Re: GoDaddy.com shuts down entire data center?
On Tue, Jan 17, 2006 at 02:09:21AM -0500, Patrick W. Gilmore wrote: On Jan 17, 2006, at 1:32 AM, Jim Popovitch wrote: I want to say, from an outsider's perspective, that I whole heartily applaud GoDaddy on the actions they took [...] There seems to be a wide split on this topic. I was wondering if people would privately tell me yes or no on a few questions so I can understand the issue better. 1) Do you think it is acceptable to cause any collateral damage to innocent bystanders if it will stop network abuse? 2) If yes, do you still think it is acceptable to take down 100s of innocent bystanders because one customer of a provider is misbehaving? 3) If yes, do you still think it is acceptable if the misbehaving customer is not intentionally misbehaving - i.e. they've been hacked? 3) If yes, do you still think it is acceptable if the collateral damage (taking out 100s of innocent businesses) doesn't actually stop the spam run / DoS attack / etc.? I don't think anyone (well ok, anyone sane, I know we have a few nutjobs on this list :P) thinks that arbitrarily blocking service to hundreds or thousands of users because someone is unknowingly hacked is an appropriate way to address network abuse. I really have no idea how aggressive GoDaddy is with enforcing their AUP, as I don't personally use their services, but based on what I know about the affected customer and what I can read from the affected whiner's website I'm certainly not going to jump to the conclusion that GoDaddy is running around like a hopped up abuse desk worker on a power trip, shutting off service to random innocent people because they feel like it. The question at hand is, at what point does a registrar providing services have an ethical or moral obligation to step in and do something when they do encounter an excessive level of abuse by someone using their services? At what point does ARIN revoke the allocation of a blatant and persistant spammer who is violating the law without being stopped? I think the answer is that clearly this isn't something they want to be doing on a regular basis, any more than an ISP wants to be responsible for filtering every packet that goes through their routers looking for warez and kiddie porn, yet I have seen them do it in certain rare and severe cases of unrelenting abuse. Maybe it is a judgement call, maybe it isn't. Bottom line, dealing with abuse is an ass job, and I certainly wouldn't want it. Some days you're doing a good thing because you shut down a spammer, some days you're doing a bad thing because you shut down innocent services along with it (and some days you're just fending off stop hax0ring me on port 80 or I'll sue you and call the CIA e-mails). I highly suspect that GoDaddy doesn't involve itself in these kinds of issues lightly, which means that in all likelihood the level of abuse was severe, with no communication from the person they suspended service to. I for one have never heard of anyone I know having their GoDaddy service suspended for this kind of thing. Unless someone has some actual facts that GoDaddy is engaging in this kind of activity, I'm inclined to give them the benefit of the doubt. This means, at least for now lumping them in the respecting them for taking a stand regarding the abuse of their service category, rather than the wackjob conspiracy theorist power-crazed zealot category we all know and love. :) -- Richard A Steenbergen [EMAIL PROTECTED] http://www.e-gerbil.net/ras GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)
DNS Server domains was Re: GoDaddy.com shuts down entire data center?
On Tuesday 17 Jan 2006 01:04, you wrote: Not having all your DNS servers in the same domain, or registered through the same registrar, isn't a best practice that has previously occurred to me, but it makes a lot of sense now that I think about it. I think the general consensus in the DNS field is that for security reasons it is preferable to have as small a set of DNS servers (or perhaps as small as set of differently configured servers! Hmm physical security) in the hierarchy above you as possible, since compromise of any of these could affect the results obtained for your domain. See also DJBs Trusted Servers note. http://cr.yp.to/djbdns/notes.html Here there is a clear conflict between security through redundancy against accident, and resistant to compromise. Although it can be mitigated by choosing well managed parents zones. Incidently we have DNS servers in two domains, but that is historical, and both top level domains are managed by Verisign, and delivered via the same set of servers. Thus we are dependent on root-servers.net, gltd-servers.net and our own servers, only in the resolution of our own domain names (and customer domains, where those domains are in .com/.net). Of course arguably the effective working of some services (email?) are now also dependent on reverse DNS working well, and the delegation of that is different again. That said I think the idea is sound against some issues (at which point one should probably also use different providers for the DNS registration services, since if their procedures are flawed). However it does increase the risk of certain types of malicious activity, as in general it is sufficent to compromise one DNS server involved in serving a name to compromise the majority of the traffic (at least in theory, I haven't had a chance to prove this in anger yet). Since we are moving a couple of our nameservers from their current domain, I think I'll look at putting them under co.uk, as the UK seems to have tidied up its DNS management quite nicely in recent years. Also during recent event it has struck me that the hierarchy of servers involved in providing DNS services is quite small, and has quite different characteristics to the other records in the DNS. I'm beginning to wonder if having the scaffolding in the protocol itself is the right way, but that is a debate that has raged before, and is off topic here.
