Re: Fixing DNS Glue

[Lewis Butler]

[Sorry about the lack of References and In-reply-to headers, but I  
just subbed and am replying based on a web hit]



Matthew Elvey  said:
RP emailed me privately with info on how to change a domain's  
authoritative name servers using GoDaddy's interface.


Could you send me the details on this.  I am having a similar problem.

(I've temporarily solved it by setting a A record to my web server  
(which is also my ns2 server and mailhost, so it has three A  
records.  Oh well.)





--
"Oh damn", said Maladict.

Re: Operational: Wiltel Peering with MCI problems around D.C (resolved)

[Rich Emmings]

This issue is resolved.

Thanks to all who responsed on and off list.

On Thu, 18 Aug 2005, Rich Emmings wrote:

Anyone else (Wiltel customers especially) running into an operational issue 
around D.C. with partial connectivity

Re: New N.Y. Law Targets Hidden Net LD Tolls

[David Lesher]

Speaking on Deep Background, the Press Secretary whispered:
> 
> 
> Not unreasonable at all (although personally, I like
> the TX-style "all your long distance are 11D, else
> 10D" approach).  Simple consumer protection, similar
> to the 


Ahem; MD has to me the most viable approach:

type:   local   toll

7D  NFG NFG
10D OK  NFG
11D OK  OK


where the defn of toll is "by the minute". 

Face it, 7D is dead; and even if overlays had not arrived,
cell phones would have killed it. Once you learn to think 10D,
it's trivial.

But there are some people who are too stubborn and pigheaded^Y^Y^Y
feel differently about this issue...

That said; this is getting OT for NANOG..






-- 
A host is a host from coast to [EMAIL PROTECTED]
& no one will talk to a host that's close[v].(301) 56-LINUX
Unless the host (that isn't close).pob 1433
is busy, hung or dead20915-1433

Re: Blocking certain terrorism/porn sites and DNS

[Hannigan, Martin]

Title: Re: Blocking certain terrorism/porn sites and DNS







Since when is Internet email reliable?



 -Original Message-
From:   J. Oquendo [mailto:[EMAIL PROTECTED]]
Sent:   Thu Aug 18 14:38:31 2005
To: [EMAIL PROTECTED]
Cc: William Allen Simpson
Subject:    Re: Blocking certain terrorism/porn sites and DNS



On Thu, 18 Aug 2005, William Allen Simpson wrote:

> Apparently, you did  Of course, repeated posting here will vastly
> improve your opportunity to examine binaries handily delivered directly
> to your own email box.  ;-)

"handily delivered directly to your own email box." I take note of "your
own email box." So again I ask, how do you propose dealing with mail that
was "handily delivered" to your clients' email boxes. Or would you just be
assuming "if test -f LOOKS_LIKE_MY_EMAIL then filter_that".

Either way you want to cut your comment it would take a bit of snooping to
parse out traffic not destined to your own email box(es). So what do you
tell your customer "Oh by the way we had to snoop in on your sessions to
stop some new and improved MS uberworm." If so, when do you do it,
when your network is crawling, after the fact... What if you're off by one
and accidentally filter out say a contract worth a lot. Again, if I'm
missing something by all means e-smack me.

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
J. Oquendo
GPG Key ID 0x97B43D89
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x97B43D89

To conquer the enemy without resorting to war is the most
desirable.  The highest form of generalship is to conquer
the enemy by strategy." - Sun Tzu

Re: Operational: Wiltel Peering with MCI problems around D.C

[Christopher L. Morrow]

On Thu, 18 Aug 2005, Fergie (Paul Ferguson) wrote:

>
> Would this be affecting MIT, too?
>
> I've been noticing some very odd connectivity issues
> between here (Austin) and the CSAIL at MIT
>

I sent rick a note earlier ( 3 mins earlier) but...

 3  0.so-5-3-3.XL2.DCA6.ALTER.NET (152.63.36.178)  34.345 ms  96.145 ms
6.727 ms
 4  0.so-6-0-0.XL2.IAD8.ALTER.NET (152.63.38.141)  23.129 ms  9.528 ms
9.173 ms 5  POS7-0.GW4.IAD8.ALTER.NET (152.63.41.33)  9.033 ms  8.954 ms
8.963 ms
 6  wcgGigE-gw2.customer.alter.net (157.130.30.246)  9.289 ms  8.973 ms
8.927 ms
 7  hrndva1wcx2-pos6-0.wcg.net (64.200.240.193)  10.315 ms  9.967 ms
9.945 ms
 8  nycmny2wcx2-pos1-0-oc192.wcg.net (64.200.210.177)  15.496 ms  15.398
ms  15.807 ms
 9  nycmny2wcx3-pos11-3.wcg.net (64.200.68.98)  16.146 ms  16.202 ms
16.210 ms
10  spfdma1wce1-pos4-0.wcg.net (64.200.240.246)  20.835 ms  19.919 ms
30.491 ms11  65.77.95.162 (65.77.95.162)  21.480 ms  21.228 ms  21.296 ms
12  lgrc-rt-106-8.gw.umass.edu (128.119.2.193)  21.315 ms  21.032 ms
21.074 ms
13  troy.oit.umass.edu (128.119.175.37)  22.137 ms  21.580 ms  21.235 ms

traceroute to his MX host... if he replies I'd be happy to help, if there
ARE MIT issues as well, I'd offer to take a peek at that as well, provided
someone from MIT has some time to troubleshoot and details of the
'problem'.

> - ferg
>
>
>
> -- Rich Emmings <[EMAIL PROTECTED]> wrote:
>
> Anyone else (Wiltel customers especially) running into an operational issue
> around D.C. with partial connectivity
>
> It would seem MCI and Wiltel around D.C. have a 'informal' peering
> relationship and it's been errored right now for about 39 hours with a
> half-duplex route announcement.  This has been effecting us with some loss
> of connectivity that's not there when we test same sites from other ISP
> clouds.  Since it's informal, the help desk system at one or both ands may
> be having problem entering a ticket w/o an account number for the circuit.
>
> The usual channels are not producting results, and we're starting to get
> engineers on the lower end of the evoluationary food chain and finger
> pointing between wgc & mci that's not helping.  Tried a pch, haven't heard
> yet.
>
>   ...
>   5  nycmny2wcx2-pos0-0-oc192.wcg.net (64.200.68.157)  5.786 ms  6.510 ms 
> 6.114 ms
>   6  hrndva1wcx2-pos1-0-oc192.wcg.net (64.200.210.178)  12.029 ms  11.883 ms  
> 11.582 ms
>   7  washdc5lcx1-pos5-0.wcg.net (64.200.240.194)  12.840 ms  12.559 ms 12.887 
> ms
>   ...traffic dies
>
> --
> "Fergie", a.k.a. Paul Ferguson
>  Engineering Architecture for the Internet
>  [EMAIL PROTECTED] or [EMAIL PROTECTED]
>  ferg's tech blog: http://fergdawg.blogspot.com/
>

Re: What application runs on port 8094?

[Michael Loftis]

--On August 18, 2005 4:25:53 PM +0200 Lars Erik Gullerud <[EMAIL PROTECTED]> 
wrote:




Since the traffic was 8094/UDP it is definitely not BitTorrent, who uses
TCP transport.


Azureus, a very popular BT client, has a distributed tracker database 
mechanism, to get around overloaded/unreliable trackersit might run on 
that port by default, I honestly don't know.


--
"Genius might be described as a supreme capacity for getting its possessors
into trouble of all kinds."
-- Samuel Butler

Re: Blocking certain terrorism/porn sites and DNS

[Steven J. Sobol]

On Thu, 18 Aug 2005, Jay R. Ashworth wrote:

> I believe you've mispelt "Al Q'aeda".
> 
> You see the problem.

*Especially* with respect to English translations of Arabic names. How
many different ways are there to spell Saddam Husein? For that matter, how 
many different spellings did the media outlets use for Moammar Quaddafi? 

-- 
Steve Sobol, Professional Geek   888-480-4638   PGP: 0xE3AE35ED
Company website: http://JustThe.net/
Personal blog, resume, portfolio: http://SteveSobol.com/
E: [EMAIL PROTECTED] Snail: 22674 Motnocab Road, Apple Valley, CA 92307

Re: Blocking certain terrorism/porn sites and DNS

[Randy Bush]

> Can someone point me to a mailing list that discusses netops? I seem
> to have stumbled across the net.kook terrorism rant list by accident.

sorry, no.  the one i frequent seems to have gone over to the amateur
telco lawyers.  maybe should we invade a lawyers' list?

randy

Whois Query Changes in the .ORG Registry, 20 August 2005 (2-day Notice)]

[Rick Wesson]

FYI

-rick

 Original Message 
Subject: [Org-Registrars] Whois Query Changes in the .ORG Registry,	20 
August 2005 (2-day Notice)

Date: Thu, 18 Aug 2005 13:47:36 -0400
From: PIR Technical Support <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]

Dear Registrars,

Please be advised that on 20 August 2005 between 15:00 and 17:00 UTC,
the .ORG Whois (including port 43 and www.pir.org) is scheduled for
downtime and will be unavailable.

Please note that the .ORG Registry System will continue to operate
normally and the Shared Registration System (SRS) and the Web-based
Admin Interface will remain available. Registering and manipulating
domain names and other registry objects will be possible. Domains will
continue to resolve normally.

During this downtime, PIR will implement the following changes to the
Whois function for the .ORG Registry System.

1. Whois access for public Port 43 will be restricted to 4 queries per
minute per unique IP address.
2. Registrars will be provided with additional access to Whois via a
dedicated Whois server, whois2.publicinterestregistry.net.

These changes are being made in response to the requests we have
received from registrars and registrants to minimize the potential for
data mining the .ORG Registry's Whois records.

Whois Access for Public Port 43
***

To reduce abusive use of the public Whois and ensure access for
legitimate users, PIR is executing changes necessary to restrict Whois
access to the public Port 43 to a maximum of 4 queries per minute per IP
address. When a user exceeds the lookup quota allocated, the system will
respond with an appropriate message.

Registrar Specific Whois Access


All .ORG registrars will be provided with a dedicated Whois access
server, whois2.publicinterestregistry.net. Registrars will still be able
to access the public Port 43 Whois server, though the 4 queries per
minute limitation will exist if this access mechanism is used. It is
recommended that registrars utilize the separate dedicated Whois server
that will be explicitly for registrar use. This access will allow
registrars to have a less restrictive access of 50 queries per minute
per source IP to Whois information. This dedicated Whois server will be
available from a different hostname/IP address than the public Whois
service. Additional information regarding registrar access to the
dedicated Whois server and IP/Subnet requirements are located at
https://www.pir.org/registrars/registrar_relations/faqs/whois_limitation.
Registrars may choose to utilize both the public Whois on Port 43 and
the separate dedicated server concurrently.

Should you have any questions, please contact PIR Technical Support.

Sincerely,

PIR Technical Support
<[EMAIL PROTECTED]>
+1.416.646.3308

Re: Operational: Wiltel Peering with MCI problems around D.C

[Richard A Steenbergen]

On Thu, Aug 18, 2005 at 03:41:56PM -0400, Rich Emmings wrote:
> 
> Anyone else (Wiltel customers especially) running into an operational issue 
> around D.C. with partial connectivity
> 
> It would seem MCI and Wiltel around D.C. have a 'informal' peering 
> relationship and it's been errored right now for about 39 hours with a 
> half-duplex route announcement.  This has been effecting us with some loss 

Informal peering relationship with a half duplex route announcement? Is 
this some really obscure way of saying someone is leaking routes? Trust 
me, there is no such thing as an "informal" peering relationship with MCI.

> of connectivity that's not there when we test same sites from other ISP 
> clouds.  Since it's informal, the help desk system at one or both ands may 
> be having problem entering a ticket w/o an account number for the circuit.

I don't think so. Whether it is a peer or a transit relationship, nothing 
that big between those parties is informal, undocumented, or unticketable. 
Besides, in this case, WCG buys transit from MCI:

GigabitEthernet5-0.GW4.IAD8.ALTER.NET (157.130.30.245)

Name:wcgGigE-gw2.customer.alter.net
Address:  157.130.30.246

I will take your word tht something is broken though, as the traceroute 
from Washington DC to www.mci.com via http://lookingglass.wcg.net is:

Tracing the route to global.mci.com (164.109.35.20)

1 so-0-0-0.edge2.Washington1.Level3.net (4.68.127.25) [AS 3356] 0 msec 0 msec 0 
msec
2 * * * 
3 * * *
...

> The usual channels are not producting results, and we're starting to get 
> engineers on the lower end of the evoluationary food chain and finger 
> pointing between wgc & mci that's not helping.  Tried a pch, haven't heard 
> yet.

