Re: Seeking UUNET/Level3 help re packet loss between Comcast & Onvoy customers

[Rich Graves]

This is resolved, though no one knows exactly why. If someone at Global 
Crossing has relevant logs of route flaps or somesuch, that might be 
interesting, but I can live with the mystery.

Comcast advertises a specific route for the "problem" space, 71.63.128.0/17. 
Don't ask me why. Early yesterday morning, they flapped that route -- stopped 
advertising it, then started again. *Probably* shortly after that, and possibly 
as a consequence, our connectivity to the range of Comcast IP addresses 
typically assigned to residential customers in MN was restored.

Our ISP, Onvoy, has three upstreams: Verizon, Global Crossing, and AT&T.

The route from 137.22/16 and 130.71/16 to Comcast typically took the path

carleton->onvoy->global crossing->level3->at&t->comcast

But the path from Comcast to us was simply

comcast->at&t->onvoy->carleton

For some time, Global Crossing was a mystery hop, because Onvoy was not 
terribly communicative, and Global Crossing was not showing up in traceroutes. 
Onvoy has let us know that this was could have been because the glbx/onvoy link 
was filtering ICMP due to DDoS attacks, but this seems wrong to me on a number 
of levels. Anyway, it's "fixed."
-- 
Rich Graves http://claimid.com/rcgraves
Carleton.edu Sr UNIX and Security Admin
CMC135: 507-646-7079 Cell: 952-292-6529

Re: Seeking UUNET/Level3 help re packet loss between Comcast & Onvoy customers

[Chris L. Morrow]

On Fri, 24 Aug 2007, Rich Graves wrote:

>
> Wild card: It might be relevant that Carleton was previously a UUNET
> customer, and that 137.22.69.254 was an IP address known to UUNET as a
> demarc point to be monitored. Maybe someone at UUNET failed to clear
> some filters some years ago, when we shut off our old T1.

monitoring doesn't involve filters, it involves no-filters... I see the
prefixes you have issues with out L3/Comcast, perhaps there's something
going on their direction?

-Chris

Seeking UUNET/Level3 help re packet loss between Comcast & Onvoy customers

[Rich Graves]

On August 2, my Craig D. Rice from stolaf.edu posted Re: Seeking Comcast 
Contact: need to troubleshoot packet loss and/or asymmetric routing issue 
between Comcast & Onvoy.

A good Comcast contact (thanks!) and some interesting (but, as it turns out, 
irrelevant) discussion of ICMP and PMTU ensued.

Current situation:

We now know that all packets from all Comcast ranges make it to Carleton 
(137.22/16) and St Olaf (130.71/16) just fine. But we are seeing 30-80% packet 
loss on the paths (multiple) from both Carleton and St Olaf to certain Comcast 
ranges only. The size of the packets does not seem to matter. We pursued the 
PMTU wild goose, and a few others, based on the observation that SYNs appeared 
to get through, but data packets did not. In reality, multiple SYNs are also 
being lost.

Recently, we observed that packets sent from the interior IP address of our 
border router, 137.22.69.254, are able to get to Comcast fine. But traffic sent 
from any other source IP address in 137.22/16 fails.

Outbound traceroutes (Carleton to Comcast) show that the "good" networks take 
an AT&T outbound hop, while the "bad" networks go through level3. Inbound 
traceroutes (Comcast to Carleton) always seem to go through AT&T.

   137.22.69.254  137.22.69.253
71.63.168.1good (level3)   BAD (level3)
71.63.244.1good (level3)   BAD (level3)
74.19.4.1good (AT&T)good (AT&T)

Wild card: It might be relevant that Carleton was previously a UUNET customer, 
and that 137.22.69.254 was an IP address known to UUNET as a demarc point to be 
monitored. Maybe someone at UUNET failed to clear some filters some years ago, 
when we shut off our old T1.

Complications: Onvoy has agreed to be sold to Zayo Bandwidth, 
http://www.startribune.com/154/story/1378026.html; the technician with whom we 
are working at Onvoy appears to be proud of his A+ certification; and we are in 
a semi-rural market with no short-term alternative for Internet service, and 
freshmen arriving in one week. Help!
 
Here's how St Olaf sees the world. 71.63.168.1 is a "bad" address, > 50% packet 
loss. 73.112.232.1 is a "good" address, 0% loss.

cisco7200#show ip bgp sum
BGP router identifier 130.71.196.25, local AS number 21951
BGP table version is 31337554, main routing table version 31337554
224927 network entries using 26316459 bytes of memory
245363 path entries using 12758876 bytes of memory
44821/40648 BGP path/bestpath attribute entries using 5557804 bytes of memory
37918 BGP AS-PATH entries using 1026100 bytes of memory
516 BGP community entries using 18954 bytes of memory
1 BGP extended community entries using 24 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 45678217 total bytes of memory
11380 received paths for inbound soft reconfiguration
BGP activity 1786406/1561479 prefixes, 3731508/3486145 paths, scan interval
60 secs

NeighborVAS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
137.192.32.173  4  5006 9156558 2056473 3133754900 23w6d  222602
192.42.152.218  457 3531028  478950 3133754100 1d10h   11380


cisco7200#show ip bgp neighbors 137.192.32.173 routes | include 13367
*  24.31.0.0/19 137.192.32.173 0 5006 7018 13367
13367 13367 13367 i
*> 24.118.0.0/18137.192.32.173 0 5006 7018 13367
13367 13367 13367 i
*  24.118.0.0/16137.192.32.173 0 5006 3549 3356
13367 13367 13367 13367 13367 13367 i
*> 24.118.64.0/18   137.192.32.173 0 5006 3549 3356
13367 13367 13367 13367 i
*> 24.118.128.0/19  137.192.32.173 0 5006 7018 13367
13367 13367 13367 i
*> 24.118.160.0/19  137.192.32.173 0 5006 3549 3356
13367 13367 13367 13367 i
*> 24.118.192.0/18  137.192.32.173 0 5006 7018 13367
13367 13367 13367 i
*> 24.131.128.0/18  137.192.32.173 0 5006 7018 13367
13367 13367 13367 i
*> 24.245.0.0/19137.192.32.173 0 5006 3549 3356
13367 13367 13367 13367 i
*  24.245.0.0/18137.192.32.173 0 5006 7018 13367
13367 13367 13367 13367 i
*> 24.245.32.0/19   137.192.32.173 0 5006 3549 3356
13367 13367 13367 13367 i
*  24.245.64.0/20   137.192.32.173 0 5006 3549 3356
13367 13367 13367 13367 i
*> 66.41.0.0/18 137.192.32.173 0 5006 7018 13367
13367 13367 13367 i
*  66.41.0.0/16 137.192.32.173 0 5006 3549 3356
13367 13367 13367 13367 13367 13367 i
*> 66.41.64.0/18137.192.32.173 0 5006 7018 13367
13367 13367 13367 i
*> 66.41.128.0/18   137.192.32.173 0 5006 3549 3356
13367 13367 13367 133

RE: UUNET issues?

[Ed Ray]

http://www.bitdefender.com


-

Re: UUNET issues?

[Donald Stahl]

As for the LSA issue- rebooting would have fixed the problem, assuming it was 
done by all nodes at the same time. All of the Link State tables would have 
been rebuilt from scratch by the IMPs and the corrupt announcements would 
have been gone.

Turns out this is actually mentioned on page 14 of RFC 789.

As I recall the IMP software was actually patched to ignore the problematic 
announcements from IMP 51.

Not that it matters- but it was IMP 50 not 51.

-Don

Re: UUNET issues?

[Donald Stahl]

Anyway, I don't think that would have helped if you're talking about the
same incident I'm thinking of.  There were application-level
retransmissions of (corrupted) packets, complete with building new bad
packets from bad data structures, all over the net

The problem is documented in RFC 789  It and "The Bug Heard 'Round the
World" are two of my favorite "how complex systems fail" papers; all
system designers should read, memorize, and undertand both.
I actually asked Stephen if he was referring to the LSA corruption problem 
and he said he was referring to an earlier issue (circa 1972).


As for the LSA issue- rebooting would have fixed the problem, assuming it 
was done by all nodes at the same time. All of the Link State tables would 
have been rebuilt from scratch by the IMPs and the corrupt announcements 
would have been gone.


As I recall the IMP software was actually patched to ignore the 
problematic announcements from IMP 51.


-Don

Re: UUNET issues?

[Steven M. Bellovin]

On Sun, 05 Nov 2006 07:16:07 -0800, Stephen Satchell <[EMAIL PROTECTED]>
wrote:

> 
> David Lesher wrote:
> > Speaking on Deep Background, the Press Secretary whispered:
> >> On Nov 5, 2006, at 1:51 AM, Randy Bush wrote:
> >> "Could you be any less descriptive of the problem you are seeing?"
> > the internet is broken.  anyone know why?
>  Did you ping it?
> >>> is that what broke it?
> >> I'm sure it just needs to be rebooted.
> > Is this the day we disconnect everything and blow all the dirt out?
> 
> You only *think* you are joking.  I still remember the Day of the Great 
> Restart when everyone on the ARPAnet had to shut down the IMPs and TIPs, 
> and reload the control software.  Why?  There were literally thousands 
> of rogue packets flying around the net, eating up bandwidth (and in 
> those days, we are talking 56 kbps links!) and boy were those 
> tubie-thingies plugged up!
> 
> Shortly after that cusp event, per-packet TTL field was added to the NTP 
> protocol, which is why TCP/IP has the TTL field in the IP packet.

I assume you mean NCP rather than NTP.

Anyway, I don't think that would have helped if you're talking about the
same incident I'm thinking of.  There were application-level
retransmissions of (corrupted) packets, complete with building new bad
packets from bad data structures, all over the net

The problem is documented in RFC 789  It and "The Bug Heard 'Round the
World" are two of my favorite "how complex systems fail" papers; all
system designers should read, memorize, and undertand both.
> 
> The network had added to it a self-cleaning function.  Think of it as 
> one long continuous sneeze.
> 


--Steven M. Bellovin, http://www.cs.columbia.edu/~smb

Re: UUNET issues?

[Stephen Satchell]

David Lesher wrote:

Speaking on Deep Background, the Press Secretary whispered:

On Nov 5, 2006, at 1:51 AM, Randy Bush wrote:

"Could you be any less descriptive of the problem you are seeing?"

the internet is broken.  anyone know why?

Did you ping it?

is that what broke it?

I'm sure it just needs to be rebooted.

Is this the day we disconnect everything and blow all the dirt out?


You only *think* you are joking.  I still remember the Day of the Great 
Restart when everyone on the ARPAnet had to shut down the IMPs and TIPs, 
and reload the control software.  Why?  There were literally thousands 
of rogue packets flying around the net, eating up bandwidth (and in 
those days, we are talking 56 kbps links!) and boy were those 
tubie-thingies plugged up!


Shortly after that cusp event, per-packet TTL field was added to the NTP 
protocol, which is why TCP/IP has the TTL field in the IP packet.


The network had added to it a self-cleaning function.  Think of it as 
one long continuous sneeze.

Re: UUNET issues?

[David Lesher]

Speaking on Deep Background, the Press Secretary whispered:
> 
> 
> 
> On Nov 5, 2006, at 1:51 AM, Randy Bush wrote:
> 
> >
>  "Could you be any less descriptive of the problem you are seeing?"
> >>> the internet is broken.  anyone know why?
> >> Did you ping it?
> >
> > is that what broke it?
> 
> I'm sure it just needs to be rebooted.

Is this the day we disconnect everything and blow all the dirt out?


-- 
A host is a host from coast to [EMAIL PROTECTED]
& no one will talk to a host that's close[v].(301) 56-LINUX
Unless the host (that isn't close).pob 1433
is busy, hung or dead20915-1433

Re: UUNET issues?

[Marshall Eubanks]

On Nov 5, 2006, at 1:51 AM, Randy Bush wrote:




"Could you be any less descriptive of the problem you are seeing?"

the internet is broken.  anyone know why?

Did you ping it?


is that what broke it?


I'm sure it just needs to be rebooted.

Re: UUNET issues?

[bmanning]

On Sun, Nov 05, 2006 at 03:39:57AM +, Chris L. Morrow wrote:
> > On Nov 4, 2006, at 7:54 PM, Herb Leong wrote:
> >
> > >
> > > Hi,
> > >
> > >   Anyone being impacted by UUNET?
> 
> I'm fairly sure I'm not the only one who's said this in the last (pick a
> months long period of time, I'll guess 6): "Could you be any less
> descriptive of the problem you are seeing?"

Perhaps he should see a dentist?

"Wisdom Teeth are impacted, people are affected by the effects of events."
from Rick Jones sig...  

