Re: Utah governor signs Net-porn bill
On Tuesday 22 Mar 2005 7:37 pm, Dan Hollis wrote: somehow I suspect more than just pr0n sites will end up in that 'adult content registry'. dont be suprised if sites critical of mormonism get blocked too. they can be as bad as scientologists in this respect. Cynic. Porn alone will do enough damage. I use to resell one of the firewall with a blocker option, and one site decided to actually buy it. When we enabled blocking of Adult content dejanews (as it was then) disappeared, which caused some consternation - what no comp.sys.* archive. After some questioning, it became apparent it was because it also archived alt.sex.* - urm right.
Re: Utah governor signs Net-porn bill
that's EASY: there is hyperconcern for the welfare of children in Utah, Finally, someone who recognizes what this bill is all about. It merely asks ISPs to provide parents with a filtering tool that cannot be overridden by their children because the process of filtering takes place entirely outside the home. Once Utah ISPs come up with a good way to do this, I suspect there will be a market for such services elsewhere in the USA as well. And while the law focuses on the blocking aspect, i.e. blacklisting, let's not forget that the same service can also be used in a whitelisting mode. Can you imagine an Internet service in which parents subscribe to various channels by choosing from a menu of whitelists? I can. This is not your father's Internet any more... --Michael Dillon
Re: Utah governor signs Net-porn bill
On Tue, 22 Mar 2005, Daniel Senie wrote: Anyone want to publish a definitive list of IP addresses for Utah? A week of null-routing all such traffic by many web sites would, I think, would be a measured response to idiot legislators. It could be give Utah the Finger Day or some such. The world has been wait for a list of Florida IPs for a while so we can block them for a few years, no such luck however. On a more practical note one possible solution to a similar I heard was to ensure that their blocking service (offered at no extra cost) just gave people a rfc1918 address could *only* access a page explaining how all the nasty sites were now blocked. It can be called the do nothing account or similar. -- Simon J. Lyall | Very Busy | Web: http://www.darkmere.gen.nz/ To stay awake all night adds a day to your life - Stilgar | eMT.
Re: Utah governor signs Net-porn bill
Finally, someone who recognizes what this bill is all about. It merely asks ISPs to provide parents with a filtering tool that cannot be overridden by their children because the process of filtering takes place entirely outside the home. The problem is the state isn't specifying that ISP's provide some software module that the state wrote to accomplish this, instead what they are doing is telling a transport provider they must provide something other than transport, they must provide some unspecified piece of software. It's like if parents required the state provide some piece of hardware to prevent kids from speeding in their cars because the state provides the roads. Geo.
Tier-2 reachability and multihoming
Hi there, I have been working on characterizing the internet hierarchy. I noticed that 27% of the total possible tier-2 provider node pairs are not connected i.e., they dont have any tier-1 node connecting them nor a direct peering link between them. Multihoming can be used as a predominant reason for the reachability of tier-3 nodes which are customers of these nodes, but what about the reachability of tier-2 nodes themselves and its customers which cannot afford to multihoming? How does BGP solve this reachability problem when it gets a request to a prefix unreachable? 1tier-1 / 2 4 tier-2 / \/ \ 5 6 78 tier-3 here, nodes 2 and 4 have no reachability, 1 / | 2 3 4 / \ \/ \ 5 6 78 now, node 7 is reachable from 2 and its lower level nodes, but what about node 4 and 8, and as a typical case, suppose nodes 4 and 8 have no multihoming whatsoever, what then? Regards,
Re: Utah governor signs Net-porn bill
Simon Lyall wrote: The world has been wait for a list of Florida IPs for a while so we can block them for a few years, no such luck however. ip2location.com would be happy to sell you just such a list. Pete On a more practical note one possible solution to a similar I heard was to ensure that their blocking service (offered at no extra cost) just gave people a rfc1918 address could *only* access a page explaining how all the nasty sites were now blocked. It can be called the do nothing account or similar.
Re: Tier-2 reachability and multihoming
I have been working on characterizing the internet hierarchy. I noticed that 27% of the total possible tier-2 provider node pairs are not connected i.e., they dont have any tier-1 node connecting them nor a direct peering link between them. It's quite simple. The Internet is not a tree hierachy; it is a partial mesh. Partial meshes can often be characterised as having some sort of hierarchy of connectedness, however the Internet does change continuously which means that an analysis of hierarchy done today will come up with different results from last year's analysis. The terminology of tier 1 and tier 2 only refers to a brief time in the evolution of the Internet in North America during the 1990s when the topology was much more treelike. That is all changed. Go to google and search the following line exactly as written. internet topology partial mesh --Michael Dillon
Re: Utah governor signs Net-porn bill
--- William Allen Simpson [EMAIL PROTECTED] wrote: Why other businesses? For example, no drug companies or pharmacies can have their businesses in Utah; they sell contraceptives, and generate information too sensitive for the tender eyes of minors. This is not correct - on network TV in utah, and on the family-friendly cableco feed, you can see the various prophylactic manufacturers' ads. Many of the statements I've seen here are very doom and gloom about Utah - honestly, folks, it's not THAT bad. -David Barak need geek rock? Try The Franchise! http://www.listentothefranchise.com __ Do you Yahoo!? Yahoo! Small Business - Try our new resources site! http://smallbusiness.yahoo.com/resources/
Re: Utah governor signs Net-porn bill
--- Daniel Senie [EMAIL PROTECTED] wrote: Anyone want to publish a definitive list of IP addresses for Utah? A week of null-routing all such traffic by many web sites would, I think, would be a measured response to idiot legislators. It could be give Utah the Finger Day or some such. Wouldn't you then be guilty of doing the exact thing which the legislature is doing? Besides any discussion regarding collusion or anticompetitive behavior, how does this type of action improve free speech? Personally, I WANT everyone in Utah to get to my content. -David Barak need Geek Rock? Try The Franchise! http://www.listentothefranchise.com __ Do you Yahoo!? Yahoo! Small Business - Try our new resources site! http://smallbusiness.yahoo.com/resources/
