when I get 
spam from my employer; I have sat down with the designated spammer 
and have been told in detail that as a user of that equipment I am a 
buyer and they have a right to advertise to me, and take pretty 
serious steps to target and not annoy their audience. There is a 
part of me that wants to site in an 18" gun using their building as 
a target; there is another part of me that notes the photography in 
magazines and on billboards and the little jingles that go by on TV 
and the radio, and notices that legitimate advertising is in fact 
treated as (ulp!) legitimate.
And Jerry Springer is a legitimate means of advertising. I will 
confess that after an especially long, exhausting day at an IETF 
plenary, I have searched for something as mindless as Mr. Springer to 
clear my brain for sleep.  To the best of my recollection, I have not 
reached that level of exhaustion at NANOG.

Re: Spammers Skirt IP Authentication Attempts [operational content at end]

[Rich Kulawiec]

[ Two replies in one.  Last point has operational content. ]

On Wed, Sep 08, 2004 at 01:52:59PM +0100, [EMAIL PROTECTED] wrote:
> I see that 56trf5.com is a real domain. Does this mean that
> the domain name registries and DNS are now being polluted
> with piles of garbage entries in the same way that Google
> searches have been polluted with tons of pages full of
> nothing but search keywords and ads?

Absolutely.   As one example out of thousands, there are at
least 350 domains names of the form:

aaefelb.info
abbbafd.info
acdfiaj.info
aclbkcdc.info
adkehgi.info
aeamdgi.info

that have been burned through by one currently-active group of spammers.
Another group has about 16,700 domains (and counting) that I'm aware of.

Note also the relationship betwen this proliferation, the zombies,
and rapidly-updating DNS -- see below.

On Wed, Sep 08, 2004 at 01:26:27PM -0500, Robert Bonomi wrote:
> I _do_ think that it is _a_step_ 'in the right direction'. I'd *love* to
> see SPF-type data returned on rDNS queries -- that would practically put 
> the zombie spam-sending machines out of business.

Not even close, I'm afraid.  Yes, it would deal, to some extent, with
direct-to-MX spam from them (*if* all the domain they were forging
cooperated), but:

1. Nothing stops those zombies from sending out spam via the mail
servers on the networks on which they're located.  (And in the process,
forging either the address of the former owner of the zombie or another
user on the same network.)

Before you say "but the network operators would detect and fix that"
let me point out that zombie-generated spam has been epidemic for
going on two years and many -- MANY --ISPs have yet to perform basic
network triage that could mitigate much of this very quickly.  It's
reaching, I think, to expect that those same ISPs, who by now have grown
quite comfortable sitting on their hands, would do anything about this.

(I recently speculated n Spam-L that I was willing to bet that at
least one such ISP would respond by plugging in more mail servers
in order to alleviate the resulting congestion.  Bruce Gingery promptly
pointed out that this is a sucker bet: it's already happened.)

2A. Nothing stops those zombies from embedding spam payloads in
ordinary messages sent by their [putative] users.  Mail grandma?
Spam grandma.

2B. Nothing stops those zombies from accepting spam payloads on port
 and writing it directly to disk in the place and format expected
by the end user's mail client.  No SMTP.  No DNS.  And with optional
forged headers "proving" SPF/DomainKeys/etc. validity, just in case
tools for checking those are in use.

3. Spammers have been using rapidly-updating DNS for quite some time
in order to spread out their zombie-hosted web sites.  With today's
change they can now extend that up a level: nothing is stopping them
from, say, registering 1000 domains, using 100,000 zombies to host
copies of the content, and using rapidly-updating DNS to distribute
the traffic (as well as making shutting it all down tedious).

And as if that won't be enough fun (and here's the operational bit):

4. This is the point that I think a lot of us tend to overlook: arguably,
SMTP spam from those zombies is the *least* of our problems.  Those
systems are under the control of an unknown number of unknown persons, and
can be put to many more uses -- and already have.  They've already been
observed hosting spamvertised web sites [1], probing for open proxies,
and participating in DDoS attacks.   They represent an enormous computing
resource that's effectively in the hands of The Bad Guys.  (To put this
in perspective, compare the estimated size of the zombie farm to the
much-vaunted Google cluster in terms of CPU count, aggregate bandwidth,
and network diversity.)

And as I said previously, none of the three entities who could do anything
about it (the zombies' former owners, consumer broadband ISPs, Microsoft)
are willing to step up, admit there's a problem, and do whatever it takes
to fix it.  There is thus no reason at all to expect the problem to decrease;
on the contrary, there is every reason (given the miserable track records
of all concerned) to expect it to increase.


---Rsk

[1] Including some with content of interest to the FTC, DEA, FBI, RIAA,
MPAA, BSA, SPA and other people who have lawyers, guns and/or money.
Makes sense from spammy's point of view: it's free, it's fault-tolerant
and scalable (thanks to rapidly-updating DNS), and maybe someone else
will get clobbered for it.

Re: Very peculiar Telnet probing (possibly spoofed?)

[Chris Brenton]

On Thu, 2004-09-09 at 01:48, Jeff Kell wrote:
>
> I suspect but cannot prove 
> that the packets are being spoofed as we are dropping (not resetting) 
> the probes, yet they continue.  There are repeated probes from the same 
> IP address for about 15-20 minutes or more, then it moves along, but the 
> resulting router logs blocking them looks initially random (from SE Asia 
> sites). 

Could be an idle scan. If so, that would mean each of these sources are
just quiet hosts being leveraged by the real attacker.