--bill

Re: UUNET issues?

[Mark Smith]

On Sat, 4 Nov 2006 22:55:46 -0800
Michael Smith <[EMAIL PROTECTED]> wrote:

> 
> 
> On Nov 4, 2006, at 10:51 PM, Randy Bush wrote:
> 
>  "Could you be any less descriptive of the problem you are seeing?"
> >>> the internet is broken.  anyone know why?
> >> Did you ping it?
> >
> > is that what broke it?
> 
> Please.  That's how you *know* it's broken.
> 

With the prevalence of firewalls, I've found broken traceroutes to be a
much more reliable indicator of broken Internettedness.

-- 

"Sheep are slow and tasty, and therefore must remain constantly
 alert."
   - Bruce Schneier, "Beyond Fear"

Re: UUNET issues?

[Michael Smith]

On Nov 4, 2006, at 10:51 PM, Randy Bush wrote:


"Could you be any less descriptive of the problem you are seeing?"

the internet is broken.  anyone know why?

Did you ping it?


is that what broke it?


Please.  That's how you *know* it's broken.

Re: UUNET issues?

[Randy Bush]

>>> "Could you be any less descriptive of the problem you are seeing?"
>> the internet is broken.  anyone know why?
> Did you ping it?

is that what broke it?

Re: UUNET issues?

[Michael Smith]

On Nov 4, 2006, at 7:45 PM, Randy Bush wrote:



Chris L. Morrow wrote:

"Could you be any less descriptive of the problem you are seeing?"


the internet is broken.  anyone know why?


Did you ping it?

Mike

Re: UUNET issues?

[Mark Smith]

> the internet is broken.  anyone know why?
No.

Re: UUNET issues?

[nealr]

I'm fairly sure I'm not the only one who's said this in the last (pick a
months long period of time, I'll guess 6): "Could you be any less
descriptive of the problem you are seeing?"
  


   Ya know ... this whole descriptiveness thing has to be my biggest 
pet peeve. I have a couple of things going at any given time and I just 
*love* when I get an email entitled "can you fix this?" Bad enough when 
its a customer, worse when its the guys I work with - the best response 
to these sorts of things coming from an internal address is "maybe" and 
don't elaborate :-) They either take the hint and put a proper title on 
it with a cc: to our project manager, or they fix it themselves.

Re: UUNET issues?

[Matthew Petach]

On 11/4/06, Randy Bush <[EMAIL PROTECTED]> wrote:

Chris L. Morrow wrote:
> "Could you be any less descriptive of the problem you are seeing?"

the internet is broken.  anyone know why?


Because we didn't deploy IPv6 quickly enough?   ;P

Matt

Re: UUNET issues?

[Randy Bush]

Chris L. Morrow wrote:
> "Could you be any less descriptive of the problem you are seeing?"

the internet is broken.  anyone know why?

Re: UUNET issues?

[Chris L. Morrow]

> On Nov 4, 2006, at 7:54 PM, Herb Leong wrote:
>
> >
> > Hi,
> >
> >   Anyone being impacted by UUNET?

I'm fairly sure I'm not the only one who's said this in the last (pick a
months long period of time, I'll guess 6): "Could you be any less
descriptive of the problem you are seeing?"

Also, did you contact customer support?  (I'mm guessing yoyu aren't a
uunet customer based on email/mx locations only though)

Re: UUNET issues?

[Elijah Savage]

Two different transits here as well and nothing out of the norm.
--
 Elijah Savage   |  AOL IM:layer3rules
 Senior Network Engineer |  When it has to be switched or routed.
 http://www.digitalrage.org  |  The Information Technology News Center
- http://www.digitalrage.org/?page_id=46 for pgp public key


On Nov 4, 2006, at 7:54 PM, Herb Leong wrote:



Hi,

  Anyone being impacted by UUNET?

/herb

Re: UUNET issues?

[Jay Hennigan]

Herb Leong wrote:

Hi,

  Anyone being impacted by UUNET?


Nothing unusual here, we are AS4927 connecting to AS701 in Los Angeles.

--
Jay Hennigan - CCIE #7880 - Network Administration - [EMAIL PROTECTED]
NetLojix Communications, Inc.  -  http://www.netlojix.com/
WestNet:  Connecting you to the planet.  805 884-6323 - WB6RDV

UUNET issues?

[Herb Leong]

Hi,

  Anyone being impacted by UUNET?

/herb

Re: Abovenet vs UUnet

[Bill Stewart]

Even if you decide you don't need to use a formal RFP process to make
your purchasing decision from the dozens of Tier 1, Tier 2, and Tier 3
ISPs that can handle your locations, you might want to do a draft of
an RFP to identify what requirements are important to you and what
requirements are less important.

That's especially true when you're talking about latency - latency
from where to where, at what bandwidths?   Some carriers publish
"average" latencies, using statistical methods with dubious
assumptions designed to make them look good (:-) (My employer's
dubious numbers are about 10ms better than some other carriers'
dubious numbers, but of course I'm not speaking for them and a lot of
the difference is geographical concentration), but for the most part
the dominant factors in latency are average distance (speed of light
in fiber is about 1ms per 100 miles) and insertion delay on smaller
access lines (1500 byte packet takes about 8ms on a T1 - insertion
delay is negligible for T3 and above.)   If there's a specific
destination you're trying to get to, then sometimes peering locations
make a difference - if you're in Denver trying to connect to another
Denver location on some third-party DSL, are you going through a
peering point in San Francisco or Seattle or Singapore?  If you're
crossing an ocean, does the carrier you're looking at route traffic
across the North Pacific or the South Pacific or both?

Or are you really more concerned about having an abuse desk that
works, or about access line diversity, or is price 90% of the decision
criteria, or are you trying to take advantage of different carriers'
peering patterns, etc.?

Re: Abovenet vs UUnet

[Daniel Golding]

On 3/28/06 8:58 AM, "Patrick W. Gilmore" <[EMAIL PROTECTED]> wrote:


> 
> Why would someone believe what the networks tell them over what other
> _users'_ experiences are?  You say it is a good basis for comparison,
> but I have trouble believing that - unless you mean: "A good basis to
> see which network's marketing department is better."
> 
> If I were doing things like leased lines or dark fiber - something
> more objective and not quite such a moving target - an RFP might make
> sense.  For things like transit, you need real people who know how
> networks really react to real problems, how networks really pass real
> packets, how clueful real network NOC techs are, etc., etc.  None of
> these are covered in RFPs (despite what the networks might tell you).
> 
> So thanx for the suggestion, but I think I'll stick with _customer_
> feedback rather than what the networks want to tell me themselves.
> 
> Also, many networks will not respond to an RFP for the levels of
> traffic people here are considering.

Those who don't believe that an RFP can work for them don't know how to
write an appropriate RFP.

Clue level is important, but frankly, less important than it used to be, now
that the business of building large IP networks is a more or less known
quantity. 

How to assess support? There are plenty of metrics like time to resolve
complaints, and percentage of issues resolved in a single call (very
important). Escalation paths are also an important element of an RFP.

Getting hard numbers on stuff like packet loss across peering and upstream
transit links is important and an RFP is a good way to get these numbers
with more assurance than an email from your sales rep.

Of course, there are plenty of silly RFP questions like "who do you peer
with and where" - with no mention of capacities or utilization!

-- 
Daniel Golding

Re: Abovenet vs UUnet

[Peter Cohen]

On 3/28/06, Patrick W. Gilmore <[EMAIL PROTECTED]> wrote:
>
> On Mar 28, 2006, at 8:42 AM, Peter Cohen wrote:
>
> > On 3/27/06, andrew matthews <[EMAIL PROTECTED]> wrote:
> >>
> >> So here is the deal, I've delt with both uunet and abovenet (mfn now)
> >> in the past. And a long time ago i switched from abovenet to uunet
> >> when i was with a different company.
> >>
> >> Now i'm with a company that has level 3 and Abovenet. Currently the
> >> way the pricing is layed out is by staying with abovenet i'll save
> >> about $1300 over UUnet. Money isn't too much of a concern currently
> >> abovenet is much higher but we are at the time were we need to renew
> >> our contract and we got it with a lower price.
> >>
> >> So which way? Abovenet or UUnet.. what are the pros and cons that
> >> you've experienced and what kind of latency do you have over the
> >> providers.
> >
> > Why don't you put together an RFP that addresses your most important
> > requirements and send it out to several networks in order to get a
> > basis from which to compare them, not just on price?I mentioned a
> > few weeks ago that an RFP would be a good basis from which to compare
> > different networks objectively, instead of what opinions people might
> > have with any given provider.   Also, where you are could eliminate or
> > "no bid" some responses due to their congestion, lack of network
> > there, etc...I hope that helps!  There has to be some generic
> > rfp's floating around the net that you can copy from (or not).Good
> > luck.
>
> Why would someone believe what the networks tell them over what other
> _users'_ experiences are?  You say it is a good basis for comparison,
> but I have trouble believing that - unless you mean: "A good basis to
> see which network's marketing department is better."
>
> If I were doing things like leased lines or dark fiber - something
> more objective and not quite such a moving target - an RFP might make
> sense.  For things like transit, you need real people who know how
> networks really react to real problems, how networks really pass real
> packets, how clueful real network NOC techs are, etc., etc.  None of
> these are covered in RFPs (despite what the networks might tell you).
>
> So thanx for the suggestion, but I think I'll stick with _customer_
> feedback rather than what the networks want to tell me themselves.
>
> Also, many networks will not respond to an RFP for the levels of
> traffic people here are considering.
>
> --
> TTFN,
> patrick
>
> P.S. This is not a slam on Peter just 'cause Telia is proud of their
> RFP response department.  If you have to go the RFP route, it's nice
> to know that there's a network out there who is good at responding to
> them.
>

RFP's are a good balance to individual experiences, plus you get
something on paper from which to compare network A with network B, and
how completely/accurately, willingly they answer questions.   Use them
both together to get a better methodology for selecting a network.

Every network looking for fiber/colo/transit/etc... is going to be
different, and have a different opinion on what part of their needs is
most important.   Put it down on paper, send it out for some responses
and hopefully... suppliers will be honest.  Good luck.
Peter Cohen

Re: Abovenet vs UUnet

[Patrick W. Gilmore]

On Mar 28, 2006, at 8:42 AM, Peter Cohen wrote:


On 3/27/06, andrew matthews <[EMAIL PROTECTED]> wrote:


So here is the deal, I've delt with both uunet and abovenet (mfn now)
in the past. And a long time ago i switched from abovenet to uunet
when i was with a different company.

Now i'm with a company that has level 3 and Abovenet. Currently the
way the pricing is layed out is by staying with abovenet i'll save
about $1300 over UUnet. Money isn't too much of a concern currently
abovenet is much higher but we are at the time were we need to renew
our contract and we got it with a lower price.

So which way? Abovenet or UUnet.. what are the pros and cons that
you've experienced and what kind of latency do you have over the
providers.


Why don't you put together an RFP that addresses your most important
requirements and send it out to several networks in order to get a
basis from which to compare them, not just on price?I mentioned a
few weeks ago that an RFP would be a good basis from which to compare
different networks objectively, instead of what opinions people might
have with any given provider.   Also, where you are could eliminate or
"no bid" some responses due to their congestion, lack of network
there, etc...I hope that helps!  There has to be some generic
rfp's floating around the net that you can copy from (or not).Good
luck.


Why would someone believe what the networks tell them over what other  
_users'_ experiences are?  You say it is a good basis for comparison,  
but I have trouble believing that - unless you mean: "A good basis to  
see which network's marketing department is better."


If I were doing things like leased lines or dark fiber - something  
more objective and not quite such a moving target - an RFP might make  
sense.  For things like transit, you need real people who know how  
networks really react to real problems, how networks really pass real  
packets, how clueful real network NOC techs are, etc., etc.  None of  
these are covered in RFPs (despite what the networks might tell you).


So thanx for the suggestion, but I think I'll stick with _customer_  
feedback rather than what the networks want to tell me themselves.


Also, many networks will not respond to an RFP for the levels of  
traffic people here are considering.


--
TTFN,
patrick

P.S. This is not a slam on Peter just 'cause Telia is proud of their  
RFP response department.  If you have to go the RFP route, it's nice  
to know that there's a network out there who is good at responding to  
them.

