Re: Researchers ping through first full 'Internet census' in 25 years
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Roy [EMAIL PROTECTED] wrote: http://www.networkworld.com/community/node/20390?netht=101107dailynews2n ladname=101107dailynews Credit where credit is due: http://www.xkcd.com/195/ -BEGIN PGP SIGNATURE- Version: PGP Desktop 9.6.3 (Build 3017) wj8DBQFHDw5Lq1pz9mNUZTMRAsFvAJ9yF2eAO3RMX8g1Txv31nxmHCZTWgCghUfK NKHh3kxqyPA9Wuu5dkBUqpc= =roun -END PGP SIGNATURE- -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg(at)netzero.net ferg's tech blog: http://fergdawg.blogspot.com/
Re: Researchers ping through first full 'Internet census' in 25 years
http://www.networkworld.com/community/node/20390?netht=101107dailynews2nladname=101107dailynews Credit where credit is due: http://www.xkcd.com/195/ i guess you did not read the article, eh? randy
Re: Researchers ping through first full 'Internet census' in 25 years
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Randy Bush [EMAIL PROTECTED] wrote: http://www.networkworld.com/community/node/20390?netht=101107dailynews2 nladname=101107dailynews Credit where credit is due: http://www.xkcd.com/195/ i guess you did not read the article, eh? Since you brought it up, of course I did: http://fergdawg.blogspot.com/2007/10/from-xkcd-to-reality-ant-censuses-of.h tml - - ferg -BEGIN PGP SIGNATURE- Version: PGP Desktop 9.6.3 (Build 3017) wj8DBQFHDxQGq1pz9mNUZTMRAp9tAJ0XP/MtQtsNy5StUTDNgo2V7M5e+gCeOoCz ia9SPyl4Sw6vfmr+Zmerkg0= =VxBk -END PGP SIGNATURE- -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg(at)netzero.net ferg's tech blog: http://fergdawg.blogspot.com/
Re: Researchers ping through first full 'Internet census' in 25 years
On Thu, 11 Oct 2007, Roy wrote: You will want: http://www.isi.edu/ant/address/index.html -Hank I guess no one told them that someone might consider this an attack? I have set up detectors where pinging consecutive honeypot ip addresses results in the source IP address being blacklisted for a day or two. Researchers ping through first full 'Internet census' in 25 years No door-to-door canvassing here: This census involved the direction of some 3 billion pings toward 2.8 billion allocated Internet addresses from three machines over the course of two months. http://www.networkworld.com/community/node/20390?netht=101107dailynews2nladname=101107dailynews or http://tinyurl.com/37fgua The press release is located at http://www.isi.edu/news/news.php?story=178
Re: Researchers ping through first full 'Internet census' in 25 years
ISI folks have been taking this census since at least mid 2003. We vizualized their data using our tool and then made a movie showing the changes from 2003 to late 2006. If you have 27 MB and a few minutes to spare you can download it from here: http://maps.measurement-factory.com/gallery/USC-LANDER-Census/ Duane W.
Re: Researchers ping through first full 'Internet census' in 25 years
27MB? I duno, that's quite a lot.. I'll have to delete some mp3s first.. Duane Wessels wrote: ISI folks have been taking this census since at least mid 2003. We vizualized their data using our tool and then made a movie showing the changes from 2003 to late 2006. If you have 27 MB and a few minutes to spare you can download it from here: http://maps.measurement-factory.com/gallery/USC-LANDER-Census/ Duane W.