Re: Utah governor signs Net-porn bill
Oki all, Over the holidays I had the opportunity to pick up some pin money experting for a case involving just this business model and the media ignored sides of some rather well-known persons who work the church markets in the US. that's EASY: there is hyperconcern for the welfare of children in Utah, Finally, someone who recognizes what this bill is all about. It merely asks ISPs to provide parents with a filtering tool that cannot be overridden by their children because the process of filtering takes place entirely outside the home. In the instance of policy and mechanism I reviewed, this was deinstall AOL and all others, install name withheld pending, stuff some obscure bits into hidden files on DOS boxen to prevent replay with a possibly different permissible policy threshold, and prompt the adult/user/owner/installer for threshold definition. Clunky, IMHO, because the step after mistake is reinstall OEM os, but tastes vary. Once Utah ISPs come up with a good way to do this, I suspect there will be a market for such services elsewhere in the USA as well. In the instance of policy and mechanism I reviewed, this was interpose a proxy on all http methods, and evalute some property of some of object according to some rule(s). If permissible (above), forward to the edge, if not, do something else. It could have been localized ad insertion, or bandwidth aware content frobbing, instead of ... what it was. Is it easy as a business proposition? Everything was on the rising side of the bubble. On the falling side of the bubble even AOL had to work its numbers. With more moralists dominant in public policy, market plans that replace public morality policy with private morality policies seem to me to be less likely to penetrate the high morality affinity-based markets than when less moralists dominant in public policy. To paraphrase my friend Bill, why would the little asshats settle for a private Idaho or Utah when the big asshats have promissed them the whole enchilada? Anyway, it was presents for the kiddies and some of the winter's heating oil, and I now know more about some people than I wanted to. Eric
Re: Utah governor signs Net-porn bill
On Wed, Mar 23, 2005 at 10:53:29PM +1200, Simon Lyall wrote: It can be called the do nothing account or similar. Wouldn't that be know nothing? Cheers, -- jra -- Jay R. Ashworth[EMAIL PROTECTED] Designer Baylink RFC 2100 Ashworth AssociatesThe Things I Think'87 e24 St Petersburg FL USA http://baylink.pitas.com +1 727 647 1274 If you can read this... thank a system adminstrator. Or two. --me
72/8 friendly reminder
We were recently assigned a 72.244/16 allocation from ARIN. Friendly reminder that ARIN started allocating 72/8 since Aug. If you have a static bogon filters, can you please make sure they are updated. Thank You Sincerely, Ka Lun Chan (KC) COVAD Communications www.voipthemovie.com
Re: Utah governor signs Net-porn bill
On Tue, Mar 22, 2005 at 03:49:44PM -0700, pashdown wrote: In the end the bill itself doesn't have a big impact on this ISP's business. We have used Dansguardian for many years now along with URLblacklist.com for our customers that request filtering. The fact that its lists and software are open for editing and inspection is the reason I chose this over other commercial methods. What is the plan -- if any -- to deal with the hosting of the porn sites on the computers of the people who they're supposed to be blocked from? What I'm referring to is the occasional spammer tactic of downloading web site contents into a hijacked Windows box (zombie) and then using either redirectors, or rapidly-updating DNS, or just plain old IP addresses in URIs to send HTTP traffic there. This seems to be a tactic of choice on those occasions when the content is of a dubious nature: kiddie porn, warez, credit card numbers, identity theft tools, that sort of thing. Even *detecting* such things is difficult, especially when they're transient in nature and hosted on boxes with dynamic IP addresses. So how is any ISP going to be able to block customer X from a web site that's on customer X's own system? Or on X's neighbor Y's system? Oh...and then we get into P2P distribution mechanisms. How is any ISP supposed to block content which is everywhere and nowhere? ---Rsk
Re: Utah governor signs Net-porn bill
Rich Kulawiec wrote: Oh...and then we get into P2P distribution mechanisms. How is any ISP supposed to block content which is everywhere and nowhere? This would only be possible by whitelisting content, which is not what most would accept. (although there are countries where this is the norm, but their citizens are not exactly happy with the norm either) With technologies which do pseudonymous random routing over tunnel broker service, applet brought to you similarly to Flash or Shockwave plugin, intrusive technologies become even harder to implement reliably. And it's probably the older kids who use this technology before the ISP or the parents. The numbers are still in thousands, but in the P2P world, going from minority to majority is 12 to 18 months. Pete
Re: Utah governor signs Net-porn bill
On Wed, 23 Mar 2005, David Barak wrote: --- Daniel Senie [EMAIL PROTECTED] wrote: Anyone want to publish a definitive list of IP addresses for Utah? A week of null-routing all such traffic by many web sites Wouldn't you then be guilty of doing the exact thing which the legislature is doing? Any such action would have to be voluntary. You couldn't force it on your end-users or customers. -- JustThe.net - Apple Valley, CA - http://JustThe.net/ - 888.480.4NET (4638) Steven J. Sobol, Geek In Charge / [EMAIL PROTECTED] / PGP: 0xE3AE35ED The wisdom of a fool won't set you free --New Order, Bizarre Love Triangle
Re: Utah governor signs Net-porn bill
On Wed, 23 Mar 2005 [EMAIL PROTECTED] wrote: that's EASY: there is hyperconcern for the welfare of children in Utah, Finally, someone who recognizes what this bill is all about. It merely asks ISPs to provide parents with a filtering tool that cannot be overridden by their children because the process of filtering takes place entirely outside the home. Are you absolutely sure that that's all the bill will actually do? -- JustThe.net - Apple Valley, CA - http://JustThe.net/ - 888.480.4NET (4638) Steven J. Sobol, Geek In Charge / [EMAIL PROTECTED] / PGP: 0xE3AE35ED The wisdom of a fool won't set you free --New Order, Bizarre Love Triangle