Re: Abovenet vs UUnet

[Peter Cohen]

On 3/27/06, andrew matthews <[EMAIL PROTECTED]> wrote:
>
> So here is the deal, I've delt with both uunet and abovenet (mfn now)
> in the past. And a long time ago i switched from abovenet to uunet
> when i was with a different company.
>
> Now i'm with a company that has level 3 and Abovenet. Currently the
> way the pricing is layed out is by staying with abovenet i'll save
> about $1300 over UUnet. Money isn't too much of a concern currently
> abovenet is much higher but we are at the time were we need to renew
> our contract and we got it with a lower price.
>
> So which way? Abovenet or UUnet.. what are the pros and cons that
> you've experienced and what kind of latency do you have over the
> providers.

Why don't you put together an RFP that addresses your most important
requirements and send it out to several networks in order to get a
basis from which to compare them, not just on price?I mentioned a
few weeks ago that an RFP would be a good basis from which to compare
different networks objectively, instead of what opinions people might
have with any given provider.   Also, where you are could eliminate or
"no bid" some responses due to their congestion, lack of network
there, etc...I hope that helps!  There has to be some generic
rfp's floating around the net that you can copy from (or not).Good
luck.

Peter Cohen

>
> I appreciate your feedback. Thanks
>
> Andrew
>

Abovenet vs UUnet

[andrew matthews]

So here is the deal, I've delt with both uunet and abovenet (mfn now)
in the past. And a long time ago i switched from abovenet to uunet
when i was with a different company.

Now i'm with a company that has level 3 and Abovenet. Currently the
way the pricing is layed out is by staying with abovenet i'll save
about $1300 over UUnet. Money isn't too much of a concern currently
abovenet is much higher but we are at the time were we need to renew
our contract and we got it with a lower price.

So which way? Abovenet or UUnet.. what are the pros and cons that
you've experienced and what kind of latency do you have over the
providers.

I appreciate your feedback. Thanks

Andrew

Re: Sales contact at MCI/UUNET?

[Christopher L. Morrow]

pong I'll try to find you a sales-ish-person.

On Wed, 8 Mar 2006, Drew Weaver wrote:

>
>   I realize this is most likely off topic and is likely to get me
> flamed but I am in desperate need of the contact information for someone
> in sales or management at MCI/UUNET. We have been paying a reseller for
> a UUNET circuit for about 6 months and I guess he hasn't been paying
> MCI/UUNET for this circuit and he's telling us they're about to
> disconnect circuit and this would be absolutely catastrophic to us right
> now; so if anyone has the contact information of anyone that would be in
> a position to assist us in transitioning this circuit or making
> arrangements to get something done; we would be forever in your
> gratitude.
>
> Thanks,
> -Drew
>

Sales contact at MCI/UUNET?

[Drew Weaver]

I realize this is most likely off topic and is likely to get me
flamed but I am in desperate need of the contact information for someone
in sales or management at MCI/UUNET. We have been paying a reseller for
a UUNET circuit for about 6 months and I guess he hasn't been paying
MCI/UUNET for this circuit and he's telling us they're about to
disconnect circuit and this would be absolutely catastrophic to us right
now; so if anyone has the contact information of anyone that would be in
a position to assist us in transitioning this circuit or making
arrangements to get something done; we would be forever in your
gratitude.

Thanks,
-Drew

Re: UUNET connectivity in Minneapolis, MN

[Bob Vaughan]

[ Charset ISO-8859-1 unsupported, converting... ]
> 
> 

> 
> 
> During the Northridge earthquake (the one during the 
> world series in sf.ba.ca.us) there was a BUNCH of 
> disruption of the infrastructure, drives were shaken
> til they crashed, power wend down all over the area, 
> Telco lines got knocked down, underground vaults got
> flooded, and data centers went off line.
> 

Sorry.. wrong earthquake..

The Loma Prieta quake of 10/17/1989 occured during the opening
game of the World Series, featuring the San Francisco Giants,
and the Oakland Athletics in an all SF Bay area series.
The epicenter was in the Santa Cruz mountains, in the vicinity of 
Mt Loma Prieta. Commercial power was lost to much of the bay area.

The Northridge quake occured on 1/17/1994, in southern California.
The epicenter was located in the San Fernando Valley, 20 miles NW of
Los Angeles.

As far as I recall, network disruption was minimal following the 
Northridge quake, with a few sites offline {due to a machine room flooding
at UCLA?}




   -- Welcome My Son, Welcome To The Machine --
Bob Vaughan  | techie @ tantivy.net   |
 | P.O. Box 19792, Stanford, Ca 94309 |
-- I am Me, I am only Me, And no one else is Me, What could be simpler? --

Re: UUNET connectivity in Minneapolis, MN

[Warren Kumari]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

So I am standing in a datacenter fiddling with some fiber and  
listening to an electrician explaining to the datacenter owner how he  
has just finished auditing all of the backup power systems and that  
the transfer switch will work this time (unlike the last 3 times).  
This is making me a little nervous, but I keep quiet (unusual for  
me)... Electrician starts walking out of the DC, looks at the  
(glowing) Big Red Button (marked "Emergency Power Off") and says  
"Hey, why ya'll running on emergency power?" and presses BRB. Lights  
go dark, disks spin down, Warren takes his business elsewhere!


This is the same DC that had large basement mounted generators in a  
windowless building in NYC.  Weeks before the above incident they had  
tried to test the generator (one of the failed transfer switch  
incidents), but apparently no one knew that there were manual flues  
at the top of the exhausts Carbon monoxide, building evacuated...


Warren

On Aug 12, 2005, at 8:27 AM, [EMAIL PROTECTED] wrote:


On Fri, 12 Aug 2005 06:50:47 CDT, "James D. Butt" said:


Unless there is some sort of crazy story related to why a service  
provider

could not keep the lights on, this should have not been an issue with
proper operations and engineering.



So a while ago, we're in the middle of some major construction to  
put in
infrastructure for a supercomputer.  Meanwhile, as an unrelated  
project we
installed a new diesel backup generator to replace an older  
generator that was

undersized for our current systems, and take several hours of downtime
on a Saturday to wire the beast in.

The next Friday, some contractors are moving the entrance to our  
machine room

about 30 feet to the right, so you don't walk into the middle of the
supercomputer.  Worker A starts moving a small red switch unit from  
its
location next to where the door used to be to its new location next  
to where
the door was going to be.  Unfortunately, he did it before double- 
checking with

Worker B that the small red switch was disarmed...

Ka-blammo, a Halon dump... and of course that's interlocked with  
the power,

so once the Halon stopped hissing, it was *very* quiet in there.

Moral: It only takes one guy with a screwdriver.



-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (Darwin)

iD8DBQFC/NVFHSkNr4ucEScRAkc9AKCnwraT9DztjAConsyuBZ7wDs/bJACgyrWR
e2zcwlIffPxhTKfFJWm3T3A=
=qDyJ
-END PGP SIGNATURE-

Re: UUNET connectivity in Minneapolis, MN

[Valdis . Kletnieks]

On Fri, 12 Aug 2005 06:50:47 CDT, "James D. Butt" said:

> Unless there is some sort of crazy story related to why a service provider 
> could not keep the lights on, this should have not been an issue with 
> proper operations and engineering.

So a while ago, we're in the middle of some major construction to put in
infrastructure for a supercomputer.  Meanwhile, as an unrelated project we
installed a new diesel backup generator to replace an older generator that was
undersized for our current systems, and take several hours of downtime
on a Saturday to wire the beast in.

The next Friday, some contractors are moving the entrance to our machine room
about 30 feet to the right, so you don't walk into the middle of the
supercomputer.  Worker A starts moving a small red switch unit from its
location next to where the door used to be to its new location next to where
the door was going to be.  Unfortunately, he did it before double-checking with
Worker B that the small red switch was disarmed...

Ka-blammo, a Halon dump... and of course that's interlocked with the power,
so once the Halon stopped hissing, it was *very* quiet in there.

Moral: It only takes one guy with a screwdriver.


pgp0RjP3GJTEP.pgp
Description: PGP signature

RE: UUNET connectivity in Minneapolis, MN

[Charles Cala]

 -Original Message-
 From: [EMAIL PROTECTED]
 On Behalf Of James D. Butt
  > Unless there is some sort of crazy story related
 > to why a service provider
 > could not keep the lights on, this should have not
 > been an issue with
 > proper operations and engineering.

6 stories from the trenches


Once a back hoe decided to punch through a high
pressure natural gas main, right outside 
our offices. The fire department had us 
shut down ANYTHING that MIGHT make a spark. 
No nothing was able to run. It did not matter 
that we had uspes and such, 
all went dark for hours.


During the Northridge earthquake (the one during the 
world series in sf.ba.ca.us) there was a BUNCH of 
disruption of the infrastructure, drives were shaken
til they crashed, power wend down all over the area, 
Telco lines got knocked down, underground vaults got
flooded, and data centers went off line.


When ISDN was king(or ya get a t-1), 
I worked for an ISP in the bay area that 
was one of the few to have SOME 
connectivity when mae-w went down. We had a t-1 that 
went “north” to another exchange point, and even
though 
that little guy had %50+ packet loss, it kept
chugging. 
We were one of the few isp’s that 
had ANY net connection, most of the people 
went in through their local MAE , 
(that was in the days before connecting 
to a MAE required that you be connected to 
several other MAE’s)


Once while working for a startup in SF, 
I pushed for upses and backup power gen 
sets for our rack of boxes, and I was told 
that we were "in the middle of the finintial district 
of SF, that bart/the cable cars ran near by, 
and that a big huge sub station with in 
rock throwing distance of our building, 
not to mention a power plant a couple 
miles away. There was no reason for us to 
invest in backup gen sets, or hours of 
ups time…. I asked what the procedure 
was if we lost power for an extended 
period of time, and I was told, “we go home”

we…… the power went off to the 
entire SF region, and I was able to shut 
down the equipment with out to 
much trouble, cause my laptop was plugged into a ups 
(at my desk) and the critical servers were on a ups,
as 
well as the hub I was on. After I verified that we
were 
stil up at our co-lo (via my CDPD modem) 
I stated the facts to my boss, and told him 
that I was following his established 
procedure for extended power loss. 
I was on my way home. (boss=not happy)

A backup generator failed at a co-lo because 
of algae in the diesel fuel. 

Another time a valve broke in the buildings HVAC
system 
sending pink gooey water under the door , 
and into the machine room.

There are reasons why a bunch of 9’s piled together,

weird stuff does happen. This is nanog, each 
‘old timer’ has a few dozen of these events 
they can relate.

The first 2 ya realy can’t prepare for other 
than for all your stuff to be mirrored 
‘some place else’, the rest are preventable, 
but they were still rare.

( back to an operational slant)
Get a microwave t-2 and shoot it over to some 
other building, get a freaking cable modem as 
a backup, or find another way to get your lines out.

 If having things work is important to you, 
YOU should make sure it happens!

If people are preventing you from doing your job 
(having servers up and reachable) CYA, and 
point it out in the post mortem.


-charles

Curse the dark, or light a match. You decide, it's your dark.
Valdis.Kletnieks in NANOG

Re: UUNET connectivity in Minneapolis, MN

[Michael . Dillon]

> Unless there is some sort of crazy story related to why a service 
provider 
> could not keep the lights on, this should have not been an issue with 
> proper operations and engineering.

I'll let others tell you about the rat that caused a
short circuit when Stanford attempted to switch to
backup power. Or the time that fire crews told staff
to evacuate a Wiltel colo near San Jose because of a
backhoe that broke a gas pipe. The staff were prevented
from starting their backup generators after power to 
the neighborhood was cut.

In my opinion, the only way to solve this problem is
to locate colos and PoPs in clusters within a city
and deliver resilient DC power to these clusters from
a central redundant generator plant. The generator plants,
transmission lines and clusters can be engineered for
resiliency. And then the highly flammable and dangerous
quantities of fuel can be localized in a generator plant
where they can be kept a safe distance from residential 
and office buildings.

Unfortunately, to do this sort of thing requires vision
which is something that has been lacking in the network
operations field of late.

--Michael Dillon

RE: UUNET connectivity in Minneapolis, MN

[James D. Butt]

Yes that is an exception... not what happened in this case

You can come up with a lot of valid exceptions...

There are many reasons why a Tier 1 provider does not stick all its eggs 
in multi-tenant buildings... smart things can be done with site selection. 
I am not saying ever customer needs to keep their network like this... but 
the really bug guys at the core of their network yes.



JD


On Fri, 12 Aug 2005, Geo. wrote:



-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of
James D. Butt


Unless there is some sort of crazy story related to why a service provider
could not keep the lights on, this should have not been an issue with
proper operations and engineering.


The building where one of our nodes sites got hit with an electrical fire in
the basement one day, the fire department shut off all electrical to the
whole building including the big diesel generators sitting outside the back
of the building so all we had was battery power until that ran out 6 hours
later.

How do you prepare for that?

Geo.