Re: Researchers ping through first full 'Internet census' in 25 years
On Fri, 12 Oct 2007, Chris Owen wrote: You can't consider every wacko on the net when doing something like this. Anyone who considers a ping an attack probably isn't worth worrying about. I tend to agree, but back when I manned the abuse desk (among others) at my former employer, I would see abuse reports come in all the time that were basically a report from whatever security software someone was running on their PC, accompanied by a message that was usually something along the lines of this: HOST x.x.x.x ON YOUR NETWORK PINGED ME I TAKE MY SECURITY SERIOUSLY!! I'M CALLING THE FBI!!! The knee-jerk reaction is rarely the right one :) jms
Re: Researchers ping through first full 'Internet census' in 25 years
On Fri, 12 Oct 2007, Leigh Porter wrote: You are more likely to get 5000 zonealarm emails Or a place on dshield's top 10. Justin M. Streiner wrote: On Fri, 12 Oct 2007, Chris Owen wrote: You can't consider every wacko on the net when doing something like this. Anyone who considers a ping an attack probably isn't worth worrying about. I tend to agree, but back when I manned the abuse desk (among others) at my former employer, I would see abuse reports come in all the time that were basically a report from whatever security software someone was running on their PC, accompanied by a message that was usually something along the lines of this: HOST x.x.x.x ON YOUR NETWORK PINGED ME I TAKE MY SECURITY SERIOUSLY!! I'M CALLING THE FBI!!! The knee-jerk reaction is rarely the right one :) jms
Re: Why do some ISP's have bandwidth quotas?
On 10/12/07, Tony Finch [EMAIL PROTECTED] wrote: On Thu, 11 Oct 2007, Mikael Abrahamsson wrote: If it's multicast TV I don't see the problem, it doesn't increase your backbone traffic linearly with the number of people doing it. However if you have UK-style ADSL ppp backhaul then multicast doesn't help. Tony. Not to drag this too far off topic, but have serious studies been done looking at moving switching fabric closer to the DSLAMs (versus doing everything PPPoE)? I know this sort of goes opposite of how ILECs are setup to dish out DSL, but as more traffic is being pushed user to user, it may make economic/technical sense. -brandon
Re: Why do some ISP's have bandwidth quotas?
On Thu, 11 Oct 2007, Mikael Abrahamsson wrote: If it's multicast TV I don't see the problem, it doesn't increase your backbone traffic linearly with the number of people doing it. However if you have UK-style ADSL ppp backhaul then multicast doesn't help. Tony. -- f.a.n.finch [EMAIL PROTECTED] http://dotat.at/ IRISH SEA: SOUTHERLY, BACKING NORTHEASTERLY FOR A TIME, 3 OR 4. SLIGHT OR MODERATE. SHOWERS. MODERATE OR GOOD, OCCASIONALLY POOR.
Re: Researchers ping through first full 'Internet census' in 25 years
On Fri, October 12, 2007 2:49 pm, Justin M. Streiner wrote: HOST x.x.x.x ON YOUR NETWORK PINGED ME I TAKE MY SECURITY SERIOUSLY!! I'M CALLING THE FBI!!! That I can *sort* of understand - it's the flaming zealotry of ALL ICMP IS EEEVIL! trickling down from 99% of firewall admins working in enterprises to end users who just heard it from someone in IT. It's the Your server www.whatever.com is attacking me from port 80! ones that leave me torn between laughing, crying, and seriously thinking about a cull...
Re: Researchers ping through first full 'Internet census' in 25 years
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Oct 12, 2007, at 12:50 AM, Roy wrote: I guess no one told them that someone might consider this an attack? You can't consider every wacko on the net when doing something like this. Anyone who considers a ping an attack probably isn't worth worrying about. Chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (Darwin) iD8DBQFHD3eTElUlCLUT2d0RAmyaAKCjU8XWlNEb7PWuWY+zz7nYc9LCBACgrp/r pPnxCKmRAwm1No9pMOGT3YI= =/0ak -END PGP SIGNATURE-
Re: Researchers ping through first full 'Internet census' in 25 years
On Fri, 12 Oct 2007, Leigh Porter wrote: You are more likely to get 5000 zonealarm emails Got tons of those... ...and BlackIce, DShield, Norton, SamSpade, and all the rest :) But there were also lots of people who took time out of their busy day to personally write their own flaming emails, rather than just relying on the boilerplate reports many of the packages above commonly send out. I felt honored :) jms Justin M. Streiner wrote: On Fri, 12 Oct 2007, Chris Owen wrote: You can't consider every wacko on the net when doing something like this. Anyone who considers a ping an attack probably isn't worth worrying about. I tend to agree, but back when I manned the abuse desk (among others) at my former employer, I would see abuse reports come in all the time that were basically a report from whatever security software someone was running on their PC, accompanied by a message that was usually something along the lines of this: HOST x.x.x.x ON YOUR NETWORK PINGED ME I TAKE MY SECURITY SERIOUSLY!! I'M CALLING THE FBI!!! The knee-jerk reaction is rarely the right one :) jms
Re: Researchers ping through first full 'Internet census' in 25 years
You are more likely to get 5000 zonealarm emails Justin M. Streiner wrote: On Fri, 12 Oct 2007, Chris Owen wrote: You can't consider every wacko on the net when doing something like this. Anyone who considers a ping an attack probably isn't worth worrying about. I tend to agree, but back when I manned the abuse desk (among others) at my former employer, I would see abuse reports come in all the time that were basically a report from whatever security software someone was running on their PC, accompanied by a message that was usually something along the lines of this: HOST x.x.x.x ON YOUR NETWORK PINGED ME I TAKE MY SECURITY SERIOUSLY!! I'M CALLING THE FBI!!! The knee-jerk reaction is rarely the right one :) jms
The Cidr Report
This report has been generated at Fri Oct 12 21:14:04 2007 AEST.
