RE: Postmaster @ vtext.com (or what are best practice to send SMS these days)

[Frank Bulk - iNAME]

Piecing together the information I've learned over time, is it possible that
VeriSign handles some of that for Verizon?

Frank

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Deepak Jain
Sent: Wednesday, April 16, 2008 6:37 PM
To: David Coulson
Cc: David Ulevitch; nanog@merit.edu
Subject: Re: Postmaster @ vtext.com (or what are best practice to send SMS
these days)



Verizon at least, uses SS7 signaling to deliver on-network SMS. This
means they can provide delivery confirmation with their SMSes. I am not
aware of another US network that does this or interacts with Verizon
over SS7 for SMS exchange.

So, if you are using a phone's SMS capability on the same network (e.g.
Verizon) and it has delivery confirmation you might be very happy.

Deepak

David Coulson wrote:
>
> In my experience, even with TAP, sending messages to a cell phone is
> spotty at best. I have folks on both uni-directional pagers via TAP or
> SNPP, as well as cell phones via e-mail and TAP. There isn't a
> noticeable difference in delivery time between e-mail and TAP on the
> phones.
>
> Cell to Cell is probably the best option if you want to stick with SMS
> to cell phones. I have no idea how reliable it is between carriers. I
> still get some comfort knowing that people have pagers with a TAP
> gateway - I've no idea how the technology differs between a pager and
> SMS, but it seems much more reliable. All of the pager problems I've had
> in the last few years have been, erm, 'payment related'.
>
> David Ulevitch wrote:
>>
>> We've noticed that [EMAIL PROTECTED] is no longer a very reliable
>> form of delivery for alerts from Nagios, et al.  It seems as our
>> volume of alerts has risen, our delivery rate has dropped precipitously.
>>
>> We don't expect much trying to actually reach a postmaster for
>> vtext.com   so I thought the better question would be to ask what the
>> current best practice is to get SMS alerts out?
>>
>> Back in the day, I remember a company I worked for had something
>> called a TAP gateway.  Is that still a good route?  I've also been
>> told to check out an SMS gateway/api service called clickatell.com  --
>> anyone using them to delivering timely notifications?
>>
>> Is the best thing to do to try and get a programmable cellphone in a
>> datacenter?
>>
>> What else are operators doing to get the pages out when things go wonky?
>>
>> -David
>>
>
>

Re: Anyone from Verio here?

[Martin Hannigan]

Have you called your ISP today?





On 4/16/08, Jake Matthews <[EMAIL PROTECTED]> wrote:
>
> I've sent repeated emails to [EMAIL PROTECTED]/com/*, no response yet.
> There is an IRC DDoS bot on EFnet actively attacking users - and has
> been for quite a while, as you can see from the signon date.
>
> I am one of those being hit - any idea how to "take care of it?"
>
> g is [EMAIL PROTECTED] * sharon stone
> g on @#tcp @#ping @#nsa.gov @#london @#jupe @#dust
> g using irc.wh.verio.net ooh omnipotence. mm yes gotta get me some of that.
> g actually using host 81.19.98.235
> g has been idle 2mins 12secs, signed on Thu Apr 03 23:53:18
>

RE: Anyone from Verio here?

[Blake Pfankuch]

I would first speak with oper staff on efnet.  Based on the fact that
the nicks are single characters, im going to be that someone affiliated
with staff somehow owns these, as usually opers swipe the cool nicks
quickly.  If they don't have anything, might check the irc-security list
but most likely this will be considered off topic even there.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Bill Nash
Sent: Wednesday, April 16, 2008 4:36 PM
To: Jake Matthews
Cc: nanog@merit.edu
Subject: Re: Anyone from Verio here?



Just going off your email address/domain, it occurs to me that your 
problem may in fact be far to leet for the likes of nanog to handle.
Have 
you tried an efnet oper? They have far superior leetness, and quite
likely 
a little more time on their hands. One of them may also own that botnet,

so you'd be hitting two birds with one stone.

- billn

On Wed, 16 Apr 2008, Jake Matthews wrote:

>
> I've sent repeated emails to [EMAIL PROTECTED]/com/*, no response yet.
> There is an IRC DDoS bot on EFnet actively attacking users - and has
been for 
> quite a while, as you can see from the signon date.
>
> I am one of those being hit - any idea how to "take care of it?"
>
> g is [EMAIL PROTECTED] * sharon stone
> g on @#tcp @#ping @#nsa.gov @#london @#jupe @#dust
> g using irc.wh.verio.net ooh omnipotence. mm yes gotta get me some of
that.
> g actually using host 81.19.98.235
> g has been idle 2mins 12secs, signed on Thu Apr 03 23:53:18
>

Re: Postmaster @ vtext.com (or what are best practice to send SMS these days)

[Deepak Jain]

Verizon at least, uses SS7 signaling to deliver on-network SMS. This 
means they can provide delivery confirmation with their SMSes. I am not 
aware of another US network that does this or interacts with Verizon 
over SS7 for SMS exchange.


So, if you are using a phone's SMS capability on the same network (e.g. 
Verizon) and it has delivery confirmation you might be very happy.


Deepak

David Coulson wrote:


In my experience, even with TAP, sending messages to a cell phone is 
spotty at best. I have folks on both uni-directional pagers via TAP or 
SNPP, as well as cell phones via e-mail and TAP. There isn't a 
noticeable difference in delivery time between e-mail and TAP on the 
phones.