George Roettger
Netlink Services

RE: UUNET connectivity in Minneapolis, MN

[Geo.]

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of
James D. Butt

> Unless there is some sort of crazy story related to why a service provider
> could not keep the lights on, this should have not been an issue with
> proper operations and engineering.

The building where one of our nodes sites got hit with an electrical fire in
the basement one day, the fire department shut off all electrical to the
whole building including the big diesel generators sitting outside the back
of the building so all we had was battery power until that ran out 6 hours
later.

How do you prepare for that?

Geo.

George Roettger
Netlink Services

Re: UUNET connectivity in Minneapolis, MN

[James D. Butt]

I certainly understand why utility power goes out and that is the reason 
why MCI loosing power confuses me.  I am pretty sure that someone at MCI 
also realizes why the blackout happens and how fragile things are.


It is irresponsible for a Tier 1 infrastructure provider to not be able to 
generate their own and have large chunks of their network fail do to the 
inability to power it. I bet you every SBC CO in the affected area was 
still pushing power out to customer prems.


Unless there is some sort of crazy story related to why a service provider 
could not keep the lights on, this should have not been an issue with 
proper operations and engineering.


JD


On Fri, 12 Aug 2005 [EMAIL PROTECTED] wrote:




Not sure I understand how on earth something like this happens... power

is

not that confusing to make sure it does not stop working.


Is that so?

Have you read the report on the Northeast blackout of 2003?
https://reports.energy.gov/

--Michael Dillon

Re: UUNET connectivity in Minneapolis, MN

[Michael . Dillon]

> Not sure I understand how on earth something like this happens... power 
is 
> not that confusing to make sure it does not stop working.

Is that so?

Have you read the report on the Northeast blackout of 2003?
https://reports.energy.gov/

--Michael Dillon

Re: UUNET connectivity in Minneapolis, MN

[Jerry Pasker]

ATT must adhere to some diffrent engineering standards; as well 
devices we monitor there were all fine no blips... but all of the 
MCI customers we have in IL, MI, WI, MN all had issues...



Power went out at 4:30 ish and ckts all dumped about 8:30 pm...

Then bounced until 6:30 AM this morning.

Not sure I understand how on earth something like this happens... 
power is not that confusing to make sure it does not stop working.


JD




Maybe they actually *HAVE* standby generators.  I have no sympathy 
for any provider for failure to plan for the inevitable power 
failure.  I only have moderate sympathy for a failed standby 
generator. It's a diesel bolted to an alternator.  The design was 
solidly debugged by the 1930s. exercise it, be obsessive about 
preventative maintenance, keep the fuel polished, have extra filters 
on hand,  and it will rarely let you down.  Having to dish out SLA 
credits isn't punishment enough for failing to have standby power.


On the other hand, if the customers are in contract, and a provider 
can get away with having their network fall down when there's a power 
outage and few if any customers actually go through the hassle of 
seeking SLA reimbursement, then it's really the customers' fault for 
the provider not having a generator.   Yup, this is the screwed up 
world we live in. :-)

Re: UUNET connectivity in Minneapolis, MN

[Jerry Pasker]

Hi Chris,

It seems all 800 numbers I have is busy.
I heard that there was fire around home depot in Down Grove area,
and it did hit the power grid, so UUNET/MCI POP lost the power.
UUNET/MCI tech - Fortunately, our Network management center tech has 
the number for him - said he is waiting

for generator coming in, but NO estimated time for recovery.

Hyun




Did the generator at the POP fail, causing this outage?  Or is this a 
POP without standby generation?


-Jerry

Re: UUNET connectivity in Minneapolis, MN

[James D. Butt]

we had a loss of comercial power(coned) in the downers grove terminal.
terminal is up on generator power now.



that seems to map to the internal firedrill as well, anyone else hit by
this event?



Electric utility had a sub-station burn up. resulting in a medium-sized
geographic area without power -- something like 17,000 residences according
to news reports (no numbers on 'commercial' custeomrs provided).

AT&T has a facility in the affected area, and were also without utility power.

Rumor mill says that Sprint had a (moderately small) number of T-3 circuits
affected, as well.



ATT must adhere to some diffrent engineering standards; as well devices we 
monitor there were all fine no blips... but all of the MCI customers we 
have in IL, MI, WI, MN all had issues...



Power went out at 4:30 ish and ckts all dumped about 8:30 pm...

Then bounced until 6:30 AM this morning.

Not sure I understand how on earth something like this happens... power is 
not that confusing to make sure it does not stop working.


JD

RE: UUNET connectivity in Minneapolis, MN

[Erik Sundberg]

info from the local news stations

http://www.nbc5.com/news/4836579/detail.html?z=dp&dpswid=2265994&dppid=65192

http://www.chicagotribune.com/news/local/chi-050811outage,0,6108555.story?co
ll=chi-news-hed



> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of
> Robert Bonomi
> Sent: Thursday, August 11, 2005 11:17 AM
> To: nanog@merit.edu
> Subject: Re: UUNET connectivity in Minneapolis, MN
>
>
>
> > Date: Thu, 11 Aug 2005 16:06:05 + (GMT)
> > From: "Christopher L. Morrow" <[EMAIL PROTECTED]>
> > Subject: Re: UUNET connectivity in Minneapolis, MN
> >
> > On Thu, 11 Aug 2005 [EMAIL PROTECTED] wrote:
> >
> > > we had a loss of comercial power(coned) in the downers grove terminal.
> > > terminal is up on generator power now.
> > >
> >
> > that seems to map to the internal firedrill as well, anyone else hit by
> > this event?
> >
>
> Electric utility had a sub-station burn up. resulting in a medium-sized
> geographic area without power -- something like 17,000 residences
> according
> to news reports (no numbers on 'commercial' custeomrs provided).
>
> AT&T has a facility in the affected area, and were also without
> utility power.
>
> Rumor mill says that Sprint had a (moderately small) number of
> T-3 circuits
> affected, as well.
>
>
>

Re: UUNET connectivity in Minneapolis, MN

[Robert Bonomi]

> Date: Thu, 11 Aug 2005 16:06:05 + (GMT)
> From: "Christopher L. Morrow" <[EMAIL PROTECTED]>
> Subject: Re: UUNET connectivity in Minneapolis, MN
>
> On Thu, 11 Aug 2005 [EMAIL PROTECTED] wrote:
>
> > we had a loss of comercial power(coned) in the downers grove terminal.
> > terminal is up on generator power now.
> >
>
> that seems to map to the internal firedrill as well, anyone else hit by
> this event?
>

Electric utility had a sub-station burn up. resulting in a medium-sized 
geographic area without power -- something like 17,000 residences according 
to news reports (no numbers on 'commercial' custeomrs provided).

AT&T has a facility in the affected area, and were also without utility power.

Rumor mill says that Sprint had a (moderately small) number of T-3 circuits 
affected, as well.

Re: UUNET connectivity in Minneapolis, MN

[Christopher L. Morrow]

On Thu, 11 Aug 2005 [EMAIL PROTECTED] wrote:

> we had a loss of comercial power(coned) in the downers grove terminal.
> terminal is up on generator power now.
>

that seems to map to the internal firedrill as well, anyone else hit by
this event?

Re: UUNET connectivity in Minneapolis, MN

[Hyunseog Ryu]

Hi Chris,

It seems all 800 numbers I have is busy.
I heard that there was fire around home depot in Down Grove area,
and it did hit the power grid, so UUNET/MCI POP lost the power.
UUNET/MCI tech - Fortunately, our Network management center tech has the 
number for him - said he is waiting

for generator coming in, but NO estimated time for recovery.

Hyun


Christopher L. Morrow wrote:


traceroute or ping or end-node ip on your end... or did you call the
customer support crew and ask them?



--Chris
(formerly [EMAIL PROTECTED])
###
## UUNET Technologies, Inc.  ##
## Some Security Engineering Group   ##
## (W)703-886-3823 (C)703-338-7319   ##
###

On Wed, 10 Aug 2005, Erik Amundson wrote:

 


Anyone else having issues with UUNET connectivity in MSP?  We were
seeing slowness, now we see no traffic flow at all...we make it one hop,
then nothin'.


Erik Amundson
A+, N+, CCNA, CCNP
IT and Network Manager
Open Access Technology Int'l, Inc.
mailto:[EMAIL PROTECTED]

CONFIDENTIAL INFORMATION:  This email and any attachment(s) contain
confidential and/or proprietary information of Open Access Technology
International, Inc.  Do not copy or distribute without the prior written
consent of OATI.  If you are not a named recipient to the message,
please notify the sender immediately and do not retain the message in
any form, printed or electronic.


   




 

Re: UUNET connectivity in Minneapolis, MN

[Mike Sawicki]

On Thu, Aug 11, 2005 at 03:42:58AM +, Christopher L. Morrow wrote:
> 
> traceroute or ping or end-node ip on your end... or did you call the
> customer support crew and ask them?
> 

There was apparently a very serious fire at one or more of the
Chicago area hubs MCI manages.  They have a ticket #204 from today's
date tracking this.  I've been seeing reachability issues from the
mid/west coast to my sites in NYC and NJ.  I also have several
Internet T1's down in both MN and Cleveland, OH.

--
Mike Sawicki ([EMAIL PROTECTED])

Re: UUNET connectivity in Minneapolis, MN

[Christopher L. Morrow]

traceroute or ping or end-node ip on your end... or did you call the
customer support crew and ask them?



--Chris
(formerly [EMAIL PROTECTED])
###
## UUNET Technologies, Inc.  ##
## Some Security Engineering Group   ##
## (W)703-886-3823 (C)703-338-7319   ##
###

On Wed, 10 Aug 2005, Erik Amundson wrote:

> Anyone else having issues with UUNET connectivity in MSP?  We were
> seeing slowness, now we see no traffic flow at all...we make it one hop,
> then nothin'.
>
>
> Erik Amundson
> A+, N+, CCNA, CCNP
> IT and Network Manager
> Open Access Technology Int'l, Inc.
> mailto:[EMAIL PROTECTED]
>
> CONFIDENTIAL INFORMATION:  This email and any attachment(s) contain
> confidential and/or proprietary information of Open Access Technology
> International, Inc.  Do not copy or distribute without the prior written
> consent of OATI.  If you are not a named recipient to the message,
> please notify the sender immediately and do not retain the message in
> any form, printed or electronic.
>
>

UUNET connectivity in Minneapolis, MN

[Erik Amundson]

Anyone else having 
issues with UUNET connectivity in MSP?  We were seeing slowness, now we see 
no traffic flow at all...we make it one hop, then nothin'.
 
 
Erik 
AmundsonA+, N+, CCNA, 
CCNPIT and 
Network ManagerOpen Access 
Technology Int'l, Inc.mailto:[EMAIL PROTECTED] 

 
CONFIDENTIAL 
INFORMATION:  This email and any attachment(s) contain confidential and/or 
proprietary information of Open Access Technology International, Inc.  Do 
not copy or distribute without the prior written consent of OATI.  If you 
are not a named recipient to the message, please notify the sender immediately 
and do not retain the message in any form, printed or 
electronic.
 

Re: UUNET peering policy

[Joe Provo]

On Mon, Jan 03, 2005 at 07:35:20PM -0500, Tom Vest wrote:
> 
> Hey, did anyone notice when UU peering policy explicitly incorporated 
> a requirement for number of transit customers served, measured by 
> unique AS?

It was between 18 and 28 August 2004.  I believe it was on Friday 
the 27th but my policy archiving was not accurate to < 48 hours.

 RSUC / GweepNet / Spunk / FnB / Usenix / SAGE

Re: UUNET peering policy

[joe mcguckin]

They probably had a near-peer experience with another network and decided to
'tighten' up the requirements...


On 1/3/05 4:35 PM, "Tom Vest" <[EMAIL PROTECTED]> wrote:

> 
> Hey, did anyone notice when UU peering policy explicitly incorporated a
> requirement for number of transit customers served, measured by unique
> AS?
> 
> Thanks,
> 
> Tom 
> 

-- 

Joe McGuckin

ViaNet Communications
994 San Antonio Road
Palo Alto, CA  94303

Phone: 650-213-1302
Cell:  650-207-0372
Fax:   650-969-2124

UUNET peering policy

[Tom Vest]

Hey, did anyone notice when UU peering policy explicitly incorporated a 
requirement for number of transit customers served, measured by unique 
AS?

Thanks,
Tom 

MCU/UUNet routing issues / packet loss this morning?

[Erik Amundson]

Hello NANOG!