Re: GoDaddy.com shuts down entire data center?
--On January 16, 2006 10:32:58 PM -0800 Jim Popovitch [EMAIL PROTECTED] wrote: I want to say, from an outsider's perspective, that I whole heartily applaud GoDaddy on the actions they took and the consistent professionalism exhibited by their tech support representative. Despite obvious (and heavily edited) calls to the same agent, the consumer was informed in a professional manner of his/her avenue for resolution. No doubt remains in my mind that the caller was not caught blind by this situation. Go Daddy has a privacy policy that no doubt prohibits them from releasing details of their side of this case, however to me the recording suggests that the caller knew this was the end result, not a sudden surprise move, and they just wanted to circumvent standard procedure. The caller's prior thought to record, what appears as a standard call to tech-support, is insightful and should be an obvious sign of his motivation. Theres a clear case of he said they said going on with this case. Nectartech is making claims that they fixed the issue. Also note that the caller is not a Nectartech employee at all. He's a customer who's also friends with the owner. Atleast that's what he says in WHT thread. In any event I don't think Nectartech handled this very well, and more likely than not still had a problem and were given ample time to properly correct it.
Re: GoDaddy.com shuts down entire data center?
Patrick W. Gilmore wrote: On Jan 17, 2006, at 1:32 AM, Jim Popovitch wrote: I want to say, from an outsider's perspective, that I whole heartily applaud GoDaddy on the actions they took [...] There seems to be a wide split on this topic. I was wondering if people would privately tell me yes or no on a few questions so I can understand the issue better. 1) Do you think it is acceptable to cause any collateral damage to innocent bystanders if it will stop network abuse? In some cases. Our policy is to minimize such. Example: Customer has a NATted network with multiple machines sharing one global address. One of the machines at customer's premise is causing abuse (virus, etc.) Null-routing one specific IP address will cause collateral damage to the non-infected machines at that customer, but I think most of here would agree that such is justified. Obviously, if the impact of the abuse is minimal, having the customer fix the problem before shutting anything down is preferred. Another example would be a customer's webserver which has many name-based virtual hosts, one of which is abusive, and you are providing IP connectivity. By null-routing one IP you are causing collateral damage to the non-abusive virtual host customers of your customer, but I think most would think that justified. 2) If yes, do you still think it is acceptable to take down 100s of innocent bystanders because one customer of a provider is misbehaving? I assume here that you mean Customer of a customer. Again, it depends. If the customer has continual problems controlling abuse from his customers, or you suspect that your customer is playing whack-a-mole, or the abuse is ongoing and/or serious and you can't identify which of customer's customers is the cause (spoofed source addresses, etc.) in some cases yes. 3) If yes, do you still think it is acceptable if the misbehaving customer is not intentionally misbehaving - i.e. they've been hacked? Again, it depends on the seriousness of the abuse and its affect on the network, as well as the frequency thereof and the seriousness of the customer in rectifying the problem. Also whether you can reasonably isolate the abuse and disconnect only the customer's abusive customer. 3) If yes, do you still think it is acceptable if the collateral damage (taking out 100s of innocent businesses) doesn't actually stop the spam run / DoS attack / etc.? If it doesn't stop it but stops your network from being a part of it, yes. If it has no affect on it at all, then you're probably pulling the wrong plug. These are important question to me, and I'm surprised at the number of people who seem to feel so very differently than I thought they would feel - than I personally feel. Would people mind sending me private e-mails with yes/no answers? Longer answers are welcome, but yes/no will do. This is IMHO operational, so posting publicly. I don't think this is as black-and-white as to warrant simple yes-no answers. There are policies involved as well as your agreements with your peers/upstreams. If the issue is serious enough that you risk losing your own connectivity because you can't stem the abuse from a customer's customer, then you may need to do so, or the end result will be that you become part of greater collateral damage. Using the case under discussion as an example, I am wondering why anyone thinks taking down 100s of innocent domains is a good way to stop a single hacked machine from doing whatever it is doing? If you somehow think all that is worth it, take a close look at your cost / benefit analysis. At this rate, every business on the Internet will be out of business before we take out even a single moderately large botnet. The present example seems to be a combination of poor communication, bad attitude and sloppy network design from what I've seen here. It's unclear to me exactly what GoDaddy shut down, and the only data points we have to go on are admittedly edited conversations that took place after the plug was pulled. What went on beforehand? Did Nectar indeed make a good faith effort to correct the original problem? Was their attitude the same as shown on the phone calls? How long had the problem existed, had it happened before, and did Nectar keep an open dialogue as to the steps they were taking to fix it? Did GoDaddy have less intrusive options to shut down just the abuser? I am also wondering why anyone thinks the miscreant will stop just because the legitimate owner's domain no longer resolves? Not only is the machine likely to continue sending spam as if nothing happened, we aren't even catching the guy. I guess you could say well, it put pressure on his hosting provider to clean the infected machine, which is true. I just think that's a bit silly. But maybe I'm the one who's silly. I think this was a case of a fake phishing website rather than
Re: GoDaddy.com shuts down entire data center?