The report analyses the BGP Routing Table of AS2.0 router
and generates a report on aggregation potential within the table.
Check http://www.cidr-report.org for a current version of this report.
Recent Table History
Date PrefixesCIDR Agg
05-10-07239308 153665
06-10-07239204 153876
07-10-07239300 154113
08-10-07239286 154297
09-10-07239339 154503
10-10-07239547 153951
11-10-07239659 151909
12-10-07239733 154384
AS Summary
26555 Number of ASes in routing system
11198 Number of ASes announcing only one prefix
1950 Largest number of prefixes announced by an AS
AS4538 : ERX-CERNET-BKB China Education and Research Network
Center
88942080 Largest address span announced by an AS (/32s)
AS721 : DISA-ASNBLK - DoD Network Information Center
Aggregation Summary
The algorithm used in this report proposes aggregation only
when there is a precise match using the AS path, so as
to preserve traffic transit policies. Aggregation is also
proposed across non-advertised address space ('holes').
--- 12Oct07 ---
ASnumNetsNow NetsAggr NetGain % Gain Description
Table 239660 1543598530135.6% All ASes
AS4538 1950 711 123963.5% ERX-CERNET-BKB China Education
and Research Network Center
AS4755 1440 382 105873.5% VSNL-AS Videsh Sanchar Nigam
Ltd. Autonomous System
AS9498 1009 73 93692.8% BBIL-AP BHARTI BT INTERNET
LTD.
AS11492 1158 367 79168.3% CABLEONE - CABLE ONE
AS4323 1358 601 75755.7% TWTC - Time Warner Telecom,
Inc.
AS22773 793 71 72291.0% CCINET-2 - Cox Communications
Inc.
AS4134 1102 407 69563.1% CHINANET-BACKBONE
No.31,Jin-rong Street
AS6478 1127 433 69461.6% ATT-INTERNET3 - ATT WorldNet
Services
AS18566 1028 353 67565.7% COVAD - Covad Communications
Co.
AS8151 1057 434 62358.9% Uninet S.A. de C.V.
AS19262 786 184 60276.6% VZGNI-TRANSIT - Verizon
Internet Services Inc.
AS17488 825 267 55867.6% HATHWAY-NET-AP Hathway IP Over
Cable Internet
AS18101 602 72 53088.0% RIL-IDC Reliance Infocom Ltd
Internet Data Centre,
AS15270 584 70 51488.0% AS-PAETEC-NET - PaeTec
Communications, Inc.
AS7545 741 231 51068.8% TPG-INTERNET-AP TPG Internet
Pty Ltd
AS6197 1028 531 49748.3% BATI-ATL - BellSouth Network
Solutions, Inc
AS7018 1494 1005 48932.7% ATT-INTERNET4 - ATT WorldNet
Services
AS2386 1231 755 47638.7% INS-AS - ATT Data
Communications Services
AS4668 518 68 45086.9% LGNET-AS-KR LG CNS
AS4812 548 105 44380.8% CHINANET-SH-AP China Telecom
(Group)
AS4766 810 374 43653.8% KIXS-AS-KR Korea Telecom
AS4802 575 158 41772.5% ASN-IINET iiNet Limited
AS9443 465 78 38783.2% INTERNETPRIMUS-AS-AP Primus
Telecommunications
AS4808 490 121 36975.3% CHINA169-BJ CNCGROUP IP
network China169 Beijing
Province Network
AS7011 958 594 36438.0% FRONTIER-AND-CITIZENS -
Frontier Communications of
America, Inc.