 

Is anyone having routing issues or packet loss with
MCI/UUNet today?  I have an AS701 connection at my orginization, and we've
had thousands of customer calls starting at about 2:13AM CDT.  We've
shutdown 701 as a peer because traceroutes seem to expose some packet loss and
delay as soon as you enter UUNet's network.  We're going to open a trouble
ticket with MCI/UUNet, but I am wondering if other people are seeing the same
issue?

 

- Erik

 

 

Re: Attn MCI/UUNet - Massive abuse from your network

[Steve Linford]

From Ben Browning, received 29/6/04, 9:56 am -0700 (GMT):
 Steve Linford wrote:
 The statement by Ben Browning: "I know several businesses who have,
 and a great many people who have blocked UUNet space from sending
 them email ... by using ... the SBL" is false, the SBL has never
 blocked UUNet/MCI IP space that wasn't directly in the control of
 spammers. If Mr Browning does indeed know "several businesses and a
 great many people" whose UUNet/MCI IP space has been blocked by the
 SBL, then Mr Browning knows several spam outfits and a great many
 spammers.
 Let me rephrase: I know several businesses and a great many people who
 block *parts* of UUNet by the SBL and *larger* parts of it by means
 of SPEWS, blackholes.us, et al.
I obviously read more into it than you meant, sorry (I though you 
were implying we were blocking MCI IPs above and in addition to IPs 
belonging to spammers, something we try hard not to do).

 Regardless, the SBL does block *some* UUNet space, much of
 which(according to responses here) no longer belongs to the
 spammers.
That's correct. At a guess I'd say possibly even 20% of our MCI 
listings are stale, and we don't know which ones. Without illegally 
scanning the MCI IPs to see what's running there we have very little 
way of knowing which spammers are departed or not, because MCI/UUNet 
Abuse will not tell us.

Unlike listings of normal providers which tend to manage themselves, 
MCI SBL listings continue to grow in number and are removed either 
because they've reached their time-out setting or because someone 
higher up yells and the Abuse guys get their fingers out. We see 
things start to happen when Christopher Morrow gets involved, but 
they soon revert if he's not chasing them. Vint Cerf is now aware of 
the situation so perhaps more might begin to move and we may soon see 
those MCI listings drop down, and maybe a refresh of MCI's AUP 
enforcement.

Thanks for voicing your opinion with MCI.
--
  Steve Linford
  The Spamhaus Project
  http://www.spamhaus.org

Re: Attn MCI/UUNet - Massive abuse from your network

[Ben Browning]

Steve Linford wrote:
The statement by Ben Browning: "I know several businesses who have,
and a great many people who have blocked UUNet space from sending
them email ... by using ... the SBL" is false, the SBL has never
blocked UUNet/MCI IP space that wasn't directly in the control of
spammers. If Mr Browning does indeed know "several businesses and a
great many people" whose UUNet/MCI IP space has been blocked by the
SBL, then Mr Browning knows several spam outfits and a great many
spammers.
Let me rephrase: I know several businesses and a great many people who
block *parts* of UUNet by the SBL and *larger* parts of it by means of 
SPEWS, blackholes.us, et al.

Regardless, the SBL does block *some* UUNet space, much of 
which(according to responses here) no longer belongs to the spammers.

Sorry for any confusion my poor choice of words may have caused.
--
   Ben Browning <[EMAIL PROTECTED]>
  The River Internet Access Co.
 WA Operations Manager
1-877-88-RIVER  http://www.theriver.com

Re: Attn MCI/UUNet - Massive abuse from your network

[Doug White]

:
: A simple "these statements are untrue, please contact me off list for the
: truth" is hardly unreasonable.
:
:
:
Unfortunately a restriction such as that on this list defeats the atmosphere of
openness and education for those who may be reading, but not necessarily
posting to the list.  Educating users, even if some of the subscribers are the
choir should be our collective goal.  In my case not all the conversations
(threads) on this list are pertinent to my operations but I still read them
all, and am educated from time to time as well, which makes it worth the
effort.  IMHO.

What I don't like to read are personal attacks or arrogance to the extreme.

Doug

Re: Attn MCI/UUNet - Massive abuse from your network

[Tom (UnitedLayer)]

On Sat, 26 Jun 2004, Richard Welty wrote:
> On Sat, 26 Jun 2004 10:50:12 -0700 (PDT) "Tom (UnitedLayer)" <[EMAIL PROTECTED]> 
> wrote:
> > The big deal is that spam complaining/etc is not operational content, and
> > there are several other lists to handle that sort of thing.
>
> but then, individuals get 1 free shot at saying things that are in
> some cases not true about spamhaus, and Steve is prohibited from
> attempting to correct them.

Steve can correct whomever he wants off list.
If he wants to do it on list, it better be for a good reason, no?
If the person posting the untrue information is not posting with
operational content, they should be censured as well...

A simple "these statements are untrue, please contact me off list for the
truth" is hardly unreasonable.

Re: Attn MCI/UUNet - Massive abuse from your network

[Richard Welty]

On Sat, 26 Jun 2004 10:50:12 -0700 (PDT) "Tom (UnitedLayer)" <[EMAIL PROTECTED]> wrote:
> The big deal is that spam complaining/etc is not operational content, and
> there are several other lists to handle that sort of thing.

but then, individuals get 1 free shot at saying things that are in
some cases not true about spamhaus, and Steve is prohibited from
attempting to correct them.

hardly seems fair,
  richard
-- 
Richard Welty [EMAIL PROTECTED]
Averill Park Networking 518-573-7592
Java, PHP, PostgreSQL, Unix, Linux, IP Network Engineering, Security

Re: Attn MCI/UUNet - Massive abuse from your network

[Tom (UnitedLayer)]

On Sat, 26 Jun 2004, Jon R. Kibler wrote:
> > I seldom post here because the couple of times I have followed-up to
> > correct wrong statements in nanog regarding Spamhaus, such as the
> > above, I have each time been told by nanog's admin that I will be
> > removed from the nanog list if I respond to any question in nanog
> > regarding Spamhaus again. But, here goes:
>
> Why would you be removed from the list for posting corrections about
> Spamhaus?

I looked back through the archives, and I did see one post which was
fairly inflammatory, but I wasn't really that excited to read
everything

The big deal is that spam complaining/etc is not operational content, and
there are several other lists to handle that sort of thing.

Re: Attn MCI/UUNet - Massive abuse from your network

[Jon R. Kibler]

Steve Linford wrote:
> I seldom post here because the couple of times I have followed-up to
> correct wrong statements in nanog regarding Spamhaus, such as the
> above, I have each time been told by nanog's admin that I will be
> removed from the nanog list if I respond to any question in nanog
> regarding Spamhaus again. But, here goes:

Why would you be removed from the list for posting corrections about Spamhaus? 

Can the list admin or other responsible person please explain the reasoning?

It only seems fair that if someone is misrepresented by a posting on this list, they 
should be free to correct such misinformation.

Jon Kibler
-- 
Jon R. Kibler
Chief Technical Officer
A.S.E.T., Inc.
Charleston, SC  USA
(843) 849-8214




==
Filtered by: TRUSTEM.COM's Email Filtering Service
http://www.trustem.com/
No Spam. No Viruses. Just Good Clean Email.

RE: Attn MCI/UUNet - Massive abuse from your network

[Steve Linford]

At 9:43 am -0700 (GMT) 25/6/04, Ben Browning wrote:
 At 04:00 PM 6/24/2004, Hannigan, Martin wrote:
[ Operations content: ] Do you know of any ISP's null routing AS701?
 ISPs? Not of the top of my head. I know several businesses who
 have, and a great many people who have blocked UUNet space from
 sending them email, either by using SPEWS, the SBL, or
 mci.blackholes.us .
I seldom post here because the couple of times I have followed-up to 
correct wrong statements in nanog regarding Spamhaus, such as the 
above, I have each time been told by nanog's admin that I will be 
removed from the nanog list if I respond to any question in nanog 
regarding Spamhaus again. But, here goes:

The statement by Ben Browning: "I know several businesses who have, 
and a great many people who have blocked UUNet space from sending 
them email ... by using ... the SBL" is false, the SBL has never 
blocked UUNet/MCI IP space that wasn't directly in the control of 
spammers. If Mr Browning does indeed know "several businesses and a 
great many people" whose UUNet/MCI IP space has been blocked by the 
SBL, then Mr Browning knows several spam outfits and a great many 
spammers.

--
  Steve Linford
  The Spamhaus Project
  http://www.spamhaus.org

Re: Attn MCI/UUNet - Massive abuse from your network

[Valdis . Kletnieks]

On Fri, 25 Jun 2004 09:47:07 PDT, Jeff Shultz <[EMAIL PROTECTED]>  said:

> The problem with being totally open about infrastructure is that there
> are some vulnerabilities that simply cannot or will not be fixed -
> wires sometimes have to run across bridges, redundant pumping stations
> are too expensive... in these cases is it not better to hide where
> these vulnerabilities are? 

Anybody with a Rand McNally map of Manhattan can connect the dots for themselves.

Unless you're proposing that we issue Soviet-style maps that show the Brooklyn
Bridge between Williamsburg Bridge and Queens-Midtown Tunnel.

Or did you mean we should make the Brooklyn Bridge invisible so we can't
see it?  There's this magician looking for another prime-time TV special, you know???



pgpHzWJsTUjwr.pgp
Description: PGP signature

RE: Attn MCI/UUNet - Massive abuse from your network

[Henry Linneweh]

I think that is a bit irresponsible for the simple
reason that MCI has many co-lo clients and any of
their machines could be vulnerable, I think also that
needs to addressed so that blanket statements are
supported by fact and not the need to competitively
break a company down in hopes the you can steal away
it's customer base

-Henry

--- "Tom (UnitedLayer)" <[EMAIL PROTECTED]> wrote:
> 
> On Fri, 25 Jun 2004, Ben Browning wrote:
> > At 04:00 PM 6/24/2004, Hannigan, Martin wrote:
> > >[ Operations content: ] Do you know of any ISP's
> null routing AS701?
> >
> > ISPs? Not of the top of my head. I know several
> businesses who have, and a
> > great many people who have blocked UUNet space
> from sending them email,
> > either by using SPEWS, the SBL, or
> mci.blackholes.us .
> 
> Do these people know how much legitimate email
> they're missing, for every
> spam message that's blocked?
> 
> I noticed that from my personal mailbox (which I do
> filter with spam
> assassin), for every one legit mail that gets
> blocked/tagged by SPEWS,
> there's maybe 1-2 junkmails. Thats not a very
> impressive ratio...
> 
> 

RE: Attn MCI/UUNet - Massive abuse from your network

[Tom (UnitedLayer)]

On Fri, 25 Jun 2004, Ben Browning wrote:
> At 04:00 PM 6/24/2004, Hannigan, Martin wrote:
> >[ Operations content: ] Do you know of any ISP's null routing AS701?
>
> ISPs? Not of the top of my head. I know several businesses who have, and a
> great many people who have blocked UUNet space from sending them email,
> either by using SPEWS, the SBL, or mci.blackholes.us .

Do these people know how much legitimate email they're missing, for every
spam message that's blocked?

I noticed that from my personal mailbox (which I do filter with spam
assassin), for every one legit mail that gets blocked/tagged by SPEWS,
there's maybe 1-2 junkmails. Thats not a very impressive ratio...

Re: Attn MCI/UUNet - Massive abuse from your network

[Jerry Eyers]

>Do you really think that if we publish all the insecurities of the
>Internet infrastructure that anyone is gonna stop using it, or
>business, government, and private citizens are going to quit depending
>on it?

That is a totally foolish statement in today's world.  The incentive for
fixing the problem is going to be the competition's ability to say that
they do not suffer from the specified problem.  Market forces will push
on the area of problem and force a solution.

To take away the exposure limits the incentive to fix the problem.  
Companies are not going to spend $$ on something that does not
directly effect the income.  Reporting your problems to someone
who doesn't effect the income isn't going to result in the fixing of
any problems.

One only has to look at the telephone history to see that.

Jerry

Re: Attn MCI/UUNet - Massive abuse from your network

[Crist Clark]

Jeff Shultz wrote:
** Reply to message from Brad Knowles <[EMAIL PROTECTED]> on Fri,
25 Jun 2004 18:14:43 +0200

At 8:44 AM -0700 2004-06-25, Jeff Shultz wrote:

At least if someone in this "clearing house" sells it to the
terrorists, they will have had to work for it a bit, instead of having
us hand it to them on a silver platter, as the FCC seems to want.
	Not true.  If the information is forced to be completely in the 
open, then everyone knows it's not insecure and no one depends on the 
fact that it was supposed to be kept secret.  This is a case where 
you are more secure the more open the information is -- indeed, as we 
are in most cases, which is why we have the age-old security mantra 
of "security through obscurity is not secure".