On Tue, 2006-01-17 at 03:19 -0500, Richard A Steenbergen wrote: The question at hand is, at what point does a registrar providing services have an ethical or moral obligation to step in and do something when they do encounter an excessive level of abuse by someone using their services? I think the issue here is not so much what happened, but how it happened. The phishing problem was originally reported to godaddy and then passed on to nectar on 1/9 (a Monday). It also appears the nectar folks resolved the problem on the same day. After that point godaddy continued to receive complains about the same problem and rather than checking to see if the problem still existed, they just assumed it did. Nectar appears to have even responded to godaddy stating that the problem had already been resolved long before service was cut. IMHO the big issue is that service was cut on a Friday night just as the only folks empowered to resolve the situation have left for the weekend. I can see cutting service during a weekday morning to get the client's attention on the matter. Doing it at a time when you know you'll be causing a long term outage is just plain nasty. HTH, Chris
Re: GoDaddy.com shuts down entire data center?
On Tue, 17 Jan 2006, Chris Brenton wrote: IMHO the big issue is that service was cut on a Friday night just as the only folks empowered to resolve the situation have left for the weekend. Actually the big issue is that godaddy's 24/7 seems anything but -Dan
Re: GoDaddy.com shuts down entire data center?
Matt Ghali [EMAIL PROTECTED] writes: Hear Hear. After reading the GoDaddy domain registration legal agreement, available at: https://www.godaddy.com/gdshop/legal_agreements/show_doc.asp?se=%2Bci=1839pageid=REG%5FSA especially section 7, Restriction of Services, Right of Refusal, I have to give them a big thumbs up. It is good to see that wielding a Big Stick, and actively working for the Good Guys has not hindered GoDaddy from achieving quite a bit of success in the market. The first and second paragraphs are sane. The last paragraph gives Go Daddy the right to capriciously and arbitrarily delete your domain for any reason they wish (Morally objectionable activities will include, but not be limited to...) Put an ethnic joke on your blog? Lose your registration. Put up an I'm a dissatisfied Go Daddy customer page? Lose your registration. Run a non-2257-compliant adult site (that doesn't show minors, just doesn't have the paperwork) outside of the US? Lose your registration. Mirror tubgirl and goatse-man? Lose your registration. Host a site that Go Daddy can plausibly consider morally objectionable (gambling? whiskey reviews?)... Lose your registration. Now that Go Daddy has ensured that I'll never do business with them (which is a shame; I liked certain lawsuits that they brought in the past, but if being their customer means subscribing to their thought police, count me out), I think it's time to carefully go over the registration agreements with the registrars I use... never know when someone will slip in something truly odious, and the argument that none of them would be so crazy as to try it appears to be incorrect. ---Rob
Re: DNS Server domains was Re: GoDaddy.com shuts down entire data center?
In message [EMAIL PROTECTED], Simon Waters writes: I think the general consensus in the DNS field is that for security reasons it is preferable to have as small a set of DNS servers (or perhaps as small as set of differently configured servers! Hmm physical security) in the hierarchy above you as possible, since compromise of any of these could affect the results obtained for your domain. See http://www.usenix.org/events/imc05/tech/ramasubramanian.html --Steven M. Bellovin, http://www.cs.columbia.edu/~smb
Re: DOS attack against DNS?