Are you actually a customer of either one? If so, you ring them up and 
stay on the phone until they address the problem. If not, take a stab at 
it that WCG is the most interested party in getting it fixed, and try 
nagging them some more. :)

-- 
Richard A Steenbergen <[EMAIL PROTECTED]>   http://www.e-gerbil.net/ras
GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)

Re: New N.Y. Law Targets Hidden Net LD Tolls

[Valdis . Kletnieks]

On Thu, 18 Aug 2005 13:47:11 CDT, Robert Bonomi said:
> All true, but *WHY* is that 'accidentally dialing a non-local ISP number'
> the *ISP's* fault??

Because the ISP gave the number to the user, often accompanied by text that 
implied
that the number provided was an economical way to get connected.

"Here's a list of our local numbers:"

"Here's a list of our numbers in your area code.  Some numbers may be toll calls
from some locations in the area code, please double-check."

As far as I can tell, they're requiring the second rather than the first.

Move along, nothing to see... ;)



pgpJ5gkgpQKbN.pgp
Description: PGP signature

Re: Operational: Wiltel Peering with MCI problems around D.C

[Fergie (Paul Ferguson)]

Would this be affecting MIT, too?

I've been noticing some very odd connectivity issues
between here (Austin) and the CSAIL at MIT

- ferg



-- Rich Emmings <[EMAIL PROTECTED]> wrote:

Anyone else (Wiltel customers especially) running into an operational issue 
around D.C. with partial connectivity

It would seem MCI and Wiltel around D.C. have a 'informal' peering 
relationship and it's been errored right now for about 39 hours with a 
half-duplex route announcement.  This has been effecting us with some loss 
of connectivity that's not there when we test same sites from other ISP 
clouds.  Since it's informal, the help desk system at one or both ands may 
be having problem entering a ticket w/o an account number for the circuit.

The usual channels are not producting results, and we're starting to get 
engineers on the lower end of the evoluationary food chain and finger 
pointing between wgc & mci that's not helping.  Tried a pch, haven't heard 
yet.

  ...
  5  nycmny2wcx2-pos0-0-oc192.wcg.net (64.200.68.157)  5.786 ms  6.510 ms 6.114 
ms
  6  hrndva1wcx2-pos1-0-oc192.wcg.net (64.200.210.178)  12.029 ms  11.883 ms  
11.582 ms
  7  washdc5lcx1-pos5-0.wcg.net (64.200.240.194)  12.840 ms  12.559 ms 12.887 ms
  ...traffic dies

--
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 [EMAIL PROTECTED] or [EMAIL PROTECTED]
 ferg's tech blog: http://fergdawg.blogspot.com/

Re: New N.Y. Law Targets Hidden Net LD Tolls

[Andreas Ott]

Hi,
On Thu, Aug 18, 2005 at 03:54:38AM -0400, Richard A Steenbergen wrote:
> To quote the original pasted article:
> 
> > Consumers, however, must act on the warning that Internet providers must 
> > soon post by contacting their phone companies to find out whether a 
> > number is truly local.

It used to be standard practice until last year that SBC (dial-up and DSL
provider here in this area, as well as the 'Bell' phone company) let you
look up dial-in numbers for 'your' local area code and exchange. However,
the results only came back without any numbers in your own area code,
just the ones from other area codes where they had dial-in numbers. If you
did not know how to work the system, you would be using one of the numbers
that are truly a toll call for you. And you'd pay to SBC-the_phone_company
to get to SBC-the_ISP because the ISP withheld the local numbers from you.
The way how to work the system was to enter another valid area code and
exchange, then look for dial-in numbers in your area code and finally
determine (e.g. by checking in the listing in the local phone book front
pages or by inquiring from the 'dial zero' operator) which of the numbers 
are inside your toll free calling area.

Since then (I can't tell exactly when, because I only used this lookup
feature when I was about to travel out of town) SBC has changed this
practice and you can get all numbers listed from their search page at
http://sbcyahoo.prodigy.net/openPhone/ . Note the disclaimer explanations
right on that page "Long Distance Charges" and "Finding the Best Exchange
for You".

-andreas
-- 
Andreas Ott[EMAIL PROTECTED]

Operational: Wiltel Peering with MCI problems around D.C

[Rich Emmings]

Anyone else (Wiltel customers especially) running into an operational issue 
around D.C. with partial connectivity


It would seem MCI and Wiltel around D.C. have a 'informal' peering 
relationship and it's been errored right now for about 39 hours with a 
half-duplex route announcement.  This has been effecting us with some loss 
of connectivity that's not there when we test same sites from other ISP 
clouds.  Since it's informal, the help desk system at one or both ands may 
be having problem entering a ticket w/o an account number for the circuit.


The usual channels are not producting results, and we're starting to get 
engineers on the lower end of the evoluationary food chain and finger 
pointing between wgc & mci that's not helping.  Tried a pch, haven't heard 
yet.


 ...
 5  nycmny2wcx2-pos0-0-oc192.wcg.net (64.200.68.157)  5.786 ms  6.510 ms 6.114 
ms
 6  hrndva1wcx2-pos1-0-oc192.wcg.net (64.200.210.178)  12.029 ms  11.883 ms  
11.582 ms
 7  washdc5lcx1-pos5-0.wcg.net (64.200.240.194)  12.840 ms  12.559 ms 12.887 ms
 ...traffic dies

Re: Blocking certain terrorism/porn sites and DNS

[Steven Champeon]

Can someone point me to a mailing list that discusses netops? I seem
to have stumbled across the net.kook terrorism rant list by accident.

Thanks!

-- 
hesketh.com/inc. v: +1(919)834-2552 f: +1(919)834-2554 w: http://hesketh.com
antispam news, solutions for sendmail, exim, postfix: http://enemieslist.com/

Re: New N.Y. Law Targets Hidden Net LD Tolls

[Robert Bonomi]

> Cc: <[EMAIL PROTECTED]>
> Subject: Re: New N.Y. Law Targets Hidden Net LD Tolls
> Date: Thu, 18 Aug 2005 12:53:43 -0500
> Thus spake "Robert Bonomi" <[EMAIL PROTECTED]>
> > *NOT* "other people's fraud".  Just when you have 'intra-LATA' toll
> > charges for some numbers within a single area-code.  If the user is
> > on one side of the area-code, and the provider's POP is on the far
> > side of it, you can have a what appears to be a 'local' number, that
> > does incur non-trivial per-minute charges.  Without knowing _where_
> > a particular prefix is, you can't tell whether there will be toll charges
> > for that call, or not, from any given call origin.
>
> That's why some states (e.g. Texas) require that all toll calls be dialed as 
> 1+ _regardless of area code_, and local calls cannot be dialed as 1+.  If 
> you dial a number wrong, you get a message telling you how to do it properly 
> (and why).

In some places that "solution" is _not_practical_.  As in where the same
three digit sequence is in use as a C.O. 'prefix', *and* as an areacode.
(an where, in some 'perverse' situations, the foreign area-code is a 
'non-toll' call, yet the bare prefix within the areacode is a toll call.

It also becomes 'utterly meaningless', when _all_ calls incur a usage 
("message units" or something similar) charge.  

Re: Blocking certain terrorism/porn sites and DNS

[Conrad]

On 8/18/05, Daniel Golding <[EMAIL PROTECTED]> wrote:
> 
> 
> There are actually perfectly valid reasons for not blocking such sites, even
> if you feel (as I do) that jihadis are the enemies of civilization.


Enemies of Civilization? The defensive Jihad going on is simply a War
on US policies and defense of their land.

It's simply outrageous that after all the coverage and books that have
 been written on this subject (sept 11, bin laden, jihad, muslim
fundamentals) that some/most Americans still think that radical
islamists hate Americans, Freedom, and Democracy. It's simply false;
radical islamists hate American military on their land, Americans
defending and arming radical muslim dictators (think Saudi), who
prosecute and murder their people, and the western world exploiting
their countries natural resources, oil , to be sold at below fair
market value. They don't hate you or I, the only thing they hate is US
policy, if it were to change so would the world (for now).

Why were the sept 11 Hijackers Saudi? Because they hate the US support
of the dictators who are oppressing them.

By the way, where is the plane? Can anyone show proof of a plane
hitting the pentagon? A plane, debris, engines, luggage, remains?

Re: New N.Y. Law Targets Hidden Net LD Tolls

[David Barak]

--- Robert Bonomi <[EMAIL PROTECTED]> wrote:
> > A typical call to a dial-up ISP is what, a few
> hours? 
> > Multiple times per month?  Accidentally using a
> > non-local ISP number can result in a bill in the
> > hundreds of dollars pretty easily (also no pizza).
> 
> All true, but *WHY* is that 'accidentally dialing a
> non-local ISP number'
> the *ISP's* fault??

Who said anything about fault?  This is merely a
recognition on the part of Government that consumers
might make a costly mistake.  The Government decided
to tell ISPs to give the consumers an extra notice to
try to prevent that.  

Not unreasonable at all (although personally, I like
the TX-style "all your long distance are 11D, else
10D" approach).  Simple consumer protection, similar
to the 
requirement to publish both per item and per measured
unit pricing on foodstuffs...< /offtopic>

-David


David Barak
Need Geek Rock?  Try The Franchise: 
http://www.listentothefranchise.com

__
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

Re: New N.Y. Law Targets Hidden Net LD Tolls

[Robert Bonomi]

> From [EMAIL PROTECTED]  Thu Aug 18 11:04:41 2005
> Date: Thu, 18 Aug 2005 07:56:10 -0700 (PDT)
> From: David Barak <[EMAIL PROTECTED]>
> Subject: Re: New N.Y. Law Targets Hidden Net LD Tolls
> To: Sean Donelan <[EMAIL PROTECTED]>, nanog@merit.edu
>
>
>
>
> --- Sean Donelan <[EMAIL PROTECTED]> wrote:
> > I assume the NY AG will also be targeting
> > enforcement of Domino's Pizza
> > because they have lots of phone numbers and
> > consumers may unknowingly dial
> > a phone number to order a pizza which may be a toll
> > call in their area.
>
> A typical call to Domino's lasts < 2 minutes, and if
> it's not actually a local call, you're almost
> certainly not in the delivery area (and would get
> redirected to the correct store).  Accidentally
> dialing a nonlocal Domino's results in a $.10 bill
> (and no pizza).
>
> A typical call to a dial-up ISP is what, a few hours? 
> Multiple times per month?  Accidentally using a
> non-local ISP number can result in a bill in the
> hundreds of dollars pretty easily (also no pizza).

All true, but *WHY* is that 'accidentally dialing a non-local ISP number'
the *ISP's* fault??

Re: Blocking certain terrorism/porn sites and DNS

[J. Oquendo]

On Thu, 18 Aug 2005, William Allen Simpson wrote:

> Apparently, you did  Of course, repeated posting here will vastly
> improve your opportunity to examine binaries handily delivered directly
> to your own email box.  ;-)

"handily delivered directly to your own email box." I take note of "your
own email box." So again I ask, how do you propose dealing with mail that
was "handily delivered" to your clients' email boxes. Or would you just be
assuming "if test -f LOOKS_LIKE_MY_EMAIL then filter_that".

Either way you want to cut your comment it would take a bit of snooping to
parse out traffic not destined to your own email box(es). So what do you
tell your customer "Oh by the way we had to snoop in on your sessions to
stop some new and improved MS uberworm." If so, when do you do it,
when your network is crawling, after the fact... What if you're off by one
and accidentally filter out say a contract worth a lot. Again, if I'm
missing something by all means e-smack me.

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
J. Oquendo
GPG Key ID 0x97B43D89
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x97B43D89

To conquer the enemy without resorting to war is the most
desirable.  The highest form of generalship is to conquer
the enemy by strategy." - Sun Tzu

Re: Blocking certain terrorism/porn sites and DNS

[William Allen Simpson]

J. Oquendo wrote:


On Thu, 18 Aug 2005, William Allen Simpson wrote:
 


Funny thing though, they don't seem to call their sites "spam-king",
but instead "opt-in-real-big", or the equivalent.  So, we have to
examine their binaries to find the sites.
   



...  And how may I ask are you going to examine these
binaries via traffic. Isn't that to the tune of an illegal tap being you
would unlawfully check email in and out of your network. Or did I miss
something.
 


Apparently, you did  Of course, repeated posting here will vastly
improve your opportunity to examine binaries handily delivered directly
to your own email box.  ;-)

--
William Allen Simpson
   Key fingerprint =  17 40 5E 67 15 6F 31 26  DD 0D B9 9B 6A 15 2C 32

Re: New N.Y. Law Targets Hidden Net LD Tolls

[Stephen Sprunk]

Thus spake "Robert Bonomi" <[EMAIL PROTECTED]>

*NOT* "other people's fraud".  Just when you have 'intra-LATA' toll
charges for some numbers within a single area-code.  If the user is
on one side of the area-code, and the provider's POP is on the far
side of it, you can have a what appears to be a 'local' number, that
does incur non-trivial per-minute charges.  Without knowing _where_
a particular prefix is, you can't tell whether there will be toll charges
for that call, or not, from any given call origin.