Cell to Cell is probably the best option if you want to stick with SMS 
to cell phones. I have no idea how reliable it is between carriers. I 
still get some comfort knowing that people have pagers with a TAP 
gateway - I've no idea how the technology differs between a pager and 
SMS, but it seems much more reliable. All of the pager problems I've had 
in the last few years have been, erm, 'payment related'.


David Ulevitch wrote:


We've noticed that [EMAIL PROTECTED] is no longer a very reliable 
form of delivery for alerts from Nagios, et al.  It seems as our 
volume of alerts has risen, our delivery rate has dropped precipitously.


We don't expect much trying to actually reach a postmaster for 
vtext.com   so I thought the better question would be to ask what the 
current best practice is to get SMS alerts out?


Back in the day, I remember a company I worked for had something 
called a TAP gateway.  Is that still a good route?  I've also been 
told to check out an SMS gateway/api service called clickatell.com  -- 
anyone using them to delivering timely notifications?


Is the best thing to do to try and get a programmable cellphone in a
datacenter?

What else are operators doing to get the pages out when things go wonky?

-David

Re: Anyone from Verio here?

[Bill Nash]

Just going off your email address/domain, it occurs to me that your 
problem may in fact be far to leet for the likes of nanog to handle. Have 
you tried an efnet oper? They have far superior leetness, and quite likely 
a little more time on their hands. One of them may also own that botnet, 
so you'd be hitting two birds with one stone.


- billn

On Wed, 16 Apr 2008, Jake Matthews wrote:



I've sent repeated emails to [EMAIL PROTECTED]/com/*, no response yet.
There is an IRC DDoS bot on EFnet actively attacking users - and has been for 
quite a while, as you can see from the signon date.


I am one of those being hit - any idea how to "take care of it?"

g is [EMAIL PROTECTED] * sharon stone
g on @#tcp @#ping @#nsa.gov @#london @#jupe @#dust
g using irc.wh.verio.net ooh omnipotence. mm yes gotta get me some of that.
g actually using host 81.19.98.235
g has been idle 2mins 12secs, signed on Thu Apr 03 23:53:18

Re: Anyone from Verio here?

[S. Ryan]

Actually, looks like A-Z is taken and they span across all of the 
available servers on EFnet.



| a ([EMAIL PROTECTED]) (British Virgin Islands)
: ircname  : diane kruger
| channels : @#tcp @#ping @#nsa.gov @#london @#jupe @#dust
| server   : irc.nac.net (Jews control irc, too!)
: idle : 253 hours 4 mins 31 secs (signon: Sun Apr  6 05:32:36 2008)
.- --  -
| b ([EMAIL PROTECTED]) (Internic Network)
: ircname  : jennifer aniston
| channels : @#tcp @#ping @#nsa.gov @#london @#jupe @#dust
| server   : irc.vel.net (We're so Hollywood)
.- --  -
| c ([EMAIL PROTECTED]) (Samoa)
: ircname  : herd killing
| channels : @#tcp @#ping @#nsa.gov @#london @#jupe @#dust
| server   : efnet.teleglobe.net (O'er the land of the free & the home 
of the

  brave)
.- --  -
| d ([EMAIL PROTECTED]) (Samoa)
: ircname  : kentucky fried chicken
| channels : @#tcp @#ping @#nsa.gov @#london @#jupe @#dust
| server   : irc.nac.net (Jews control irc, too!)
: idle : 605 hours 57 mins 7 secs (signon: Sat Mar 22 11:40:25 2008)
.- --  -
| z ([EMAIL PROTECTED]) (unknown)
: ircname  : diane kruger
| channels : @#tcp @#ping @#nsa.gov @#london @#jupe @#dust
| server   : irc.vel.net (We're so Hollywood)
.- --  -

.- --  -
| u ([EMAIL PROTECTED]) (Cocos (Keeling) Islands)
: ircname  : eva green
| channels : @#tcp @#ping @#nsa.gov @#london @#jupe @#dust
| server   : irc.nac.net (Jews control irc, too!)
: idle : 252 hours 55 mins 29 secs (signon: Sun Apr  6 05:42:14 2008)




Jake Matthews wroteth on 4/16/2008 3:28 PM:


I've sent repeated emails to [EMAIL PROTECTED]/com/*, no response yet.
There is an IRC DDoS bot on EFnet actively attacking users - and has 
been for quite a while, as you can see from the signon date.


I am one of those being hit - any idea how to "take care of it?"

g is [EMAIL PROTECTED] * sharon stone
g on @#tcp @#ping @#nsa.gov @#london @#jupe @#dust
g using irc.wh.verio.net ooh omnipotence. mm yes gotta get me some of that.
g actually using host 81.19.98.235
g has been idle 2mins 12secs, signed on Thu Apr 03 23:53:18



--




Steve Ryan

Master Solvinator



[EMAIL PROTECTED] 







Office:  541*.* 773*.* 5000

Fax:  541*.* 535*.* 7599







288 S Pacific Hwy

Talent, OR  97540

Anyone from Verio here?

[Jake Matthews]

I've sent repeated emails to [EMAIL PROTECTED]/com/*, no response yet.
There is an IRC DDoS bot on EFnet actively attacking users - and has 
been for quite a while, as you can see from the signon date.