Last saturday one of our Web server experienced a TCP SYN attck which make the system down for four hours. It seems there is not a good solution which could detect defend DoS traffic at any time. So, to the class ANY queries, should we only filtering out class any queries on public cache servers ? To my understandings, the amplifying result could also be reached by query type any. Joe --- Alon Tirosh [EMAIL PROTECTED] wrote: Admitted, i did not notice the type/class difference. I responded as a knee jerk reaction, and that is my mistake. For the second part, the any query type is useful (when targeted at either your NS and/or public NS servers) to quickly alert to issues such as the one being discussed with GoDaddy and Nectartech right now on this list. Pick and/or set up an NS server that is TTL agnostic (flameArmor: this system is to be used for disparate up-to-date checks only, and I know by spec this is far from foolproof but its saved my ass a couple times in the past) and checks disparate roots and its useful for finding or alerting to major name system, registrar ,and provider issues quickly. Im diverging off-topic, im sure. gnight. On 1/17/06, william(at)elan.net [EMAIL PROTECTED] wrote: Did you notice that it was class ANY and not type ANY that Paul noted? I've never ever heard of it being used anywhere As for ANY query type, what do you think will happen when you query with ANY to a host in a domain that is not in your local dns server cache? And btw if it is in your dns cache, how predictable do you think such results are going to be??? On Tue, 17 Jan 2006, Alon Tirosh wrote: Not true,. the ANY query has mutliple uses for consolidating multiple diagnostic queries into a single display, and also for diversion monitoring systems on small domains or groups of same. Not all of us have the resources (or time) of large ISPs behind us. On 15 Jan 2006 17:27:40 +, Paul Vixie [EMAIL PROTECTED] wrote: client xx.xx.xx.xx#6704: query: z.tn.co.za ANY ANY +E class ANY has no purpose in the real world, not even for debugging. if you see it in a query, you can assume malicious intent. if you hear it in a query, you can safely ignore that query, or at best, map it to class IN. -- Paul Vixie __ Do you Yahoo!? New and Improved Yahoo! Mail - 1GB free storage! http://sg.whatsnew.mail.yahoo.com
Re: GoDaddy.com shuts down entire data center?
- Original Message - From: Patrick W. Gilmore [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: Patrick W. Gilmore [EMAIL PROTECTED] Sent: Tuesday, January 17, 2006 1:09 AM Subject: Re: GoDaddy.com shuts down entire data center? On Jan 17, 2006, at 1:32 AM, Jim Popovitch wrote: I want to say, from an outsider's perspective, that I whole heartily applaud GoDaddy on the actions they took [...] There seems to be a wide split on this topic. I was wondering if people would privately tell me yes or no on a few questions so I can understand the issue better. 1) Do you think it is acceptable to cause any collateral damage to innocent bystanders if it will stop network abuse? If the damage of the persistant abuse is greater than the lost of the innocent persons, yes. 2) If yes, do you still think it is acceptable to take down 100s of innocent bystanders because one customer of a provider is misbehaving? Yes I do and more than likely, so do you. If you are a common end point for all of my users and I'm the common end point for yours, either of us has the right to deny access to the other at any point for no reason really. Now, should your network start flooding me or vice versa, one of us, if not both, will toss up some filters. If either of our networks is larger than the other and causing a dos for the other end, the effected one of us would have no recourse but to contact the upstream of the source point and request assistance. 3) If yes, do you still think it is acceptable if the misbehaving customer is not intentionally misbehaving - i.e. they've been hacked? Intentional or not, it doesn't negate the fact that the system has been hacked and is now owned by someone other than the actual owner. If one of my systems were to be hacked and I miss it, and it starts causing problems for your network, I expect my network to be filtered. If your filters aren't effective enough to deal with the issue, and I'm not helping you to correct the problem, I expect you to go to my carrier to file a complaint. 3) If yes, do you still think it is acceptable if the collateral damage (taking out 100s of innocent businesses) doesn't actually stop the spam run / DoS attack / etc.? There is no simple yes / no for this one. It would depend on the circumstances of the issue. snip Using the case under discussion as an example, I am wondering why anyone thinks taking down 100s of innocent domains is a good way to stop a single hacked machine from doing whatever it is doing? If you somehow think all that is worth it, take a close look at your cost / benefit analysis. At this rate, every business on the Internet will be out of business before we take out even a single moderately large botnet. You can wonder why, however I, IMHO, think that if more carriers would take that stance, then the problems that we face daily would be much less severe. Currently, there's not much to keep the big players in check when it comes to their network. Now, imagine, what could happen if they were forced to play by the same rules that we have to go by? If our network is causing problems, our uplink(s) have the authority to disconnect them for that generally. Can you see Sprint, SBC/ATT, L3, Cogent, AOL, Cox, etc having those same rules applicable to them or be depeered from all peers and become network dead? Now, is it feasible to do such a thing? Not usually because it causes financial issues on both sides of the depeering. That's because the internet that we have is used as a means of financial gain and isn't geared for being easily segregated in the event of compromise. Yet, that's the current mechanism for a compromised end user. The same means should be used all the way to the NAP imo. I am also wondering why anyone thinks the miscreant will stop just because the legitimate owner's domain no longer resolves? Not only is the machine likely to continue sending spam as if nothing happened, we aren't even catching the guy. I guess you could say well, it put pressure on his hosting provider to clean the infected machine, which is true. I just think that's a bit silly. But maybe I'm the one who's silly. Why should you or I be the ones responsible for catching the miscreant when the compromised system isn't on our network? If it were, then that task would fall to us to do so. If the threat of a delinking were over our heads, we'd have some major incentive to find the idiot and make sure he's not on our net anymore wouldn't we. Lastly, I wonder what average people - people who run businesses on hosting providers who really don't understand all this computer stuff - think about such actions. How many 100s of people have we just alienated for life to stop - er, NOT stop - a single zombie? And how many of their friends are going to hear over an over how the Internet is not a real business and no one should put any faith in it? Average
Re: AW: Odd policy question.