AS19916 568 205 36363.9% ASTRUM-0001 - OLM LLC
AS17676 502 142 36071.7% JPNIC-JP-ASN-BLOCK Japan
Network Information Center
AS5668 654 299 35554.3% AS-5668 - CenturyTel Internet
Holdings, Inc.
AS3602 430 77 35382.1%
BGP Update Report
BGP Update Report Interval: 10-Sep-07 -to- 11-Oct-07 (32 days) Observation Point: BGP Peering with AS2.0 TOP 20 Unstable Origin AS Rank ASNUpds % Upds/PfxAS-Name 1 - AS9583 647514 6.2% 552.0 -- SIFY-AS-IN Sify Limited 2 - AS9498 159345 1.5% 154.0 -- BBIL-AP BHARTI BT INTERNET LTD. 3 - AS4621 138397 1.3% 935.1 -- UNSPECIFIED UNINET-TH 4 - AS8151 106223 1.0% 63.1 -- Uninet S.A. de C.V. 5 - AS43403 100136 1.0% 50068.0 -- SVIAZ-PLUS-AS LLC Sviaz Plus 6 - AS16637 89625 0.9%2036.9 -- MTNNS-AS 7 - AS15611 63185 0.6% 651.4 -- Iranian Research Organisation 8 - AS475061710 0.6% 284.4 -- CSLOXINFO-ISP-AS-AP CSLOXINFO Public Company Limited. 9 - AS30619 59785 0.6%2989.2 -- TDM-AS 10 - AS17974 55438 0.5% 138.2 -- TELKOMNET-AS2-AP PT TELEKOMUNIKASI INDONESIA 11 - AS413452826 0.5% 47.4 -- CHINANET-BACKBONE No.31,Jin-rong Street 12 - AS702 46500 0.5% 71.6 -- AS702 Verizon Business EMEA - Commercial IP service provider in Europe 13 - AS34368 46009 0.4%1278.0 -- THEZONE Zonata - Natzkovi Sie LTD. 14 - AS24731 45666 0.4% 992.7 -- ASN-NESMA National Engineering Services and Marketing Company Ltd. (NESMA) 15 - AS453845532 0.4% 22.0 -- ERX-CERNET-BKB China Education and Research Network Center 16 - AS14390 41953 0.4% 749.2 -- CORENET - Coretel America, Inc. 17 - AS701839959 0.4% 25.9 -- ATT-INTERNET4 - ATT WorldNet Services 18 - AS912139257 0.4% 179.3 -- TTNET TTnet Autonomous System 19 - AS10275 38498 0.4% 19249.0 -- AS-UNITEDNETWORK - ABS-CBN International 20 - AS288 37692 0.4% 311.5 -- European Space Agency TOP 20 Unstable Origin AS (Updates per announced prefix) Rank ASNUpds % Upds/PfxAS-Name 1 - AS43403 100136 1.0% 50068.0 -- SVIAZ-PLUS-AS LLC Sviaz Plus 2 - AS10275 38498 0.4% 19249.0 -- AS-UNITEDNETWORK - ABS-CBN International 3 - AS26829 15133 0.1% 15133.0 -- YKK-USA - YKK USA,INC 4 - AS175409744 0.1%9744.0 -- MTL-AP Modern Terminals Limited 5 - AS343828026 0.1%8026.0 -- ASSYRUS-SRL-AS Assyrus Srl Maintainer 6 - AS36011 11998 0.1%5999.0 -- AHSYS-ASN - Atlantic Health System 7 - AS30707 14309 0.1%4769.7 -- 8 - AS926412739 0.1%4246.3 -- ASNET Academic Sinica 9 - AS426113539 0.0%3539.0 -- HOSTUA-AS hosing.com.ua AS 10 - AS326503342 0.0%3342.0 -- SANDHILLS-SW - SANDHILLS PUBLISHING 11 - AS200073057 0.0%3057.0 -- AS-ALOGI - ALOGIENT INC. 12 - AS30619 59785 0.6%2989.2 -- TDM-AS 13 - AS246975377 0.1%2688.5 -- SATURN-ASN Saturn ISP AS 14 - AS6174 5051 0.1%2525.5 -- SPRINTLINK8 - Sprint 15 - AS287337304 0.1%2434.7 -- AVIGAL-AS IT master LLC 16 - AS39396 13272 0.1%2212.0 -- NBIS-AS NBI Systems Ltd. 17 - AS34770 15254 0.1%2179.1 -- ELITSAT-AS Elit SAT AD - Rousse 18 - AS16637 89625 0.9%2036.9 -- MTNNS-AS 19 - AS270931970 0.0%1970.0 -- DDN-ASNBLK1 - DoD Network Information Center 20 - AS319491606 0.0%1606.0 -- APEXDIGITAL - Apex Digital TOP 20 Unstable Prefixes Rank Prefix Upds % Origin AS -- AS Name 1 - 203.101.87.0/24 63160 0.6% AS9498 -- BBIL-AP BHARTI BT INTERNET LTD. 2 - 202.56.250.0/24 60693 0.6% AS9498 -- BBIL-AP BHARTI BT INTERNET LTD. 3 - 210.18.10.0/2456553 0.5% AS9583 -- SIFY-AS-IN Sify Limited 4 - 221.135.22.0/24 52442 0.5% AS9583 -- SIFY-AS-IN Sify Limited 5 - 193.46.60.0/2451836 0.5% AS43403 -- SVIAZ-PLUS-AS LLC Sviaz Plus 6 - 221.135.113.0/24 50596 0.5% AS9583 -- SIFY-AS-IN Sify Limited 7 - 91.194.244.0/24 48300 0.4% AS43403 -- SVIAZ-PLUS-AS LLC Sviaz Plus 8 - 192.96.14.0/2444387 0.4% AS16637 -- MTNNS-AS 9 - 192.96.13.0/2444376 0.4% AS16637 -- MTNNS-AS 10 - 210.214.177.0/24 43484 0.4% AS9583 -- SIFY-AS-IN Sify Limited 11 - 210.214.173.0/24 43195 0.4% AS9583 -- SIFY-AS-IN Sify Limited 12 - 221.135.77.0/24 43057 0.4% AS9583 -- SIFY-AS-IN Sify Limited 13 - 210.214.221.0/24 43054 0.4% AS9583 -- SIFY-AS-IN Sify Limited 14 - 210.214.210.0/24 42956 0.4% AS9583 -- SIFY-AS-IN Sify Limited 15 - 210.214.220.0/24 42898 0.4% AS9583 -- SIFY-AS-IN Sify Limited 16 - 210.214.211.0/24 42808 0.4% AS9583 -- SIFY-AS-IN Sify Limited 17 - 210.214.172.0/24 42708 0.4% AS9583 -- SIFY-AS-IN Sify Limited 18 - 209.163.125.0/24 40119 0.4% AS14390 -- CORENET - Coretel America, Inc. 19 - 210.214.179.0/24 28320 0.3% AS9583 -- SIFY-AS-IN Sify Limited 20 - 210.214.183.0/24 28153 0.3% AS9583 -- SIFY-AS-IN Sify
Re: Researchers ping through first full 'Internet census' in 25 years
Ok. To make my own contribution to this thread hijack somewhat operational... How many people have had to add to their NOC/Abuse desk SOP: When someone calls threatening that they are the FBI/CIA/NSA/Your grandmother returned from the dead... something, something, something but essentially, Don't Panic. And they are basically a crackpot. Deepak Gadi Evron wrote: On Fri, 12 Oct 2007, Leigh Porter wrote: You are more likely to get 5000 zonealarm emails Or a place on dshield's top 10. Justin M. Streiner wrote: On Fri, 12 Oct 2007, Chris Owen wrote: You can't consider every wacko on the net when doing something like this. Anyone who considers a ping an attack probably isn't worth worrying about. I tend to agree, but back when I manned the abuse desk (among others) at my former employer, I would see abuse reports come in all the time that were basically a report from whatever security software someone was running on their PC, accompanied by a message that was usually something along the lines of this: HOST x.x.x.x ON YOUR NETWORK PINGED ME I TAKE MY SECURITY SERIOUSLY!! I'M CALLING THE FBI!!! The knee-jerk reaction is rarely the right one :) jms
Re: Researchers ping through first full 'Internet census' in 25 years
On Fri, 12 Oct 2007, Tim Franklin wrote: On Fri, October 12, 2007 2:49 pm, Justin M. Streiner wrote: HOST x.x.x.x ON YOUR NETWORK PINGED ME I TAKE MY SECURITY SERIOUSLY!! I'M CALLING THE FBI!!! That I can *sort* of understand - it's the flaming zealotry of ALL ICMP IS EEEVIL! trickling down from 99% of firewall admins working in enterprises to end users who just heard it from someone in IT. It's the Your server www.whatever.com is attacking me from port 80! ones that leave me torn between laughing, crying, and seriously thinking about a cull... Its all very well for those that know better to carry on like this, but I would suggest that those sortsa complaints only come from people who don't know better. They don't know how to interpret their Firewall warnings. And they don't know whats genuine and