I am one of those being hit - any idea how to "take care of it?"

g is [EMAIL PROTECTED] * sharon stone
g on @#tcp @#ping @#nsa.gov @#london @#jupe @#dust
g using irc.wh.verio.net ooh omnipotence. mm yes gotta get me some of that.
g actually using host 81.19.98.235
g has been idle 2mins 12secs, signed on Thu Apr 03 23:53:18

Re: Abuse response [Was: RE: Yahoo Mail Update]

[Greg Skinner]

On Wed, Apr 16, 2008 at 03:39:05PM -0400, Joe Abley wrote:
>
> On 16 Apr 2008, at 13:33 , Simon Waters wrote:
> 
> > Ask anyone in the business "if I want a free email account who do I  
> > use.." and you'll get the almost universal answer Gmail.
> 
> I think amongst those not in the business there are regional trends,  
> however. Around this neck of the woods (for some reason) the answer  
> amongst your average, common-or-garden man in the street is "yahoo!".
> 
> I don't know why this is. But that's my observation.

In my experience, Gmail tends to be the preferred freemail acount
among geeks and techies.  Y! mail and Hotmail are preferred by the
(non-techie) man and woman on the street.  I think this is largely due
to branding.

> So, with respect to your other comments, correlation between technical/ 
> operational competence and customer choice seems weak, from my  
> perspective. If there's competition, it may not driven by service  
> quality, and the conclusion that well-staffed abuse desks promote  
> subscriber growth is, I think, faulty.

Also, IME, the business community tends to perceive marketing as a
profit center (whether or not it actually is), because they understand
it and can measure the ROI they get from it.  This may not be the case
in companies with executives who came from the tech side, however, but
it's still more common for executives to have more of a business than
technical background.

--gregbo

Re: Abuse response [Was: RE: Yahoo Mail Update]

[Robert Bonomi]

> Subject: Re: Abuse response [Was: RE: Yahoo Mail Update]
> From: [EMAIL PROTECTED]
> Date: Wed, 16 Apr 2008 12:02:02 -0400
>
> On Wed, 16 Apr 2008 00:38:33 CDT, Chris Boyd said:
>
> > - I'd like to see an actual response beyond an autoreply saying that you
> > can't tell me who the customer is or what actions were taken.
>
> Well, let's see.   If you're reporting abuse coming from my AS, it's almost
> certainly one of 2 things:

[[  sneckcausations ]]

> Basically, 99.8% of the time, no response other than "We found it and dealt
> with it" is actually suitable, and the other 0.2% of the time, you're about
> to get dragged into an ongoing investigation, so expect a "Hold Evidence"
> order on your fax in a few minutes.. ;)
>
> So what sort of response did you actually *want*?

Speaking strictly for myself, the wish-list for an ack is (not necessarily in
priority order):
   1) appreciation for my contributed time/effort in helping them keep _their_ 
  network clean.
   2) an ack that they _have_found_ the source.  I generally don't care 'who' 
  it was, just that they *have* been found, and STOPPED.
   3) an indication that the immediate issue has been fixed, and that steps
  have been taken to prevent future recurrance.Again, the actual
  'details' of what has been done are relatively unimportant.
   4) *WHEN* the 'fix' was implemented.  Then I know if I see 'more of the 
  same _before_ that time, I don't need to report it, =AND= if I see
  stuff occuring _after_ that time, that it is a 'new and different'
  problem that _does_ need to be reported.

This is more about _how_ you say things, than the details of what you actually
say.

Replies -- _days_ later -- along the lines of "thanks for the report, due to 
volume of complaints we won't be able to tell you anything about what we find,
or do" cause much grinding of teeth.

Replies that say: "This appears to be the same as something that has already
been reported to us by others.  We have looked into things, confirmed it was
happening, and put a stop to it as of {timestamp}.  If you see any more of this
activity from that source _after_ that time please email us immediately with
the string "{token}" in the subject line." _do_ give the originater 'warm
fuzzies', and can be  more-or-less trivially generated by a good trouble-
ticket system.  Especially with reasonable front-end automation for recognizing
'duplicate' complaints.


At the good end, I've gotten replies saying: "the customer has been contacted,
and they immediately took the affected machine off-line for sterilization";
even "we have been unable to contact the customer, and have pulled their 
circuit until they *do* contact us."  

Note: that last message was received about 4 hours after sending the problem 
notice, and about 2 hours after what would have been the normal 'start of 
business' in the locale of the problem.  That provider wears a *BIG* white
hat in my books.  Not so much for telling me what they did, but for the speed
of reaction.  

Contrast those responses with a major national who doesn't send any responses
*and* has an admitted policy of giving customers _a_week_after_notification_ 
of having an infected machine on their network to get the machine off-line or 
otherwise dealt with.  And it can take _days_ to get the notification to the 
customer. (they just send an email to the business contact -- notify them late
friday and the clock doesn't start running until Monday morning.  *sigh*)

Re: Abuse response [Was: RE: Yahoo Mail Update]

[Joe Abley]

On 16 Apr 2008, at 13:33 , Simon Waters wrote:

Ask anyone in the business "if I want a free email account who do I  
use.." and

you'll get the almost universal answer Gmail.


I think amongst those not in the business there are regional trends,  
however. Around this neck of the woods (for some reason) the answer  
amongst your average, common-or-garden man in the street is "yahoo!".


I don't know why this is. But that's my observation.