On Sat, Jan 14, 2006 at 05:31:12PM -0500, Jeffrey I. Schiller wrote: If registrars regularly checked for lame delegations (or checked on demand). Then a way to attack a domain would be to forge DNS responses to cause the registrar to remove the domain because it is lame. So DNSSEC would be needed to be sure... Something more than merely DNS-SEC. DNS-SEC is about proving zone contents (object security). To prove lame delegation you'd need a means to identify the nameserver (channel security) that's supplying the response. The difference between this zone contains (or doesn't) an RR versus this DNS packet is from the server named George. You could prove inconsistent delegation - that the parent and child differ. But this is not necessarily lame. -- David W. HankinsIf you don't do it right the first time, Software Engineer you'll just have to do it again. Internet Systems Consortium, Inc. -- Jack T. Hankins pgpZ8oY8W0ESG.pgp Description: PGP signature
Re: GoDaddy.com shuts down entire data center?
--On January 17, 2006 7:27:20 AM -0500 Robert E.Seastrom [EMAIL PROTECTED] wrote: Now that Go Daddy has ensured that I'll never do business with them (which is a shame; I liked certain lawsuits that they brought in the past, but if being their customer means subscribing to their thought police, count me out), I think it's time to carefully go over the registration agreements with the registrars I use... never know when someone will slip in something truly odious, and the argument that none of them would be so crazy as to try it appears to be incorrect. This thread gets less and less operationalhowever...I'm trying to keep this in scope...I think this relates operationally because we all have and enforce AUPs and ToS on our customer bases, both internal, and external. We also have AUPs and ToS enforced on us, by business relationships and peerings, etc. Most ToS and AUP out there at the consumer level state basically the service is worthless, that we can and will d/c you at will, without cause, at our whim. Overzealous lawyering has made this a necessity. How much any of these might or might not stand up in court, I have no clue. As you get into the business world some ToS and AUP become more weighty, but far more structured. Giving both sides clearer and well defined policies and practices for responding to issues. Requiring notification, escalation, etc. I think what matters is the way that the AUPs are applied. This case...the facts...don't match up. webhosting.info (not an authoritative source mind you, but a datapoint) only sees ~150 hosts by this ISP. From what I understand this number is from whois data with nameservers pointing to theirs. Contrast this with mydyndns.org, google.com, ebay.com, prioritycolo.com, wellsfargo.com (ok so this ones not that much more, at ~800), even sun.com has more domains listed. Those last two aren't even 'in the business' and they have more. While they may have a large datacenter, I'm not even remotely sure that this incident darkened the whole thing. It might've taken rDNS offline, but that's far from darkening a whole datacenter. It sounds like another WHTer puffing themselves up to being bigger than they are. They *must* be small to let a *CUSTOMER* advocate for them to a third party! Nectartech clearly knew about this and sanctioned it, and the person recording the phone calls has pointed this out more than once. There are no facts in this case either way, because it is really Go Daddy against Nectartech. And Nectartech has a lot more reason to lie to make itself look better in front of its customers. If their whole datacenter went dark then it's some unrelated thing, or some really bad practice (such as somehow establishing iBGP based on domain names maybe? hell I dunno). I've seen so much utter BS spouted by a lot of the self proclaimed web hosts on WHT that I'm not inclined to believe his side of the story any more (or any less) because of it. Go Daddy has to my knowledge never been draconian in applying their AUP (I think atleast some of us here would know about it if so).
Re: DOS attack against DNS?