whats not. Heck, I remember being a little like that myself, back in the days of Windows + Conseal PC Firewall being the best security solution affordably available to home users - and from being DoS'd offline at 14400... (And i've only been working in the industry for 10 years.) Suggest that rather than knocking those who genuinely think that its a warzone out there (and isn't it?) efforts of ISPs to educate clients as to what is genuine abuse (and what isn't) should be rewarded. (If some random dynamic IP host on the other side of the world started hitting my firewall for no apparent reason, i'd be raising my eyebrows too. Of course, these days, I have a much better idea of what is genuinely threatening and what isn't.) Mark. [Sorry, but sometimes I get the distinct impression that Network Operators sometimes forget that the vast majority of people simply aren't anywhere near their level.]
Re: How to Handle ISPs Who Turn a Blind Eye to Criminal Activity?
Florian Weimer wrote: I don't know what case prompted Ferg to post his message to NANOG, but I know that there are cases where failing to act is comparable to ignoring the screams for help of an alleged rape victim during the alleged crime. I'm reminded of this story from earlier this year: http://www.jsonline.com/story/index.aspx?id=568400 For his effort, Van Iveren was charged with criminal trespass while using a dangerous weapon, criminal damage to property while using a dangerous weapon and disorderly conduct while using a dangerous weapon, all criminal misdemeanors that carry a maximum total penalty of 33 months in jail. On a side note, now that I've gotten back on -post I will say that I've had pretty dismal experiences working with Law Enforcement over the years as a service provider. When you have to explain to the Feds just what IRC (for example) is, you've lost the battle :( After repeated attempts at getting what seems to be blatant criminal activity investigated, a provider might start to think If Law Enforcement doesn't care, why should I? (I've avoided falling into that trap, but it is frustrating to boot someone for illegal activities and see them go on to pull the same thing at another provider even after providing evidence to authorities.).
Re: How to Handle ISPs Who Turn a Blind Eye to Criminal Activity?
Paul Ferguson wrote: So, back to my original question: If you alert an ISP that bad and possibly criminal activity is taking place by one of their customer, and they do not take corrective action (even after a year), what do you do? In at least one case, where I knew the offender had been booted off his last provider, I actually stalled disconnecting him for three months while I tried getting help from law enforcement. I felt we had a better chance of getting him permanently removed from the Internet by keeping him around long enough to get court orders to investigate his most likely illegal actions that were generating abuse reports. I started out with the feds, went on to the state and finally the local sheriff before giving up and just cutting him off for lack of any other hope. But a year is too long. If it were impacting my network, I'd probably drop their routes (or blackhole the offending hosts anyway).