There are also the large number of people using Y! mail who don't  
realise they're using Y! mail, because the telco or cableco they use  
for access have outsourced mail operations to Y!, and there are still  
(apparently) many people who assume that access providers and mail  
providers should match. In those cases choice of mail provider may  
have far more to do with "price of tv channel selections" or  
"availability of long-distance voice plans" than anything to do with e- 
mail.


So, with respect to your other comments, correlation between technical/ 
operational competence and customer choice seems weak, from my  
perspective. If there's competition, it may not driven by service  
quality, and the conclusion that well-staffed abuse desks promote  
subscriber growth is, I think, faulty.



Joe

Re: Postmaster @ vtext.com (or what are best practice to send SMS these days)

[David Coulson]

In my experience, even with TAP, sending messages to a cell phone is 
spotty at best. I have folks on both uni-directional pagers via TAP or 
SNPP, as well as cell phones via e-mail and TAP. There isn't a 
noticeable difference in delivery time between e-mail and TAP on the phones.


Cell to Cell is probably the best option if you want to stick with SMS 
to cell phones. I have no idea how reliable it is between carriers. I 
still get some comfort knowing that people have pagers with a TAP 
gateway - I've no idea how the technology differs between a pager and 
SMS, but it seems much more reliable. All of the pager problems I've had 
in the last few years have been, erm, 'payment related'.


David Ulevitch wrote:


We've noticed that [EMAIL PROTECTED] is no longer a very reliable 
form of delivery for alerts from Nagios, et al.  It seems as our 
volume of alerts has risen, our delivery rate has dropped precipitously.


We don't expect much trying to actually reach a postmaster for 
vtext.com   so I thought the better question would be to ask what the 
current best practice is to get SMS alerts out?


Back in the day, I remember a company I worked for had something 
called a TAP gateway.  Is that still a good route?  I've also been 
told to check out an SMS gateway/api service called clickatell.com  -- 
anyone using them to delivering timely notifications?


Is the best thing to do to try and get a programmable cellphone in a
datacenter?

What else are operators doing to get the pages out when things go wonky?

-David

Re: Abuse response [Was: RE: Yahoo Mail Update]

[Paul Ferguson]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

- -- [EMAIL PROTECTED] wrote:

> So what sort of response did you actually *want*?

Actually, I'm more concerned with alerting you that someone
inserted a nasty .js or iFrame on one of your websites and I'd
like to you to clean it up, thanks. ;-)

I'm not so concerned about alerting you to botted student computers...
that's another issue entirely. :-)

- - ferg

-BEGIN PGP SIGNATURE-
Version: PGP Desktop 9.6.3 (Build 3017)

wj8DBQFIBj/nq1pz9mNUZTMRAmlKAJ4v/KIvHlKvO1MDF97Ed1T9RkpnjgCgvvRC
CLUNjfK4mZcQOga42UgY9og=
=7OPB
-END PGP SIGNATURE-



--
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawg(at)netzero.net
 ferg's tech blog: http://fergdawg.blogspot.com/

Re: Postmaster @ vtext.com (or what are best practice to send SMS these days)

[Dominic J. Eidson]

My recommendation as of late has been to use WCTP with a TAP backup. 
(using qpage at $WORK)


This way you get the faster delivery/rate of WCTP, with an OOB fall-back 
should it be needed.


Most pager companies (and presumably many cell providers) provide 
interfaces for one/both of the above.



 - d.

On Wed, 16 Apr 2008, Patrick Shoemaker wrote:


Date: Wed, 16 Apr 2008 13:33:40 -0400
From: Patrick Shoemaker <[EMAIL PROTECTED]>
Cc: nanog@merit.edu
Subject: Re: Postmaster @ vtext.com (or what are best practice to send SMS
these days)


My solution is to use a modem / POTS line hanging off the nagios box along 
with the qpage daemon to send alerts out through a TAP gateway. If you need 
the specs and 800 number for Verizon's TAP gateway I can send it offlist.


http://www.dynowski.com/blog/2006/05/19/using-nagios-with-quickpage-a-sms-tap-gateway/

This is important not only to avoid the inconsistency of the vtext email-sms 
gateway but to get an alert out in case of a major network disruption that 
breaks email functionality.


Patrick Shoemaker
President, Vector Data Systems LLC
[EMAIL PROTECTED]
office: (301) 358-1690 x36
mobile: (410) 991-5791
http://www.vectordatasystems.com


David Ulevitch wrote:


 We've noticed that [EMAIL PROTECTED] is no longer a very reliable form
 of delivery for alerts from Nagios, et al.  It seems as our volume of
 alerts has risen, our delivery rate has dropped precipitously.

 We don't expect much trying to actually reach a postmaster for vtext.com
 so I thought the better question would be to ask what the current best
 practice is to get SMS alerts out?

 Back in the day, I remember a company I worked for had something called a
 TAP gateway.  Is that still a good route?  I've also been told to check
 out an SMS gateway/api service called clickatell.com  -- anyone using them
 to delivering timely notifications?

 Is the best thing to do to try and get a programmable cellphone in a
 datacenter?

 What else are operators doing to get the pages out when things go wonky?

 -David






--
Dominic J. Eidson
 "Baruk Khazad! Khazad ai-menu!" - Gimli

http://www.the-infinite.org/

Re: Abuse response [Was: RE: Yahoo Mail Update]

[Jack Bates]

Dave Pooser wrote:

Handling the abuse desk well (or poorly) builds (or damages) the brand.


