Re: GoDaddy.com shuts down entire data center?
Martin Hannigan wrote: Another interesting point is that GoDaddy charged a $199 reconnect fee. They punished the operator for the behavoir of their customers. Which is, IMHO, *sometimes* appropriate and sometimes not. I hear that the victim of the disconnection actually was a bit of a spam spewer. If there have been repeated problems with him not dealing with abuse problems from his customers, disconnection is definitely justified. If this was the first or second incident, probably not. -- Steve Sobol, Professional Geek 888-480-4638 PGP: 0xE3AE35ED Company website: http://JustThe.net/ Personal blog, resume, portfolio: http://SteveSobol.com/ E: [EMAIL PROTECTED] Snail: 22674 Motnocab Road, Apple Valley, CA 92307
Re: GoDaddy.com shuts down entire data center?
> > > > I'm not sure how on-topic this is/was, but considering long thread > and different opinions that were expressed before, I believe some > here may want to have additional information I recently read: > http://www.emailbattles.com/archive/battles/phish_aacgebeeje_hc/ > > The article author talked to both nectartech and godaddy and > is also including copies of emails from nectartech side as to > their conversations with godaddy. The last one (on how domain > can be reactivated) you may find most interesting if you're not > otherwise familiar with godaddy's policies: > http://www.trimmail.com/news/archive/extra/godaddy_v_nectartech/14012006/ The customer service aspects of it are less impressive. I originally thought, based on information available at that time, that GoDaddy did a decent, or even a good job, at "handling" the call. Today, I think they did an OK job. Nothing exemplary, but definately not bad from an operations perspective. What is interesting is the concept of calling a rack, or a row, a "datacenter". It's becoming more commonplace for terms to be exaggerated these days i.e. "datacenter". Another interesting point is that GoDaddy charged a $199 reconnect fee. They punished the operator for the behavoir of their customers. -M<
Re: GoDaddy.com shuts down entire data center?
I'm not sure how on-topic this is/was, but considering long thread and different opinions that were expressed before, I believe some here may want to have additional information I recently read: http://www.emailbattles.com/archive/battles/phish_aacgebeeje_hc/ The article author talked to both nectartech and godaddy and is also including copies of emails from nectartech side as to their conversations with godaddy. The last one (on how domain can be reactivated) you may find most interesting if you're not otherwise familiar with godaddy's policies: http://www.trimmail.com/news/archive/extra/godaddy_v_nectartech/14012006/ Also here is a quote from godaddy that also seems on-topic as to what was discussed on this thread at nanog before: "The phone call was not up to our high standards and it's being addressed internally. The Abuse Department is available 24/7, 365 days a year." At the end article it says "Update 18 January 2006: NectarTECH owner Nick Mariani dropped us a line to let us know that Go Daddy senior management is talking to him. Although we profess no ownership of a crystal ball, we're guessing these two old pals will ultimately stick together." Since I also "profess no ownership of crystal ball", I used my favorite net tool (you surely can guess by now what it is). The results (as of January 20th) are as follows: [DOMAIN whois information for NECTARTECH.COM ] Domain Name: NECTARTECH.COM Namespace: ICANN Unsponsored Generic TLD - http://www.icann.org TLD Info: See IANA Whois - http://www.iana.org/root-whois/com.htm Registry: VeriSign, Inc. - http://www.verisign-grs.com Registrar: FABULOUS.COM PTY LTD. - http://www.fabulous.com Whois Server: whois.fabulous.com Name Server[whois+dns with ip] NS1.NECTARTECH.COM 69.50.224.2 Name Server[whois+dns with ip] NS2.NECTARTECH.COM 69.50.225.2 Updated Date: 20-Jan-2006 Creation Date: 26-Feb-2002 Expiration Date: 26-Feb-2007 Status: REGISTRAR-LOCK For full copy of whois data and aup please see: http://www.completewhois.com/cgi-bin/whois.cgi?query=28433753&options=retrieve BTW - the read comments at the end of the article may also be quite interesting if you want to get an additional point of view on nectartech... -- William Leibzon Elan Networks [EMAIL PROTECTED]
Re: GoDaddy.com shuts down entire data center?
On Mon, 16 Jan 2006 11:36:39 -0800, "Joe McGuckin" <[EMAIL PROTECTED]> said: > By all means, the Justice Dept. and police should move against anyone > performing illegal acts such as phishing, I just don't think that it is > ICANN or ARIN and GoDaddy's job to police good net citizenship. You forget that the internet-services are based on best-effort. Anything else will require accountability for everyone involved. That is accountability going both ways so that users also can be held accountable for *all* their actions. To achieve that you'll have to toss any idea of anonymity for internet users. Wonder if that is what those who complain about restricive AUPs really want ;) Besides, whose authorities should do excactly what? Global legislation for the internet is just about as big an illusion as the "new economy" the internet once was assumed to create. //per -- Per Heldal http://heldal.eml.cc/
Re: GoDaddy.com shuts down entire data center?
Joe McGuckin wrote: On the other hand �, I'm not comfortable with the idea that an organization that provides network infrastructure services under the aegis of the US Government could unilaterally revoke those services for something that is not illegal. You could say I do that. I am not a registrar, but I do host DNS for many domains. So if my customer spams and I cut them off, including DNS, do you have a problem with that too? -- Steve Sobol, Professional Geek 888-480-4638 PGP: 0xE3AE35ED Company website: http://JustThe.net/ Personal blog, resume, portfolio: http://SteveSobol.com/ E: [EMAIL PROTECTED] Snail: 22674 Motnocab Road, Apple Valley, CA 92307
Re: GoDaddy.com shuts down entire data center?
> > > > On Tue, 17 Jan 2006, Matt Ghali wrote: > > > > On Tue, 17 Jan 2006, Robert E.Seastrom wrote: > > > >> The first and second paragraphs are sane. The last paragraph gives Go > >> Daddy the right to capriciously and arbitrarily delete your domain for > >> any reason they wish ("Morally objectionable activities will include, > >> but not be limited to...") > > > > Do you believe that your philosophical objections to the language absolves > > you as a customer from the minimal due dilligence of knowing what you are > > agreeing to? > > > > Find me a registrar that DOESN'T have that kind of language in their user > agreements, then tell me if anyone wishing to do any kind of e-commerce > has a choice. There are plenty. But they are usually resellers of the larger registrars. That's part of the reason to pay the extra $1 to use an ICANN accredited registrar. > I've gone off on a tear about this before: A registrar has a license to > print money. Boilerplate user agreements that leave the user zero recourse > are the standard. I haven't seen a registrar yet that doesn't have this > kind of verbiage completely freeing them from liability for *any* action > taken on a domain registration, including none. Since this isn't a registrars list I can only say that you should go discuss that with some registrars and i think you'll find that your statement isn't entirely factual. For example, GoDaddy has a 24/7 support system, regardless of what people think about it, that did answer the phone and process the problem. That's a minimum of a ~half a million dollar investment on the spot. I'm NOT a registrar and I don't represent them, but I think they make their money on services more than domains. Anyhow, I think this thread is totally off topic at this point, as well as Marc Perkel is off topic, asking Marc Perkely what he thinks is off topic, and this thread should die a horrific death. It's on the way to a /dev/null forward as we speak. -M<
Re: GoDaddy.com shuts down entire data center?