Do you realize that the basic element of security, the password, is
based on the entire premise you just dismissed? And yet we still use
them - and depend on the fact that they are supposed to be kept secret.
The problem with being totally open about infrastructure is that there
are some vulnerabilities that simply cannot or will not be fixed -
wires sometimes have to run across bridges, redundant pumping stations
are too expensive... in these cases is it not better to hide where
these vulnerabilities are? 
Not really. Security through obscurity in some circumstance can
help, but rarely when it comes to something like that. When it
comes to wires crossing a bridge or pumping stations, anyone who
tries hard enough will find out pretty easily. You end up with
two groups knowing where the vulnerabilities are, the handful of
"good guys" who oversee the resources and the bad guys.
It strikes me as similar to the outcry from the locksmith community
when the vulnerabilities of various master key mechanisms were
widely published. Who knew about the vulnerabilities? The "good
guy" locksmiths who used the vulnerabilities to break into your
office when you lost your keys (and sold you the locks) all knew,
and the bad guys who broke into your office to steal stuff knew.
Who didn't know? The consumer who was unable to make an informed
decision about the security of the various choices of key-lock
mechanisms he had available.
So the problem with the pumping station or the wires over the
bridge are that the limited number of experts know, the bad
guys know, but other people who should know (the network engineer
judging the reliability of his links or the civil engineer
deciding the capacity for an emergency water tower for an
industrial site) may not understand the true vulnerability
of the system.
But that doesn't mean we shouldn't put a fence around the
pumping station or a padlock on the door because a key is
just "security through obscurity" through some convoluted
logic.
The problem with your point is that even if the information is forced
to be completely in the open, that is no guarantee that it will be
fixed, and people _do_ depend on this stuff, regardless of its
reliability or security. 
Somethings cannot be and should not be "fixed." Making the
public water supply invulnerable to earthquake damage is not
practical. Individuals have the responsibility (even if most
don't) to keep a few days supply of potable water available
in the inevitable, but unlikely on any given day, event of
a powerful earthquake.
Making various infrastructure invulnerable to every foreseeable,
let alone unforeseeable, attack is not practical either. But
those who are affected by the failure of any piece of
infrastructure need to know how reliable it is and plan
accordingly.
Do you really think that if we publish all the insecurities of the
Internet infrastructure that anyone is gonna stop using it, or
business, government, and private citizens are going to quit depending
on it? 
Of course not. But they may be better able to quantify their
risks in depending on the 'Net and make contingency plans where
it is prudent. The real world is about risk management; even
the US federal government has given up on a risk avoidance
model and moved to risk management.
Security through obscurity is not secure - but sometimes it's all you
have.
But it is worse than nothing when you obscure the truth from
people who should know. If the vulnerability is exploited,
the impact is worse than if those who should have known had had
the ability to plan for the contingency.
--
Crist J. Clark   [EMAIL PROTECTED]
Globalstar Communications(408) 933-4387

Re: Attn MCI/UUNet - Massive abuse from your network

[Eric Brunner-Williams]

[EMAIL PROTECTED] wrote something like:

> Some ad hoc terrorists, in a country crawling with US troops, with a
> communications infrastructure nowhere as advanced as the USA just
> managed to coordinate a multiple bomb attack simultaneously. 

I just got back from lunch at the Wok Inn (Morrill's Corner, in scenic
Portland), where a fortune cookie museum has been added to educate the 
stand-and-waits like me. In the 13th century the dynasty established
by Ghengis Khan was overthrown by a synchronized distributed program.
The synchronization mechanism was "on date/time execute plan", and the
distribution mechanism was moon cakes.

This whole thread is wierd. A tunnel in Baltimore isn't exactly a big
secret anymore, and we did cover this (knowing, unknowing, and mechanism
considered harmful) in the RAVEN list that lead up to rfc2804.

Oh, the "crawling with US troops" line of thought is wicked wrong. For
the few who care, point a browser at juancole.com from time to time and
read a week or so of content.

Cheers,
Eric

Re: Attn MCI/UUNet - Massive abuse from your network

[Jeff Shultz]

** Reply to message from [EMAIL PROTECTED] on Fri, 25 Jun 2004
17:12:45 +0100

> Remember, that packet switched networking 
> originated with the desire to build a telecom
> network that could survive massive destruction
> on the scale of a nuclear war, but continue to
> function. If we apply that kind of thinking to
> planning network deployment then there should be
> little extra risk from terrorist knowing where
> the vulnerable points are. Spread the risk
> by spreading the vulnerable points.

I thought the old "nuclear survivable" argument was killed off years
ago - I seem to rember it being refuted in "Where Wizards Stay Up Late."

Packet switched networking originated with a desire to see if it would
work 

And you are welcome to assume the expense of spreading the vulnerable
points.

-- 
Jeff Shultz
A railfan pulls up to a RR crossing hoping that
there will be a train. 

Re: Attn MCI/UUNet - Massive abuse from your network

[Michael . Dillon]

> Food for thought: Could an analyst, looking at outage reports over a
> period of time, build a schematic that would demonstrate that if you
> took out  n points, you'd kill x% of data traffic in and out of
> $pickyourmetropolitanarea? 
> 
> If this analyst were working for Bin Ladin

Yes an analyst could do this. Our job is to make sure 
that he can't get a very large x% without also requiring
a large investment in n attack points.

Consider bin Laden's organization in 2000. They
had a plan to commandeer 10 airliners and attack
10 targets in the USA including things like the CIA
headquarters. Resource constraints caused them to
back off to 4 targets. We already win because 
the targets are not all in the same city block.

Next, the attack day arrived and the 4 teams
went to work. But only two of them achieved
100% objective. One team failed entirely when
they lost control of their weapon. And the third
team hit a glancing blow to the target that
damaged less than a fifth of the building. And
it turned out that they hit a less critical part
of the Pentagon as well. This is a typical result
of a military or terrorist operation. It is very
hard to plan and execute 100% effective coordinated
attacks against a large number of targets. On
9/11 the terrorists had no problem making 4 big booms
and getting attention. But they missed the Whitehouse
entirely and only did minor damage to the military
headquarters.

Remember, that packet switched networking 
originated with the desire to build a telecom
network that could survive massive destruction
on the scale of a nuclear war, but continue to
function. If we apply that kind of thinking to
planning network deployment then there should be
little extra risk from terrorist knowing where
the vulnerable points are. Spread the risk
by spreading the vulnerable points.

> Some ad hoc terrorists, in a country crawling with US troops, with a
> communications infrastructure nowhere as advanced as the USA just
> managed to coordinate a multiple bomb attack simultaneously. 

Iraq currently has a cellphone network that is 
more advanced than the USA, i.e. it's all GSM.
But in fact, all they really needed to pull this
off was a quiet pub and some accurate watches that
could be synchronized prior to the attacks. Better
go back and watch those old spy movies again...

--Michael Dillon

Re: Attn MCI/UUNet - Massive abuse from your network

[Jeff Shultz]

** Reply to message from Brad Knowles <[EMAIL PROTECTED]> on Fri,
25 Jun 2004 18:14:43 +0200

> At 8:44 AM -0700 2004-06-25, Jeff Shultz wrote:
> 
> >  At least if someone in this "clearing house" sells it to the
> >  terrorists, they will have had to work for it a bit, instead of having
> >  us hand it to them on a silver platter, as the FCC seems to want.
> 
>   Not true.  If the information is forced to be completely in the 
> open, then everyone knows it's not insecure and no one depends on the 
> fact that it was supposed to be kept secret.  This is a case where 
> you are more secure the more open the information is -- indeed, as we 
> are in most cases, which is why we have the age-old security mantra 
> of "security through obscurity is not secure".
> 

Do you realize that the basic element of security, the password, is
based on the entire premise you just dismissed? And yet we still use
them - and depend on the fact that they are supposed to be kept secret.

The problem with being totally open about infrastructure is that there
are some vulnerabilities that simply cannot or will not be fixed -
wires sometimes have to run across bridges, redundant pumping stations
are too expensive... in these cases is it not better to hide where
these vulnerabilities are? 

The problem with your point is that even if the information is forced
to be completely in the open, that is no guarantee that it will be
fixed, and people _do_ depend on this stuff, regardless of its
reliability or security. 

Do you really think that if we publish all the insecurities of the
Internet infrastructure that anyone is gonna stop using it, or
business, government, and private citizens are going to quit depending
on it? 

Security through obscurity is not secure - but sometimes it's all you
have.

-- 
Jeff Shultz
A railfan pulls up to a RR crossing hoping that
there will be a train. 

RE: Attn MCI/UUNet - Massive abuse from your network

[Ben Browning]

At 04:00 PM 6/24/2004, Hannigan, Martin wrote:
> >On Thu, 24 Jun 2004, Ben Browning wrote:
> this discussion anyways, is access to the internet. When the
> actions of a
> downstream damage that product(IE more and more networks
> nullroute UUNet
> traffic),
[ Operations content: ] Do you know of any ISP's null routing AS701?
ISPs? Not of the top of my head. I know several businesses who have, and a 
great many people who have blocked UUNet space from sending them email, 
either by using SPEWS, the SBL, or mci.blackholes.us .

~Ben
---
   Ben Browning <[EMAIL PROTECTED]>
  The River Internet Access Co.
 WA Operations Manager
1-877-88-RIVER  http://www.theriver.com

Re: Attn MCI/UUNet - Massive abuse from your network

[Jeff Shultz]

Has anyone noticed that the DHS plan is probably closer to the current
status of things than the FCC one is? 

AFAIK, Currently this information _isn't_ required to be publicly
reported. The FCC wants it to be. 

DHS would prefer that it be semi-public at best - just like Michael
Dillion wants.  

Three options:
1. Status quo - no gov't reporting requirements
2. FCC proposal - completely public reporting requirements 
3. DHS proposal - limited access reporting requirements

Food for thought: Could an analyst, looking at outage reports over a
period of time, build a schematic that would demonstrate that if you
took out  n points, you'd kill x% of data traffic in and out of
$pickyourmetropolitanarea? 

If this analyst were working for Bin Ladin

Some ad hoc terrorists, in a country crawling with US troops, with a
communications infrastructure nowhere as advanced as the USA just
managed to coordinate a multiple bomb attack simultaneously. 

What could they do here with the right information? 

Should we hand them this information freely? 

At least if someone in this "clearing house" sells it to the
terrorists, they will have had to work for it a bit, instead of having
us hand it to them on a silver platter, as the FCC seems to want.  

Let the flames continue.

** Reply to message from Scott McGrath <[EMAIL PROTECTED]> on
Fri, 25 Jun 2004 11:22:51 -0400 (EDT)

> Well said sir!
> 
> Scott C. McGrath
> 
> On Fri, 25 Jun 2004 [EMAIL PROTECTED] wrote:
> 
> >
> > > From the AOL theft article:
> > >  "The revelations come as AOL and other Internet providers have
> > > ramped up their efforts to track down the purveyors of spam, which
> > > has grown into a maddening scourge that costs consumers and
> > > businesses billions of dollars a year."
> >
> > Interesting. An insider at a network operator steals
> > a copy of some interesting operational data and sells
> > it to a 3rd party with an interest in doing nasty things
> > with said data.
> >
> > And if Homeland Security really does require all outages
> > to be reported to a clearing house where only network
> > operations insiders can get access to it, then what?
> > Will someone sell this to a terrorist organization?
> >
> > Better to leave all this information semi-public as
> > it is now so that we all know it is NOT acceptable
> > to build insecure infrastructure or to leave infrastructure
> > in an insecure state. Fear of a terrorist attack is
> > a much stronger motive for doing the right thing
> > than a government order to file secret reports to
> > a secret bureaucratic agency.
> >
> > --Michael Dillon
> >

-- 
Jeff Shultz
A railfan pulls up to a RR crossing hoping that
there will be a train. 

Re: Attn MCI/UUNet - Massive abuse from your network

[Scott McGrath]

Well said sir!