# Admitted, i did not notice the type/class difference. I responded as a knee # jerk reaction, and that is my mistake. on nanog@, the tradition is to send knee-jerk flames without having read the article you're replying to. it's our own little slice of usenet-like culture, still alive a decade or several too late. so you're fitting right in. :-). # For the second part, the any query type is useful (when targeted at either # your NS and/or public NS servers) to quickly alert to issues such as the one # being discussed with GoDaddy and Nectartech right now on this list. i don't like type ANY very much, since it's a cpu amplification attack vector against recursive nameservers. however, sendmail uses it in hopes of learning type MX and type A at the same time, and according to eric, this saves more network traffic than it generates. in any case i've not said anything against type ANY. it's common, and seeing it is not an indication of malicious intent, and it should never be blocked. my earlier comments on this thread were about class ANY, not type ANY.
Re: DOS attack against DNS?
# Last saturday one of our Web server experienced a TCP SYN attck which make # the system down for four hours. It seems there is not a good solution which # could detect defend DoS traffic at any time. by definition, there will never be a single defense against all attacks. # So, to the class ANY queries, should we only filtering out class any queries # on public cache servers ? if you're seeing them and they're hurting you, yes. or if you're willing to undure the configuration pain of always dropping them (see marka's recent mail on view statements for this purpose), then yes. # To my understandings, the amplifying result could also be reached by query # type any. that's not my understanding. you're more likely to be hurt by a peer's lack of BCP38 conformance than by all the type=ANY queries you'll ever hear in DNS.
Re: GoDaddy.com shuts down entire data center?
On Tue, 17 Jan 2006, Robert E.Seastrom wrote: The first and second paragraphs are sane. The last paragraph gives Go Daddy the right to capriciously and arbitrarily delete your domain for any reason they wish (Morally objectionable activities will include, but not be limited to...) Do you believe that your philosophical objections to the language absolves you as a customer from the minimal due dilligence of knowing what you are agreeing to? [EMAIL PROTECTED]darwin The only thing necessary for the triumph of evil is for good men to do nothing. - Edmund Burke
Re: GoDaddy.com shuts down entire data center?
On Tue, 17 Jan 2006, Matt Ghali wrote: On Tue, 17 Jan 2006, Robert E.Seastrom wrote: The first and second paragraphs are sane. The last paragraph gives Go Daddy the right to capriciously and arbitrarily delete your domain for any reason they wish (Morally objectionable activities will include, but not be limited to...) Do you believe that your philosophical objections to the language absolves you as a customer from the minimal due dilligence of knowing what you are agreeing to? Find me a registrar that DOESN'T have that kind of language in their user agreements, then tell me if anyone wishing to do any kind of e-commerce has a choice. I've gone off on a tear about this before: A registrar has a license to print money. Boilerplate user agreements that leave the user zero recourse are the standard. I haven't seen a registrar yet that doesn't have this kind of verbiage completely freeing them from liability for *any* action taken on a domain registration, including none. - billn
Re: GoDaddy.com shuts down entire data center?
On Tue, 17 Jan 2006, Matt Ghali wrote: On Tue, 17 Jan 2006, Robert E.Seastrom wrote: The first and second paragraphs are sane. The last paragraph gives Go Daddy the right to capriciously and arbitrarily delete your domain for any reason they wish (Morally objectionable activities will include, but not be limited to...) Do you believe that your philosophical objections to the language absolves you as a customer from the minimal due dilligence of knowing what you are agreeing to? Find me a registrar that DOESN'T have that kind of language in their user agreements, then tell me if anyone wishing to do any kind of e-commerce has a choice. There are plenty. But they are usually resellers of the larger registrars. That's part of the reason to pay the extra $1 to use an ICANN accredited registrar. I've gone off on a tear about this before: A registrar has a license to print money. Boilerplate user agreements that leave the user zero recourse are the standard. I haven't seen a registrar yet that doesn't have this kind of verbiage completely freeing them from liability for *any* action taken on a domain registration, including none. Since this isn't a registrars list I can only say that you should go discuss that with some registrars and i think you'll find that your statement isn't entirely factual. For example, GoDaddy has a 24/7 support system, regardless of what people think about it, that did answer the phone and process the problem. That's a minimum of a ~half a million dollar investment on the spot. I'm NOT a registrar and I don't represent them, but I think they make their money on services more than domains. Anyhow, I think this thread is totally off topic at this point, as well as Marc Perkel is off topic, asking Marc Perkely what he thinks is off topic, and this thread should die a horrific death. It's on the way to a /dev/null forward as we speak. -M