On Tue, 17 Jan 2006, Matt Ghali wrote: On Tue, 17 Jan 2006, Robert E.Seastrom wrote: The first and second paragraphs are sane. The last paragraph gives Go Daddy the right to capriciously and arbitrarily delete your domain for any reason they wish ("Morally objectionable activities will include, but not be limited to...") Do you believe that your philosophical objections to the language absolves you as a customer from the minimal due dilligence of knowing what you are agreeing to? Find me a registrar that DOESN'T have that kind of language in their user agreements, then tell me if anyone wishing to do any kind of e-commerce has a choice. I've gone off on a tear about this before: A registrar has a license to print money. Boilerplate user agreements that leave the user zero recourse are the standard. I haven't seen a registrar yet that doesn't have this kind of verbiage completely freeing them from liability for *any* action taken on a domain registration, including none. - billn
Re: GoDaddy.com shuts down entire data center?
On Tue, 17 Jan 2006, Robert E.Seastrom wrote: The first and second paragraphs are sane. The last paragraph gives Go Daddy the right to capriciously and arbitrarily delete your domain for any reason they wish ("Morally objectionable activities will include, but not be limited to...") Do you believe that your philosophical objections to the language absolves you as a customer from the minimal due dilligence of knowing what you are agreeing to? [EMAIL PROTECTED]< The only thing necessary for the triumph of evil is for good men to do nothing. - Edmund Burke
Re: GoDaddy.com shuts down entire data center?
--On January 17, 2006 7:27:20 AM -0500 "Robert E.Seastrom" <[EMAIL PROTECTED]> wrote: Now that Go Daddy has ensured that I'll never do business with them (which is a shame; I liked certain lawsuits that they brought in the past, but if being their customer means subscribing to their thought police, count me out), I think it's time to carefully go over the registration agreements with the registrars I use... never know when someone will slip in something truly odious, and the argument that none of them would be so crazy as to try it appears to be incorrect. This thread gets less and less operationalhowever...I'm trying to keep this in scope...I think this relates operationally because we all have and enforce AUPs and ToS on our customer bases, both internal, and external. We also have AUPs and ToS enforced on us, by business relationships and peerings, etc. Most ToS and AUP out there at the consumer level state basically the service is worthless, that we can and will d/c you at will, without cause, at our whim. Overzealous lawyering has made this a necessity. How much any of these might or might not stand up in court, I have no clue. As you get into the business world some ToS and AUP become more weighty, but far more structured. Giving both sides clearer and well defined policies and practices for responding to issues. Requiring notification, escalation, etc. I think what matters is the way that the AUPs are applied. This case...the facts...don't match up. webhosting.info (not an authoritative source mind you, but a datapoint) only sees ~150 hosts by this ISP. From what I understand this number is from whois data with nameservers pointing to theirs. Contrast this with mydyndns.org, google.com, ebay.com, prioritycolo.com, wellsfargo.com (ok so this ones not that much more, at ~800), even sun.com has more domains listed. Those last two aren't even 'in the business' and they have more. While they may have a large datacenter, I'm not even remotely sure that this incident darkened the whole thing. It might've taken rDNS offline, but that's far from darkening a whole datacenter. It sounds like another WHTer puffing themselves up to being bigger than they are. They *must* be small to let a *CUSTOMER* advocate for them to a third party! Nectartech clearly knew about this and sanctioned it, and the person recording the phone calls has pointed this out more than once. There are no facts in this case either way, because it is really Go Daddy against Nectartech. And Nectartech has a lot more reason to lie to make itself look better in front of its customers. If their whole datacenter went dark then it's some unrelated thing, or some really bad practice (such as somehow establishing iBGP based on domain names maybe? hell I dunno). I've seen so much utter BS spouted by a lot of the self proclaimed web hosts on WHT that I'm not inclined to believe his side of the story any more (or any less) because of it. Go Daddy has to my knowledge never been draconian in applying their AUP (I think atleast some of us here would know about it if so).
Re: GoDaddy.com shuts down entire data center?
- Original Message - From: "Patrick W. Gilmore" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Cc: "Patrick W. Gilmore" <[EMAIL PROTECTED]> Sent: Tuesday, January 17, 2006 1:09 AM Subject: Re: GoDaddy.com shuts down entire data center? On Jan 17, 2006, at 1:32 AM, Jim Popovitch wrote: I want to say, from an outsider's perspective, that I whole heartily applaud GoDaddy on the actions they took [...] There seems to be a wide split on this topic. I was wondering if people would privately tell me yes or no on a few questions so I can understand the issue better. 1) Do you think it is acceptable to cause any collateral damage to innocent bystanders if it will stop network abuse? If the damage of the persistant abuse is greater than the lost of the innocent persons, yes. 2) If yes, do you still think it is acceptable to take down 100s of innocent bystanders because one customer of a provider is misbehaving? Yes I do and more than likely, so do you. If you are a common end point for all of my users and I'm the common end point for yours, either of us has the right to deny access to the other at any point for no reason really. Now, should your network start flooding me or vice versa, one of us, if not both, will toss up some filters. If either of our networks is larger than the other and causing a dos for the other end, the effected one of us would have no recourse but to contact the upstream of the source point and request assistance. 3) If yes, do you still think it is acceptable if the "misbehaving" customer is not intentionally misbehaving - i.e. they've been hacked? Intentional or not, it doesn't negate the fact that the system has been hacked and is now owned by someone other than the actual owner. If one of my systems were to be hacked and I miss it, and it starts causing problems for your network, I expect my network to be filtered. If your filters aren't effective enough to deal with the issue, and I'm not helping you to correct the problem, I expect you to go to my carrier to file a complaint. 3) If yes, do you still think it is acceptable if the collateral damage (taking out 100s of innocent businesses) doesn't actually stop the spam run / DoS attack / etc.? There is no simple yes / no for this one. It would depend on the circumstances of the issue. Using the case under discussion as an example, I am wondering why anyone thinks taking down 100s of innocent domains is a good way to stop a single hacked machine from doing whatever it is doing? If you somehow think all that is worth it, take a close look at your cost / benefit analysis. At this rate, every business on the Internet will be out of business before we take out even a single moderately large botnet. You can wonder why, however I, IMHO, think that if more carriers would take that stance, then the problems that we face daily would be much less severe. Currently, there's not much to keep the big players in check when it comes to their network. Now, imagine, what could happen if they were forced to play by the same rules that we have to go by? If our network is causing problems, our uplink(s) have the authority to disconnect them for that generally. Can you see Sprint, SBC/AT&T, L3, Cogent, AOL, Cox, etc having those same rules applicable to them or be depeered from all peers and become network dead? Now, is it feasible to do such a thing? Not usually because it causes financial issues on both sides of the depeering. That's because the internet that we have is used as a means of financial gain and isn't geared for being easily segregated in the event of compromise. Yet, that's the current mechanism for a compromised end user. The same means should be used all the way to the NAP imo. I am also wondering why anyone thinks the miscreant will stop just because the legitimate owner's domain no longer resolves? Not only is the machine likely to continue sending spam as if nothing happened, we aren't even "catching" the guy. I guess you could say "well, it put pressure on his hosting provider to clean the infected machine", which is true. I just think that's a bit silly. But maybe I'm the one who's silly. Why should you or I be the ones responsible for catching the miscreant when the compromised system isn't on our network? If it were, then that task would fall to us to do so. If the threat of a delinking were over our heads, we'd have some major incentive to find the idiot and make sure he's not on our net anymore wouldn't we. Lastly, I wonder what "average" people - people who run businesses on hosting providers who really don't understand all this computer stuff - think about such actions. How many 100s of people have we just alienated for
Re: DNS Server domains was Re: GoDaddy.com shuts down entire data center?