Easiest way to tell is to return a SYN/ACK and look for TTL variances
between the original SYN and the resulting ACK. My experience has been
you all also see discrepancies in the IP ID. The SYN packets will be
non-predictable while the ACK packets will be predictable.

If it is an idle scan, the only way (I'm aware of) to identify the real
attacker is to work with the admin for the source IP. They'll see some
IP address probing the source IP at about the same interval you are
seeing the probes. _That_ source IP is the one you want to go after.

HTH,
Chris

RE: who's next?

[Michel Py]

[Disclaimer: I do not intend to aim at Savvis in particular.
It just happens that they make the news today. For all
practical purposes, s/Savvis/your_favorite_operator]


> :
> Mr McCormick promised that within the next 10 days all
> spammers will be taken off their network.

I think this is a bunch of PR BS. They say they'll do it, but in the
real world nobody throws two million bucks a month (*) in the toilet
like this, they know it, and here's why:

1. Although some spammers may be dumb, out of 148 of them there are a
lot that are actually smart and more than a few that are very smart.
Just because we don't like spammers means they are dumb. Face it,
people: spammers have outsmarted us every step of the way so far. A lot
of us have tried to get rid of them, and obviously failed, because we
still get craploads of it.

2. Thanks to our marvelous legal system, the smart spammer will seek a
TRO against Savvis preventing them to cut them loose within 10 days,
make it last a few months, and finally double-flip Savvis about the bill
for the last few months. Nothing new here either; spammers do not pay
their bills when it can be avoided.

3. Even a blatant violation of the AUP does not shield from a TRO.

Why I say this is a bunch of PR BS is that many people at Savvis are
totally aware of what I wrote above.

The sad part is: although many people at Savvis are totally aware of
what I wrote above, there also are a few execs that can't find the power
switch on their own computer without the help desk that don't, and the
bottom line is that this is going cost Savvis 2 million bucks a month
for some months plus another million bucks a month in legal fees from
law experts that don't know jack but are good at kissing exec @55.


In the end, it turns out to be simple mathematics:

 10 begin
 20 Savvis is going to spend $10M-$20M to buy a "clean reputation".
 30 ## Some exec bozo thinks that doing so will save the world.
 40 ## Regardless of 30, some guys there actually know exactly
 50 ## what they are doing, they just manipulate the bozo as a
 60 ## fuse in case something does not go according to plan.
 70 ## I don't challenge the strategy. A few million bucks to
 80 ## look clean actually is a heck of a good deal if one is
 90 ## big enough to afford it; sacrificing the gullible bozo
100 ## that bought the BS about saving the world by getting
110 ## rid of spammers is class-1 collateral. (**)
120 41% of the spammers will get 4-8 months free.
130 41% of the spammers will stay with Savvis. (***)
140 18% of the spammers will not survive the renumbering.
150 The next one will gladly host the 41% in 120
for a million bucks a month (for a while).
160 s/Savvis/the next one
170 goto 10

Read the subject line again: who's next?

I don't compliment Savvis for cleaning up. If they have to do so, it's
because they (or C&W, or whoever they acquired) have been complacent
about hosting spammers in the first place. After someone pays the bill,
I hope said someone will pay more attention to topics such as qualifying
customers by looking them up in the BBB database and related issues.

Nevertheless, this _is_ good. Trouble is, spammers have incorporated it
in their cost of doing business a long time ago. One more time, too
little too late. So, out of 148 Savvis spammers, 18 of them (the dumbest
ones) will not survive the move/renumbering at a cost of US$18M. Savvis'
money, not mine. 

Who's next?


Michel.

(*) Just think about how many 4-port-OC192-IR for their brand stinking
new CRS-1 they could buy with 2 million bucks a month ;-)

(**) Heard first hand from a three-star general: "in the infantry, the
cheapest hardware to replace is personnel."

(***) Legal compromise. Even if there is a political will to get all
spammers out, economic realities, legal bills and battles of "experts"
will eventually quick in, and the good ol' "a bad settlement is better
than a good trial" will prevail in number of cases. Spammers will not
spam as openly as they used to, Savvis will keep a million bucks a
months revenue, and everyone is happy.

North American, Ricardo "Rick" Gonzalez has invited you to open a Google mail account

[Ricardo \"Rick\" Gonzalez]

I've been using Gmail and thought you might like to try it out. Here's
an invitation to create an account.

---

Ricardo "Rick" Gonzalez has invited you to open a free Gmail account.
The invitation
will expire in three weeks and can only be used to set up one account.

To accept this invitation and register for your account, visit
http://gmail.google.com/gmail/a-a546a320ad-a8d13e3016-ba630c1ee9

Once you create your account, Ricardo "Rick" Gonzalez will be notified with 
your new @gmail.com address so you can stay in touch with Gmail!

If you haven't already heard about Gmail, it's a new search-based webmail 
service that offers:

- 1,000 megabytes (one gigabyte) of free storage
- Built-in Google search that instantly finds any message you want
- Automatic arrangement of messages and related replies into 
  "conversations"
- Text ads and related pages that are relevant to the content of your 
  messages

Gmail is still in an early stage of development. If you set up an 
account, you'll be able to keep it even after we make Gmail more 
widely available and as one of the system's early testers, you will 
be helping us improve the service through your feedback. We might ask 
for your comments and suggestions periodically and we appreciate your 
help in making Gmail even better.

Thanks,

The Gmail Team

To learn more about Gmail before registering, visit:
http://gmail.google.com/gmail/help/benefits.html

(If clicking the URLs in this message does not work, copy and paste them
into the address bar of your browser).