Re: 72/8 friendly reminder
We were recently assigned a 72.244/16 allocation from ARIN. Friendly reminder that ARIN started allocating 72/8 since Aug. If you have a static bogon filters, can you please make sure they are updated. Thank if you are really worried about this, and i can understand your being so, then make it easy for the busy folk here (not those pontificating on law and morals in the rocky mountains) to test. give us an address we can ping. randy
Re: Please verify RFC1918 filters
On Wed, 23 Mar 2005, Suresh Ramasubramanian wrote: On Tue, 22 Mar 2005 15:13:07 -0800, Randy Bush [EMAIL PROTECTED] wrote: y'all might give us something pingable in that space so we can do a primitive and incomplete test in a simple fashion. Those ranges are AOL's dialup pool. Easy way to get something pingable in that space would be to get yourself a coaster^W AOL CD from the nearest 7-11 or Burger King That requires so much effort, most of us won't bother...and no I'm not being sarcastic, just realistic. Would it be that hard for someone at aol.net to take a single /32 from that vast IP range and assign it to a host as an IP alias or router loopback address? I did that (router loopback to give people something to ping) with a 69/8 IP before setting up 69box. -- Jon Lewis | I route Senior Network Engineer | therefore you are Atlantic Net| _ http://www.lewis.org/~jlewis/pgp for PGP public key_
Re: Utah governor signs Net-porn bill
On Wed, 23 Mar 2005 [EMAIL PROTECTED] wrote: that's EASY: there is hyperconcern for the welfare of children in Utah, Finally, someone who recognizes what this bill is all about. It merely asks ISPs to provide parents with a filtering tool that cannot be overridden by their children because the process of filtering takes place entirely outside the home. To Quote Peter Tolan (Cowriter of the TV Show Rescue me) on another censorship issue: The idea that government feels they have to regulate this stuff because the people they're governing can't turn it off is insulting Why is it the ISP's responsibility to assume an operational burden of enforcing the religious morality of one group? I think the phrase Chilling effect has been used in this thread previously, and I believe it was apt. If there's a demand to an alternative internet service by, for example, Mormons, why not start an ISP with filtering, and offer it? Niche businesses service narrow segments of the market have been very successful, even if they charge slightly more, based on their specialized appeal. If aol/comcast/rboc/etc see that they are loosing customers to competition, they may choose to offer similar services or choose to let the customers go.
Re: 72/8 friendly reminder
On Wed, 23 Mar 2005, Randy Bush wrote: We were recently assigned a 72.244/16 allocation from ARIN. Friendly reminder that ARIN started allocating 72/8 since Aug. If you have a static bogon filters, can you please make sure they are updated. Thank if you are really worried about this, and i can understand your being so, then make it easy for the busy folk here (not those pontificating on law and morals in the rocky mountains) to test. give us an address we can ping. UUNET has a customer (several probably, just one 'vocal') with this same problem :( We are investigating getting a /32 from their space for use as a 'proxy test' box similar to Mr. Lewis's 69/8 box was... If there is some interest once we have it in place we could probably say: ip BLAH and permit folks, in some controlled manner, to use it for browser testing of sites?
Re: 72/8 friendly reminder
We were recently assigned a 72.244/16 allocation from ARIN. Friendly reminder that ARIN started allocating 72/8 since Aug. If you have a static bogon filters, can you please make sure they are updated. Thank if you are really worried about this, and i can understand your being so, then make it easy for the busy folk here (not those pontificating on law and morals in the rocky mountains) to test. give us an address we can ping. a bit more coffee made me realize that what might best occur would be for the rir, some weeks BEFORE assigning from a new block issued by the iana, put up a pingable for that space and announce it on the lists so we can all test BEFORE someone uses space from that block. randy
Re: 72/8 friendly reminder
Randy Bush wrote: a bit more coffee made me realize that what might best occur would be for the rir, some weeks BEFORE assigning from a new block issued by the iana, put up a pingable for that space and announce it on the lists so we can all test BEFORE someone uses space from that block. Or maybe people should actually have systems to look at what hits their filters and from where and look at the summaries once a month or so? Pete
Re: 72/8 friendly reminder
a bit more coffee made me realize that what might best occur would be for the rir, some weeks BEFORE assigning from a new block issued by the iana, put up a pingable for that space and announce it on the lists so we can all test BEFORE someone uses space from that block. Or maybe people should actually have systems to look at what hits their filters and from where and look at the summaries once a month or so? that is what happens now. and it takes months for maria to be able to get to the entire net. randy
Re: 72/8 friendly reminder
In message [EMAIL PROTECTED], Randy Bush writes: We were recently assigned a 72.244/16 allocation from ARIN. Friendly reminder that ARIN started allocating 72/8 since Aug. If you have a static bogon filters, can you please make sure they are updated. Thank if you are really worried about this, and i can understand your being so, then make it easy for the busy folk here (not those pontificating on law and morals in the rocky mountains) to test. give us an address we can ping. a bit more coffee made me realize that what might best occur would be for the rir, some weeks BEFORE assigning from a new block issued by the iana, put up a pingable for that space and announce it on the lists so we can all test BEFORE someone uses space from that block. That's a good idea. Maybe we can take it a step further: let each AS owner register an IP address with IANA or their RIR, and use this test box to ping the AS owner. It should be scalable -- there are only about 20k ASs, as I recall. The real expense, other than the single box per RIR, is developing the software that lets each AS register an IP address and an email address to contact if the pings fail. --Prof. Steven M. Bellovin, http://www.cs.columbia.edu/~smb
Re: 72/8 friendly reminder