In message <[EMAIL PROTECTED]>, Simon Waters writes: > > >I think the general consensus in the DNS field is that for security reasons it >is preferable to have as small a set of DNS servers (or perhaps as small as >set of differently configured servers! Hmm physical security) in the >hierarchy above you as possible, since compromise of any of these could >affect the results obtained for your domain. > See http://www.usenix.org/events/imc05/tech/ramasubramanian.html --Steven M. Bellovin, http://www.cs.columbia.edu/~smb
Re: GoDaddy.com shuts down entire data center?
Matt Ghali <[EMAIL PROTECTED]> writes: > Hear Hear. > After reading the GoDaddy domain registration legal agreement, > available at: > https://www.godaddy.com/gdshop/legal_agreements/show_doc.asp?se=%2B&ci=1839&pageid=REG%5FSA > especially section 7, "Restriction of Services, Right of Refusal", I > have to give them a big thumbs up. > > It is good to see that wielding a Big Stick, and actively working for > the Good Guys has not hindered GoDaddy from achieving quite a bit of > success in the market. The first and second paragraphs are sane. The last paragraph gives Go Daddy the right to capriciously and arbitrarily delete your domain for any reason they wish ("Morally objectionable activities will include, but not be limited to...") Put an ethnic joke on your blog? Lose your registration. Put up an "I'm a dissatisfied Go Daddy customer" page? Lose your registration. Run a non-2257-compliant adult site (that doesn't show minors, just doesn't have the paperwork) outside of the US? Lose your registration. Mirror tubgirl and goatse-man? Lose your registration. Host a site that Go Daddy can plausibly consider "morally objectionable" (gambling? whiskey reviews?)... Lose your registration. Now that Go Daddy has ensured that I'll never do business with them (which is a shame; I liked certain lawsuits that they brought in the past, but if being their customer means subscribing to their thought police, count me out), I think it's time to carefully go over the registration agreements with the registrars I use... never know when someone will slip in something truly odious, and the argument that none of them would be so crazy as to try it appears to be incorrect. ---Rob
Re: GoDaddy.com shuts down entire data center?
On Tue, 17 Jan 2006, Chris Brenton wrote: IMHO the big issue is that service was cut on a Friday night just as the only folks empowered to resolve the situation have left for the weekend. Actually the big issue is that godaddy's 24/7 seems anything but -Dan
Re: GoDaddy.com shuts down entire data center?
On Tue, 2006-01-17 at 03:19 -0500, Richard A Steenbergen wrote: > > The question at hand is, at what point does a registrar providing services > have an ethical or moral obligation to step in and do something when they > do encounter an excessive level of abuse by someone using their services? I think the issue here is not so much what happened, but how it happened. The phishing problem was originally reported to godaddy and then passed on to nectar on 1/9 (a Monday). It also appears the nectar folks resolved the problem on the same day. After that point godaddy continued to receive complains about the same problem and rather than checking to see if the problem still existed, they just assumed it did. Nectar appears to have even responded to godaddy stating that the problem had already been resolved long before service was cut. IMHO the big issue is that service was cut on a Friday night just as the only folks empowered to resolve the situation have left for the weekend. I can see cutting service during a weekday morning to get the client's attention on the matter. Doing it at a time when you know you'll be causing a long term outage is just plain nasty. HTH, Chris
Re: GoDaddy.com shuts down entire data center?
Patrick W. Gilmore wrote: On Jan 17, 2006, at 1:32 AM, Jim Popovitch wrote: I want to say, from an outsider's perspective, that I whole heartily applaud GoDaddy on the actions they took [...] There seems to be a wide split on this topic. I was wondering if people would privately tell me yes or no on a few questions so I can understand the issue better. 1) Do you think it is acceptable to cause any collateral damage to innocent bystanders if it will stop network abuse? In some cases. Our policy is to minimize such. Example: Customer has a NATted network with multiple machines sharing one global address. One of the machines at customer's premise is causing abuse (virus, etc.) Null-routing one specific IP address will cause collateral damage to the non-infected machines at that customer, but I think most of here would agree that such is justified. Obviously, if the impact of the abuse is minimal, having the customer fix the problem before shutting anything down is preferred. Another example would be a customer's webserver which has many name-based virtual hosts, one of which is abusive, and you are providing IP connectivity. By null-routing one IP you are causing collateral damage to the non-abusive virtual host customers of your customer, but I think most would think that justified. 2) If yes, do you still think it is acceptable to take down 100s of innocent bystanders because one customer of a provider is misbehaving? I assume here that you mean "Customer of a customer". Again, it depends. If the customer has continual problems controlling abuse from his customers, or you suspect that your customer is playing "whack-a-mole", or the abuse is ongoing and/or serious and you can't identify which of customer's customers is the cause (spoofed source addresses, etc.) in some cases yes. 3) If yes, do you still think it is acceptable if the "misbehaving" customer is not intentionally misbehaving - i.e. they've been hacked? Again, it depends on the seriousness of the abuse and its affect on the network, as well as the frequency thereof and the seriousness of the customer in rectifying the problem. Also whether you can reasonably isolate the abuse and disconnect only the customer's abusive customer. 3) If yes, do you still think it is acceptable if the collateral damage (taking out 100s of innocent businesses) doesn't actually stop the spam run / DoS attack / etc.? If it doesn't stop it but stops your network from being a part of it, yes. If it has no affect on it at all, then you're probably pulling the wrong plug. These are important question to me, and I'm surprised at the number of people who seem to feel so very differently than I thought they would feel - than I personally feel. Would people mind sending me private e-mails with yes/no answers? Longer answers are welcome, but yes/no will do. This is IMHO operational, so posting publicly. I don't think this is as black-and-white as to warrant simple yes-no answers. There are policies involved as well as your agreements with your peers/upstreams. If the issue is serious enough that you risk losing your own connectivity because you can't stem the abuse from a customer's customer, then you may need to do so, or the end result will be that you become part of greater collateral damage. Using the case under discussion as an example, I am wondering why anyone thinks taking down 100s of innocent domains is a good way to stop a single hacked machine from doing whatever it is doing? If you somehow think all that is worth it, take a close look at your cost / benefit analysis. At this rate, every business on the Internet will be out of business before we take out even a single moderately large botnet. The present example seems to be a combination of poor communication, bad attitude and sloppy network design from what I've seen here. It's unclear to me exactly what GoDaddy shut down, and the only data points we have to go on are admittedly edited conversations that took place after the plug was pulled. What went on beforehand? Did Nectar indeed make a good faith effort to correct the original problem? Was their attitude the same as shown on the phone calls? How long had the problem existed, had it happened before, and did Nectar keep an open dialogue as to the steps they were taking to fix it? Did GoDaddy have less intrusive options to shut down just the abuser? I am also wondering why anyone thinks the miscreant will stop just because the legitimate owner's domain no longer resolves? Not only is the machine likely to continue sending spam as if nothing happened, we aren't even "catching" the guy. I guess you could say "well, it put pressure on his hosting provider to clean the infected machine", which is true. I just think that's a bit silly. But maybe I'm the one who's silly. I think this was a case of a fake phishing website ra
Re: GoDaddy.com shuts down entire data center?