Scott C. McGrath

On Fri, 25 Jun 2004 [EMAIL PROTECTED] wrote:

>
> > From the AOL theft article:
> >  "The revelations come as AOL and other Internet providers have
> > ramped up their efforts to track down the purveyors of spam, which
> > has grown into a maddening scourge that costs consumers and
> > businesses billions of dollars a year."
>
> Interesting. An insider at a network operator steals
> a copy of some interesting operational data and sells
> it to a 3rd party with an interest in doing nasty things
> with said data.
>
> And if Homeland Security really does require all outages
> to be reported to a clearing house where only network
> operations insiders can get access to it, then what?
> Will someone sell this to a terrorist organization?
>
> Better to leave all this information semi-public as
> it is now so that we all know it is NOT acceptable
> to build insecure infrastructure or to leave infrastructure
> in an insecure state. Fear of a terrorist attack is
> a much stronger motive for doing the right thing
> than a government order to file secret reports to
> a secret bureaucratic agency.
>
> --Michael Dillon
>

RE: Attn MCI/UUNet - Massive abuse from your network

[Smith, Donald]

Michael, I agree totally. Every ISP I know of is working to combat spam.
They all have a staffed abuse desk. They all coordinate with other ISP's
that is one of the reasons I joined this list.
I believe its time to move this to the next level. Follow the money.
When you see spam  report it to the abuse team for the isp the spam came
from AND report the advertiser (follow the link in the spam) to their
ISP. Getting the advertiser ($$$) site shutdown will be more effective
then getting the trojaned/botted/infected pc disabled.
When spam is no longer a profitable method of advertisement then it will
end. Till then we will continue to see virii and worms add proxy ports
to allow the spammers 1000's of points to bounce their spam off of.


[EMAIL PROTECTED] GCIA 
I reserve the right to be wrong but don't exercise it too often.


> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On 
> Behalf Of Michael Painter
> Sent: Friday, June 25, 2004 4:11 AM
> To: [EMAIL PROTECTED]
> Subject: Re: Attn MCI/UUNet - Massive abuse from your network
> 
> 
> 
> - Original Message - 
> From: "Dr. Jeffrey Race" <[EMAIL PROTECTED]>
> To: "Smith, Donald" <[EMAIL PROTECTED]>
> Cc: <[EMAIL PROTECTED]>
> Sent: Thursday, June 24, 2004 6:22 PM
> Subject: RE: Attn MCI/UUNet - Massive abuse from your network
> 
> 
> >
> > On Thu, 24 Jun 2004 21:39:26 -0600, Smith, Donald wrote:
> >
> > >I am not a lawyer. I am not aware of the law that requires uunet to
> > >go to court to prevent spammers who are not their direct 
> customers from using
> > their network.
> >
> >
> > Doctrine of attractive nuisance
> 
> When I worked for IBM back in the '60s, on many occasions 
> during my 7 years there I heard
> upper management say that they were proud to be with a 
> company that tried to be a "Good Corporate Citizen ".
> One branch manager had a cube on his desk which had printed 
> on each side the(ir) manifesto of Corporate Social Responsibility.
> 
> From the AOL theft article:
>  "The revelations come as AOL and other Internet providers 
> have ramped up their efforts to track down the purveyors of 
> spam, which
> has grown into a maddening scourge that costs consumers and 
> businesses billions of dollars a year."
> 
> Perhaps those Corporate Citizens who can do something to 
> ensure the viability of E-mail, should.
> 
> --Michael
> 
> 
> 
> 
> 

Re: Attn MCI/UUNet - Massive abuse from your network

[Michael . Dillon]

> From the AOL theft article:
>  "The revelations come as AOL and other Internet providers have 
> ramped up their efforts to track down the purveyors of spam, which
> has grown into a maddening scourge that costs consumers and 
> businesses billions of dollars a year."

Interesting. An insider at a network operator steals
a copy of some interesting operational data and sells
it to a 3rd party with an interest in doing nasty things
with said data.

And if Homeland Security really does require all outages
to be reported to a clearing house where only network
operations insiders can get access to it, then what?
Will someone sell this to a terrorist organization?

Better to leave all this information semi-public as
it is now so that we all know it is NOT acceptable
to build insecure infrastructure or to leave infrastructure
in an insecure state. Fear of a terrorist attack is 
a much stronger motive for doing the right thing
than a government order to file secret reports to
a secret bureaucratic agency.

--Michael Dillon

Re: Attn MCI/UUNet - Massive abuse from your network

[Michael Painter]

- Original Message - 
From: "Dr. Jeffrey Race" <[EMAIL PROTECTED]>
To: "Smith, Donald" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Thursday, June 24, 2004 6:22 PM
Subject: RE: Attn MCI/UUNet - Massive abuse from your network


>
> On Thu, 24 Jun 2004 21:39:26 -0600, Smith, Donald wrote:
>
> >I am not a lawyer. I am not aware of the law that requires uunet to
> >go to court to prevent spammers who are not their direct customers from using
> their network.
>
>
> Doctrine of attractive nuisance

When I worked for IBM back in the '60s, on many occasions during my 7 years there I 
heard
upper management say that they were proud to be with a company that tried to be a 
"Good Corporate Citizen ".
One branch manager had a cube on his desk which had printed on each side the(ir) 
manifesto of Corporate Social Responsibility.

>From the AOL theft article:
 "The revelations come as AOL and other Internet providers have ramped up their 
efforts to track down the purveyors of spam, which
has grown into a maddening scourge that costs consumers and businesses billions of 
dollars a year."

Perhaps those Corporate Citizens who can do something to ensure the viability of 
E-mail, should.

--Michael

Re: Attn MCI/UUNet - Massive abuse from your network

[Dr. Jeffrey Race]

On Thu, 24 Jun 2004 16:27:32 +0200, Brad Knowles wrote:
>>  It is the same way credit reporting works: you mess up, you get no>>  credit.
>   Except then you can generate yet another fake credit card and go 
>on with your life.  Do that a few thousand times a day, even -- no >problem.
>   The credit reporting scheme only works against people who are 
>willing to play by the rules.  Even then, it only hurts the 
>legitimate credit card holders who don't know how to fight the system.
>>  Come on guys, you are all smart engineers.   This is not rocket science.
>
>   See above.  Credit card fraud is a multi-billion dollar business. 
>When the credit card companies have figured out this problem, maybe 
>we can apply similar techniques to the spam problem.

Please, this is trivial.  You have to prove your personal identity.  What many
firms do is to require a bank to certify it.  

The credit card thievery to which you refer is done anonymously; not relevant here

RE: Attn MCI/UUNet - Massive abuse from your network

[Dr. Jeffrey Race]

On Thu, 24 Jun 2004 21:39:26 -0600, Smith, Donald wrote:

>I am not a lawyer. I am not aware of the law that requires uunet to
>go to court to prevent spammers who are not their direct customers from using 
their network.


Doctrine of attractive nuisance

RE: Attn MCI/UUNet - Massive abuse from your network

[Smith, Donald]

I am not a lawyer. I am not aware of the law that requires uunet to
go to court to prevent spammers who are not their direct customers from using their 
network. Spammers use many differnt means to send their spam. Most ISPs use AUP's to 
prevent spamming but afaik no isp has successfully sued a spammer and recovered any 
reasonable percentage of their expenses in fighting this same spam. When that becomes 
a method to pay for combating spam I am sure most ISPs will pursue it. This is a money 
issue. 

NSP/ISP have shareholders who desire a return on their investment. 

When I notify the abuse team at uunet of a spammer they act promptly shutting down any 
account that I can show is being used for spam. 

Chris is a very trusted and active member of the NSP community, to his credit is a 
detailed document on blackhole filtering one of the primary tools used by other 
NSP/ISP's for stopping bad traffic. AFAIK he can not authorize legal action against 
spammers.

[EMAIL PROTECTED] my opinions are mine and do not reflect qwest policy.

 

-Original Message-
From: Dr. Jeffrey Race
To: Smith, Donald
Cc: [EMAIL PROTECTED]
Sent: 6/24/2004 9:40 PM
Subject: RE: Attn MCI/UUNet - Massive abuse from your network

On Thu, 24 Jun 2004 19:26:10 -0600, Smith, Donald wrote:

>Are you offering to finance ISP's legal battles against spammers?

No, it's their network and their legal responsibility to keep it clean.
However
I did voluntarily prepare a case for Neil Patel to file on behalf of
UUNET
under the Va computer crimes act, and he refused.  I would have been
a witness.   At this point (esp when he said the matter lay with "Mr
Ebbers", who is now up on other criminal charges) it became obvious what
was the ethical level of this firm's management.   

Jeffrey Race

RE: Attn MCI/UUNet - Massive abuse from your network

[Dr. Jeffrey Race]

On Thu, 24 Jun 2004 19:26:10 -0600, Smith, Donald wrote:

>Are you offering to finance ISP's legal battles against spammers?

No, it's their network and their legal responsibility to keep it clean.  However
I did voluntarily prepare a case for Neil Patel to file on behalf of UUNET
under the Va computer crimes act, and he refused.  I would have been
a witness.   At this point (esp when he said the matter lay with "Mr
Ebbers", who is now up on other criminal charges) it became obvious what
was the ethical level of this firm's management.   

Jeffrey Race

RE: Attn MCI/UUNet - Massive abuse from your network

[Smith, Donald]

Are you offering to finance ISP's legal battles against spammers?

 

-Original Message-
From: [EMAIL PROTECTED]
To: Ben Browning
Cc: [EMAIL PROTECTED]
Sent: 6/24/2004 9:16 PM
Subject: Re: Attn MCI/UUNet - Massive abuse from your network


On Thu, 24 Jun 2004 11:50:44 -0700, Ben Browning wrote:

>Likewise, I imagine MCI could argue that the damage is to their core 
>product; namely, the trust of other ISPs and their willingness to
exchange 
>traffic with MCI.


This was Earthlink's argument in the case I cited in 
<http://www.camblab.com/nugget/spam_03.pdf>: their
connectivity was jeopardized by the spammer's activity.
As far as I know they prevailed.

The point is, we have not seen MCI go down valiantly on the
field of battle against the spammers in court or anywhere else.
I proposed a complete open-and-shut legal case to MCI, with
the perp's legal service address, and Neil Patel refused to take
any action.   The management's intention was clear: continue
to profit rather than take the perps to court.   All this talk about
how difficult it would be blah blah blah is just a smokescreen for
inaction

Jeffrey Race

Re: Attn MCI/UUNet - Massive abuse from your network

[Dr. Jeffrey Race]

On Thu, 24 Jun 2004 21:33:35 + (GMT), Christopher L. Morrow wrote:
>This is true. The 'security' or 'safety' of the backbone is not affected
>by:
>1) portscaning by morons for openshares
>2) spam mail sending
>3) spam mail recieving
>
>(atleast not to my view, though I'm no lawyer, just a chemical engineer)
>
>So, the issue of termination for this reason isn't really valid. Hence the
>off-topic-ness of this thread.

Compromise to connectivity due to harboring spammers is a security
and safety issue by any reasonable definition.Being a vector for trojan
horse mechanisms is a security issue.  

Re: Attn MCI/UUNet - Massive abuse from your network

[Dr. Jeffrey Race]

On Thu, 24 Jun 2004 11:50:44 -0700, Ben Browning wrote:

>Likewise, I imagine MCI could argue that the damage is to their core 
>product; namely, the trust of other ISPs and their willingness to exchange 
>traffic with MCI.


This was Earthlink's argument in the case I cited in 
: their
connectivity was jeopardized by the spammer's activity.
As far as I know they prevailed.

The point is, we have not seen MCI go down valiantly on the
field of battle against the spammers in court or anywhere else.
I proposed a complete open-and-shut legal case to MCI, with
the perp's legal service address, and Neil Patel refused to take
any action.   The management's intention was clear: continue
to profit rather than take the perps to court.   All this talk about
how difficult it would be blah blah blah is just a smokescreen for
inaction

Jeffrey Race

Re: Attn MCI/UUNet - Massive abuse from your network

[Dr. Jeffrey Race]

On Thu, 24 Jun 2004 14:16:49 -0400, [EMAIL PROTECTED] wrote:

>I suspect that the spammer can find a lawyer who is willing to argue the idea
>that the "safety and security" of the AS701 backbone was not prejudiced by
>the spammer's actions, 

OK, let them sue.  If you are against spam, you have to stand up in 
court and say so.

Anyway all the spamming is now in violation of contracts.   These people 
would come to court with 'dirty hands' in the term of art, and the court
would not look favorably on any case they might try to make

Jeffrey Race

Re: Attn MCI/UUNet - Massive abuse from your network

[Paul Vixie]

> spamhaus has gotten too agressive.
> Its now preventing too much legitimate email.

that's funny, really funny.  s/spamhaus/maps/ or s/spamhaus/sorbs/ or indeed
look at any receiver-side filtering mechanism that gets a little traction,
and sooner or later folks will say it's too aggressive and prevents too much
legitimate e-mail.