Collateral Damage
My previous post sparked quite a bit of traffic (mostly to me personally). It also sparked some confusion. That's mostly my fault for writing e-mails far too late at night and mixing it with an emotionally charged thread. So I would like to separate my questions out of the GoDaddy thread, write them slightly differently, and give a little more scope for clarity. These questions are designed as yes/no, not it depends. The idea being if there are general circumstances (not billion-in-one corner cases) which would make the action in question acceptable, please answer yes, and move to the next question. For instance, I would answer the first question as yes, because there are circumstances which happen reasonably often where I would take down an innocent domain to stop network abuse. (E.g. I would null-route a /24 that is sending gigabits of DoS traffic, even if there is an innocent mail server in that block.) Anyway, on to the poll. You are welcome and encouraged to send the answers to me privately, I will collate and post back to the list in a few days. * Please answer yes/no. - Additional text is encouraged, but I need a yes/no to tabulate the vote. * These questions are not regarding a specific provider or even specific abuse type. - You can consider spam, DoS, phishing, hacking, etc. - Please assume what you consider to be the worst abuse which is common on the Internet today. * There is a basic assumption that due diligence has been applied. - You have investigated and are certain this is not a false positive or such. - I hope we can all agree that shutting someone down without doing proper investigation is a Bad Thing. * There is a basic assumption of notification and grace period. - The provider in question knows Bad Things are happening. - The provider in question has had a reasonable amount of time to fix said Bad Things. - Bad Things are still happening. * Please do not consider extremely rare occurrences or utra-extreme scenarios. - Null-routing an IP address to stop nuclear war is not in scope of this survey. If you have any questions, please feel free to e-mail me. 1) Do you think it is ever acceptable to cause collateral damage to innocent bystanders if it will stop network abuse? 2) If yes, do you still think it is ever acceptable to take down a provider with 100s of innocent customers because one customer is misbehaving? 3) If yes, do you still think it is ever acceptable if the misbehaving customer is not intentionally misbehaving - i.e. they've been hacked? 4) If yes, do you still think it is ever acceptable if the collateral damage (taking out 100s of innocent businesses) doesn't actually stop the spam run / DoS attack / etc.? Thank you all for your time. -- TTFN, patrick
OT: Training
All, I am working on a training proposal, and would appreciate your input. This training is going to be an introductory course aimed at those who are new to networking. Just to put it in context ... I'm presuming that most of you on this list have help desk personnel who would be 3 or more levels above the training I'm working on. For example, if I even mention BGP it would be along the lines of BGP is a routing protocol {presuming I've even mentioned routing protocols} that is used between ISPs. Period. I don't expect that people coming out of this particular course will be able to do even non-VLSM subnetting - with a calculator, let alone on paper - but at least they will have seen it. What I'm more interested in from you all is something along the lines of - What do you wish the Help Desk personnel that your Help Desk is trying to help actually knew. Or even, more basically, What do I wish that people interested in - or in the process of being hired for/promoted to/assigned to (because no one else wants it) - network help desk assignments knew, or should be sent to training to learn, before even trying to talk to me. What would be an appropriate 5-10 minute overview (i.e. what is MPLS and how does it help networks), and what might be appropriate for more in depth (i.e. IP Addressing basics). What networking myths do you want me to bust? I may also be able to let them actually do something ... perhaps run a traceroute (live or canned, not sure yet) and explain how it works. I will definitely have a chapter - or at least portion of a chapter - on history (how we got where we are), including the who/what/why/where/when of RFCs (traceroute might be a good one to explore the technical aspects of implementation; i.e. why should UDP be used instead of ICMP - what do the RFCs say about it). If nothing else, I may assign some of Jon Postel's writing for research - like RFC 791 :-) Everyone has to start somewhere, and I want this to be the best, yet most succinct, training I can come up with. Please keep in mind that I only have 4 or 5 (probably 4) days to do this in. It is meant to be an introduction, and not cure all network training fauxes pas (is that the correct plural?) in one fell swoop. One of the other things I want to accomplish is to hook people on networking so that they will continue their training. Off-list replies welcome - you decide. Thanks. Regards. Ted Fischer
Re: GoDaddy.com shuts down entire data center?