--On January 16, 2006 10:32:58 PM -0800 Jim Popovitch <[EMAIL PROTECTED]> wrote: I want to say, from an outsider's perspective, that I whole heartily applaud GoDaddy on the actions they took and the consistent professionalism exhibited by their tech support representative. Despite obvious (and heavily edited) calls to the same agent, the consumer was informed in a professional manner of his/her avenue for resolution. No doubt remains in my mind that the caller was not caught blind by this situation. Go Daddy has a privacy policy that no doubt prohibits them from releasing details of their side of this case, however to me the recording suggests that the caller knew this was the end result, not a sudden surprise move, and they just wanted to circumvent standard procedure. The caller's prior thought to record, what appears as a standard call to tech-support, is insightful and should be an obvious sign of his motivation. Theres a clear case of he said they said going on with this case. Nectartech is making claims that they fixed the issue. Also note that the caller is not a Nectartech employee at all. He's a customer who's also friends with the owner. Atleast that's what he says in WHT thread. In any event I don't think Nectartech handled this very well, and more likely than not still had a problem and were given ample time to properly correct it.
DNS Server domains was Re: GoDaddy.com shuts down entire data center?
On Tuesday 17 Jan 2006 01:04, you wrote: > > Not having all your DNS servers in the same domain, or registered through > the same registrar, isn't a "best practice" that has previously occurred > to me, but it makes a lot of sense now that I think about it. I think the general consensus in the DNS field is that for security reasons it is preferable to have as small a set of DNS servers (or perhaps as small as set of differently configured servers! Hmm physical security) in the hierarchy above you as possible, since compromise of any of these could affect the results obtained for your domain. See also DJBs "Trusted Servers" note. http://cr.yp.to/djbdns/notes.html Here there is a clear conflict between security through redundancy against accident, and resistant to compromise. Although it can be mitigated by choosing well managed parents zones. Incidently we have DNS servers in two domains, but that is historical, and both top level domains are managed by Verisign, and delivered via the same set of servers. Thus we are dependent on "root-servers.net", "gltd-servers.net" and our own servers, only in the resolution of our own domain names (and customer domains, where those domains are in .com/.net). Of course arguably the effective working of some services (email?) are now also dependent on reverse DNS working well, and the delegation of that is different again. That said I think the idea is sound against some issues (at which point one should probably also use different providers for the DNS registration services, since if their procedures are flawed). However it does increase the risk of certain types of malicious activity, as in general it is sufficent to compromise one DNS server involved in serving a name to compromise the majority of the traffic (at least in theory, I haven't had a chance to prove this in anger yet). Since we are moving a couple of our nameservers from their current domain, I think I'll look at putting them under co.uk, as the UK seems to have tidied up its DNS management quite nicely in recent years. Also during recent event it has struck me that the hierarchy of servers involved in providing DNS services is quite small, and has quite different characteristics to the other records in the DNS. I'm beginning to wonder if having the scaffolding in the protocol itself is the right way, but that is a debate that has raged before, and is off topic here.
Re: GoDaddy.com shuts down entire data center?
On Tue, Jan 17, 2006 at 02:09:21AM -0500, Patrick W. Gilmore wrote: > > On Jan 17, 2006, at 1:32 AM, Jim Popovitch wrote: > > >I want to say, from an outsider's perspective, that I whole > >heartily applaud GoDaddy on the actions they took [...] > > There seems to be a wide split on this topic. I was wondering if > people would privately tell me yes or no on a few questions so I can > understand the issue better. > > 1) Do you think it is acceptable to cause any collateral damage to > innocent bystanders if it will stop network abuse? > > 2) If yes, do you still think it is acceptable to take down 100s of > innocent bystanders because one customer of a provider is misbehaving? > > 3) If yes, do you still think it is acceptable if the "misbehaving" > customer is not intentionally misbehaving - i.e. they've been hacked? > > 3) If yes, do you still think it is acceptable if the collateral > damage (taking out 100s of innocent businesses) doesn't actually stop > the spam run / DoS attack / etc.? I don't think anyone (well ok, anyone sane, I know we have a few nutjobs on this list :P) thinks that arbitrarily blocking service to hundreds or thousands of users because someone is unknowingly hacked is an appropriate way to address network abuse. I really have no idea how aggressive GoDaddy is with enforcing their AUP, as I don't personally use their services, but based on what I know about the affected customer and what I can read from the affected whiner's website I'm certainly not going to jump to the conclusion that GoDaddy is running around like a hopped up abuse desk worker on a power trip, shutting off service to random innocent people because they feel like it. The question at hand is, at what point does a registrar providing services have an ethical or moral obligation to step in and do something when they do encounter an excessive level of abuse by someone using their services? At what point does ARIN revoke the allocation of a blatant and persistant spammer who is violating the law without being stopped? I think the answer is that clearly this isn't something they want to be doing on a regular basis, any more than an ISP wants to be responsible for filtering every packet that goes through their routers looking for warez and kiddie porn, yet I have seen them do it in certain rare and severe cases of unrelenting abuse. Maybe it is a judgement call, maybe it isn't. Bottom line, dealing with abuse is an ass job, and I certainly wouldn't want it. Some days you're doing a good thing because you shut down a spammer, some days you're doing a bad thing because you shut down innocent services along with it (and some days you're just fending off "stop hax0ring me on port 80 or I'll sue you and call the CIA" e-mails). I highly suspect that GoDaddy doesn't involve itself in these kinds of issues lightly, which means that in all likelihood the level of abuse was severe, with no communication from the person they suspended service to. I for one have never heard of anyone I know having their GoDaddy service suspended for this kind of thing. Unless someone has some actual facts that GoDaddy is engaging in this kind of activity, I'm inclined to give them the benefit of the doubt. This means, at least for now lumping them in the "respecting them for taking a stand regarding the abuse of their service" category, rather than the "wackjob conspiracy theorist power-crazed zealot" category we all know and love. :) -- Richard A Steenbergen <[EMAIL PROTECTED]> http://www.e-gerbil.net/ras GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)
Re: GoDaddy.com shuts down entire data center?
On Mon, 16 Jan 2006, Jim Popovitch wrote: [jim, please wrap your text!] I have never been a Go Daddy customer, but I certainly appreciate their stand on this issue. I will probably never be a Nectartech customer after this episode. Hear Hear. After reading the GoDaddy domain registration legal agreement, available at: https://www.godaddy.com/gdshop/legal_agreements/show_doc.asp?se=%2B&ci=1839&pageid=REG%5FSA especially section 7, "Restriction of Services, Right of Refusal", I have to give them a big thumbs up. It is good to see that wielding a Big Stick, and actively working for the Good Guys has not hindered GoDaddy from achieving quite a bit of success in the market. matto [EMAIL PROTECTED]< The only thing necessary for the triumph of evil is for good men to do nothing. - Edmund Burke
Re: GoDaddy.com shuts down entire data center?