On Wed, 23 Mar 2005, Randy Bush wrote: We were recently assigned a 72.244/16 allocation from ARIN. Friendly reminder that ARIN started allocating 72/8 since Aug. If you have a static bogon filters, can you please make sure they are updated. Thank if you are really worried about this, and i can understand your being so, then make it easy for the busy folk here (not those pontificating on law and morals in the rocky mountains) to test. give us an address we can ping. a bit more coffee made me realize that what might best occur would be for the rir, some weeks BEFORE assigning from a new block issued by the iana, put up a pingable for that space and announce it on the lists so we can all test BEFORE someone uses space from that block. So, it's probably a multifaceted problem: 1) acls (router) 2) firewalls (host) 3) route acceptance (routers) Some can be audited 'easily' some are 'set and forget' (or forgot :( ) Ping might just be dropped to destinations, before any idea of 'ip space' filters (think www.sun.com filters). You really have to test with the protocols your main user base might be using (http/https). -Chris
Re: 72/8 friendly reminder
--On 23 March 2005 10:51 -0800 Randy Bush [EMAIL PROTECTED] wrote: a bit more coffee made me realize that what might best occur would be for the rir, some weeks BEFORE assigning from a new block issued by the iana, put up a pingable for that space and announce it on the lists so we can all test BEFORE someone uses space from that block. Hmmm.. or, if the RIRs are going to advertize the block anyway between IANA issue and space assignment (which would appear to be a necessary precondition for what you suggest to work), why not ping a large collection of targets using the new block, and various other IP addresses as source addresses, and see which addresses responded from the old block(s), but not from the new block. Sort by AS, and that would give you a list (correct to heuristic level) of AS's that need to update their filters. Then stick it on a web page. RIPE could (for instance) generate it's large collection of targets using a tiny sample of host-count data. (clearly RIPE needs to ping addresses from all RIRs, ditto ARIN, APNIC etc.) Alex
Re: 72/8 friendly reminder
let each AS owner register an IP address with IANA or their RIR, and use this test box to ping the AS owner. i do not understand what you are proposing. ahhh. you mean o each asn register a pingable address within its normal space, maybe in their irr route object o the rirs set up a routing island with only the new prefix in it o from a box with that new prefix, the rir pings all asn's registered pingable addresses from the first step o whine about any which are not pingable interesting modulo issues of reachability at any one time. and places more of a routing policing burden on the rirs. though some at least one rir is just dying to become net police, so it might sell. randy
RE: 72/8 friendly reminder
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Christopher L. Morrow Sent: Wednesday, March 23, 2005 2:12 PM To: Randy Bush Cc: nanog@merit.edu Subject: Re: 72/8 friendly reminder On Wed, 23 Mar 2005, Randy Bush wrote: We were recently assigned a 72.244/16 allocation from ARIN. Friendly reminder that ARIN started allocating 72/8 since Aug. If you have a static bogon filters, can you please make sure they are updated. Thank if you are really worried about this, and i can understand your being so, then make it easy for the busy folk here (not those pontificating on law and morals in the rocky mountains) to test. give us an address we can ping. a bit more coffee made me realize that what might best occur would be for the rir, some weeks BEFORE assigning from a new block issued by the iana, put up a pingable for that space and announce it on the lists so we can all test BEFORE someone uses space from that block. So, it's probably a multifaceted problem: 1) acls (router) 2) firewalls (host) 3) route acceptance (routers) Some can be audited 'easily' some are 'set and forget' (or forgot :( ) Ping might just be dropped to destinations, before any idea of 'ip space' filters (think www.sun.com filters). You really have to test with the protocols your main user base might be using (http/https). I believe this would have to be an RIR policy, though. ARIN is holding an open mic to present a few blurbs on potential policy at the Orlando meeting. It might be an idea for some operators to hook up at the meeting prior to the open mic and talk more. It's too late to make a proposal for this upcoming meeting, but not the next one. And that's a joint NANOG/ARIN meeting, IIRC. -M
RE: 72/8 friendly reminder
a bit more coffee made me realize that what might best occur would be for the rir, some weeks BEFORE assigning from a new block issued by the iana, put up a pingable for that space and announce it on the lists so we can all test BEFORE someone uses space from that block. So, it's probably a multifaceted problem: 1) acls (router) 2) firewalls (host) 3) route acceptance (routers) Some can be audited 'easily' some are 'set and forget' (or forgot :( ) Ping might just be dropped to destinations, before any idea of 'ip space' filters (think www.sun.com filters). You really have to test with the protocols your main user base might be using (http/https). I believe this would have to be an RIR policy, though. ARIN is holding an open mic to present a few blurbs on potential policy at the Orlando meeting. It might be an idea for some operators to hook up at the meeting prior to the open mic and talk more. It's too late to make a proposal for this upcoming meeting, but not the next one. And that's a joint NANOG/ARIN meeting, IIRC. sigh this is not the ivtf. let's not see how complex we can make things. please remember yagni. let's see how SIMPLY this can be to get 80% of the effect for 10% of the effort and hardware sales. randy
Re: 72/8 friendly reminder
--On 23 March 2005 11:15 -0800 Randy Bush [EMAIL PROTECTED] wrote: at least one rir is just dying to become net police, you don't need any mandatory aspect. Just publish which AS's have addresses that can be pinged from old netblocks, but not from new ones. No more net police-like than all the other project stuff which monitors reachability. If people want to filter on odd numbered first octet of IP address, well, more power to them. (yes I know it was partly tongue in cheek). Alex
Re: 72/8 friendly reminder