...among people who are educated among such things. Unfortunately, people
with clue are orders of magnitude short of a majority, and the rest of the
world (ie: potential customers) wouldn't know an abuse desk from a
self-abuse desk.


I think that depends on the nature of the abuse desk, how it interfaces with 
other networks and the customer base. Of course, I get to be the NOC guy and the 
abuse guy here. It's nice to have less than a million customers. However, I find 
that how NOC issues and abuse issues are handled are very similar. It is, of 
course, easier to reach another NOC than it is the senior abuse staff that 
actually have clue, generally. Both departments need a certain amount of front 
line protection to keep them from being swamped with issues that can be handled 
by others. Never the less, when they can interface with customers and with the 
other departments that spend more time with customers, it does improve the 
company's service level.


If there is a routing, firewalling, or email delivery issue with a much larger 
network, the effectiveness of the NOC/Abuse Dept will determine how well the 
customers will handle the interruption. If the company has built trust with the 
customer and related to them in a personal way, then the customer will in turn 
tend to be more understanding of the issues involved, or in some cases at least 
point their anger at the right company.


-Jack

Learning to mitigate the damage caused by Murphy's law.

RE: Postmaster @ vtext.com (or what are best practice to send SMS these days)

[Derrick Bennett]

I still use and love qpage http://www.qpage.org/ with Nagios.
 
Your best bet is to also attach a modem to your system and let it dial out to 
the gateways. 
http://www.notepage.net/tap-phone-numbers-u.htm
 
This site provides a central spot for TAP gateway numbers and SNPP systems. Use 
your Nagios parent configuration to send snpp when the Internet is working and 
fall back to TAP modem pages when your system can no longer reach the net.
 
It's the only modem I still have in use but it works great every time for 
sending out those text messages and pagers. 
 
Derrick



From: [EMAIL PROTECTED] on behalf of Randy Epstein
Sent: Wed 4/16/2008 1:22 PM
To: 'David Ulevitch'; nanog@merit.edu
Subject: RE: Postmaster @ vtext.com (or what are best practice to send SMS 
these days)




David Ulevitch wrote:



> What else are operators doing to get the pages out when things go wonky?

Get a pager!  :)  SMS is just not as reliable.

> David

Randy

RE: Postmaster @ vtext.com (or what are best practice to send SMS these days)

[Darryl Dunkin]

Yes, this is still a good route for those of us with old pagers
(cell/pager via e-mail have had horrendous drop rates for me, likely due
to the volume of messages). If the network issue is severe enough that
your Internet access is not working, you can still dial via a modem.
Even then things don't always get through the provider, so I have two
Nagios systems running in tandem. This means receiving two notices for
each outage, but often enough we still only receive one (even though
each Nagios/qpage server reports a success on both sides).

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
David Ulevitch
Sent: Wednesday, April 16, 2008 10:00
To: nanog@merit.edu
Subject: Postmaster @ vtext.com (or what are best practice to send SMS
these days)


We've noticed that [EMAIL PROTECTED] is no longer a very reliable 
form of delivery for alerts from Nagios, et al.  It seems as our volume 
of alerts has risen, our delivery rate has dropped precipitously.

We don't expect much trying to actually reach a postmaster for vtext.com

   so I thought the better question would be to ask what the current 
best practice is to get SMS alerts out?

Back in the day, I remember a company I worked for had something called 
a TAP gateway.  Is that still a good route?  I've also been told to 
check out an SMS gateway/api service called clickatell.com  -- anyone 
using them to delivering timely notifications?

Is the best thing to do to try and get a programmable cellphone in a
datacenter?

What else are operators doing to get the pages out when things go wonky?

-David

Re: Postmaster @ vtext.com (or what are best practice to send SMS these days)

[Andrey Gordon]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

I have one of these babies
http://www.multitech.com/PRODUCTS/Families/MultiModemCDMA/
with SMS Server Tools 3 running (hacked up for CDMA, cuz they dont'
support CDMA out of the box)

$40 a month does the trick

There was a good thread about sms notifications not so long time ago.
Here is what the summary was:



On Fri, Sep 7, 2007 at 6:54 PM, Alex Pilosov <[EMAIL PROTECTED]> wrote:

As an experiment, I wanted to try to summarize all the answers given on
this question, hope this helps someone.

Suggestions given:

* modem and TAP gateway
** TAP numbers at  http://www.avtech.com/Support/TAP/index.htm
** Software: sendpage or qpage

* Mobile phone with a serial port and AT commandset
** Software: sms-tools gnokii gsmd
** Issues: not reliable because of battery drain

* Purpose-made GSM/CDMA modems
** Software: same as above
** Manufacturers: Intercel, Sierra 750 (PCMCIA), Falcom Samba 75 (USB)

* Purpose-made GSM-IP modems
** Manufacturers: http://www.acmesystems.it/?id=70

* Pages via DTMF
** Hylafax/asterisk

- -alex [for mlc]

- --
Andrey Gordon [EMAIL PROTECTED]
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.8 (Darwin)
Comment: http://getfiregpg.org

iEYEARECAAYFAkgGOL0ACgkQYovzGDqdwI/CTQCffgfxf55JhSyoekqGc9LxyAEY
AaIAn2A0erUkl6WdWrtOgIaZCi6HZj1F
=HYjO
-END PGP SIGNATURE-

Re: Abuse response [Was: RE: Yahoo Mail Update]

[Simon Waters]

On Wednesday 16 April 2008 17:47, Dave Pooser wrote:
>
> > It can be useful to explain the abuse desk as being just another form
> > of marketing, another form of reputation management that happens to be
> > specific to Internet companies.
>
> Is it? 