On Jan 17, 2006, at 1:32 AM, Jim Popovitch wrote: I want to say, from an outsider's perspective, that I whole heartily applaud GoDaddy on the actions they took [...] There seems to be a wide split on this topic. I was wondering if people would privately tell me yes or no on a few questions so I can understand the issue better. 1) Do you think it is acceptable to cause any collateral damage to innocent bystanders if it will stop network abuse? 2) If yes, do you still think it is acceptable to take down 100s of innocent bystanders because one customer of a provider is misbehaving? 3) If yes, do you still think it is acceptable if the "misbehaving" customer is not intentionally misbehaving - i.e. they've been hacked? 3) If yes, do you still think it is acceptable if the collateral damage (taking out 100s of innocent businesses) doesn't actually stop the spam run / DoS attack / etc.? These are important question to me, and I'm surprised at the number of people who seem to feel so very differently than I thought they would feel - than I personally feel. Would people mind sending me private e-mails with yes/no answers? Longer answers are welcome, but yes/no will do. Using the case under discussion as an example, I am wondering why anyone thinks taking down 100s of innocent domains is a good way to stop a single hacked machine from doing whatever it is doing? If you somehow think all that is worth it, take a close look at your cost / benefit analysis. At this rate, every business on the Internet will be out of business before we take out even a single moderately large botnet. I am also wondering why anyone thinks the miscreant will stop just because the legitimate owner's domain no longer resolves? Not only is the machine likely to continue sending spam as if nothing happened, we aren't even "catching" the guy. I guess you could say "well, it put pressure on his hosting provider to clean the infected machine", which is true. I just think that's a bit silly. But maybe I'm the one who's silly. Lastly, I wonder what "average" people - people who run businesses on hosting providers who really don't understand all this computer stuff - think about such actions. How many 100s of people have we just alienated for life to stop - er, NOT stop - a single zombie? And how many of their friends are going to hear over an over how the Internet is not a real business and no one should put any faith in it? Is this really a good thing? -- TTFN, patrick
Re: GoDaddy.com shuts down entire data center?
I want to say, from an outsider's perspective, that I whole heartily applaud GoDaddy on the actions they took and the consistent professionalism exhibited by their tech support representative. Despite obvious (and heavily edited) calls to the same agent, the consumer was informed in a professional manner of his/her avenue for resolution. No doubt remains in my mind that the caller was not caught blind by this situation. Go Daddy has a privacy policy that no doubt prohibits them from releasing details of their side of this case, however to me the recording suggests that the caller knew this was the end result, not a sudden surprise move, and they just wanted to circumvent standard proceedure. The caller's prior thought to record, what appears as a standard call to tech-support, is insightful and should be an obvious sign of his motivation. Let me explain my perspective. I am a long standing customer of data center services, and I fully appreciate network operators' efforts to stem the spread of spam and viruses. I run a few non-profit public mailing lists and the emails from my systems traverse your networks hourly. I work quikly and diligently with service providers to overcome issues where our paths cross. I have never been a Go Daddy customer, but I certainly appreciate their stand on this issue. I will probably never be a Nectartech customer after this episode. -Jim P. - Original Message From: william(at)elan.net <[EMAIL PROTECTED]> To: Joe McGuckin <[EMAIL PROTECTED]> Cc: Richard A Steenbergen <[EMAIL PROTECTED]>; Matt Ghali <[EMAIL PROTECTED]>; Elijah Savage <[EMAIL PROTECTED]>; NANOG Sent: Monday, January 16, 2006 3:43:53 PM Subject: Re: GoDaddy.com shuts down entire data center? On Mon, 16 Jan 2006, Joe McGuckin wrote: > Richard, > > On the other hand , I'm not comfortable with the idea that an organization > that provides network infrastructure services under the aegis of the US > Government could unilaterally revoke those services for something that is > not illegal. It does not have to be illegal. All that is necessary is that customer who purchased the service beware and agree to the policies prior to making the purchase (of course, almost nobody fully reads that long agreement you get presented on the website, but that's another story...)
Re: GoDaddy.com shuts down entire data center?
On Sun, 15 Jan 2006, Elijah Savage wrote: Any validatity to this and if so I am suprised that our team has got no calls on not be able to get to certain websites. http://webhostingtalk.com/showthread.php?t=477562 Casting blame may be a fun exercise. Listening to others cast blame gets old fast. The more useful question here is whether there are lessons the rest of us can learn from this incident. The most important lesson is probably that your problems will almost always be more important to you than to somebody else. If you end up with a business killing problem, it doesn't matter if it's somebody else's fault -- you're the one who will be out of business. Likewise, you shouldn't go wandering out into heavy traffic just because the drivers are required by law to stop for you. Choosing your vendors carefully is important. Having a backup plan for what to do if your vendors fail you is a good thing, but it's nice not to have to use the backup plan. Likewise, if something is really important to you, make sure your vendors know that. Nobody wants to suddenly find out in the middle of the night that they're responsible for something critical. Knowing what's important to you in advance can help you figure out what arrangements need to be made. If your hosting operation won't run without power, Internet connectivity, and DNS, making sure your power, connectivity, and DNS are robust matters a lot. If your business can continue to operate for a few days without toner for your laser printer, choosing a less reliable toner supplier is probably ok. If you do need to call your vendors, having a clear explanation of what's going on is often a good thing. "An entire datacenter" is an awfully vague term. If that were all of, say, Equinix Ashburn, it would be a big enough deal that government regulators would probably be concerned. But a room in the back of somebody's office with a rack of servers in it could also be justifiably called a "datacenter" (and a rack of servers in the back of somebody's office could also be important to somebody). It's probably better to be able to say, "x number of domains are down, representing y amount of revenue for our company and z critical service that the rest of the Internet relys on. This might put us out of business." This still may not get the desired response -- it's not your vendor who is going to be put out of business -- but it at least gives the person on the other end of the phone call some idea of what they're dealing with. Protecting everything you've decided is important may be expensive. It may not be worth the cost. It's best to have made that calculation before the problem starts, when there's still time to spend money on protection if you do decide it's worth it. Not having all your DNS servers in the same domain, or registered through the same registrar, isn't a "best practice" that has previously occurred to me, but it makes a lot of sense now that I think about it. Looking at the big TLDs, .com and .net have all their servers in the gtld-servers.net domain, but Verisign controls .net and can presumably fix gtld-servers.net if it breaks. UltraDNS has their TLD servers (for .org and others) in several different TLDs. Maybe that is to protect against this sort of thing. And there's a PR lesson here, too. I'd never heard of Nectartech before this, and I'm guessing that's the case for a lot of NANOG readers. Having heard this story, I'd be hesitant to register a domain with GoDaddy, and that was presumably the goal. But I'd be hesitant to rely on a company with a name like GoDaddy anyway, just because of the name. Now that I've heard of Nectartech, I know them as the company that had the outage. That's not exactly a selling point. I've certainly got sympathy for Mr. Perkel. I've learned a lot of the lessons above the hard way, some due to my own miscalculations and some due to working for companies that didn't value my time and stress levels as highly as I would have liked (choosing your employers carefully is important too...). These lessons don't apply just to networking. The loss prevention department of a bank once locked my account for "suspicious activity" on a Friday afternoon and then left for the weekend. I had two dollars in my wallet, and didn't have much food. Escalating as far as I could through the ranks of people working the bank's customer service lines on Friday evening, I didn't manage to find anybody who didn't think I should just wait until Monday. Multiple accounts at different banks, neither of which is the bank that locked my account, now seem like a very good idea. -Steve
Re: GoDaddy.com shuts down entire data center?