That's why some states (e.g. Texas) require that all toll calls be dialed as 
1+ _regardless of area code_, and local calls cannot be dialed as 1+.  If 
you dial a number wrong, you get a message telling you how to do it properly 
(and why).


Sure, this is a little confusing for out-of-towners, but it makes it 
impossible to accidentally dial a toll call when you think you're dialing a 
local one, which is the reason the PUC decreed it several decades ago. 
Apparently NY is just now catching up with rednecks from the 70s.


S

Stephen Sprunk  "Those people who think they know everything
CCIE #3723 are a great annoyance to those of us who do."
K5SSS --Isaac Asimov 

Re: zotob - blocking tcp/445

[My Name]

On 8/18/05, Roger Marquis <[EMAIL PROTECTED]> wrote:
> 
> Andy Johnson wrote:
> > I think the point of many on this list is, they are a transit
> > provider, not a security provider. They should not need to filter
> > your traffic, that should be up to the end user/edge network to
> > decide for themselves.
> 
> How is this different from a transit provider allowing their network
> to be used for spam?  Seems the same hands-off argument was made wrt
> spam a decade ago but has since proved unsustainable.
> 

This is where the abuse teams at the service providers need to have
management approved thresholds for different types of abuse and be
empowered to take action.

If your customer is caught port scanning (hacking, worm propogation,
etc) twice within a two day time frame or something, the abuse team
should be able to null route/filter the ports without further warning.
 If they are spamming and after repeat notifications they do not stop,
have an escalation process that goes from suspension to termination of
service.  There are plenty of automated complaint scripts out there
for all types of abuse, so you don't have to look at everything
yourself.


> Our particular problem is with an ISP in Wisconsin, NETNET-WAN.  We
> get tens of thousands of scans to netbios ports every day from their
> /19.  This is several orders of magnitude more netbios than we see
> from the rest of the net combined.  It's eating nontrivial bandwidth
> and cpu that we pay real money for.  They've had our logs for months
> but seem incapable of doing anything about their infected customers.
> The suits recommend documenting time and bandwidth costs and sending
> a bill with a cease and desist request.
> 
> My question is not what can we do about bots, we already filter
> these worst case networks, but what can we do to make it worthwhile
> for bot-providers like NETNET to police their own networks without
> involving lawyers?
> 
> --
> Roger Marquis
> Roble Systems Consulting
> http://www.roble.com/
>

Re: Blocking certain terrorism/porn sites and DNS

[Will Yardley]

On Thu, Aug 18, 2005 at 01:50:08PM +0530, Abhishek Verma wrote:

> I have a doubt which i am sure a lot of people in this list would be
> able to help me with.
> 
> There was news that terror groups like Al Qaida, etc. are using
> internet to promote their terror links and these web sites provide
> online training on how one could assemble bombs, etc.
> 
> The community as a whole wants to close all such web sites. I dont
> think there is any ambiguity there.

Really? I think there are a lot of people who would disagree with you
here.

w

Re: zotob - blocking tcp/445

[Peter Dambier]

Roger Marquis wrote:


Andy Johnson wrote:


I think the point of many on this list is, they are a transit
provider, not a security provider. They should not need to filter
your traffic, that should be up to the end user/edge network to
decide for themselves.



How is this different from a transit provider allowing their network
to be used for spam?  Seems the same hands-off argument was made wrt
spam a decade ago but has since proved unsustainable.

Our particular problem is with an ISP in Wisconsin, NETNET-WAN.  We
get tens of thousands of scans to netbios ports every day from their
/19.  This is several orders of magnitude more netbios than we see


from the rest of the net combined.  It's eating nontrivial bandwidth


and cpu that we pay real money for.  They've had our logs for months
but seem incapable of doing anything about their infected customers.
The suits recommend documenting time and bandwidth costs and sending
a bill with a cease and desist request.

My question is not what can we do about bots, we already filter
these worst case networks, but what can we do to make it worthwhile
for bot-providers like NETNET to police their own networks without
involving lawyers?



Route them through a modem using 4800 Baud. They will very soon look
what is eating their bandwidth and hopefully find those netbios packets.

Blocking port 445 will prevent me from using "ssh -p 455" to reach my
clients. Using 4800 baud will slow me down but it will not stop me working.

Does anyone really use port 22 for ssh? I cannot use it because of all
those wordbook attacks. Nobody cares to stop those.

Regards,
Peter and Karin Dambier


--
Peter and Karin Dambier
Public-Root
Graeffstrasse 14
D-64646 Heppenheim
+49-6252-671788 (Telekom)
+49-179-108-3978 (O2 Genion)
+49-6252-750308 (VoIP: sipgate.de)
+1-360-448-1275 (VoIP: freeworldialup.com)
mail: [EMAIL PROTECTED]
http://iason.site.voila.fr
http://www.kokoom.com/iason

Re: zotob - blocking tcp/445

[Andy Johnson]

If you have an offending network that does not respond to 
abuse/complaints, your best course of action is to no longer communicate 
with that network. That is your own choice as an end-user/network operator.


Complaining to their upstream or transit provider will only get them to 
switch providers. The traffic will continue. An alternative solution as 
you mentioned, involves some laywers, and attempt to recover 
compensation for the damages. Good luck with that one though. From the 
looks of it, you'll spend more money in court than you would have just 
blocking them.


We can't force other networks to "play nice". As we all know, the 
Internet is an open network. Protect yourself, and make sure you are not 
one of the internet scum sending out this stuff, but don't depend on 
others to play nice with you.


Transit providers should not be CONTENT filtering their customers (for 
free anyways, I'm all for selling security services). This does not mean 
they have no responsibility to keep a proper abuse/security staff. If a 
transit provider has a customer who is constantly infecting/spamming/etc 
and fails to act, by all means take action and drop the customer.


My main point is, if we depend on our transit providers to act as 
Internet nannies, we are promoting poor end-user network management.



---
Andy

Roger Marquis wrote:

How is this different from a transit provider allowing their network
to be used for spam?  Seems the same hands-off argument was made wrt
spam a decade ago but has since proved unsustainable.

Our particular problem is with an ISP in Wisconsin, NETNET-WAN.  We
get tens of thousands of scans to netbios ports every day from their
/19.  This is several orders of magnitude more netbios than we see
from the rest of the net combined.  It's eating nontrivial bandwidth
and cpu that we pay real money for.  They've had our logs for months
but seem incapable of doing anything about their infected customers.
The suits recommend documenting time and bandwidth costs and sending
a bill with a cease and desist request.

My question is not what can we do about bots, we already filter
these worst case networks, but what can we do to make it worthwhile
for bot-providers like NETNET to police their own networks without
involving lawyers?

Re: Blocking certain terrorism/porn sites and DNS

[J. Oquendo]

On Thu, 18 Aug 2005, William Allen Simpson wrote:

> Bad assumption.  After all, terrorist is poorly defined, and from the
> perspective of a particular government.

Interesting you say this, same comes to mind concerning terrorists using
so called cryptography simply because an agent of some government found
"crypt.dll" on a machine and decided "By the love of
INSERT_YOUR_DEITY_HERE they're using crypto now!"

> Funny thing though, they don't seem to call their sites "spam-king",
> but instead "opt-in-real-big", or the equivalent.  So, we have to
> examine their binaries to find the sites.

Isn't this sort of ironic. To "not" want to "police" yet want to examine
"binaries to find sites." And how may I ask are you going to examine these
binaries via traffic. Isn't that to the tune of an illegal tap being you
would unlawfully check email in and out of your network. Or did I miss
something.

As for filtering sites from Spam/Porn/etc., on the ISP level, someone
would have to be a complete reject to do so. I know I wouldn't want
anything filtered. On a corporate level, I right now have to filter a lot
of unwanted junk and recently had to tone down my filtering. HR woman
searched for sexual harrassment and could not get information because my
rules were stringent. Filtering on an ISP/NSP level I think is a horrible
idea because I believe everyone has the right to free speech and thought.
Filtering is also likely to introduce unwanted latency.


=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
J. Oquendo
GPG Key ID 0x97B43D89
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x97B43D89

To conquer the enemy without resorting to war is the most
desirable.  The highest form of generalship is to conquer
the enemy by strategy." - Sun Tzu

Re: zotob - blocking tcp/445 (fwd)

[Bill Nash]

Resent to address formatting misbehaviour:

Source  proto   dstPort count
62.149.195.129  6   42  13018
203.69.204.250  6   445 12889
213.123.129.237 1   204812693
70.17.255.436   443 12685
217.132.56.139  6   489911056
209.181.111.12  6   135 8148
221.210.149.97  6   48997368
212.24.201.220  6   135 6451
172.131.83.244  6   135 6025
209.188.172.66  6   445 5055
80.177.36.162   6   445 4982
64.121.65.197   6   48994262
64.32.117.250   6   135 3954
213.144.99.241  6   445 3493
64.231.44.656   135 3157
213.123.129.237 6   139 2988
222.84.236.98   6   10232414
222.84.236.98   6   98982398
64.228.209.103  6   135 2305

Re: zotob - blocking tcp/445

[Bill Nash]

On Thu, 18 Aug 2005, Roger Marquis wrote:


My question is not what can we do about bots, we already filter
these worst case networks, but what can we do to make it worthwhile
for bot-providers like NETNET to police their own networks without
involving lawyers?


Establish and document a history that determines peering with that 
network, or it's providers, presents a significant risk to your network, 
or that of your customers.


If you've got a view into your traffic that looks like this:
(Select source, proto, dstPort, count(destination) from flows where 
packets < 4 group by source, proto, dstPort order by count descending)


Source  proto   dstPort count
62.149.195.129  6   42  13018 
203.69.204.250  6   445 12889 
213.123.129.237 1   204812693 
70.17.255.436   443 12685 
217.132.56.139  6   489911056 
209.181.111.12  6   135 8148 
221.210.149.97  6   48997368 
212.24.201.220  6   135 6451 
172.131.83.244  6   135 6025 
209.188.172.66  6   445 5055 
80.177.36.162   6   445 4982 
64.121.65.197   6   48994262 
64.32.117.250   6   135 3954 
213.144.99.241  6   445 3493 
64.231.44.656   135 3157 
213.123.129.237 6   139 2988 
222.84.236.98   6   10232414 
222.84.236.98   6   98982398 
64.228.209.103  6   135 2305


Determining who to consider peering with gets a lot easier. (ASN's left 
off to annoy the truly curious.)


As a provider, we don't want to be filtering heavily, as it invariably 
leads to making allowances for Customer X. The management overhead, as 
well as the impact on packet processing, is too great. It's easier for us 
to be able to monitor and report to our customers what's affecting them, 
and make sure they have the right tools in place to protect them from 
these kinds of shenanigans.


- billn

Re: zotob - blocking tcp/445

[Roger Marquis]

Andy Johnson wrote:

I think the point of many on this list is, they are a transit
provider, not a security provider. They should not need to filter
your traffic, that should be up to the end user/edge network to
decide for themselves.


How is this different from a transit provider allowing their network
to be used for spam?  Seems the same hands-off argument was made wrt
spam a decade ago but has since proved unsustainable.

Our particular problem is with an ISP in Wisconsin, NETNET-WAN.  We
get tens of thousands of scans to netbios ports every day from their
/19.  This is several orders of magnitude more netbios than we see
from the rest of the net combined.  It's eating nontrivial bandwidth
and cpu that we pay real money for.  They've had our logs for months
but seem incapable of doing anything about their infected customers.
The suits recommend documenting time and bandwidth costs and sending
a bill with a cease and desist request.

My question is not what can we do about bots, we already filter
these worst case networks, but what can we do to make it worthwhile
for bot-providers like NETNET to police their own networks without
involving lawyers?

--
Roger Marquis
Roble Systems Consulting
http://www.roble.com/

RE: New N.Y. Law Targets Hidden Net LD Tolls

[Brian Johnson]

 

> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On 
> Behalf Of David Lesher
> Sent: Thursday, August 18, 2005 8:31 AM
> To: nanog list
> Subject: Re: New N.Y. Law Targets Hidden Net LD Tolls
> 
> 
> > 
> > Pardon my ignorance, but don't most phone companies require 
> 10 digit dialing
> > for long-distance. We have similar situations in the rural 
> area I live in,
> > but the customers know if they dial more than 7 digits, it 
> WILL be long
> > distance.
> 
> No.
> 
> If you are in an overlay area, such as MD, parts of NoVA and
> many other states; then 10D is required for ALL local calls
> 
> MD does have 11D required for toll; but many states do not,
> inc. Virginia.
> 
> (This topic is the "vs vs emacs" of the telco world, btw.
> I'm strongly in the 11D for toll camp, but others I respect
> [Hi Mr. Mayor] feel it's a PITA to dial 10D on every call..)
> 
> This may have been inspired by ISP-set POP #'s. In a case I
> know of; a WebTV user did the setup via the 800#; and got told
> "867-5309" was local and it was automagically loaded into the
> WebTV box.
> 
> 90 days later, the phone bill arrived...
> 

Now on this one, throw the book at WebTV. If you are gonna make the settings
for the customer, you are responsibe for the results of your actions. But,
of course, I'm sure they have a disclaimer saying that it is your
responsibility to insure the number selected is a local call.