.. SNIP good points about abuse desks ..

In the specific case that started this (Yahoo), then I think there is a 
marketing issue.

Ask anyone in the business "if I want a free email account who do I use.." and 
you'll get the almost universal answer Gmail. 

Mostly this is because Hotmail delete email randomly, Yahoo struggle with the 
volumes, and everyone forgets AOL do free accounts (although it is painfully 
slow and the documentation is incomplete).

But it is in part that Google do actually answer enquiries still, be they 
abuse or support. Yahoo occassionally manage an answer, usually not to the 
question you asked, or asking for information already supplied. AOL - well 
you can get an answer from their employee who watches Spam-L, but directly 
not a chance.

So it is a competitive market, and the opinion of those in the know matters (a 
little -- we could make more noise!). Although the tough one to compete with 
is Hotmail, since their computer offers it to them every time they reinstall, 
and those reinstalling more often have least clue, but eventually realise 
having their email on THEIR(!) PC is a bad idea.

But yes, abuse desk is only a minor issue in that market, but if you don't 
deal with abuse, it will cost the bottom line for email providers. I think 
for people mostly providing bandwidth, email is still largely irrelevant, 
even at the hugely inflated levels the spammers cause it is still a 
minor %age, favicons (missing or otherwise) probably cause nearly as much 
traffic.

RE: Postmaster @ vtext.com (or what are best practice to send SMS these days)

[Peter Kranz]

If you stick with SMS messages, the weakest link will always be the carriers
SMS gateway. Since this is the last item in the chain, any upstream service
will still be handicapped by the gateway. I've worked with a variety of
carriers, and they have all had problems at one point or another with their
SMS gateways getting overwhelmed with SMS spam, etc.. causing long SMS
delivery queues or dropped messages. If you can find the SMS gateway admin
at Verizon they can probably comment on what the issue is and any planned
resolutions, else you may need to switch providers to one with a more
cluefull SMS gateway team.

So far this year, I have only had a couple instances of delayed/dropped SMS
delivery via the AT&T/Cingular SMS Gateway..

Peter Kranz
Founder/CEO - Unwired Ltd
www.UnwiredLtd.com
Desk: 510-868-1614 x100
Mobile: 510-207-
[EMAIL PROTECTED]


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
David Ulevitch
Sent: Wednesday, April 16, 2008 10:00 AM
To: nanog@merit.edu
Subject: Postmaster @ vtext.com (or what are best practice to send SMS these
days)


We've noticed that [EMAIL PROTECTED] is no longer a very reliable 
form of delivery for alerts from Nagios, et al.  It seems as our volume 
of alerts has risen, our delivery rate has dropped precipitously.

We don't expect much trying to actually reach a postmaster for vtext.com 
   so I thought the better question would be to ask what the current 
best practice is to get SMS alerts out?

Back in the day, I remember a company I worked for had something called 
a TAP gateway.  Is that still a good route?  I've also been told to 
check out an SMS gateway/api service called clickatell.com  -- anyone 
using them to delivering timely notifications?

Is the best thing to do to try and get a programmable cellphone in a
datacenter?

What else are operators doing to get the pages out when things go wonky?

-David

Re: Postmaster @ vtext.com (or what are best practice to send SMS these days)

[Patrick Shoemaker]

My solution is to use a modem / POTS line hanging off the nagios box 
along with the qpage daemon to send alerts out through a TAP gateway. If 
you need the specs and 800 number for Verizon's TAP gateway I can send 
it offlist.


http://www.dynowski.com/blog/2006/05/19/using-nagios-with-quickpage-a-sms-tap-gateway/

This is important not only to avoid the inconsistency of the vtext 
email-sms gateway but to get an alert out in case of a major network 
disruption that breaks email functionality.


Patrick Shoemaker
President, Vector Data Systems LLC
[EMAIL PROTECTED]
office: (301) 358-1690 x36
mobile: (410) 991-5791
http://www.vectordatasystems.com


David Ulevitch wrote:


We've noticed that [EMAIL PROTECTED] is no longer a very reliable 
form of delivery for alerts from Nagios, et al.  It seems as our volume 
of alerts has risen, our delivery rate has dropped precipitously.


We don't expect much trying to actually reach a postmaster for vtext.com 
  so I thought the better question would be to ask what the current best 
practice is to get SMS alerts out?


Back in the day, I remember a company I worked for had something called 
a TAP gateway.  Is that still a good route?  I've also been told to 
check out an SMS gateway/api service called clickatell.com  -- anyone 
using them to delivering timely notifications?


Is the best thing to do to try and get a programmable cellphone in a
datacenter?

What else are operators doing to get the pages out when things go wonky?

-David

Re: Abuse response [Was: RE: Yahoo Mail Update]

[Dave Pooser]

> It can be useful to explain the abuse desk as being just another form
> of marketing, another form of reputation management that happens to be
> specific to Internet companies.