> > > william(at)elan.net wrote: > > >> On Mon, 16 Jan 2006, Richard A Steenbergen wrote: > >> > >>> The rest is just some random blowhard web hosting customer > > > > I disagree with this particular part. I think its quite clear that > > this was not "random blowhard hosting customer" but somebody close to > > nectartech owner who owner knew could get through walls put by some > > companies and if not annoy the hell out of them afterward and spin > > it around in [in]appropriate way. > > Precisely. It wasn't just some random blowhard web hosting customer. > It was a carefully selected web hosting customer specifically chosen > for his expertise at being a blowhard. He sounds like a blowhard to me, and he delayed them getting back online as quick as he could. GoDaddy gave him the same sphiel I've heard 100 times i.e. here's our procedures please do x, y, and z. If you look at the guys web page, he takes pride in being a blow hard so don't fret, he'd disagree with you too. No doubt he's reading NANOG and probably yelling at the mailing admins about how he has to sign up for two lists vs. one and how stupid we all are. -M<
Re: GoDaddy.com shuts down entire data center?
william(at)elan.net wrote: On Mon, 16 Jan 2006, Richard A Steenbergen wrote: The rest is just some random blowhard web hosting customer I disagree with this particular part. I think its quite clear that this was not "random blowhard hosting customer" but somebody close to nectartech owner who owner knew could get through walls put by some companies and if not annoy the hell out of them afterward and spin it around in [in]appropriate way. Precisely. It wasn't just some random blowhard web hosting customer. It was a carefully selected web hosting customer specifically chosen for his expertise at being a blowhard. -- Jay Hennigan - CCIE #7880 - Network Administration - [EMAIL PROTECTED] NetLojix Communications, Inc. - http://www.netlojix.com/ WestNet: Connecting you to the planet. 805 884-6323
Re: GoDaddy.com shuts down entire data center?
On Mon, 16 Jan 2006, Joe McGuckin wrote: Richard, On the other hand , I'm not comfortable with the idea that an organization that provides network infrastructure services under the aegis of the US Government could unilaterally revoke those services for something that is not illegal. It does not have to be illegal. All that is necessary is that customer who purchased the service beware and agree to the policies prior to making the purchase (of course, almost nobody fully reads that long agreement you get presented on the website, but that's another story...) Not being somebody who've ever used godaddy's services, I'm just speculating based on various reports, but I think their registration service agreement is more extensive then domain registration agreement from most other registrars and prohibits use of the domain in connection with spamming as well as in connection with illegal activities. If policies are violated then domain maybe suspended until problem is resolved. I suspect they don't suspend right away and have system of requiring domain owner be available for notification and conversation in case such use (prohibited by their service agreement) is reported. If they do not hear anything about it and reports continue then they take action as allowed by domain registration agreement. What we probably saw is such action after nectartech failed to respond to several notifications and probably kept server running without fully cleaning it up and possibly more then one of their servers was hacked too. This is similar enough situation to what may happen when you run servers on the connection purchased from your ISP and that ISP actually takes abuse reports seriously and has working abuse department that follows up on what is sent them. That this was spinned around as datacenter shutdown on WHT and even got here is a result of both how nectartech wanted itself seen and who they had for dealing with such vendor actions. On Mon, 16 Jan 2006, Richard A Steenbergen wrote: The rest is just some random blowhard web hosting customer I disagree with this particular part. I think its quite clear that this was not "random blowhard hosting customer" but somebody close to nectartech owner who owner knew could get through walls put by some companies and if not annoy the hell out of them afterward and spin it around in [in]appropriate way. -- William Leibzon Elan Networks [EMAIL PROTECTED]
Re: GoDaddy.com shuts down entire data center?
On Mon, 16 Jan 2006, Richard A Steenbergen wrote: FYI, Nectartech is a small hosting shop out of 55 S Market in San Jose. I wouldn't describe them as a "datacenter", since I don't think they own or operate any facilities. Heh, I used to work at a small hosting shop out of 55 S. Market- it was (then) called BBN Planet. I guess these schmoes rent a cage from Genuity (or whatever they are called now). Perhaps if they ever managed to find "the command to make two routers talk to each other and be redundant" (a real quote from what has been loosely described as their network admin, I'm not kidding, you can't make stuff like this up :P), their next step might be to find the command to make dns servers talk to each other and be redundant. Seriously. You need to be spewing a lot of cak onto the net for your _domain registrar_ to take notice. The rest is just some random blowhard web hosting customer who gets off on being an ass and blaming everyone but himself and his choice in hosting companies. Hardly an uncommon sight. :) The priceless part is that we probably never would have noticed, had he not had the hubris to record the conversations, and then publish the URL to them. I love it when the lusers are nice enough to clearly identify themselves. matto [EMAIL PROTECTED]< The only thing necessary for the triumph of evil is for good men to do nothing. - Edmund Burke
Re: GoDaddy.com shuts down entire data center?
Richard, On the other hand , I'm not comfortable with the idea that an organization that provides network infrastructure services under the aegis of the US Government could unilaterally revoke those services for something that is not illegal. By all means, the Justice Dept. and police should move against anyone performing illegal acts such as phishing, I just don't think that it is ICANN or ARIN and GoDaddy's job to police good net citizenship. Joe On 1/16/06 10:07 AM, "Richard A Steenbergen" <[EMAIL PROTECTED]> wrote: > > On Sun, Jan 15, 2006 at 03:32:02PM -0800, Matt Ghali wrote: >> >> On Sun, 15 Jan 2006, Elijah Savage wrote: >> >> Any validatity to this and if so I am suprised that our team has >> got no calls on not be able to get to certain websites. >> >> http://webhostingtalk.com/showthread.php?t=477562 >> >> >> I for one applaud godaddy's response. If more piddling "Hosting >> Providers" with "Datacenters" got turned off when they started >> spewing abusive traffic, the net would be a much nicer place. >> >> Whoever the heck "nectartech" is, I guess they might act a little >> more responsibly in the future. Or, more probably, they'll just >> change to another DNS registrar who doesn't care as much about >> abuse. > > FYI, Nectartech is a small hosting shop out of 55 S Market in San Jose. I > wouldn't describe them as a "datacenter", since I don't think they own or > operate any facilities. > > Perhaps if they ever managed to find "the command to make two routers talk > to each other and be redundant" (a real quote from what has been loosely > described as their network admin, I'm not kidding, you can't make stuff > like this up :P), their next step might be to find the command to make dns > servers talk to each other and be redundant. > > Reality check time, what we have here is a small hosting shop with a long > history of shady customers. I doubt GoDaddy nukes nameservers on a whim, > my money is that there was a lot of abuse which went on for a long time > without getting any response. Its amazing how quickly some people who > don't respond or address abuse issues at all when you're asking nicely > will appear and take care of things once you turn them off. The rest is > just some random blowhard web hosting customer who gets off on being an > ass and blaming everyone but himself and his choice in hosting companies. > Hardly an uncommon sight. :) -- Joe McGuckin ViaNet Communications 994 San Antonio Road Palo Alto, CA 94303 Phone: 650-213-1302 Cell: 650-207-0372 Fax: 650-969-2124
Re: GoDaddy.com shuts down entire data center?