Randy Bush wrote: i do not understand what you are proposing. ahhh. you mean o each asn register a pingable address within its normal space, maybe in their irr route object o the rirs set up a routing island with only the new prefix in it o from a box with that new prefix, the rir pings all asn's registered pingable addresses from the first step o whine about any which are not pingable interesting modulo issues of reachability at any one time. and places more of a routing policing burden on the rirs. though some at least one rir is just dying to become net police, so it might sell. We can set this up and provide the results for public consumption given the IP's and a minimum allocation from each one of the new blocks. (for the neccessary duration, unless permanent allocation for darkspace duty is acceptable) Pete
Re: Utah governor signs Net-porn bill
One thing to note, from the news.com story on this: Spokesman Tammy Kikuchi said Monday that Huntsman 'doesn't have a concern about the constitutional challenge.' This could be interpreted as We know this is going to be shot down, and the governor doesn't really care, as long as we appeared to be 'doing something' about internet porn... -C On Mar 22, 2005, at 1:32 PM, Paul G wrote: - Original Message - From: Kathryn Kessey [EMAIL PROTECTED] To: nanog@merit.edu Sent: Tuesday, March 22, 2005 1:29 PM Subject: RE: Utah governor signs Net-porn bill They are going to create publicly accessible, highly available database service of the all the world's porn sites and maintain it with up to the minute data... with 100K. Right. if they made it publically accessible, added user ratings and thumbnails for entries and stuck a few affiliate banners for some of the popular sites up top, i'd bet they'd be *making* money. oh wait, someone's already done that.. -p --- paul galynin
Re: Utah governor signs Net-porn bill
On Wed, Mar 23, 2005 at 11:23:12AM -0500, Rich Kulawiec wrote: What is the plan -- if any -- to deal with the hosting of the porn sites on the computers of the people who they're supposed to be blocked from? What I'm referring to is the occasional spammer tactic of downloading web site contents into a hijacked Windows box (zombie) and then using either redirectors, or rapidly-updating DNS, or just plain old IP addresses in URIs to send HTTP traffic there. This seems to be a tactic of choice on those occasions when the content is of a dubious nature: kiddie porn, warez, credit card numbers, identity theft tools, that sort of thing. That's simple: just block inbound access to port 80 on the customer machines! Cheers, -- jra -- Jay R. Ashworth[EMAIL PROTECTED] Designer Baylink RFC 2100 Ashworth AssociatesThe Things I Think'87 e24 St Petersburg FL USA http://baylink.pitas.com +1 727 647 1274 If you can read this... thank a system adminstrator. Or two. --me
Re: IBM to offer service to bounce unwanted e-mail back to the
On Mar 23, 2005, at 12:37 PM, RSK wrote: On Tue, Mar 22, 2005 at 10:24:37AM -0800, Andreas Ott wrote: http://money.cnn.com/2005/03/22/technology/ibm_spam/ If this write-up is accurate, It's not. From the http://www.aunty-spam.com website: IBM Not Spamming Spammers! FairUCE is About Fair Use, Not Abuse! Did you hear? IBM is spamming spammers! Its all over the Internet, and tongues are awagging! Except, it aint so. IBM is not spamming spammers. Whether you think that spamming spammers is right or wrong, IBM aint doing it, and shame on CNN for getting it so wrong, and making IBM look so irresponsible, and in league with the likes of Lycos Make Love Not Spam DOSsing Screensaver program, and the notorious Mugu Maurauder bandwidth sucking program. You cant really blame the folks who read CNNs horribly wrong piece for spreading the rumour, after all it was quite sensationalist: Spamming spammers? IBM to offer service to bounce unwanted e-mail back to the computers that sent them. March 22, 2005: 12:22 PM EST NEW YORK (CNN/Money) - IBM unveiled a service Tuesday that sends unwanted e-mails back to the spammers who sent them. The new IBM (Research) service, known as FairUCE, essentially uses a giant database to identify computers that are sending spam. E-mails coming from a computer on the spam database are sent directly back to the computer, not just the e-mail account, that sent them. Wrong, wrong, wrong. About the only thing which the article got right is that the program is called FairUCE. FairUCE, according to IBMs own FairUCE website, readily available for anyone to read (coughCNN reporters..cough), is a spam filter that stops spam by verifying sender identity instead of filtering content. Lets say that again: FairUCE is a spam filter that stops spam by verifying sender identity instead of filtering content. If FairUCE cant verify sender identity, then it goes into challenge-response mode, sending a challenge email to the sender, to which the sender must reply, to demonstrate that it is not a spambot sending the mail in question, but a real live person. Here is IBMs explanation of how the FairUCE system works: Technically, FairUCE tries to find a relationship between the envelope senders domain and the IP address of the client delivering the mail, using a series of cached DNS look-ups. For the vast majority of legitimate mail, from AOL to mailing lists to vanity domains, this is a snap. If such a relationship cannot be found, FairUCE attempts to find one by sending a user-customizable challenge/response. This alone catches 80% of UCE and very rarely challenges legitimate mail. Now, being kind, its possible that the good folks at CNN mistook the sending of the challenge for spamming the spammer (Rest at http://www.aunty-spam.com/ibm-not-spamming-spammers-fairuce-is-about- fair-use-not-abuse/) Anne
Re: IBM to offer service to bounce unwanted e-mail back to the
Revenge methods won't work against spam. Spammers may be using owned machines belonging to a botnet. The sysadmins of the infected servers may not even to know that their systems are serving to spammers. So attacking back the spam sources, besides ethical and legal reasons, may be futile and just cause problems to a legitimate company/service provider/etc. The way to fight the problem, IMHO, is to attack the real cause of spam, i.e., to make spam an expensive advertising medium. According to a recent IDG research, one out of ten Internet users buy products from spammers. Spam has a low cost and an high ROI (better than several advertising media). So money flows to the spammers' pockets. Regards, Marlon Borba, CISSP. Anne P. Mitchell, Esq. [EMAIL PROTECTED] 03/23/05 5:54 PM On Mar 23, 2005, at 12:37 PM, RSK wrote: On Tue, Mar 22, 2005 at 10:24:37AM -0800, Andreas Ott wrote: http://money.cnn.com/2005/03/22/technology/ibm_spam/ If this write-up is accurate, It's not. From the http://www.aunty-spam.com website: IBM Not Spamming Spammers! FairUCE is About Fair Use, Not Abuse! Did you hear? IBM is spamming spammers! It's all over the Internet, and tongues are a'wagging! Except, it ain't so. IBM is not spamming spammers. [...]