Is it? I mean, I may know that (a hypothetical) example.com is a
pink-contract-signing batch of incompetents who spew spam like a bulemic
firehose. You may know that. 10,000 other mail administrators may know that.
But once they have signed up 2.3 million users with example.com they are too
big (for most email administrators) to block, so at that point the cost of
disbanding their abuse desk and pointing complaints to /dev/null is nil.

> Handling the abuse desk well (or poorly) builds (or damages) the brand.

...among people who are educated among such things. Unfortunately, people
with clue are orders of magnitude short of a majority, and the rest of the
world (ie: potential customers) wouldn't know an abuse desk from a
self-abuse desk.
-- 
Dave Pooser, ACSA
Manager of Information Services
Alford Media  http://www.alfordmedia.com

RE: Postmaster @ vtext.com (or what are best practice to send SMS these days)

[Randy Epstein]

David Ulevitch wrote:



> What else are operators doing to get the pages out when things go wonky?

Get a pager!  :)  SMS is just not as reliable.

> David

Randy

Postmaster @ vtext.com (or what are best practice to send SMS these days)

[David Ulevitch]

We've noticed that [EMAIL PROTECTED] is no longer a very reliable 
form of delivery for alerts from Nagios, et al.  It seems as our volume 
of alerts has risen, our delivery rate has dropped precipitously.


We don't expect much trying to actually reach a postmaster for vtext.com 
  so I thought the better question would be to ask what the current 
best practice is to get SMS alerts out?


Back in the day, I remember a company I worked for had something called 
a TAP gateway.  Is that still a good route?  I've also been told to 
check out an SMS gateway/api service called clickatell.com  -- anyone 
using them to delivering timely notifications?


Is the best thing to do to try and get a programmable cellphone in a
datacenter?

What else are operators doing to get the pages out when things go wonky?

-David

Re: Abuse response [Was: RE: Yahoo Mail Update]

[William Herrin]

On Tue, Apr 15, 2008 at 8:49 PM, Martin Hannigan <[EMAIL PROTECTED]> wrote:
> Abuse desk is a $0 revenue operation.  Is it not obvious what the issue is?

Martin,

So is marketing, yet marketing does have an impact on revenue.

It can be useful to explain the abuse desk as being just another form
of marketing, another form of reputation management that happens to be
specific to Internet companies. Handling the abuse desk well (or
poorly) builds (or damages) the brand.

Regards,
Bill Herrin


-- 
William D. Herrin  [EMAIL PROTECTED] [EMAIL PROTECTED]
3005 Crane Dr. .. Web: 
Falls Church, VA 22042-3004

Re: Abuse response [Was: RE: Yahoo Mail Update]

[Valdis . Kletnieks]

On Wed, 16 Apr 2008 00:38:33 CDT, Chris Boyd said:

> - I'd like to see an actual response beyond an autoreply saying that you
> can't tell me who the customer is or what actions were taken.

Well, let's see.   If you're reporting abuse coming from my AS, it's almost
certainly one of 2 things:

1) Some poor soul got zombied in a drive-by fruiting and was part of a botnet.
At this point, it doesn't really matter *who* the customer was, because he was
essentially a Joe Sixpack.  Action taken is almost certainly some variant on
"he's been told to disinfect the machine before getting back on the net".  So
it's unclear what, if anything, you want us to do, except possibly send you
a canned "We found the machine and dealt with it" after the fact.

2) Somebody decided to intentionally do something naughty.  At that point,
it's a very good likelyhood that we *can't* tell you who it was, because
there may be some combination of litigation and prosecution (and in our case,
most likely some internal judicial action) so there's a whole swarm of privacy
laws and "we don't comment on ongoing investigations/litigations" policy. And
since these things can drag on for weeks or months, there may not be any
final resolution for quite some time, so all you'll get back is a "We found
the problem and it will eventually be disposed of"...

Basically, 99.8% of the time, no response other than "We found it and dealt
with it" is actually suitable, and the other 0.2% of the time, you're about
to get dragged into an ongoing investigation, so expect a "Hold Evidence"
order on your fax in a few minutes.. ;)

So what sort of response did you actually *want*?


pgpwl7fz8B5YY.pgp
Description: PGP signature

RE: Abuse response [Was: RE: Yahoo Mail Update]

[Frank Bulk]

So who's the third-party for the little guy that aggregates abuse reports?
I know we consume Spamcop reports which works very well for us.  I'm not
sure who feeds them data.  Ideally I would like to be able to submit data to
them in an automated fashion, but the spam appliance I have doesn't have
that checkbox.

If the abuse desk has already acted upon it, why not have the automated
system let me know?

Frank

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: Wednesday, April 16, 2008 5:08 AM
To: nanog@merit.edu
Subject: RE: Abuse response [Was: RE: Yahoo Mail Update]


> So how do the little guys play in this sandbox?

3rd-party aggregation. Where do RBLs get there data?
They act as a 3rd party to aggregate data from many others.



Consider this. Any single point source of abuse, say a single broadband
PC in a botnet, will spew out spam or DDOS to hundreds of destinations.
If 20 of these destinations submit ARF reports, and you are one of
these 20, then there is a 5% chance that your report has anything wort
acting upon. 95% of the time, you will be reporting something that the
abuse desk has already acted upon and it would be a waste of abuse desk
resources to read and reply to your report. On the other hand, it can
be very useful for the automated system to process your report for
statistical purposes and to provide a better understanding of how
that particular botnet functions.