On Sun, Jan 15, 2006 at 03:32:02PM -0800, Matt Ghali wrote: > > On Sun, 15 Jan 2006, Elijah Savage wrote: > > Any validatity to this and if so I am suprised that our team has > got no calls on not be able to get to certain websites. > > http://webhostingtalk.com/showthread.php?t=477562 > > > I for one applaud godaddy's response. If more piddling "Hosting > Providers" with "Datacenters" got turned off when they started > spewing abusive traffic, the net would be a much nicer place. > > Whoever the heck "nectartech" is, I guess they might act a little > more responsibly in the future. Or, more probably, they'll just > change to another DNS registrar who doesn't care as much about > abuse. FYI, Nectartech is a small hosting shop out of 55 S Market in San Jose. I wouldn't describe them as a "datacenter", since I don't think they own or operate any facilities. Perhaps if they ever managed to find "the command to make two routers talk to each other and be redundant" (a real quote from what has been loosely described as their network admin, I'm not kidding, you can't make stuff like this up :P), their next step might be to find the command to make dns servers talk to each other and be redundant. Reality check time, what we have here is a small hosting shop with a long history of shady customers. I doubt GoDaddy nukes nameservers on a whim, my money is that there was a lot of abuse which went on for a long time without getting any response. Its amazing how quickly some people who don't respond or address abuse issues at all when you're asking nicely will appear and take care of things once you turn them off. The rest is just some random blowhard web hosting customer who gets off on being an ass and blaming everyone but himself and his choice in hosting companies. Hardly an uncommon sight. :) -- Richard A Steenbergen <[EMAIL PROTECTED]> http://www.e-gerbil.net/ras GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)
Re: GoDaddy.com shuts down entire data center?
uOn Mon, Jan 16, 2006 at 10:20:23AM -0500, Martin Hannigan wrote: > > As you dig deeper into his site you find out that he does this > often for the recorded calls. He's got quite a few to AT&T and MCI > stored. There's enough there that GoDaddy ought to inquire as to > the legality of him taping their call without consent. I don't > think the fact that GoDaddy stated they may record is protection > for both, but IANAL. Federal law prohibits private recording of phone calls in the absence of consent from at least one party to the call. Since the caller in this case presumably consented to the recording he was doing, no federal law was broken. Whether or not GoDaddy's "we may record" statement constitutes consent is irrelevant because their consent is not required. Most state laws are similar to the federal law. Some states, though, require the consent of all the parties to the call. It's not clear what law applies on interstate calls between states with dissimilar laws. In particular, if the caller is in a one-party state and GoDaddy is in an all parties state, then he is potentially violating the law in the all-parties state. Any attempt to prosecute such violation would likely be challanged on the grounds that it was an interstate call so only federal law applies (that is, that the existance of the federal law automatically preempts state law on any interstate call), or on the grounds that there isn't sufficient relationship to GoDaddy's state to allow that state to prosecute the caller. (Put another way, the argument would be that State X is not entitled to regulate what individuals in State Y do with their own phones in State Y, even when they are calling people in state X.) And, of course, if an all-party law were held to apply to this case, then he could argue that he consented and GoDaddy's "we might record this call" constituted consent for him to record it. In short, if he and GoDaddy are both in the same state, and it's an all-parties state, he probably broke the law (unless he successfulyl argues that GoDaddy effectively consented.) If he and GoDaddy are both in one-party states, he's fine. Anything else, and it's unclear. If his state is one-party, he's probably safe. If his state is all-parties, then it's harder to say, although federal preemption is certainly a reasonable argument to make. http://www.rcfp.org/taping/ seems to have good information. -- Brett
Re: GoDaddy.com shuts down entire data center?
Greg Boehnlein wrote: On Mon, 16 Jan 2006, Martin Hannigan wrote: Here's the story on the big outage. http://marc.perkel.com/index.html Here's another recorded conversation. (Can you do this in NJ?) http://marc.perkel.com/audio/godaddy2.mp3 The GoDaddy folks are well trained. Kudos. While I do believe that GoDaddy appears to have some sloppy policies and procedures, if you listen to both conversations, you will find that GoDaddy followed a procedure to deal with the issue, and the caller patently refused to follow it. If I have read it correctly then nectartech has followed the procedures by email after cleaning the phishing computer. But GoDaddy did not ack nectartechs emails. GoDaddy claimed again and again the system was spamming/phishing when in reality the system was switched off. What else could they do? -- Peter and Karin Dambier The Public-Root Consortium Graeffstrasse 14 D-64646 Heppenheim +49(6252)671-788 (Telekom) +49(179)108-3978 (O2 Genion) +49(6252)750-308 (VoIP: sipgate.de) mail: [EMAIL PROTECTED] mail: [EMAIL PROTECTED] http://iason.site.voila.fr/ https://sourceforge.net/projects/iason/
Re: GoDaddy.com shuts down entire data center?
> > On Mon, 16 Jan 2006, Martin Hannigan wrote: > > > Here's the story on the big outage. > > > > http://marc.perkel.com/index.html > > > > Here's another recorded conversation. (Can you do this in NJ?) > > > > http://marc.perkel.com/audio/godaddy2.mp3 > > > > The GoDaddy folks are well trained. Kudos. > [ snip ] > Furthermore, the caller identifies himself in his blog as a "professional > asshole", and based on the recorded calls, I have to agree that he has > earned his title. As you dig deeper into his site you find out that he does this often for the recorded calls. He's got quite a few to AT&T and MCI stored. There's enough there that GoDaddy ought to inquire as to the legality of him taping their call without consent. I don't think the fact that GoDaddy stated they may record is protection for both, but IANAL. This has been debunked well enough to be non operational so we better stop talking about it before we all start getting kook calls and end up as recordings on a website. ;-) -M<
Re: GoDaddy.com shuts down entire data center?
On Mon, 16 Jan 2006, Martin Hannigan wrote: > Here's the story on the big outage. > > http://marc.perkel.com/index.html > > Here's another recorded conversation. (Can you do this in NJ?) > > http://marc.perkel.com/audio/godaddy2.mp3 > > The GoDaddy folks are well trained. Kudos. While I do believe that GoDaddy appears to have some sloppy policies and procedures, if you listen to both conversations, you will find that GoDaddy followed a procedure to deal with the issue, and the caller patently refused to follow it. In my opinion, the caller is just grandstanding, most likely for dramatic effect. I counted over 15 different times when the staff at GoDaddy explained that he needed to follow a specific procedure outlined in an E-mail, and they offered to re-send it as many times as he needed and to whatever E-mail address he wanted. During the conversation, the caller claims that the owner of the Datacenter is too busy trying to move domains to respond to the E-mail that would allow him to resolve the entire issue. If this is the case, then this is really poor priority management, and if what GoDaddy indicates in the call is true (Several warnings and notifications of pending suspension) then I have to wonder what nectartech management was thinking? Furthermore, the caller identifies himself in his blog as a "professional asshole", and based on the recorded calls, I have to agree that he has earned his title. -- Vice President of N2Net, a New Age Consulting Service, Inc. Company http://www.n2net.net Where everything clicks into place! KP-216-121-ST
Re: GoDaddy.com shuts down entire data center?