- Brian J

Re: Blocking certain terrorism/porn sites and DNS

[William Allen Simpson]

Abhishek Verma wrote:


coz i assumed that everyone wants to block such sites.
 


Bad assumption.  After all, terrorist is poorly defined, and from the
perspective of a particular government. 


For example, Hamas is considered a terrorist organization by Israel
and the US, but other governments note a "freedom fighter" humanitarian
organization that runs schools and medical facilities.  Zionists were
once considered terrorists by the British and the United Nations (the
settler that shot unarmed Palestinians yesterday would certainly count
even these days), yet those freedom fighters now have a country code
of their own.

Under a strict definition, the continuing zotob et alia attacks are
terrorism.  But we block their sites as a "police" of their actions
that hurt us on the Internet, rather than because of their thoughts.

Funny thing though, they don't seem to call their sites "spam-king",
but instead "opt-in-real-big", or the equivalent.  So, we have to
examine their binaries to find the sites.


sorry if i hurt some feelings.
 

It's not our feelings, it's that you didn't think of the consequences. 
Apparently, you need a bit of life experience, "Class of 2004".


Some of us remember there was a coup in Russia, and the Parliament was
being shelled.  They cut the phone lines, yet the Internet didn't go
down, and became the only method of communication.  Real-time reports
were passed across the border; international outrage helped save lives. 


Certain governments considered the export of packet switching technology
to Russia as treasonous.  Was it a good thing, anyway?


On 8/18/05, Randy Bush <[EMAIL PROTECTED]> wrote:
 


Again, I am not discussing "censoring ideas".
 


then why did you use emotionally loaded words such as "terrorist?
   


and "porn", which is also clearly in the eye of the beholder  ;-)
--
William Allen Simpson
   Key fingerprint =  17 40 5E 67 15 6F 31 26  DD 0D B9 9B 6A 15 2C 32

Community Update

[Betty Burke]

All:

As per the NANOG Charter, the first Steering Committee meeting, via
conference call, was held on August 11th.  Randy Bush has been selected to 
serve as chair.


The community can post messages to the SC, via [EMAIL PROTECTED]

Steering Committee information, including meeting minutes, is available at


The NANOG support staff and I, welcome the new SC members.  We remain
excited about the NANOG evolution process.  We encourage the community to 
continue to dialogue with the newly formed Steering Committee, the existing 
Program Committee, and Mail List Administrators.  There is a wonderful

group of people working to improve the process, and they value your input.

Sincerely,
Betty
NANOG Project Manager
Merit Network

Re: Blocking certain terrorism/porn sites and DNS

[Jeffrey I. Schiller]

Check out http://tor.eff.org. Of particular interest are "hidden services."

If you think you can block the use of the Internet... think again.

-Jeff
-- 
=
Jeffrey I. Schiller
MIT Network Manager
Information Services and Technology
Massachusetts Institute of Technology
77 Massachusetts Avenue  Room W92-190
Cambridge, MA 02139-4307
617.253.0161 - Voice
[EMAIL PROTECTED]

Re: India cites security concerns, blocks Huawei bid to expand their indian ops

[Steven M. Bellovin]

In message <[EMAIL PROTECTED]>, Valdis.Kletni
[EMAIL PROTECTED] writes:
>
>--==_Exmh_1124330148_3161P
>Content-Type: text/plain; charset=us-ascii
>
>> Requesting the source code and/or having access to it is really
>> meaningless unless you have the skill and capabilities to compile it
>> *and* use it.  There is no sure way to know that the source code in your
>> left hand is what was used to compile the binary in your right hand.
>
>Even if you compile your left hand into your right hand.  See Ken Thompson's
>"Reflections On Trusting Trust" (http://www.acm.org/classics/sep95/).  To
>complete the references, Reference 4 ("An unknown Air Force document") is
>Karger & Schell's paper on a Multics pen-test, which is available at
>http://www.acsac.org/2002/papers/classic-multics-orig.pdf
>
>Karger and Schell did a "30 years later" retrospective, also available at
>http://www.acsac.org/2002/papers/classic-multics.pdf
>
>Between the India/Huawei thing and the MS05-039 mess, this is a good time for
>everybody who hasn't read all 3 of them to read them - under 40 pages for all 
>3,
>and the 24 pages of the first Karger&Schell you can probably skim.)
>

Also bear in mind how hard it is to find a cleverly-concealed back 
door.  Think how hard it is for reviewers to find ordinary bugs, let 
alone one that someone tried to conceal.

--Steven M. Bellovin, http://www.cs.columbia.edu/~smb

CESM over IP vendor recommendations

[Malayter, Christopher]

Good Morning,

I am looking for recommendations for CESM over IP devices, in particular,
for carrying T1 traffic.

Please contact me off-list.

I will summarize all off-list responses if there is interest.

Chris Malayter
TDS Telecom - Network Services
Data Network Engineering
[EMAIL PROTECTED]
Phone: (608) 664-4878
FAX:(608) 664-4644

Fwd: zotob - blocking tcp/445

[My Name]

On 8/18/05, James Baldwin <[EMAIL PROTECTED]> wrote:
> On Aug 17, 2005, at 11:03 PM, routerg wrote:
>
> > What if you are a transit provider that serves ebay, yahoo, and/or
> > google and the worm is propogating over TCP port 80?
>
> No one is suggesting that anyone suspend reason when making a
> decision to temporarily, or permanently for that matter, block
> packets with a specific port setting. It is a unreasonable stretch to
> imagine a transit provider, serving Ebay, Yahoo, and/or Google, who
> will have a staff unreasonable enough to block TCP/80 to halt a virus
> from spreading.
>

I was only trying to make the point that it would be extremely
disruptive for enterprise class providers to filter ports all over the
place, regardless of the port number.  Today, the carrier class
providers are meant to provide a routing interface to the network.


> > Where will the filtering end?
>
> The "slippery slope" defense has never stood in logical arguments, I
> don't understand why it should stand anywhere else. Once again, no on
> is asking anyone to suspend reason when making decisions. No on is
> making the statement "You must block ports used by virii of any
> magnitude, permanently without thought or investigation.". It was
> suggested that for outbreaks of significant size and severity,
> networks should issue temporary blocks on ports with little
> legitimate use. Expanding that suggestion to encompass more is being
> disingenuous to the original intent of the suggester
>
> > Is your NSP/ISP responsible for filtering virii, spam, phishing?
>
> ISPs are held accountable by their customers, whether rightfully or
> wrongfully, for virii, spam, and phishing. Customers expect their ISP
> to investigate, filter, and otherwise secure their connection.
>

I would agree with this if we are talking about consumer markets.
Most cable/DSL providers have policies in place so that their
customers don't use the consumer class services to offer services, in
which case this type of mitigation is acceptable.  However, I've only
ever seen a handful of requests from enterprise class customers
wanting their network provider to filter spam on their behalf.
Usually they just want DoS attack traffic stopped upstream.  They
don't want their provider monitoring the contents of their packets.

> We are held accountable for the traffic we source. I feel comfortable
> exercising some caution with traffic which is destined to me,
> especially if it is going to create an issue where other networks
> will hold me accountable for the fallout.
>
> As someone eluded to earlier in the thread, customers expect to
> receive the traffic they want, and they expect their provider to
> prevent that which they did not request. Problems, support calls, and
> differences of opinion happen on the edge where those desires are not
> codified.
>

Re: Blocking certain terrorism/porn sites and DNS

[Florian Weimer]

> Why not just bring back the "evil bit" as a serious proposal?

I've recently discovered a useful application for the evil bit:
sandboxes for mobile code (think Java applets) can use it to instruct
firewalls not to open additional ports just because a client sends a
"PORT" command on a port 21/TCP connection. 8-)

Re: Blocking certain terrorism/porn sites and DNS

[Florian Weimer]

* Abhishek Verma:

> There was news that terror groups like Al Qaida, etc. are using
> internet to promote their terror links and these web sites provide
> online training on how one could assemble bombs, etc.

If I were interested in instructions for assembling bombs, I'd look
for U.S. militia sites, which happen to be protected by the First
Amendment.

> The community as a whole wants to close all such web sites.  I dont
> think there is any ambiguity there.

Some U.S. Americans value their free speech rights, so the agreement
is certainly not universal.

If I'm not mistaken, the U.S. are quite lenient on their own lunatic
fringe, especially if they wave the proper flags.

> As far as i understand if there is a website with the name of
> www.abc.com then it needs to register itself with the whois database
> (from network solutions) 

The central WHOIS database for .COM and .NET is NOT run by Network
Solutions.  Verisign (or the U.S. government) can only exercise
control over most ccTLDs in a very disruptive way, which is unlikely
to have a long-lasting effect if the ccTLD in question has any
commercial value (unlike .iq, for example).

> so that all the queries to this website can be forwarded to the
> corresponding nameserver.

I think you are interested in DNS, not WHOIS.  WHOIS is mostly
irrelevant in this discussion (except if you want to shut down sites
quickly, see the recent thread on this list).

> Now, if we want to block abc.com permanently then cant we simply
> remove this URL entry from the whois database?

The WHOIS database does not store URLs in the way you think it does.

The U.S. administration cannot police the entire DNS name space.  For
example, I can add new domain names under enyo.de, and no one will
know or can do anything about it (except maybe my brother and some
people who have access to a special WHOIS server).

Another example: There are many alleged child porn sites with host
names ending in .ru.  The U.S. government could ask IANA/Verisign to
remove the delegation of .ru from the root name servers, but it's
likely that those who have must access Russian sites (or whose
customers request it) simply resurrect the delegation locally, or use
some altenative set of DNS root servers.  (Direct action against .RU
sites is often infeasible, I'm told.)

Re: Blocking certain terrorism/porn sites and DNS

[bmanning]

 you seem to have a couple of ideas co-mingled.
) whois == dns  ...  there is zero technical requirement for 
  whois to exist.  removing or blocking entries in your whois
  of choice is trivial and painless. 
) URLs map to IP addresses.  ...  you can or your ISP can   
  filter based on IP address pretty easily.  You only task here 
  is to keep up with the DNS changes that move the URL to new
  IP space.
) there is NO centralized system here.  there are hundreds of
  whois systems in place and the DNS is structured so that
  responsibility is delegated... there would have to be worldwide
  agreement on not only what should be filtered but how.  And 
  that (worldwide agreement) is going to be hard to bring to pass.
  So just because the VSGN whois does not have the entry, does
  not mean that the IN whois does not have it either.  Or because
  VSNL blocks IP packets to certain prefixes does not mean they are
  not routed elsewhere in the Internet.
 --bill


On Thu, Aug 18, 2005 at 03:27:14PM +0530, Abhishek Verma wrote:
> 
> > It was bad enough back in the '90s when Internic refused to accept
> > registration of certain four letter words.  DNS is not a proper venue
> > for censoring ideas.
> 
> Again, I am not discussing "censoring ideas". I want to know if its
> indeed "tehnically" possible and feasible to block a website URL from
> being accessed.
> 
> > 
> > 
> > > No, that wasnt my point. I just wanted to make sure that my
> > > understanding of banning a hostname was indeed correct. We can this
> > > way atleast block all websites with *alqaida* domain names.
> > >
> > > I wanted to know if the arguments of "freedom of speech" etc. apply to
> > > the Internet also, wherein somebody could argue that no central
> > > authority can stop somebody from expressing their thoughts, etc.
> > 
> > Within the USA, arguments of "freedom of speech" DO apply.
> > 
> > Somebody can and should argue that no central authority
> > is entitled to stop somebody from expressing their thoughts.
> > 
> > IMHO, it is not the purpose of network operators to make value
> > judgments regarding the packets that we transport.
> > 
> > Why not just bring back the "evil bit" as a serious proposal?
> > 
> > 
> > Kevin Kadow
> > 
> 
> 
> -- 
> 
> --
> Class of 2004
> Institute of Technology, BHU
> Varanasi, India

RE: New N.Y. Law Targets Hidden Net LD Tolls

[Steven J. Sobol]

On Thu, 18 Aug 2005, Brian Johnson wrote:

> Pardon my ignorance, but don't most phone companies require 10 digit dialing
> for long-distance.