Re: How to Handle ISPs Who Turn a Blind Eye to Criminal Activity?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Mike Lewinski [EMAIL PROTECTED] wrote: On a side note, now that I've gotten back on -post I will say that I've had pretty dismal experiences working with Law Enforcement over the years as a service provider. When you have to explain to the Feds just what IRC (for example) is, you've lost the battle :( After repeated attempts at getting what seems to be blatant criminal activity investigated, a provider might start to think If Law Enforcement doesn't care, why should I? (I've avoided falling into that trap, but it is frustrating to boot someone for illegal activities and see them go on to pull the same thing at another provider even after providing evidence to authorities.). Exactly. Sometimes I think to myself that ...ISPs have Terms of Service and Acceptable Use Policies, so they have the scope and tools they need to boot a 'customer who break the rules. But all too often, it would appear, the potential loss of revenue seems to win out over enforcing those policies. And as you say, if the ISP boots them, they just set up shop elsewhere. So, back to my original question: If you alert an ISP that bad and possibly criminal activity is taking place by one of their customer, and they do not take corrective action (even after a year), what do you do? - - ferg -BEGIN PGP SIGNATURE- Version: PGP Desktop 9.6.3 (Build 3017) wj8DBQFHD+XAq1pz9mNUZTMRAub9AKDGpuf2fwYYS2Q1rF/v4EtB76wr5wCcDSFY Ya7MTzjQcUJ+qL5UfSe5gw0= =2pba -END PGP SIGNATURE- -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg(at)netzero.net ferg's tech blog: http://fergdawg.blogspot.com/
Re: Researchers ping through first full 'Internet census' in 25 years
On Oct 12, 2007, at 5:08 PM, Mark Foster wrote: (If some random dynamic IP host on the other side of the world started hitting my firewall for no apparent reason, i'd be raising my eyebrows too. Of course, these days, I have a much better idea of what is genuinely threatening and what isn't.) If there weren't a dynamic IP host on the other side of the world hitting my firewall I'd be calling my provider, 'cos I'd know my connection had gone down. Cheers, Steve
Re: How to Handle ISPs Who Turn a Blind Eye to Criminal Activity?
On Fri, 12 Oct 2007, Paul Ferguson wrote: So, back to my original question: If you alert an ISP that bad and possibly criminal activity is taking place by one of their customer, and they do not take corrective action (even after a year), what do you do? That's a different question all together, not about criminal ISPs, which I am sure non of the members of NANOG, are. SpamHaus has been known to eventually block their mail servers, which gets quick results, and law suits. Gadi.
Sun Project Blackbox / Portable Data Center
www.sun.com/blackbox Has anyone seen one of these things in real life? I hear that there's been one sighted in Houston. I would love to take a tour. Also, is anyone using anything like this? It seems like they would make great fiber huts. Lorell
Re: How to Handle ISPs Who Turn a Blind Eye to Criminal Activity?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Gadi Evron [EMAIL PROTECTED] wrote: That's a different question all together, not about criminal ISPs, which [...] No, not necessarily. Given that there are Tier 1 ISPs, Tier 2, etc., so you can certainly have some small-ish ISP colluding with criminal activity, in effect, by ignoring it or claiming ignorance. However, it's kind of hard to plead ignorance when, say, people continually alert them to the issues and they persist. That's just one example... I can come up with more. :-) - - ferg -BEGIN PGP SIGNATURE- Version: PGP Desktop 9.6.3 (Build 3017) wj8DBQFHD/N0q1pz9mNUZTMRAqtkAKCLJifYupBbpjmqVfVGUND95NVGNwCdFYp8 SM37ObYbO88K2iCkd99fp7c= =DjDg -END PGP SIGNATURE- -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg(at)netzero.net ferg's tech blog: http://fergdawg.blogspot.com/
RE: Sun Project Blackbox / Portable Data Center
Subject: Sun Project Blackbox / Portable Data Center www.sun.com/blackbox Has anyone seen one of these things in real life? SLAC has a blackbox (which is actually white) installed, and running it packed with servers for batch computing for the high energy physics program. http://today.slac.stanford.edu/feature/2007/blackbox1.asp Of course, using shipping containers for data centers (and telco/networking) is not new, but this is a commercialized offering, rather than custom built (although these early ones are still essentially custom built). Note also that Google has (recently) patented the modular data center http://yro.slashdot.org/article.pl?sid=07/10/09/1543256from=rss Gary
Re: How to Handle ISPs Who Turn a Blind Eye to Criminal Activity?