Doesn't this fall under bad things happen. Hopefully it is very clear to all on NANOG that DNS changes can have unforeseeable consequences, because of the nature of the delegation in the DNS. As such pulling DNS records (or zones) you don't fully understand the usage of, as a response to a security/spam problem, is generally a bad idea. That said ultimately a decision has to be taken, relative benefits versus risks. I'm very grateful someone arranged that all records used by the "MINIT" trojan now point to an RFC1918 private address space*, having found infected boxes failing to download their payload as a result. However pulling DNS records probably doesn't belong in the hurly burly of front line support. Simon *Anyone going to check how many DNS servers are still caching "asfasf.ath.cx", to tell how many boxes "nearly" downloaded the payload? In the style of the Sony DRM fiasco measurement.
Re: GoDaddy.com shuts down entire data center?
I'm astonished GoDaddy pulled anyone for spamming. Isn't spamming the whole point of GoDaddy, what with its content-free WHOIS records, integrated no-name domain registry and hosting division? In fact, I would go so far as to say taking out entire GoDaddy would probably be a small increase in the amount of useful information on the Net..
Re: GoDaddy.com shuts down entire data center?
Here's the story on the big outage. http://marc.perkel.com/index.html Here's another recorded conversation. (Can you do this in NJ?) http://marc.perkel.com/audio/godaddy2.mp3 The GoDaddy folks are well trained. Kudos. -M<
Re: GoDaddy.com shuts down entire data center?
I think the main thing I learned from that is that there are a surprising number of hosting companies and self-professed data centre operators who really don't know much about the DNS. Or even what the word "datacenter" means. Sounds to me like a rack of servers or a cage was suspended, not "an entire datacenter" which was claimed several times. The recorded phone call was basically a lesson in how NOT to escalate a call, from both sides involved. From the customer's side if he'd not been so confrontational, he probably would have gotten his problem solved. From the operator's side, they should have a procedure for dealing with abuse and critical escalations 7/24. Just my perception. --chuck
Re: GoDaddy.com shuts down entire data center?
> > > > > The way a policy is enforced - how, in what situations etc - is what > > matters. Most if not all ISP AUPs say basically the same mom and > > apple pie thing (no net abuse or we'll shut you down) > > > > If what this guy says is right, his domain was taken down just because > > one of his servers was broken into and spammed through.I havent > > heard godaddy's side of the story yet - might be better to reserve > > judgement till they comment. > > > > Godaddy (from what I can gather) generates a surprising number of these > shut downs on weekends. The fact that their enforcement and > reinstatement rules are not publicly available on their website > (anywhere) and have no guarantees or assurances on time-to-respond > smacks of something that could get very nasty and seems highly > reactionary Would they suspend comcast.com or mcdonalds.com or > ge.com if _one_ of their servers or services was hijacked? Highly doubtful. > > In the long run, if this is a trend, those big enough will just become > registrars themselves -- even if its just for their own operations. Its > a silly thing for a domain registrar to take on enforcement operations > that network operators aren't. Abusers don't care about domains, or > domain names. Most abuse (spam aside) can operate perfectly well with > just an IP address. By the time the DNS system pulls a domain the damage > has already been done and the potential for high collateral damage is > significant. Restoration time for good-eggs (say those who fix the > problem once properly alerted) is several days in the best of cases with > the bad result of acrimony and huge financial/reputation impact > > The only medium term impact is that Godaddy will lose the bad business > and some good business and create some more competitors. The only point I am trying to make is operational WRT the command structure of a NOC. Several of us here have built many of the large NOC's in operation of the Internet today and if you put us all in the same room we'd all agree that we already know how to build NOC's that respond and get the job done for the most part. It ain't that hard anymore. Question: Do people really think waking up Bob Parsons at 0400 is a good idea for a $9.00 domain only account? He already got a roughly ~$50.00 response with all the time he had GoDaddy on the phone and the out supervisor call. I think if Parkel does, he needs to sign up with VeriSign, UltraDNS, or anyone else who is running DNS assurance products. Note: Please refrain from inferring an endorsement for DNS assurance products. -M<
Re: GoDaddy.com shuts down entire data center?
On 1/16/06, Martin Hannigan <[EMAIL PROTECTED]> wrote: > Operationally, not having someone on the shift who can make > decisions is not a good thing. It's like having a NOC with > no shift supervisor. If you're big enough - a manager. > > Disclaimer: In now way, shape, or form, should that be inferred as > a plug for or against GoDaddy. I'm nuetral. The way a policy is enforced - how, in what situations etc - is what matters. Most if not all ISP AUPs say basically the same mom and apple pie thing (no net abuse or we'll shut you down) If what this guy says is right, his domain was taken down just because one of his servers was broken into and spammed through.I havent heard godaddy's side of the story yet - might be better to reserve judgement till they comment. -- Suresh Ramasubramanian ([EMAIL PROTECTED])
Re: GoDaddy.com shuts down entire data center?
> > > > On 15-Jan-2006, at 18:15, Elijah Savage wrote: > > > Any validatity to this and if so I am suprised that our team has > > got no calls on not be able to get to certain websites. > > > > http://webhostingtalk.com/showthread.php?t=477562 > > I think the main thing I learned from that is that there are a > surprising number of hosting companies and self-professed data centre > operators who really don't know much about the DNS. > The GoDaddy guy didn't do such a bad job. It sounds like they had some procedures and they followed them. http://marc.perkel.com/audio/godaddy.mp3 Operationally, not having someone on the shift who can make decisions is not a good thing. It's like having a NOC with no shift supervisor. If you're big enough - a manager. Disclaimer: In now way, shape, or form, should that be inferred as a plug for or against GoDaddy. I'm nuetral. Best! -M<
Re: GoDaddy.com shuts down entire data center?
On 15-Jan-2006, at 18:15, Elijah Savage wrote: Any validatity to this and if so I am suprised that our team has got no calls on not be able to get to certain websites. http://webhostingtalk.com/showthread.php?t=477562 I think the main thing I learned from that is that there are a surprising number of hosting companies and self-professed data centre operators who really don't know much about the DNS. Joe
Re: GoDaddy.com shuts down entire data center?
On Sun, 15 Jan 2006, Elijah Savage wrote: Any validatity to this and if so I am suprised that our team has got no calls on not be able to get to certain websites. http://webhostingtalk.com/showthread.php?t=477562 I for one applaud godaddy's response. If more piddling "Hosting Providers" with "Datacenters" got turned off when they started spewing abusive traffic, the net would be a much nicer place. Whoever the heck "nectartech" is, I guess they might act a little more responsibly in the future. Or, more probably, they'll just change to another DNS registrar who doesn't care as much about abuse. matto [EMAIL PROTECTED]< The only thing necessary for the triumph of evil is for good men to do nothing. - Edmund Burke
Re: GoDaddy.com shuts down entire data center?
Elijah Savage wrote: Any validatity to this and if so I am suprised that our team has got no calls on not be able to get to certain websites. http://webhostingtalk.com/showthread.php?t=477562 WOW trying to do to many things at once. What a horrible email LOL. Any validity to this? Because I am suprised that we have not received any phone calls/tickets of customers complaining that they can't get to any of these domains. LOL -- http://www.digitalrage.org/ The Information Technology News Center