So I signed up for a trial of a spiffy service from RingCentral, who 
insist that they have numbers local to Victorville/Apple Valley, 
California, USA.

They assigned me 760-301-.

301 is Ridgecrest, an hour north of Victorville on US 395, and a toll 
call. 

But Verizon still allows 7D dialing for toll calls in this part of the 
country.

(RingCentral later told me "we just allow you to pick a city to determine 
which area code your number will be in" - no, morons, you advertise local 
numbers in Victorville, and you should just allow people to pick an area 
code without listing cities in that area code.)

And there are plenty of spots around the US where 10D dialing is required 
even for local, non-toll calls.


-- 
Steve Sobol, Professional Geek   888-480-4638   PGP: 0xE3AE35ED
Company website: http://JustThe.net/
Personal blog, resume, portfolio: http://SteveSobol.com/
E: [EMAIL PROTECTED] Snail: 22674 Motnocab Road, Apple Valley, CA 92307

Re: zotob - blocking tcp/445

[routerg]

On 8/18/05, James Baldwin <[EMAIL PROTECTED]> wrote:
> On Aug 17, 2005, at 11:03 PM, routerg wrote:
> 
> > What if you are a transit provider that serves ebay, yahoo, and/or
> > google and the worm is propogating over TCP port 80?
> 
> No one is suggesting that anyone suspend reason when making a
> decision to temporarily, or permanently for that matter, block
> packets with a specific port setting. It is a unreasonable stretch to
> imagine a transit provider, serving Ebay, Yahoo, and/or Google, who
> will have a staff unreasonable enough to block TCP/80 to halt a virus
> from spreading.
> 

I was only trying to make the point that it would be extremely
disruptive for enterprise class providers to filter ports all over the
place, regardless of the port number.  Today, the carrier class
providers are meant to proivde a routing interface to the network.


> > Where will the filtering end?
> 
> The "slippery slope" defense has never stood in logical arguments, I
> don't understand why it should stand anywhere else. Once again, no on
> is asking anyone to suspend reason when making decisions. No on is
> making the statement "You must block ports used by virii of any
> magnitude, permanently without thought or investigation.". It was
> suggested that for outbreaks of significant size and severity,
> networks should issue temporary blocks on ports with little
> legitimate use. Expanding that suggestion to encompass more is being
> disingenuous to the original intent of the suggester
> 
> > Is your NSP/ISP responsible for filtering virii, spam, phishing?
> 
> ISPs are held accountable by their customers, whether rightfully or
> wrongfully, for virii, spam, and phishing. Customers expect their ISP
> to investigate, filter, and otherwise secure their connection.
> 

I would agree with this if we are talking about consumer markets. 
Most cable/DSL providers have policies in place so that their
customers don't use the consumer class services to offer services, in
which case this type of mitigation is acceptable.  However, I've only
ever seen a handfull of requests from enterprise class customers
wanting their network provider to filter spam on their behalf. 
Usually they just want DoS attack traffic stopped upstream.  They
don't want their provider monitoring the contents of their packets.

> We are held accountable for the traffic we source. I feel comfortable
> exercising some caution with traffic which is destined to me,
> especially if it is going to create an issue where other networks
> will hold me accountable for the fallout.
> 
> As someone eluded to earlier in the thread, customers expect to
> receive the traffic they want, and they expect their provider to
> prevent that which they did not request. Problems, support calls, and
> differences of opinion happen on the edge where those desires are not
> codified.
>

Re: New N.Y. Law Targets Hidden Net LD Tolls

[David Barak]

--- Sean Donelan <[EMAIL PROTECTED]> wrote:
> I assume the NY AG will also be targeting
> enforcement of Domino's Pizza
> because they have lots of phone numbers and
> consumers may unknowingly dial
> a phone number to order a pizza which may be a toll
> call in their area.

A typical call to Domino's lasts < 2 minutes, and if
it's not actually a local call, you're almost
certainly not in the delivery area (and would get
redirected to the correct store).  Accidentally
dialing a nonlocal Domino's results in a $.10 bill
(and no pizza).

A typical call to a dial-up ISP is what, a few hours? 
Multiple times per month?  Accidentally using a
non-local ISP number can result in a bill in the
hundreds of dollars pretty easily (also no pizza).

-David

David Barak
Need Geek Rock?  Try The Franchise: 
http://www.listentothefranchise.com




Start your day with Yahoo! - make it your home page 
http://www.yahoo.com/r/hs 
 

Re: What application runs on port 8094?

[Lars Erik Gullerud]

On Wed, 17 Aug 2005, Aaron Glenn wrote:



On 8/17/05, Joe Shen <[EMAIL PROTECTED]> wrote:


Hi,

Using netflow based monitor tool, I noticed there is a
lot of traffic on 8094/UDP and 4662/TCP( both exceed
1Gbps, and exist all the time)


What application use that port? Is there any P2P
application use UDP as transportation protocol?


eMule uses 4662. quick google search (which I hope you already did
before posting) turns up nothing interesting for 8094 (I'm thinkin
BitTorrent, personally)


Since the traffic was 8094/UDP it is definitely not BitTorrent, who uses 
TCP transport.


/leg

Re: Blocking certain terrorism/porn sites and DNS

[Miquel van Smoorenburg]

In article <[EMAIL PROTECTED]>,
Abhishek Verma  <[EMAIL PROTECTED]> wrote:
>Okay, so i am not talking about blocking or removing a name server. I
>am talking of removing that offending entry (like www.abc.com) from
>the whois database or whereever the central database is mantained.

The database you're talking about is DNS, not the WHOIS database.
There is no central DNS database. The DNS database is distributed
in a tree-like fashion.

Mike.

Re: New N.Y. Law Targets Hidden Net LD Tolls

[Jared Mauch]

On Thu, Aug 18, 2005 at 07:42:53AM -0500, Robert Bonomi wrote:
> The CLEC can't tell you (and thus, neither can the ISP) which prefixes are a 
> 'non-toll' call to their numbeers.  And trying to get an authoritative answer
> from the ILEC about what charges are to the CLEC's prefix can be _very_ 
> difficult.

In some cases it can be easy, once you're online (paying
high rates of course ;-) you can visit (in some cases) the telco
websites:

(eg: input 734-764, then 214-413)

http://localcalling.sbc.com/LCA/lca_input.jsp

The fun part is, it works for most of the states, except
that most strange/obscure/messed up one, Texas.

There's also:

(734-429)

http://www22.verizon.com/CallingAreas/LocalCallFinder/LocalCallFinderSAS.htm

- Jared

-- 
Jared Mauch  | pgp key available via finger from [EMAIL PROTECTED]
clue++;  | http://puck.nether.net/~jared/  My statements are only mine.

Re: Blocking certain terrorism/porn sites and DNS

[Jay R. Ashworth]

On Thu, Aug 18, 2005 at 02:32:42PM +0530, Abhishek Verma wrote:
> No, that wasnt my point. I just wanted to make sure that my
> understanding of banning a hostname was indeed correct. We can this
> way atleast block all websites with *alqaida* domain names.

I believe you've mispelt "Al Q'aeda".

You see the problem.

Cheers,
-- jr 'PDFTT' a
-- 
Jay R. Ashworth[EMAIL PROTECTED]
Designer+-Internetworking--+--+   RFC 2100
Ashworth & Associates   |  Best Practices Wiki |  |'87 e24
St Petersburg FL USAhttp://bestpractices.wikicities.com+1 727 647 1274

  If you can read this... thank a system administrator.  Or two.  --me

Re: zotob - blocking tcp/445

[James Baldwin]

On Aug 17, 2005, at 11:03 PM, routerg wrote:


What if you are a transit provider that serves ebay, yahoo, and/or
google and the worm is propogating over TCP port 80?


No one is suggesting that anyone suspend reason when making a  
decision to temporarily, or permanently for that matter, block  
packets with a specific port setting. It is a unreasonable stretch to  
imagine a transit provider, serving Ebay, Yahoo, and/or Google, who  
will have a staff unreasonable enough to block TCP/80 to halt a virus  
from spreading.



Where will the filtering end?


The "slippery slope" defense has never stood in logical arguments, I  
don't understand why it should stand anywhere else. Once again, no on  
is asking anyone to suspend reason when making decisions. No on is  
making the statement "You must block ports used by virii of any  
magnitude, permanently without thought or investigation.". It was  
suggested that for outbreaks of significant size and severity,  
networks should issue temporary blocks on ports with little  
legitimate use. Expanding that suggestion to encompass more is being  
disingenuous to the original intent of the suggester



Is your NSP/ISP responsible for filtering virii, spam, phishing?


ISPs are held accountable by their customers, whether rightfully or  
wrongfully, for virii, spam, and phishing. Customers expect their ISP  
to investigate, filter, and otherwise secure their connection.


We are held accountable for the traffic we source. I feel comfortable  
exercising some caution with traffic which is destined to me,  
especially if it is going to create an issue where other networks  
will hold me accountable for the fallout.


As someone eluded to earlier in the thread, customers expect to  
receive the traffic they want, and they expect their provider to  
prevent that which they did not request. Problems, support calls, and  
differences of opinion happen on the edge where those desires are not  
codified. 

RE: New N.Y. Law Targets Hidden Net LD Tolls

[Kristal, Jeremiah]

> *NOT* "other people's fraud".  Just when you have 
> 'intra-LATA' toll charges
> for some numbers within a single area-code.  If the user is 
> on one side of
> the area-code, and the provider's POP is on the far side of 
> it, you can have
> a what appears to be a 'local' number, that does incur 
> non-trivial per-minute
> charges.  Without knowing _where_ a particular prefix is, you 
> can't tell 
> whether there will be toll charges for that call, or not, 
> from any given
> call origin.

Pardon my ignorance, but don't most phone companies require 10 digit dialing
for long-distance. We have similar situations in the rural area I live in,
but the customers know if they dial more than 7 digits, it WILL be long
distance.


Not in densely populated urban areas.  In NYC there are at least 5 area
codes (212, 516, 917, 646, 347) that are local calls.  You can also get
extended local calling that adds several more area codes (914, 518, and I
think one more).  In fact you have to do 10-digit dialing for any call in
NYC now, even if you're just calling next door.

Things are very different in rural areas where each town has a single
exchange.  In the 80s I was still dialing only 4 digits to call people in
the same town.  The next town over has a different exchange, but was part of
the same local telco coop, so it was 7 digit dialing but still local.  The
entire state had one area code (still does), but I think you had to use 1+
to call any toll number.
> 
> Of course, this is true for *every* call in such an area -- 
> if the new law
> is actually singling out ISPs (and ISPs -only-), I expect it could be
> successfully challenged as 'discriminatory'.   

Agreed. It's silly to single out ISPs on this one.

Any reasonable ISP is already warning customers that numbers that appear
local may not be local.  Way back in 95 I was working for a NY/NJ-based ISP
that was trying to grow rapidly and we ran into this a lot, especially in
NJ.  After a handful of VERY irate customers called complaining about $500
phone bills, we got much better at knowing exactly where the toll lines
were.  We also worked with the Bell Atlantic to reduce the bills and started
posting disclaimers.  We would also do the work to ensure that a call was a
local call if the customer asked, and explain to them how they could often
get an expanded calling area for a small fee.

> 
> The excessive 'local toll charge' situation is most visible 
> on calls to ISPs,
> because those calls tend to be somewhat lengthy -- and 
> frequent -- thus, the
> 'unexpected' charges can reach significant dollar value 
> before the phone
> customer gets their first bill.

Agreed, but is this really the ISPs fault, or is it the customer's fault.


I think the fault lies with both.  If an ISP is telling customers that they
have local dialup numbers, the customer is likely going to believe the ISP.
Sure mistakes happen, but if it keeps happening to a given ISP, maybe it is
the ISP's fault.
> 
> Life gets _really_ messy, when the ISP gets phone service 
> from a CLEC, 
> because there is "no telling" _where_ the ILEC uses as the 
> 'rate point'
> for handing the calls off to that CLEC.  And the CLEC bills 
> their customers
> based on distance from the caller's location to that hand-off 
> point.  The
> ISP equipment may be across the street from the caller, but 
> the ILEC-CLEC
> hand-off is on the far edge of the area-code.  and the 'local 
> toll charges'
> are applied.
> 
> The CLEC can't tell you (and thus, neither can the ISP) which 
> prefixes are a 
> 'non-toll' call to their numbeers.  And trying to get an 
> authoritative answer
> from the ILEC about what charges are to the CLEC's prefix can 
> be _very_ 
> difficult.

I have never come across this, but it may be more of a metro area thing. :-)

I think in the end this is a typical government attempt to solve a
non-problem. They can easily do public service announcements to inform their
constituents, or ask the phone companies to deal with it as it really is a
problem for them. It is a charge on the hone bill, right. :-)


It's a very common problem in densely populated suburban areas.  It's
probably not much of a problem in North Dakota.  