Re: IBM to offer service to bounce unwanted e-mail back to the
Anne P. Mitchell, Esq. wrote: On Mar 23, 2005, at 12:37 PM, RSK wrote: On Tue, Mar 22, 2005 at 10:24:37AM -0800, Andreas Ott wrote: http://money.cnn.com/2005/03/22/technology/ibm_spam/ If this write-up is accurate, It's not. From the http://www.aunty-spam.com website: IBM Not Spamming Spammers! FairUCE is About Fair Use, Not Abuse! Did you hear? IBM is spamming spammers! Its all over the Internet, and tongues are awagging! Except, it aint so. IBM is not spamming spammers. Whether you think that spamming spammers is right or wrong, IBM aint doing it, and shame on CNN for getting it so wrong, and making IBM look so irresponsible, and in league with the likes of Lycos Make Love Not Spam DOSsing Screensaver program, and the notorious Mugu Maurauder bandwidth sucking program. You cant really blame the folks who read CNNs horribly wrong piece for spreading the rumour, after all it was quite sensationalist: Spamming spammers? IBM to offer service to bounce unwanted e-mail back to the computers that sent them. March 22, 2005: 12:22 PM EST NEW YORK (CNN/Money) - IBM unveiled a service Tuesday that sends unwanted e-mails back to the spammers who sent them. The new IBM (Research) service, known as FairUCE, essentially uses a giant database to identify computers that are sending spam. E-mails coming from a computer on the spam database are sent directly back to the computer, not just the e-mail account, that sent them. Wrong, wrong, wrong. About the only thing which the article got right is that the program is called FairUCE. FairUCE, according to IBMs own FairUCE website, readily available for anyone to read (coughCNN reporters..cough), is a spam filter that stops spam by verifying sender identity instead of filtering content. Lets say that again: FairUCE is a spam filter that stops spam by verifying sender identity instead of filtering content. If FairUCE cant verify sender identity, then it goes into challenge-response mode, sending a challenge email to the sender, to which the sender must reply, to demonstrate that it is not a spambot sending the mail in question, but a real live person. Here is IBMs explanation of how the FairUCE system works: Technically, FairUCE tries to find a relationship between the envelope senders domain and the IP address of the client delivering the mail, using a series of cached DNS look-ups. For the vast majority of legitimate mail, from AOL to mailing lists to vanity domains, this is a snap. If such a relationship cannot be found, FairUCE attempts to find one by sending a user-customizable challenge/response. This alone catches 80% of UCE and very rarely challenges legitimate mail. Now, being kind, its possible that the good folks at CNN mistook the sending of the challenge for spamming the spammer (Rest at http://www.aunty-spam.com/ibm-not-spamming-spammers-fairuce-is-about- fair-use-not-abuse/) Anne While I wholeheartedly agree with much of the Aunty-Spam article, I also have to note that it appears the original erroneous claim was made by an IBM spokeperson. In the CNN/Money article, the following appears: IBM has previously offered anti-spam filter technology, but this is the first time the company has developed technology to send spam back to the spammer, according to IBM spokeswoman Kelli Gail. IBM is not concerned about liability, even in cases where innocent senders might be misidentified as spammers, because all the technology does is bounce back the e-mails, said Gail. That paragraph seems to be the basis for the entire articles claim--and attributes the sending back to the spammer idea to IBM. Perhaps we should expand the Just one more example of why people who are not technically knowledgable should not, you know, report on technology. statement to include technology company's non-technology-literate marketing people;) -- -- -Susan -- Susan Zeigler | Phairos Technologies [EMAIL PROTECTED] | 515.965.5338 I'm all in favor of keeping dangerous weapons out of the hands of fools. Let's start with typewriters. -- Frank Lloyd Wright
Re: Utah governor signs Net-porn bill
David Barak wrote: This is not correct - on network TV in utah, and on the family-friendly cableco feed, you can see the various prophylactic manufacturers' ads. Remember, this is about minors. I'm no expert on the Utah code, but a simple search showed: (1) It's illegal to offer contraceptive services to minors. (2) It's illegal to counsel minors about such services. (3) If they even ask, you're required to report them, and it's a criminal offense to fail to report them. So, Utah law _already_ means no links to Planned Parenthood et alia. Note well, everything about sex between unmarried persons (of any age) is illegal fornication. So those contraceptive ads had better have strict showing of married persons (Probably not well enforced.) In addition, the abortion section is egregiously unconstitutional, and they know it. So, they actually include sections on reversion when it's found unconstitutional -- but only by the US Supreme Court, in an attempt to keep trying for the years waiting on appeals. (See the rest of Title 76 chapter 7 Offenses against the Family.) And for those of you who actually read the new law, you'll notice that it prohibits pornography on-line. Anything, at any age. Blatantly unconstitutional (legally, only obscenity and actual child molestation can be prohibited -- and child means prepubescent). Note that the chapters on Offenses Against Family (7), Decency (9), and Morals (10) are more than 3 times as long as Property (6, which has all the usual stuff that most people think of as crime). Many of the statements I've seen here are very doom and gloom about Utah - honestly, folks, it's not THAT bad. Maybe not to the general public, but how do you get past all the bedroom peepers? Did you know your legislators were doing all this? And did you think about how this affects the Internet? Steven J. Sobol wrote: On Wed, 23 Mar 2005 [EMAIL PROTECTED] wrote: Finally, someone who recognizes what this bill is all about. It merely asks ISPs to provide parents with a filtering tool that cannot be overridden by their children because the process of filtering takes place entirely outside the home. Are you absolutely sure that that's all the bill will actually do? Obviously, Dillon didn't read Bellovin's pointers to the actual law. rant Folks, the Internet as we know it would not have existed had not certain persons (such as me) volunteered at their local political campaigns and made regular contact with their local politicians and political parties. Get off your behinds, and work on politics. That means going to a lot of meetings, and making phone calls, and writing letters. Not just on presidential election years, but all the time! It's important! (And besides, it's a good start on a social life for you desk jockeys.) The price of liberty is eternal vigilance. or vice versa. Conviction is worthless unless it is converted into conduct. http://www.freedomkeys.com/vigil.htm /rant And make sure your companies are funding CDT.org, EFF.org, and EPIC.org! -- William Allen Simpson Key fingerprint = 17 40 5E 67 15 6F 31 26 DD 0D B9 9B 6A 15 2C 32