From [EMAIL PROTECTED] Fri Oct 12 16:26:36 2007 Date: Fri, 12 Oct 2007 21:23:15 GMT Subject: Re: How to Handle ISPs Who Turn a Blind Eye to Criminal Activity? So, back to my original question: If you alert an ISP that bad and possibly criminal activity is taking place by one of their customer, and they do not take corrective action (even after a year), what do you do? This is straying somewhat afield from 'network operations', but it is at least tangentially relevant, so 'What do you do?' conceals a raft of other issues that have to be identified and answered before the 'obvious' quesiton cn be addressed. First off -- not to belabor (well, not too much, anyway) the obvious -- you have to identify what your 'goals' are. Both tactical (short term), and strategic (long term). And what level of resources you are willing to commit toward supporting those goals. A desirable state of affairs is that every network operator _does_ actively police its user base, and makes 'former customers' out of anyone who egages in activities deemed not acceptable by a large portion of the rest of the 'net world. Unfortuntely, commercial providers are driven by 'economic self-interest', rather than the good of the 'community' as their _primary_ motivation. They _will_ consider the 'good of the community' when it is not in conflict (or at _most_, represents a *minor* conflict) with their self-interest, but if the two are diametrically opposed, there is no doubt as to which viewpoint _will_ prevail. So, when you ask them to _do_something_, quote for the good of the community unquote, and 'nothing happens' it is reasonable to conclude that 'economic self interest' is controlling -- either it is 'not worth the effort/expense', or it would cost revenues that they're not willing to give up. I'm sure this is no surprise to anyone. In fact, Isuspect everybody has seen these exact sysmptoms in _their_own_ management, in varying degree. There are only two things one can change to influence that decision -- either one 'somehow' makes 'the good of the community' more inportant, *or* one finds a way to invoke their 'economic self-interest' on the 'right' side of the issue. One possible way to do the latter is to look or 'sensitive' departments, *other* than the 'abuse' contacts, who have 'hot buttons' that can be pushed. Some possiilities for this approach include legal, investor relations, and Public Relations. All the folks who have to 'deal with the mess' when something 'embarassing' becomes public knowledge. contacting such departments, with an 'early warning' about what could become 'very messy' public attention to policies/practices that could easily be mis-understood, if done carefully, can be very effetive. And, as a final alternative, there is public embarrassment, to shame them into taking action. One 'option' that has *never* been successfully employed would be to organize 'the community' for co-operative action in 'shunning' those provider who do not keep a clean house. I'd _love_ to see such an approach implemented, but it requires ignoring short-term self-interest for the long-term 'good of the community' -- even though the long-term good of the community _is_ in the self- interest of each and every provider. Back to original what do you do? 'Viable' options are rather limited -- If you have _hard_ evidence, reporting to law enforcement, *WITH* notice of 'apparent provider compliciy' -- including 'what was given to the provider _when_' to establish their 'actual knowledge' of the criminal activity and hence provider liability for allowing it to continue. You can try 'public humiliation' -- calling in the press. And, of course, you *DO* -- if you haven't already (comment: if not, _why_ not?) -- take 'defensive measures' to block communications in either direction involving those 'bad guys' and your customers.
Re: Researchers ping through first full 'Internet census' in 25 years
On 10/12/07, Steve Atkins [EMAIL PROTECTED] wrote: On Oct 12, 2007, at 5:08 PM, Mark Foster wrote: (If some random dynamic IP host on the other side of the world started hitting my firewall for no apparent reason, i'd be raising my eyebrows too. Of course, these days, I have a much better idea of what is genuinely threatening and what isn't.) If there weren't a dynamic IP host on the other side of the world hitting my firewall I'd be calling my provider, 'cos I'd know my connection had gone down. Probably a good enough observation to call this thread DOA. -M