Joe McGuckin wrote: On the other hand �, I'm not comfortable with the idea that an organization that provides network infrastructure services under the aegis of the US Government could unilaterally revoke those services for something that is not illegal. You could say I do that. I am not a registrar, but I do host DNS for many domains. So if my customer spams and I cut them off, including DNS, do you have a problem with that too? -- Steve Sobol, Professional Geek 888-480-4638 PGP: 0xE3AE35ED Company website: http://JustThe.net/ Personal blog, resume, portfolio: http://SteveSobol.com/ E: [EMAIL PROTECTED] Snail: 22674 Motnocab Road, Apple Valley, CA 92307
Service contracts and Morally objectionable activities
On 1/17/06, Bill Nash [EMAIL PROTECTED] wrote: On Tue, 17 Jan 2006, Matt Ghali wrote: On Tue, 17 Jan 2006, Robert E.Seastrom wrote: The first and second paragraphs are sane. The last paragraph gives Go Daddy the right to capriciously and arbitrarily delete your domain for any reason they wish (Morally objectionable activities will include, but not be limited to...) Do you believe that your philosophical objections to the language absolves you as a customer from the minimal due dilligence of knowing what you are agreeing to? Find me a registrar that DOESN'T have that kind of language in their user agreements, then tell me if anyone wishing to do any kind of e-commerce has a choice. Yes, but that language DOESN'T have to stay in YOUR agreement. Many registrars will negotiate contract language, at least for larger customers. My employer isn't a huge network operation, with just a few hundred domains, but is big enough to have staff counsel, and stubborn enough to routinely stonewall ISPs and registrar's into removing content related clauses from their contracts. Messes with my project deadlines, but better late than Godaddy. I've gone off on a tear about this before: A registrar has a license to print money. Boilerplate user agreements that leave the user zero recourse are the standard. I haven't seen a registrar yet that doesn't have this kind of verbiage completely freeing them from liability for *any* action taken on a domain registration, including none. And this is why, if any money is riding on the service at all, you have at least one law talking guy vet all contracts at the front of the process. Kevin Kadow
Intradomain Traffic Engineering
Hi All, I'm a PhD student currently studying intra-domain traffic engineering, and I have two questions that I really wish to hear some opinions from you network operators. I'm experimenting with a prediction-based intra-domain traffic engineering technique. The technique uses traffic demand matrices observed in the history to predict future traffic demands, and computes a routing that minimizes maximum link utilization (MLU) for those future demands. I evaluate the performance of the technique using Abilene traffic traces collected at every 5 minutes interval. The results show that when the model is able to predict the real traffic matrix, the technique can achieve close to optimal MLU. However, when the model makes wrong prediction, the technique suffers very high MLU (as high as 140%). Basically, I have the following two questions: 1. In the traces I have, there exist several intervals with a huge, sudden increase of traffic on some links. The prediction model I use cannot predict those 'big spikes'. Do these 'big spikes' really happen in operational networks? Or are they merely measurement errors? If they really happen, is there a gradual ramp up of traffic in smaller time scale, say, on the order of tens of seconds? Or do these 'big spikes' really occur very quickly, say, in a few seconds? 2. I have the option to make a tradeoff between average case performance and worst case performance guarantee, but I don't know which one is deemed more important by you. Are ISP networks currently optimized for worst case or average case performance? Is the trade-off between these two an appealing idea, or may the ISP networks are already doing it? I really appreciate any feedback from you about the above two questions, and your help will be acknowledged inany publication about this work. Thanks,Edgar
Re: Intradomain Traffic Engineering
At 12:06 AM 1/18/2006, you wrote: (snip) wrong prediction, the technique suffers very high MLU (as high as 140%). Basically, I have the following two questions: 1. In the traces I have, there exist several intervals with a huge, sudden increase of traffic on some links. The prediction model I use cannot predict those 'big spikes'. Do these 'big spikes' really happen in operational networks? Or are they merely measurement errors? If they really happen, is there a gradual ramp up of traffic in smaller time scale, say, on the order of tens of seconds? Or do these 'big spikes' really occur very quickly, say, in a few seconds? Nobody can predict them so you build your network with excess capacity from an overhead standpoint as well as a link standpoint. Here are several reasons for variation and unpredictability. This is not a comprehensive list and I'm sure others will add to it. CNN or other major network coverage including major advertising events - super bowl, victoria's secret show, etc. (10s of seconds) SQL Slammer / Code Red / Nimda / or other major fast moving outbreaks (10s of seconds - maybe. We saw the spread of SQL slammer within 2 seconds to many unmanaged colo customer machines) depeering of any two or more large networks or routing mistakes or flapping thus dampening (a few seconds to 10s of seconds to hours) major provider outage which moves flows to other paths (a few seconds to 10s of seconds) fiber cuts / regional power outages (a few seconds to 10s of seconds) significant events such as 9/11 Katrina (a few seconds to many hours) 2. I have the option to make a tradeoff between average case performance and worst case performance guarantee, but I don't know which one is deemed more important by you. Are ISP networks currently optimized for worst case or average case performance? Is the trade-off between these two an appealing idea, or may the ISP networks are already doing it? Each ISP makes their own decisions based on their business needs, budgets, and promised SLAs to customers -Robert Tellurian Networks - The Ultimate Internet Connection http://www.tellurian.com | 888-TELLURIAN | 973-300-9211 Well done is better than well said. - Benjamin Franklin