I'm kind of perplexed why Mr. Spitzer is proposing this now though.  It's
not like dial-up is a growth market.  I guess there are still people just
getting their first internet connection and starting with dial-up.  This
might have had more traction 8-10 years ago, when people really were getting
saddled with $500 phone bills.  

Jeremiah

Re: New N.Y. Law Targets Hidden Net LD Tolls

[David Lesher]

> 
> Pardon my ignorance, but don't most phone companies require 10 digit dialing
> for long-distance. We have similar situations in the rural area I live in,
> but the customers know if they dial more than 7 digits, it WILL be long
> distance.

No.

If you are in an overlay area, such as MD, parts of NoVA and
many other states; then 10D is required for ALL local calls

MD does have 11D required for toll; but many states do not,
inc. Virginia.

(This topic is the "vs vs emacs" of the telco world, btw.
I'm strongly in the 11D for toll camp, but others I respect
[Hi Mr. Mayor] feel it's a PITA to dial 10D on every call..)

This may have been inspired by ISP-set POP #'s. In a case I
know of; a WebTV user did the setup via the 800#; and got told
"867-5309" was local and it was automagically loaded into the
WebTV box.

90 days later, the phone bill arrived...



-- 
A host is a host from coast to [EMAIL PROTECTED]
& no one will talk to a host that's close[v].(301) 56-LINUX
Unless the host (that isn't close).pob 1433
is busy, hung or dead20915-1433

Re: Blocking certain terrorism/porn sites and DNS

[Daniel Golding]

There are actually perfectly valid reasons for not blocking such sites, even
if you feel (as I do) that jihadis are the enemies of civilization.

Many of these sites are used to transmit data concerning terrorist attacks
or for recruitment, etc. Some include forums where supporters can post
messages. Its a safe bet to assume that various law enforcement bodies may
monitor such sites.

If you block them at the DNS level, they will simply move elsewhere.
Logically, it will take longer for law enforcement to catch up than it will
for the bad guys to start using another domain name. That's a bad thing.

So, to answer your original question: yes, it is entirely possible, from a
technical point of view*. If you were going to block a web site, using DNS
is probably the best way to ensure there is minimal "collateral damage" -
blocking via IP address will result in other sites getting blocked due to
virtual hosting (using a single IP address for many web sites). However,
there are legal, ethical, and law enforcement reasons why such action may
not always be wise.

Discussing any sort of blocking will always arouse passions. Talking about
blocking port 445 to stop an (alleged) worm infestation seems to get
people's undergarments in a knot. For good or ill, the Internet was built as
an open network and seems to work best that way. That ideal has been
transmitted to most of those who currently toil away to keep it running and
to improve it.

Don't be afraid to keep asking questions, Abhishek. Just remember that the
inmates of this particular asylum get testy now and again :)

Thanks,
Daniel Golding

(*There are additional questions on where you should do this blocking.
That's an entirely separate can of worms)

On 8/18/05 6:38 AM, "Abhishek Verma" <[EMAIL PROTECTED]> wrote:

> 
> coz i assumed that everyone wants to block such sites.
> 
> sorry if i hurt some feelings.
> 
> apologies,
> abhishek
> 
> On 8/18/05, Randy Bush <[EMAIL PROTECTED]> wrote:
>>> Again, I am not discussing "censoring ideas".
>> 
>> then why did you use emotionally loaded words such as "terrorist?"
>> 
>> randy
>> 
>> 
> 

-- 
Daniel Golding
Network and Telecommunications Strategies
Burton Group

RE: New N.Y. Law Targets Hidden Net LD Tolls

[Brian Johnson]

 

> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On 
> Behalf Of Robert Bonomi
> Sent: Thursday, August 18, 2005 7:43 AM
> To: nanog@merit.edu
> Subject: Re: New N.Y. Law Targets Hidden Net LD Tolls
> 
> 
> > From [EMAIL PROTECTED]  Thu Aug 18 01:47:56 2005
> > Date: Thu, 18 Aug 2005 02:44:59 -0400
> > From: "Eric A. Hall" <[EMAIL PROTECTED]>
> > Cc: nanog@merit.edu
> > Subject: Re: New N.Y. Law Targets Hidden Net LD Tolls
> >
> >
> >
> > On 8/17/2005 10:04 PM, Fergie (Paul Ferguson) wrote:
> >
> > > A new law that's apparently the first in the nation threatens to
> > > penalize Internet service providers that fail to warn 
> users that some
> > > dial-up numbers can ring up enormous long-distance phone 
> bills even
> > > though they appear local.
> >
> > aka, make ISPs liable for other people's fraud. What's the 
> thinking here,
> > anybody know?
> 
> *NOT* "other people's fraud".  Just when you have 
> 'intra-LATA' toll charges
> for some numbers within a single area-code.  If the user is 
> on one side of
> the area-code, and the provider's POP is on the far side of 
> it, you can have
> a what appears to be a 'local' number, that does incur 
> non-trivial per-minute
> charges.  Without knowing _where_ a particular prefix is, you 
> can't tell 
> whether there will be toll charges for that call, or not, 
> from any given
> call origin.

Pardon my ignorance, but don't most phone companies require 10 digit dialing
for long-distance. We have similar situations in the rural area I live in,
but the customers know if they dial more than 7 digits, it WILL be long
distance.

> 
> Of course, this is true for *every* call in such an area -- 
> if the new law
> is actually singling out ISPs (and ISPs -only-), I expect it could be
> successfully challenged as 'discriminatory'.   

Agreed. It's silly to single out ISPs on this one.

> 
> The excessive 'local toll charge' situation is most visible 
> on calls to ISPs,
> because those calls tend to be somewhat lengthy -- and 
> frequent -- thus, the
> 'unexpected' charges can reach significant dollar value 
> before the phone
> customer gets their first bill.

Agreed, but is this really the ISPs fault, or is it the customer's fault.

> 
> Life gets _really_ messy, when the ISP gets phone service 
> from a CLEC, 
> because there is "no telling" _where_ the ILEC uses as the 
> 'rate point'
> for handing the calls off to that CLEC.  And the CLEC bills 
> their customers
> based on distance from the caller's location to that hand-off 
> point.  The
> ISP equipment may be across the street from the caller, but 
> the ILEC-CLEC
> hand-off is on the far edge of the area-code.  and the 'local 
> toll charges'
> are applied.
> 
> The CLEC can't tell you (and thus, neither can the ISP) which 
> prefixes are a 
> 'non-toll' call to their numbeers.  And trying to get an 
> authoritative answer
> from the ILEC about what charges are to the CLEC's prefix can 
> be _very_ 
> difficult.

I have never come across this, but it may be more of a metro area thing. :-)

I think in the end this is a typical government attempt to solve a
non-problem. They can easily do public service announcements to inform their
constituents, or ask the phone companies to deal with it as it really is a
problem for them. It is a charge on the hone bill, right. :-)

- Brian J.

Re: New N.Y. Law Targets Hidden Net LD Tolls

[Robert Bonomi]

> From [EMAIL PROTECTED]  Thu Aug 18 01:47:56 2005
> Date: Thu, 18 Aug 2005 02:44:59 -0400
> From: "Eric A. Hall" <[EMAIL PROTECTED]>
> Cc: nanog@merit.edu
> Subject: Re: New N.Y. Law Targets Hidden Net LD Tolls
>
>
>
> On 8/17/2005 10:04 PM, Fergie (Paul Ferguson) wrote:
>
> > A new law that's apparently the first in the nation threatens to
> > penalize Internet service providers that fail to warn users that some
> > dial-up numbers can ring up enormous long-distance phone bills even
> > though they appear local.
>
> aka, make ISPs liable for other people's fraud. What's the thinking here,
> anybody know?

*NOT* "other people's fraud".  Just when you have 'intra-LATA' toll charges
for some numbers within a single area-code.  If the user is on one side of
the area-code, and the provider's POP is on the far side of it, you can have
a what appears to be a 'local' number, that does incur non-trivial per-minute
charges.  Without knowing _where_ a particular prefix is, you can't tell 
whether there will be toll charges for that call, or not, from any given
call origin.

Of course, this is true for *every* call in such an area -- if the new law
is actually singling out ISPs (and ISPs -only-), I expect it could be
successfully challenged as 'discriminatory'.   

The excessive 'local toll charge' situation is most visible on calls to ISPs,
because those calls tend to be somewhat lengthy -- and frequent -- thus, the
'unexpected' charges can reach significant dollar value before the phone
customer gets their first bill.

Life gets _really_ messy, when the ISP gets phone service from a CLEC, 
because there is "no telling" _where_ the ILEC uses as the 'rate point'
for handing the calls off to that CLEC.  And the CLEC bills their customers
based on distance from the caller's location to that hand-off point.  The
ISP equipment may be across the street from the caller, but the ILEC-CLEC
hand-off is on the far edge of the area-code.  and the 'local toll charges'
are applied.

The CLEC can't tell you (and thus, neither can the ISP) which prefixes are a 
'non-toll' call to their numbeers.  And trying to get an authoritative answer
from the ILEC about what charges are to the CLEC's prefix can be _very_ 
difficult.

Re: New N.Y. Law Targets Hidden Net LD Tolls

[Greg Boehnlein]

On Thu, 18 Aug 2005, Sean Donelan wrote:
 
> On Thu, 18 Aug 2005, Richard A Steenbergen wrote:
> > Sounds like the standard notice that all reputable ISPs are probably
> > already giving. Given the very real potential for grandma and grandpa to
> > pick a number off a list which looks like it is in their area code and end
> > up with a multi-thousand dollar phone bill the next month, I'm surprised
> > consumer protection folks haven't asked for such a requirement sooner.
> 
> I assume the NY AG will also be targeting enforcement of Domino's Pizza
> because they have lots of phone numbers and consumers may unknowingly dial
> a phone number to order a pizza which may be a toll call in their area.

The difference between a call to Dominos pizza and browsing the Web is 
that you usually don't make 200+ calls / month averaging 20 minutes in 
length to order pizza. If you do, I think you have an eating disorder! ;)

-- 
Vice President of N2Net, a New Age Consulting Service, Inc. Company
 http://www.n2net.net Where everything clicks into place!
 KP-216-121-ST

Re: New N.Y. Law Targets Hidden Net LD Tolls

[Greg Boehnlein]

On Thu, 18 Aug 2005, Richard A Steenbergen wrote:

> On Thu, Aug 18, 2005 at 02:44:59AM -0400, Eric A. Hall wrote:
> > 
> > 
> > On 8/17/2005 10:04 PM, Fergie (Paul Ferguson) wrote:
> > 
> > > A new law that's apparently the first in the nation threatens to
> > > penalize Internet service providers that fail to warn users that some
> > > dial-up numbers can ring up enormous long-distance phone bills even
> > > though they appear local.
> > 
> > aka, make ISPs liable for other people's fraud. What's the thinking here,
> > anybody know?
> 
> Erm... Requiring that ISPs notify customers that phone numbers in the same 
> area code may not be "local" has WHAT exactly to do with making ISPs 
> liable for other people's fraud? Sounds like a disclaimer requirement to 
> me, nothing related to fraud just good business practice. You must be 
> confusing this with exotic 900# and international locations which are used 
> to scam people.

You mean something like:

"N2Net is not responsible for tolls or long-distance charges incurred 
while dialing any of our access numbers. It is the customers 
responsibility to verify with their local telephone provider whether a 
particular number is a chargeable call. 

N2Net can not guarantee that a particular number is local to you. To 
determine whether or not one of our dialin numbers is local, dial '0' from 
the phone line you will use to call N2Net; give the operator your number, 
and give the operator the N2Net dialin number you want to use, and ask if 
it is a toll call. 

There may be times when a call is billed as a "Local Plus" call or as part 
of an extended calling area. In cases like this, while you don't get 
charged as much as a normal long-distance call, you still are charged PER 
MINUTE by the phone company. Please check with your phone company if you 
have questions about any of our numbers." 

PUCO (Public Utilities Commision of Ohio) Local Call Finder - Use this 
application to help you pick a dialup number, but still verify that the 
number is a local call by dialing your operator. 

-- 
Vice President of N2Net, a New Age Consulting Service, Inc. Company
 http://www.n2net.net Where everything clicks into place!
 KP-216-121-ST

Re: zotob - blocking tcp/445

Randy Bush <[EMAIL PROTECTED]> wrote:
[...]
> surely you realize that this discussion is not about civil rights
> and the constitution, but about combatting terrorists.

And we have always been at war with Eastasia.

-- 
PGP key ID E85DC776 - finger [EMAIL PROTECTED] for full key
/:.*posting.google.com.*/HX-Trace:+j

Re: Blocking certain terrorism/porn sites and DNS

[Hyunseog Ryu]

Who's going to judge whether it is good or bad?
There is a lot of different point of view, and we couldn't know whether 
it is good or bad until the website is launching.