Tier-2 reachability and multihoming
Hi there, I have been working on characterizing the internet hierarchy. I noticed that 27% of the total possible tier-2 provider node pairs are unreachable i.e., they dont have any tier-1 node connecting them nor a direct peering link between them. Multihoming can be used as a predominant reason for the reachability of tier-3 nodes which are customers of these nodes, but what about the reachability of tier-2 nodes themselves and its customers which cannot afford to multihoming? How does BGP solve this reachability problem when it gets a request to a prefix unreachable? 1tier-1 / 2 4 tier-2 / \/ \ 5 6 7 8 tier-3 here, nodes 2 and 4 have no reachability, 1 / | 2 3 4 / \ \/ \ 5 6 7 8 now, node 7 is reachable from 2 and its lower level nodes, but what about node 4 and 8, and as a typical case, suppose nodes 4 and 8 have no multihoming whatsoever, what then? Regards, pavan
Re: Tier-2 reachability and multihoming
[cisco-nsp-request@ snipped, since it does not seem to belong] Le 23 mars 2005, à 23:15, G Pavan Kumar a écrit : here, nodes 2 and 4 have no reachability, 1 / | 2 3 4 / \ \/ \ 5 6 7 8 now, node 7 is reachable from 2 and its lower level nodes, but what about node 4 and 8, and as a typical case, suppose nodes 4 and 8 have no multihoming whatsoever, what then? If the verticial position on the page indicates some kind of hierarchy (e.g. 2 and 3 are transit customers of 1, 7 is a transit customer of 3 and 4) then 4 has transit customers but no peering or transit. I would suggest this is not indicative of a realistic business plan in the real network. Joe
Re: IBM to offer service to bounce unwanted e-mail back to the
This software is free at http://www.alphaworks.ibm.com/tech/fairuce -henry --- Anne P. Mitchell, Esq. [EMAIL PROTECTED] wrote: On Mar 23, 2005, at 12:37 PM, RSK wrote: On Tue, Mar 22, 2005 at 10:24:37AM -0800, Andreas Ott wrote: http://money.cnn.com/2005/03/22/technology/ibm_spam/ If this write-up is accurate, It's not. From the http://www.aunty-spam.com website: IBM Not Spamming Spammers! FairUCE is About Fair Use, Not Abuse! Did you hear? IBM is spamming spammers! Its all over the Internet, and tongues are awagging! Except, it aint so. IBM is not spamming spammers. Whether you think that spamming spammers is right or wrong, IBM aint doing it, and shame on CNN for getting it so wrong, and making IBM look so irresponsible, and in league with the likes of Lycos Make Love Not Spam DOSsing Screensaver program, and the notorious Mugu Maurauder bandwidth sucking program. You cant really blame the folks who read CNNs horribly wrong piece for spreading the rumour, after all it was quite sensationalist: Spamming spammers? IBM to offer service to bounce unwanted e-mail back to the computers that sent them. March 22, 2005: 12:22 PM EST NEW YORK (CNN/Money) - IBM unveiled a service Tuesday that sends unwanted e-mails back to the spammers who sent them. The new IBM (Research) service, known as FairUCE, essentially uses a giant database to identify computers that are sending spam. E-mails coming from a computer on the spam database are sent directly back to the computer, not just the e-mail account, that sent them. Wrong, wrong, wrong. About the only thing which the article got right is that the program is called FairUCE. FairUCE, according to IBMs own FairUCE website, readily available for anyone to read (cough CNN reporters..cough), is a spam filter that stops spam by verifying sender identity instead of filtering content. Lets say that again: FairUCE is a spam filter that stops spam by verifying sender identity instead of filtering content. If FairUCE cant verify sender identity, then it goes into challenge-response mode, sending a challenge email to the sender, to which the sender must reply, to demonstrate that it is not a spambot sending the mail in question, but a real live person. Here is IBMs explanation of how the FairUCE system works: Technically, FairUCE tries to find a relationship between the envelope senders domain and the IP address of the client delivering the mail, using a series of cached DNS look-ups. For the vast majority of legitimate mail, from AOL to mailing lists to vanity domains, this is a snap. If such a relationship cannot be found, FairUCE attempts to find one by sending a user-customizable challenge/response. This alone catches 80% of UCE and very rarely challenges legitimate mail. Now, being kind, its possible that the good folks at CNN mistook the sending of the challenge for spamming the spammer (Rest at http://www.aunty-spam.com/ibm-not-spamming-spammers-fairuce-is-about- fair-use-not-abuse/) Anne
Re: Tier-2 reachability and multihoming
--On Wednesday, March 23, 2005 4:54 PM +0530 G Pavan Kumar [EMAIL PROTECTED] wrote: Hi there, I have been working on characterizing the internet hierarchy. I noticed that 27% of the total possible tier-2 provider node pairs are not connected i.e., they dont have any tier-1 node connecting them nor a direct peering link between them. Multihoming can be used as a predominant reason for the reachability of tier-3 nodes which are customers of these nodes, but what about the reachability of tier-2 nodes themselves and its customers which cannot afford to multihoming? How does BGP solve this reachability problem when it gets a request to a prefix unreachable? I think that likely you're looking at partial data (well i am sure you are, since i'm part of the internet and you didn't' get routing data from me...) and not seeing paths because of that. The BGP tables of a single node list all outward paths to other places. Thus from a single sample point it is totally impossible to 'map' the internet. Not to mention the *constant* change in routing.