--Michael Dillon

Re: Abuse response [Was: RE: Yahoo Mail Update]

[Rich Kulawiec]

On Wed, Apr 16, 2008 at 11:07:42AM +0100, [EMAIL PROTECTED] wrote:
> If people had succeeded in cleaning up the abuse problems in 1995
> when the human touch was still feasible, we would not have the
> situation that we have today. Automation is the only way to address
> the flood of abuse email, the huge number of people originating
> abuse, and the agile tactics of the abusers.

I agree with this and with pretty much everything else you wrote.

But...

If an operation is permitting itself to be such a systemic, persistent
source of abuse that the number of abuse reports it's receiving (which
everyone knows is tiny fraction of the number it *could* be receiving)
requires automation...isn't that a pretty good sign that whatever's
being done to control abuse isn't working?

The solution to that isn't to put in place higher levels of automation:
the solution to to that is to *solve the underlying problems* so that
higher levels of automation aren't necessary.

---Rsk

Re: Abuse response [Was: RE: Yahoo Mail Update]

[Rich Kulawiec]

On Tue, Apr 15, 2008 at 08:49:39PM -0400, Martin Hannigan wrote:
> Abuse desk is a $0 revenue operation.  Is it not obvious what the issue is?

Two points, the first of which is addressed to this and the second
of which is more of a recommended attitude.

1. There is no doubt that many operations consider it so, but it's
really not.  Operations which don't adequately deal with abuse issues
are going to incur tangible and intangible costs (e.g., money spent
cleaning up local messes and getting off numerous blacklists, loss of
business due to reputation, etc.).  Those costs are likely to increase
as more and more people become increasingly annoyed with abuse-source
operations and express that via software and business decisions.  I'll
concede that this is really difficult to measure (at the moment) but
it's not zero.

2. When one's network operation abuses someone (or someone else's
operation), you owe them a fix, an explanation, and an apology.
After all, it happened in your operation on your watch, therefore you're
personally responsible for it.  And when someone in that position --
a victim of abuse -- has magnanimously documented the incident and
reported it to you, thus providing you with free consulting services --
you owe them your thanks.  After all, they caught something that got
by you -- and they've shared that with you, thus enabling you to run
a better operation, which in turn means fewer future abuse incidents,
which in turn means lower tangible and intangible costs.  And far more
importantly, it means being a better network neighbor, something we
should all be working toward all the time.

---Rsk

Other folks who use the Route Science/Avaya CNA products?

[Drew Weaver]

As the install base for these products is most likely too small 
to have a mailing list, I was wondering if there was any interest in forming a 
user-group (or possibly a small mailing list) the newer (ANS 4) software 
appears to have its fair share of quirks and some have expressed it might be 
helpful to have a place for users to discuss this, any opinions from others who 
use this product? Off-list is fine.

I apologize if this is not the correct place for something like this but it 
seems like the best way to reach the correct folks.

Thanks,
-Drew

RE: Abuse response [Was: RE: Yahoo Mail Update]

[michael.dillon]

> So how do the little guys play in this sandbox?

3rd-party aggregation. Where do RBLs get there data?
They act as a 3rd party to aggregate data from many others.

> - It needs to be simple to use.  Web forms are a non-starter.

If you have the ability to accept reports via an HTTP REST
application, it wouldn't hurt to put up a web form so that
people can try it out.

> - The output from any parsers needs to be human readable.  

ARF is the only thing that meets this requirement
http://mipassoc.org/arf/
However, you should consider accepting input as IODEF as
well. Just use ARF for the ouput that you submit to the
abuse desks.

> - I'd like to see an actual response beyond an autoreply 
> saying that you can't tell me who the customer is or what 
> actions were taken.

Now you are asking the abuse desks to modify their software
and processes to meet your needs. I can't see them ever 
providing a response per report, however if enough people
buy into a standard reporting system, like ARF, then you
might get ISPs to accept some kind of report-origin code
and then allow you to periodically request resolution reports
for all reports coming from that report-origin.

> - I like dealing with other small operations and edus because 
> humans actually do read the reports, and things get done (Thanks!).

If people had succeeded in cleaning up the abuse problems in 1995
when the human touch was still feasible, we would not have the
situation that we have today. Automation is the only way to address
the flood of abuse email, the huge number of people originating
abuse, and the agile tactics of the abusers.

You just have to accept that people will not read your reports, and
will not act on your reports. What they will do is feed your reports
into automated systems that use AI techniques to define tasks for the
abuse desk to act upon.

Consider this. Any single point source of abuse, say a single broadband
PC in a botnet, will spew out spam or DDOS to hundreds of destinations.
If 20 of these destinations submit ARF reports, and you are one of
these 20, then there is a 5% chance that your report has anything wort
acting upon. 95% of the time, you will be reporting something that the
abuse desk has already acted upon and it would be a waste of abuse desk
resources to read and reply to your report. On the other hand, it can
be very useful for the automated system to process your report for 
statistical purposes and to provide a better understanding of how
that particular botnet functions.

> I've given up sending abuse reports to large consumer ISPs 
> and all freemail providers because I'm not a member of the 
> club. Any response that I'm lucky enough to get generally 
> says something like "You did not include the email headers in 
> your complaint so we are closing this incident" when I 
> reported and FTP brute force.

This is why we need *MORE* automation between providers. Then there
is less room for human error in wading through a mass of reports trying
to pick out the ones which can be fixed.

--Michael Dillon