I don't think this will resolve anything for anti-terrorism.
Terrorism is judged by government viewpoint, and they have the power to 
order ISP to stop the site

when they need.
This is not the technical issue at all.
A terrorist may be the hero for other country, and there is no way to 
make this as global practice.


Some country may have different meaning for AlQaida by their language or 
local customs for an example.


Even if this is enforced, people can do host the site under hotmail.com 
or some public web hosting site.

So do we want to kill the domain because of one user's activities?

I'm not saying that terrorist activities is acceptable, but this should 
be done by local government law and followed

by legitimate procedure, not by technical/operational practice.

I'm sure any registry can remove the domain if there is the reasonable 
request by the internal procedure or local government law or court order.



Abhishek Verma wrote:


If we, is the US department of commerce, the answer is probably yes.

The only operational significance, is that there is no way easy way of
estimating in advance the effect of removing valid DNS information from the
system, unless you are the administrator of the system concerned (and even
then mistakes happen - not when I do it of course).

i.e. It may be that a nameserver called "ns1.example.com" supports domains in
a completely different TLD, like "example.co.uk", which belongs to an
important organisation or service.
   



Okay, so i am not talking about blocking or removing a name server. I
am talking of removing that offending entry (like www.abc.com) from
the whois database or whereever the central database is mantained.

 


That said spammers routinely have domains, and nameservers, removed with very
little if any damage to legitimate Internet users.

The real question is should we, words don't kill people, people kill people.
   



Definitely!

 




 

Re: Blocking certain terrorism/porn sites and DNS

[Abhishek Verma]

coz i assumed that everyone wants to block such sites.

sorry if i hurt some feelings.

apologies,
abhishek

On 8/18/05, Randy Bush <[EMAIL PROTECTED]> wrote:
> > Again, I am not discussing "censoring ideas".
> 
> then why did you use emotionally loaded words such as "terrorist?"
> 
> randy
> 
> 


-- 

--
Class of 2004
Institute of Technology, BHU
Varanasi, India

Re: Blocking certain terrorism/porn sites and DNS

[Randy Bush]

> Again, I am not discussing "censoring ideas".

then why did you use emotionally loaded words such as "terrorist?"

randy

Re: Blocking certain terrorism/porn sites and DNS

[Geo.]

>>Again, I am not discussing "censoring ideas". I want to know if its
indeed "tehnically" possible and feasible to block a website URL from
being accessed.<<

Technically, easy enough to test, open your hosts file and do an entry like

127.0.0.1   www.abc.com

it should block it just as if the root servers blocked it and you can test
to see if this is "feasible" all you like without actually affecting anyone
else.

The problem with feasibility is that not all of us consider peril sensitive
sunglasses to be a solution.


Geo.

George Roettger
Netlink Services

Re: Blocking certain terrorism/porn sites and DNS

[Geo.]

>>It was bad enough back in the '90s when Internic refused to accept
registration of certain four letter words.  DNS is not a proper venue
for censoring ideas.<<


and the end result is a monopoly http://datapimp.com/

Geo.

George Roettger
Netlink Services

Re: What application runs on port 8094?

[Joe Shen]

The situation here is,  traffic on the two ports
exists continuously. The total load on our egree link
sums up to around 3Gbps (max) and 1.6Gbps(min). 

If both of the traffic is from P2P application, what
is it? rebust file transmission over UDP?

thanks



--- Vulnerability Management
<[EMAIL PROTECTED]> wrote:

> Hi Joe,
> 
> Joe Shen wrote:
> > Hi,
> > 
> > Using netflow based monitor tool, I noticed there
> is a
> > lot of traffic on 8094/UDP and 4662/TCP( both
> exceed
> > 1Gbps, and exist all the time)
> > 
> > 
> > What application use that port? Is there any P2P
> > application use UDP as transportation protocol?
> > 
> 
> 
> Yes - eDonkey - it's listed on Dshield's "most
> scanned ports":
> 
> http://dshield.org/port_report.php?port=4662
> 
> Nothing listed for 8094
> 
> http://dshield.org/port_report.php?port=8094
> 
> but they do show a big spike in scans of this port a
> couple of days ago. 
> Perhaps one of the recent MS worms calls home on
> this port? UDP, 
> though... odd!
> 
> \a
> 
> Andrew Simmons
> Messagelabs Security
> 
> 
> > 
> > thanks in advance.
> > 
> > Joe
> > 
> 
> -- 
> "Only the paranoid survive." - Andy Grove (Intel)
> 
>
__
> This email has been scanned by the MessageLabs Email
> Security System.
> For more information please visit
> http://www.messagelabs.com/email 
>
__
> 




__ 
Meet your soulmate!
Yahoo! Asia presents Meetic - where millions of singles gather
http://asia.yahoo.com/meetic

Re: Blocking certain terrorism/porn sites and DNS

[Jonathan M. Slivko]

> Yeps, a sys admin could do that. Sure. But we dont want others also to
> see that website. Is it possible by deleting that entery from the
> whois database is my question.

No - not without some high level intervention at the registry and seeing as
they are in the US under US law, it's not very likely to happen (freedom of
speech/press, etc.). You could also set the firewall policy company wide at
the network distribution point (where the Internet comes into the facility
from the outside). But, that's censorship which I don't support except in
rare cases.

-- Jonathan

Re: Blocking certain terrorism/porn sites and DNS

[Randy Bush]

> Okay, so i am not talking about blocking or removing a name server. I
> am talking of removing that offending entry (like www.abc.com) from
> the whois database or whereever the central database is mantained.

on the global internet, i doubt there is anything that does not
offend someone.

randy

Re: Blocking certain terrorism/porn sites and DNS

[Abhishek Verma]

> It was bad enough back in the '90s when Internic refused to accept
> registration of certain four letter words.  DNS is not a proper venue
> for censoring ideas.

Again, I am not discussing "censoring ideas". I want to know if its
indeed "tehnically" possible and feasible to block a website URL from
being accessed.

> 
> 
> > No, that wasnt my point. I just wanted to make sure that my
> > understanding of banning a hostname was indeed correct. We can this
> > way atleast block all websites with *alqaida* domain names.
> >
> > I wanted to know if the arguments of "freedom of speech" etc. apply to
> > the Internet also, wherein somebody could argue that no central
> > authority can stop somebody from expressing their thoughts, etc.
> 
> Within the USA, arguments of "freedom of speech" DO apply.
> 
> Somebody can and should argue that no central authority
> is entitled to stop somebody from expressing their thoughts.
> 
> IMHO, it is not the purpose of network operators to make value
> judgments regarding the packets that we transport.
> 
> Why not just bring back the "evil bit" as a serious proposal?
> 
> 
> Kevin Kadow
> 


-- 

--
Class of 2004
Institute of Technology, BHU
Varanasi, India

Re: Blocking certain terrorism/porn sites and DNS

[Abhishek Verma]

> 
> If we, is the US department of commerce, the answer is probably yes.
> 
> The only operational significance, is that there is no way easy way of
> estimating in advance the effect of removing valid DNS information from the
> system, unless you are the administrator of the system concerned (and even
> then mistakes happen - not when I do it of course).
> 
> i.e. It may be that a nameserver called "ns1.example.com" supports domains in
> a completely different TLD, like "example.co.uk", which belongs to an
> important organisation or service.

Okay, so i am not talking about blocking or removing a name server. I
am talking of removing that offending entry (like www.abc.com) from
the whois database or whereever the central database is mantained.

> 
> That said spammers routinely have domains, and nameservers, removed with very
> little if any damage to legitimate Internet users.
> 
> The real question is should we, words don't kill people, people kill people.

Definitely!

> 


-- 

--
Class of 2004
Institute of Technology, BHU
Varanasi, India

Re: Blocking certain terrorism/porn sites and DNS

[Simon Waters]

On Thursday 18 Aug 2005 9:20 am, Abhishek Verma wrote:
>
> My question is why cant we ban websites like, say, alqaida.com
> (hypothetical name), etc. from the whois database.

If we, is the US department of commerce, the answer is probably yes.

The only operational significance, is that there is no way easy way of 
estimating in advance the effect of removing valid DNS information from the 
system, unless you are the administrator of the system concerned (and even 
then mistakes happen - not when I do it of course).

i.e. It may be that a nameserver called "ns1.example.com" supports domains in 
a completely different TLD, like "example.co.uk", which belongs to an 
important organisation or service.

That said spammers routinely have domains, and nameservers, removed with very 
little if any damage to legitimate Internet users.

The real question is should we, words don't kill people, people kill people.

Re: Blocking certain terrorism/porn sites and DNS

[Jonathan M. Slivko]

> Why not just bring back the "evil bit" as a serious proposal?

*waves his cluebat around* ummm. no.

Re: Blocking certain terrorism/porn sites and DNS

[Kevin]

On 8/18/05, Abhishek Verma <[EMAIL PROTECTED]> wrote:
> The community as a whole wants to close all such web sites. I dont
> think there is any ambiguity there.

I disagree.  There absolutely IS some ambiguity there,
the community as a whole does not want to "close all such web sites".

It was bad enough back in the '90s when Internic refused to accept
registration of certain four letter words.  DNS is not a proper venue
for censoring ideas.


> No, that wasnt my point. I just wanted to make sure that my
> understanding of banning a hostname was indeed correct. We can this
> way atleast block all websites with *alqaida* domain names.
> 
> I wanted to know if the arguments of "freedom of speech" etc. apply to
> the Internet also, wherein somebody could argue that no central
> authority can stop somebody from expressing their thoughts, etc.

Within the USA, arguments of "freedom of speech" DO apply.

Somebody can and should argue that no central authority
is entitled to stop somebody from expressing their thoughts.

IMHO, it is not the purpose of network operators to make value
judgments regarding the packets that we transport.

Why not just bring back the "evil bit" as a serious proposal?


Kevin Kadow

Re: Blocking certain terrorism/porn sites and DNS

[Suresh Ramasubramanian]

On 18/08/05, Abhishek Verma <[EMAIL PROTECTED]> wrote:
> I wanted to know if the arguments of "freedom of speech" etc. apply to
> the Internet also, wherein somebody could argue that no central
> authority can stop somebody from expressing their thoughts, etc.

The EFF on line 1, for you

Re: Blocking certain terrorism/porn sites and DNS

[Abhishek Verma]

>> Will this work?
> 
> It would stop them using whichever hostnames you banned but do you really
> think this would stop them using the internet.

No, that wasnt my point. I just wanted to make sure that my
understanding of banning a hostname was indeed correct. We can this
way atleast block all websites with *alqaida* domain names.

I wanted to know if the arguments of "freedom of speech" etc. apply to
the Internet also, wherein somebody could argue that no central
authority can stop somebody from expressing their thoughts, etc.

> 
> Terrorist1: Mmmm seems the internet community have put a stop to us using
> www.bombsrus.com
> Terrorist2: Ok right lets give up and strive for world peace instead.
> 
> I don't think so :)

Even i dont think so! :)

> 
> More likely they will (and already are) hiding behind very non terror
> sounding names, not a lot we can do about that really.
> 
> Brett..

Re: New N.Y. Law Targets Hidden Net LD Tolls

[Jonathan M. Slivko]

> Those pennies can add up.  And if you have ever called a government
> office, you can sometimes spend a long time listening to music on
> hold. Does the NY State Goverment warning citizens they may be charged
> for phone calls to government offices?

I'm not sure if that's the same thing - since usually they are either local
offices (broken up by district within a city) or a toll free national number
to Albany or some other call center. As far as your "Those pennies can add
up" statement - I agree. But not to the same degree as an Internet surfer.
You would have to make ALOT of calls to Dominos in order to match up to an
Internet users bill.

As an aside, while I was travelling outside the US on my T-Mobile phone
(roaming), as soon as I landed in the airport and turned my phone on - I got
a text message from the local cell carrier saying that I can dial 611 and
123 just as if I was home. However, what they DON'T tell you is that your
going to be charged international roaming rates for that call - even if your
calling your home customer service. That's something that the NY AG should
go after, not this and at $3/min, it's a bigger nuiscance and a bigger bill
in a shorter ammount of time. Something definately doesn't smell right - oh,
and btw, that includes calls to the roaming carriers customer service
department too. Go figure.

>
> This is one of those "feel good laws" that doesn't actually change
> anything.
>
100% agreed - there's more pressing matters that needs to be taken care of
first.

(N.B. I'm actually a resident of New York State)

Re: New N.Y. Law Targets Hidden Net LD Tolls

[Sean Donelan]

On Thu, 18 Aug 2005, Jonathan M. Slivko wrote:
> > I assume the NY AG will also be targeting enforcement of Domino's Pizza
> > because they have lots of phone numbers and consumers may unknowingly dial
> > a phone number to order a pizza which may be a toll call in their area.
>
> Somehow I don't think so. It takes maybe 5 minutes to order a pizza from
> Domino's (you can also order from www.dominos.com) unless your really
> indecisive. However, surfing the Internet, could take considerably longer
> (especially for power-users like us).