Vonage sold over not clearly informing customers re 911 service lacking
http://www.cnn.com/2005/TECH/internet/03/23/internet.phones.911.ap/index.html
Re: Tier-2 reachability and multihoming
On Wed, 23 Mar 2005, Michael Loftis wrote: I think that likely you're looking at partial data (well i am sure you are, since i'm part of the internet and you didn't' get routing data from me...) Duh ! and not seeing paths because of that. The BGP tables of a single node list all outward paths to other places. Thus from a single sample point it is totally impossible to 'map' the internet. Not to mention the *constant* change in routing. Actually, I am not doing what you think I am. I am using the RouteViews aggregation of the BGP routing tables. RouteViews is a project at the univ. of Oregon that peers with backbones and other ASes at interesting locations so as to make it as comprehensive as possible. Also, it updates the data every 2 hours of everyday. So, I am looking at almost full and fresh data :
Re: Tier-2 reachability and multihoming
i don't thing an operator or seasoned researcher would characterize route-views or ripe ris as almost full data. they provide such a small and narrow peek as to require great caution when dealing with them. considering the topologies you suggest, folk may legitimately wonder if perhaps you have not exercised sufficient caution. randy
Re: Vonage SUED over not clearly informing customers re 911 service lacking
On 03/23/05, Sam Hayes Merritt, III [EMAIL PROTECTED] wrote: Subject: Re: Vonage sold over not clearly informing customers re 911 service lacking http://www.cnn.com/2005/TECH/internet/03/23/internet.phones.911.ap/index.html That's sued, not sold. And it's a silly case, 'cause Vonage goes to great lengths to remind new subscribers to configure the service with the real, physical location of their phone. Or at least, they bugged me a lot when I signed up late last year. -- J.D. Falk uncertainty is only a virtue [EMAIL PROTECTED]when you don't know the answer yet
Re: Utah governor signs Net-porn bill
On March 23, 2005 at 10:44 [EMAIL PROTECTED] ([EMAIL PROTECTED]) wrote: Finally, someone who recognizes what this bill is all about. It merely asks ISPs to provide parents with a filtering tool that cannot be overridden by their children because the process of filtering takes place entirely outside the home. I assume one can opt out of this statutory filtering voluntarily. What's to stop their children (think teens not infants) from doing that as easily as they might disable a local filter? Ok, require ISPs to figure out how to secure against that, password management or whatever. Oh good, another arms race as kids pass around how to by-pass the filters at school...I know, use unlimited national cell rates to dial an out of state ISP. Or find a remote proxy to use. etc. It's not very hard, and if one kid figures it out the others just have to follow the formula. I have a better idea, why doesn't the Utah legislature just outlaw cancer. Wouldn't that do a lot more people a lot more good? Are those lawmakers in favor of people, CHILDREN!, suffering and dying of cancer? Shame on them! -- -Barry Shein Software Tool Die| [EMAIL PROTECTED] | http://www.TheWorld.com Purveyors to the Trade | Voice: 617-739-0202| Login: 617-739-WRLD The World | Public Access Internet | Since 1989 *oo*
Re: Tier-2 reachability and multihoming
On Mar 24, 2005, at 12:06 AM, G Pavan Kumar wrote: On Wed, 23 Mar 2005, Michael Loftis wrote: I think that likely you're looking at partial data (well i am sure you are, since i'm part of the internet and you didn't' get routing data from me...) Duh ! Not nice to make fun of people who are trying to help you. and not seeing paths because of that. The BGP tables of a single node list all outward paths to other places. Thus from a single sample point it is totally impossible to 'map' the internet. Not to mention the *constant* change in routing. Actually, I am not doing what you think I am. I am using the RouteViews aggregation of the BGP routing tables. RouteViews is a project at the univ. of Oregon that peers with backbones and other ASes at interesting locations so as to make it as comprehensive as possible. Also, it updates the data every 2 hours of everyday. So, I am looking at almost full and fresh data : Unfortunately, the paragraph above shows me that there are errors in your base assumptions about how the Internet works. A couple of people have tried to point this out to you, you should listen instead of telling them why they are wrong. It is bad to base conclusions on incorrect assumptions. It is even worse to assume those of whom you ask for help know less than you do about the topic at hand. I am very sorry that you spent a lot of time probably doing good work digging through the route-views archives but have seem to come to false conclusions. It can be difficult to admit hard work has come to a bad end. However, it might not have been a waste. You seem to have the motivation, time, and energy to research the topic, perhaps your research can be quickly applied to different data, or in a different way? Might I suggest a Google search for past research on Internet topology? I believe the University of Oregon has done some. :) And CAIDA. And many others. Many are still doing research and happy to collaborate. Good luck in your research. -- TTFN, patrick