Those pennies can add up.  And if you have ever called a government
office, you can sometimes spend a long time listening to music on
hold. Does the NY State Goverment warning citizens they may be charged
for phone calls to government offices?

This is one of those "feel good laws" that doesn't actually change
anything.

RE: Blocking certain terrorism/porn sites and DNS

[Brett Carr]

> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On 
> Behalf Of Abhishek Verma
> Sent: 18 August 2005 10:20
> To: [EMAIL PROTECTED]
> Subject: Blocking certain terrorism/porn sites and DNS
> 
> 
> Hi,
> 
> I have a doubt which i am sure a lot of people in this list 
> would be able to help me with.
> 
> There was news that terror groups like Al Qaida, etc. are 
> using internet to promote their terror links and these web 
> sites provide online training on how one could assemble bombs, etc.
> 
> The community as a whole wants to close all such web sites. I 
> dont think there is any ambiguity there.
> 
> My question is why cant we ban websites like, say, 
> alqaida.com (hypothetical name), etc. from the whois database.
> 
> As far as i understand if there is a website with the name of 
> www.abc.com then it needs to register itself with the whois 
> database (from network solutions) so that all the queries to 
> this website can be forwarded to the corresponding 
> nameserver. Now, if we want to block abc.com permanently then 
> cant we simply remove this URL entry from the whois database?
> 
> Will this work?

It would stop them using whichever hostnames you banned but do you really
think this would stop them using the internet.

Terrorist1: Mmmm seems the internet community have put a stop to us using
www.bombsrus.com
Terrorist2: Ok right lets give up and strive for world peace instead.

I don't think so :)

More likely they will (and already are) hiding behind very non terror
sounding names, not a lot we can do about that really.

Brett..


--
Brett Carr  Ripe Network Coordination Centre
System Engineer -- Operations Group Singel 258 Amsterdam NL
GPG Key fingerprint = F20D B2A7 C91D E370 44CF  F244 B6A1 EF48 E743 F7D8

Apologies for Triple Post - Re: New N.Y. Law Targets Hidden Net LD Tolls

[Jonathan M. Slivko]

Apologies on the triple post. Mea Culpa.

--
Jonathan M. Slivko
Systems Administrator/Consultant
Simpli Networks

646.461.6489 direct
208.330.8412 fax
www.simplinetworks.com 

CONFIDENTIALITY:  This e-mail and any attachments are confidential and may
be privileged. If you are not a named recipient, please notify the sender
immediately and do not disclose the contents to another person, use it for
any
purpose, or store or copy the information in any medium.
- Original Message -
From: "Jonathan M. Slivko" <[EMAIL PROTECTED]>
To: "Sean Donelan" <[EMAIL PROTECTED]>; 
Sent: Thursday, August 18, 2005 4:27 AM
Subject: Re: New N.Y. Law Targets Hidden Net LD Tolls


>
> Sean,
>
> > I assume the NY AG will also be targeting enforcement of Domino's Pizza
> > because they have lots of phone numbers and consumers may unknowingly
dial
> > a phone number to order a pizza which may be a toll call in their area.
>
> Somehow I don't think so. It takes maybe 5 minutes to order a pizza from
> Domino's (you can also order from www.dominos.com) unless your really
> indecisive. However, surfing the Internet, could take considerably longer
> (especially for power-users like us).
>
>

Re: New N.Y. Law Targets Hidden Net LD Tolls

[Richard A Steenbergen]

On Thu, Aug 18, 2005 at 04:19:25AM -0400, Eric A. Hall wrote:
> 
> On 8/18/2005 3:54 AM, Richard A Steenbergen wrote:
> 
> > I'm not sure which part of "this seems to have nothing to do with toll 
> > scams" wasn't clear the first time around, but this response still seems 
> > to have no basis given the facts...
> 
> Is the NY AG authorized to regulate other-than "illegal" activity?

Well for starters, yes.

http://www.oag.state.ny.us/tour/tour.html

Note the Criminal Division and Division of Public Advocacy.

Another interesting link:

http://www.oag.state.ny.us/internet/internet.html

But even ignoring that part for now, the only reference to the AG in the 
article cited is that they secured an agreement with 25 large providers in 
2001 to include a notice/disclaimer to consumers. Why am I the only person 
who is capable of reading the article in question before commenting on 
NANOG? :)

-- 
Richard A Steenbergen <[EMAIL PROTECTED]>   http://www.e-gerbil.net/ras
GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)

Re: New N.Y. Law Targets Hidden Net LD Tolls

[Jonathan M. Slivko]

Sean,

> I assume the NY AG will also be targeting enforcement of Domino's Pizza
> because they have lots of phone numbers and consumers may unknowingly dial
> a phone number to order a pizza which may be a toll call in their area.

Somehow I don't think so. It takes maybe 5 minutes to order a pizza from
Domino's (you can also order from www.dominos.com) unless your really
indecisive. However, surfing the Internet, could take considerably longer
(especially for power-users like us).

Re: New N.Y. Law Targets Hidden Net LD Tolls

[Jonathan M. Slivko]

Sean,

> I assume the NY AG will also be targeting enforcement of Domino's Pizza
> because they have lots of phone numbers and consumers may unknowingly dial
> a phone number to order a pizza which may be a toll call in their area.

Somehow I don't think so. It takes maybe 5 minutes to order a pizza from
Domino's (you can also order from www.dominos.com) unless your really
indecisive. However, surfing the Internet, could take considerably longer
(especially for power-users like us).

Re: New N.Y. Law Targets Hidden Net LD Tolls

[Jonathan M. Slivko]

Sean,

> I assume the NY AG will also be targeting enforcement of Domino's Pizza
> because they have lots of phone numbers and consumers may unknowingly dial
> a phone number to order a pizza which may be a toll call in their area.

Somehow I don't think so. It takes maybe 5 minutes to order a pizza from
Domino's (you can also order from www.dominos.com) unless your really
indecisive. However, surfing the Internet, could take considerably longer
(especially for power-users like us).

Blocking certain terrorism/porn sites and DNS

[Abhishek Verma]

Hi,

I have a doubt which i am sure a lot of people in this list would be
able to help me with.

There was news that terror groups like Al Qaida, etc. are using
internet to promote their terror links and these web sites provide
online training on how one could assemble bombs, etc.

The community as a whole wants to close all such web sites. I dont
think there is any ambiguity there.

My question is why cant we ban websites like, say, alqaida.com
(hypothetical name), etc. from the whois database.

As far as i understand if there is a website with the name of
www.abc.com then it needs to register itself with the whois database
(from network solutions) so that all the queries to this website can
be forwarded to the corresponding nameserver. Now, if we want to block
abc.com permanently then cant we simply remove this URL entry from the
whois database?

Will this work?

Thanks,
Abhishek

--
Class of 2004
Institute of Technology, BHU
Varanasi, India

Re: New N.Y. Law Targets Hidden Net LD Tolls

[Eric A. Hall]

On 8/18/2005 3:54 AM, Richard A Steenbergen wrote:

> I'm not sure which part of "this seems to have nothing to do with toll 
> scams" wasn't clear the first time around, but this response still seems 
> to have no basis given the facts...

Is the NY AG authorized to regulate other-than "illegal" activity?

-- 
Eric A. Hallhttp://www.ehsco.com/
Internet Core Protocols  http://www.oreilly.com/catalog/coreprot/

Re: New N.Y. Law Targets Hidden Net LD Tolls

[Richard A Steenbergen]

On Thu, Aug 18, 2005 at 04:05:30AM -0400, Sean Donelan wrote:
> 
> On Thu, 18 Aug 2005, Richard A Steenbergen wrote:
> > Sounds like the standard notice that all reputable ISPs are probably
> > already giving. Given the very real potential for grandma and grandpa to
> > pick a number off a list which looks like it is in their area code and end
> > up with a multi-thousand dollar phone bill the next month, I'm surprised
> > consumer protection folks haven't asked for such a requirement sooner.
> 
> I assume the NY AG will also be targeting enforcement of Domino's Pizza
> because they have lots of phone numbers and consumers may unknowingly dial
> a phone number to order a pizza which may be a toll call in their area.

If we're making silly comparisons now, sure. Ordering Domino's from a long 
distance number is not the kind of activity where an innocent and 
unsuspecting person can accidentally run up thousands of dollars in 
charges which they may know nothing about until the next month's phone 
bill arrives, for something that they had a (semi)reasonable expectation 
to be free.

Besides, I don't know if you've ever had the problem of living a block 
away from where the magic cutoff line for delivery is, but you can barely 
get those guys to deliver within evan a few miles let alone outside your 
local calling region.

-- 
Richard A Steenbergen <[EMAIL PROTECTED]>   http://www.e-gerbil.net/ras
GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)

Re: New N.Y. Law Targets Hidden Net LD Tolls

[Sean Donelan]

On Thu, 18 Aug 2005, Richard A Steenbergen wrote:
> Sounds like the standard notice that all reputable ISPs are probably
> already giving. Given the very real potential for grandma and grandpa to
> pick a number off a list which looks like it is in their area code and end
> up with a multi-thousand dollar phone bill the next month, I'm surprised
> consumer protection folks haven't asked for such a requirement sooner.

I assume the NY AG will also be targeting enforcement of Domino's Pizza
because they have lots of phone numbers and consumers may unknowingly dial
a phone number to order a pizza which may be a toll call in their area.

Re: New N.Y. Law Targets Hidden Net LD Tolls

[Richard A Steenbergen]

On Thu, Aug 18, 2005 at 12:19:25AM -0700, William C. Devine II wrote:
> Just about all of the ISP's in my area, even those I've worked for, had
> a 'disclaimer' on their user agreement that said that some of the local
> phone numbers might be long distance and that the user should call the
> operator to verify it is a local call before placing the call.  
> Is that warning enough, or are they saying the ISP must keep a database
> of users' addresses and specifically warn that user that out of the 10
> local call-in numbers, based on their zip code, these three (A, B, C)
> could be long distance?

To quote the original pasted article:

> Consumers, however, must act on the warning that Internet providers must 
> soon post by contacting their phone companies to find out whether a 
> number is truly local.
> 
> Many service providers already post such warnings. America Online Inc. 
> agreed to do so in 1989, while the New York Attorney General's Office in 
> 2001 secured similar agreements with 25 New York-based Internet 
> providers including AT&T Worldnet.

Sounds like the standard notice that all reputable ISPs are probably 
already giving. Given the very real potential for grandma and grandpa to 
pick a number off a list which looks like it is in their area code and end 
up with a multi-thousand dollar phone bill the next month, I'm surprised 
consumer protection folks haven't asked for such a requirement sooner.

On Thu, Aug 18, 2005 at 03:07:57AM -0400, Eric A. Hall wrote:
>
> Seems to me the appropriate response is for the AG office to pursue the
> people who are running the toll scams, not to push enforcement out to  
> uninvolved third parties. Having dealt with AGs in the past, I know that's
> just whistling dixie, but still the notion of introducing liability is
> kind of spooky.

I'm not sure which part of "this seems to have nothing to do with toll 
scams" wasn't clear the first time around, but this response still seems 
to have no basis given the facts...

-- 
Richard A Steenbergen <[EMAIL PROTECTED]>   http://www.e-gerbil.net/ras
GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)

Re: New N.Y. Law Targets Hidden Net LD Tolls

[Eric A. Hall]

On 8/18/2005 2:59 AM, Richard A Steenbergen wrote:
> On Thu, Aug 18, 2005 at 02:44:59AM -0400, Eric A. Hall wrote:
> 
>>On 8/17/2005 10:04 PM, Fergie (Paul Ferguson) wrote:
>>
>>>A new law that's apparently the first in the nation threatens to
>>>penalize Internet service providers that fail to warn users that some
>>>dial-up numbers can ring up enormous long-distance phone bills even
>>>though they appear local.
>>
>>aka, make ISPs liable for other people's fraud. What's the thinking here,
>>anybody know?
> 
> Erm... Requiring that ISPs notify customers that phone numbers in the same 
> area code may not be "local" has WHAT exactly to do with making ISPs 
> liable for other people's fraud?

If there's a penalty for failing to ~adequately track and notify customers
then that's a liability, by definition.

Seems to me the appropriate response is for the AG office to pursue the
people who are running the toll scams, not to push enforcement out to
uninvolved third parties. Having dealt with AGs in the past, I know that's
just whistling dixie, but still the notion of introducing liability is
kind of spooky.

-- 
Eric A. Hallhttp://www.ehsco.com/
Internet Core Protocols  http://www.oreilly.com/catalog/coreprot/