"the internet" as a disintermediator is going to cause more things like maps
and spamhaus and sorbs to be created and to become successful/effective over
time.  the only way to remain a successful sender of e-mail is to find a way
to thread all of those needles at once, plus new ones that come along later.

same thing for anti-spam features of common MTA's.  once in a while someone
can't get e-mail to me because they don't have a DNS-PTR or DNS-MX, or
because their SMTP-HELO doesn't match their DNS-PTR, and they complain,
quite rightly, that RFC821 doesn't require them to do it and that i'm in
violation of the protocol by rejecting their e-mail.  i usually respond by
telling them my fax number.  they usually respond by changing their DNS or
SMTP configuration to conform to my violations of the protocol.  lather,
rinse, repeat.

somebody told me the other day that we couldn't implement graylisting here
because a lot of mail relays wouldn't retry for way too long, or would retry
too quickly, or would retry from a different ip address each time, or etc.
i said "our fax number is on the web page, so senders will have recourse."

spam is fundamentally an exercise in unilateral cost shifting, by advertisers
toward eyeballs, with all kinds of middlemen.  to cope with this, these costs
are going to have to be shifted elsewhere.  it would be loverly to shift them
back toward advertisers, with fines and lawsuits and lost connectivity and
increased transit disconnection/reconnection fees, but that's not working.
(compare the u.s. federal anti-spam law with california's to see what i mean.)

so, the costs are being shifted toward legitimate e-mail senders.  oh well.
if somebody can't reach you because they don't know how to thread the needle,
then send them your fax number or postal address.  getting legitimate e-mail
has to become the sender's problem, because receiver costs are too high now.

i'm not preaching that this should be so; i'm explaining that it's become so.
it's like with chris and sean not being able to disco their spewing endsystems:
just because the source-provider or transit-provider doesn't make connectivity
less available to these spewers, doesn't mean it won't become less available.
all it does is change who does it, and it usually ends up getting done by
folks whose tools aren't as sharp as the (source|transit)-provider's.

it's a very twisted variation on "you broke it, you bought it."

Re: Attn MCI/UUNet - Massive abuse from your network

[Paul Vixie]

chris has been answering a lot of complaintage here today.  here's my omnibus:

> ...
> 2) 701 gets complaints, notifies good customer Exodus who terms the
> ...
> 13) return to step 2
> 
> This process happens repeatedly, spammers know they can get about a month
> of time (or more, depending on upstreams and hosting providers in question)
> ...

so, normal business case or risk analysis would seem to have led uunet to
put procedures in place that would try to break this loop.  for example, if
a complaint indicated that a known spammer was back downstream of as701 but
through a different customer of yours, you'd null-route their cidr block
BEFORE "notifying good customer who terminates".  all you have to do to
break this kind of loop is make it less profitable, or more expensive, for
the person who is presently benefitting from your lack of procedures.  you
don't have to stop the spam, merely reverse the shifting of costs.

but that presumes it's costing you more than you're making from it, which is
probably a very difficult business case to make to upper management.  by the
lack of ordinary cost control and risk analysis, your management team shows
their true colours.

> The 'security' or 'safety' of the backbone is not affected by:
> 
> 1) portscaning by morons for openshares
> 2) spam mail sending
> 3) spam mail recieving
> ...
> So, the issue of termination for this reason isn't really valid. Hence the
> off-topic-ness of this thread.

what about

  4) using receiver-side blackholes to make up for lack of sender-side policy

you can terminate the thread, but the fact that you and sean aren't willing
to disco spewing endsystems is leading to intentional internet instability,
and that means sooner or later, this thread will be back, just like always.
-- 
Paul Vixie

Re: Attn MCI/UUNet - Massive abuse from your network

[Tom (UnitedLayer)]

On Thu, 24 Jun 2004, Ben Browning wrote:
> >you mean the phone companies we do business with?
>
> No, I mean the internet. (Hence, ISPs). Your product, in the context of
> this discussion anyways, is access to the internet. When the actions of a
> downstream damage that product(IE more and more networks nullroute UUNet
> traffic), I would assume that you have appropriate privilege to toss them
> overboard in the contracts.

I think you'll be hard pressed to find anyone running a real ISP who will
null route any/all of UUNet.

UUNet is a large organization, network wise, and people wise.
The fact that they don't have people dedicated to jumping on customers who
you consider to be spamming, should not be suprising nor expected.

Re: Attn MCI/UUNet - Massive abuse from your network

[Christopher L. Morrow]

On Thu, 24 Jun 2004, Ben Browning wrote:

> At 02:36 PM 6/24/2004, Christopher L. Morrow wrote:
> >On Thu, 24 Jun 2004, Ben Browning wrote:
> >
> > >
> > > >like showing that the spammer was actually sending enough of a volume to
> > > >swamp their core routers
> > >
> > > Likewise, I imagine MCI could argue that the damage is to their core
> > > product; namely, the trust of other ISPs and their willingness to exchange
> > > traffic with MCI.
> >
> >you mean the phone companies we do business with?
>

whoops, forgot my smilies :(

> No, I mean the internet. (Hence, ISPs). Your product, in the context of
> this discussion anyways, is access to the internet. When the actions of a

I'm not sure that there are many who are wholesale null routing uunet ip
space, if they do they might be causing their customers unnecessary
outages.

> downstream damage that product(IE more and more networks nullroute UUNet
> traffic), I would assume that you have appropriate privilege to toss them
> overboard in the contracts.

RE: Attn MCI/UUNet - Massive abuse from your network

[Hannigan, Martin]

> At 02:36 PM 6/24/2004, Christopher L. Morrow wrote:
> >On Thu, 24 Jun 2004, Ben Browning wrote:
> >

[ SNIP ]

> this discussion anyways, is access to the internet. When the 
> actions of a 
> downstream damage that product(IE more and more networks 
> nullroute UUNet 
> traffic),  


[ Operations content: ] Do you know of any ISP's null routing AS701? 


-M

Re: Attn MCI/UUNet - Massive abuse from your network

[Ben Browning]

At 02:36 PM 6/24/2004, Christopher L. Morrow wrote:
On Thu, 24 Jun 2004, Ben Browning wrote:
>
> >like showing that the spammer was actually sending enough of a volume to
> >swamp their core routers
>
> Likewise, I imagine MCI could argue that the damage is to their core
> product; namely, the trust of other ISPs and their willingness to exchange
> traffic with MCI.
you mean the phone companies we do business with?
No, I mean the internet. (Hence, ISPs). Your product, in the context of 
this discussion anyways, is access to the internet. When the actions of a 
downstream damage that product(IE more and more networks nullroute UUNet 
traffic), I would assume that you have appropriate privilege to toss them 
overboard in the contracts.

IANAL, though.
~Ben
---
   Ben Browning <[EMAIL PROTECTED]>
  The River Internet Access Co.
 WA Operations Manager
1-877-88-RIVER  http://www.theriver.com

Re: Attn MCI/UUNet - Massive abuse from your network

[Tom (UnitedLayer)]

On Thu, 24 Jun 2004, Ben Browning wrote:
> >This is, in fact (for you nanae watchers), the reason that most of them
> >get canceled by us FASTER... Sadly, non-payment is often a quicker and
> >easier method to term a customer than 'abuse', less checks since there
> >is no 'percieved revenue' :(
>
> A revenue check has no place in abuse terminations.

That would be nice, but this is the real world.
We (presumably technical people) don't get to make all of the choices in
life. If we did, things might be a lot better, but then again maybe only
10-15% of us would still be employed :)

Re: Attn MCI/UUNet - Massive abuse from your network

[Tom (UnitedLayer)]

On Thu, 24 Jun 2004 [EMAIL PROTECTED] wrote:
> But most people are happy with things the way they are. They love SPAM
> because it gives them something to complain about and get emotional
> about.

I unfortunately have to agree there.
There's a large portion of the internet who has nothing better to do than
sit around and do essentially nothing.
Be it IRC, read email, spam, complain about spam, complain about hijacked
netblocks, complain about how slow their dialup is, complain about how
slow their cablemodem is, complain about how slow their computer
is, etc...

Spammers and Spamcomplainers belong to eachother, eventually they'll get
their own private intarweb, and they can torment eachother directly :)

Re: Attn MCI/UUNet - Massive abuse from your network

[Paul G]

- Original Message - 
From: "Christopher L. Morrow" <[EMAIL PROTECTED]>
To: "Ben Browning" <[EMAIL PROTECTED]>
Cc: "Dr. Jeffrey Race" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Thursday, June 24, 2004 5:55 PM
Subject: Re: Attn MCI/UUNet - Massive abuse from your network

--- snipped ---

> this is not entirely true, a majority of these far-end customers are
> paying the same price regardless of utilization. Even the utilization
> charged customers are not having their 95th Percentile changed because of
> spam, or that'd be my guess. In the end there is no money for mci from
> spammers.

agreed, in the majority of the cases. on the other had, implementing the
FUSSP jrace proposed would cost mci (or any other carrier) revenue as they
would be seen as frothing-at-the-mouth fanatics that present a business risk
when used for upstream transit even for folks that run clean networks and
deal with abuse complaints properly.

and yes, it's time for this thread to die.

paul

Re: Attn MCI/UUNet - Massive abuse from your network

[Christopher L. Morrow]

On Thu, 24 Jun 2004, Grant A. Kirkwood wrote:

> Ben Browning said:
> >
> 
> >
> > A lengthy timeline for action to be taken, from the viewpoint of the
> > attacked, is indistinguishable from tacit approval of the attacks. I don't
> > imagine MCI has a lengthy timeline when replying to sales email or billing
> > issues.
>
>
> You ARE kidding, right?

Sorry, I'll reply to ben's message part here: "Actually getting sales
involved is a timely process from my perspective :( I used to know a sales
person I could count on, he got RIF'd so now finding someone to help a
customer that needs an upgrade is a very difficult task."

Keep in mind, this is a very large corporation, Abuse/Security is in an
entirely different arm of the beast than the Sales/marketting folks :(
Affecting change from either direction is often times 'challenging'.

-Chris

Re: Attn MCI/UUNet - Massive abuse from your network

[Christopher L. Morrow]

On Thu, 24 Jun 2004, Ben Browning wrote:

> At 11:34 PM 6/23/2004, Christopher L. Morrow wrote:
> >I'd also point out someting that any provider will tell you: "Spammers
> >never pay their bills."
>
> Yes, but this is not a problem for a large carrier, as the people that
> receive it sure do. In other words, the money you lose on the spammer is
> subsidized by all the people that pay you to receive it.

this is not entirely true, a majority of these far-end customers are
paying the same price regardless of utilization. Even the utilization
charged customers are not having their 95th Percentile changed because of
spam, or that'd be my guess. In the end there is no money for mci from
spammers.

-chris

Re: Attn MCI/UUNet - Massive abuse from your network

[Grant A. Kirkwood]

Ben Browning said:
>

>
> A lengthy timeline for action to be taken, from the viewpoint of the
> attacked, is indistinguishable from tacit approval of the attacks. I don't
> imagine MCI has a lengthy timeline when replying to sales email or billing
> issues.


You ARE kidding, right?


-- 
Grant A. Kirkwood - grant(at)tnarg.org
Fingerprint = D337 48C4 4D00 232D 3444 1D5D 27F6 055A BF0C 4AED

Re: Attn MCI/UUNet - Massive abuse from your network

[Christopher L. Morrow]

On Thu, 24 Jun 2004, Ben Browning wrote:

>
> >like showing that the spammer was actually sending enough of a volume to
> >swamp their core routers
>
> Likewise, I imagine MCI could argue that the damage is to their core
> product; namely, the trust of other ISPs and their willingness to exchange
> traffic with MCI.

you mean the phone companies we do business with?

Re: Attn MCI/UUNet - Massive abuse from your network

[Christopher L. Morrow]

First, I'd like to see this thread end, not due to the beetings, but due
to the severity of the offtopic-ness of it :) BUT... see below.

On Thu, 24 Jun 2004 [EMAIL PROTECTED] wrote:

> On Thu, 24 Jun 2004 15:22:02 +0700, "Dr. Jeffrey Race" <[EMAIL PROTECTED]>  said:
>
> > Not at all.  You can terminate for actions prejudicial to the safety and security
> > of the system.   Has nothing to do with anti-trust.
>
> I suspect that the spammer can find a lawyer who is willing to argue the idea
> that the "safety and security" of the AS701 backbone was not prejudiced by
> the spammer's actions, unless AS701 is able to show mtrg graphs and the
> like showing that the spammer was actually sending enough of a volume to
> swamp their core routers
>

This is true. The 'security' or 'safety' of the backbone is not affected
by:
1) portscaning by morons for openshares
2) spam mail sending
3) spam mail recieving

(atleast not to my view, though I'm no lawyer, just a chemical engineer)

So, the issue of termination for this reason isn't really valid. Hence the
off-topic-ness of this thread.

-Chris

Re: Attn MCI/UUNet - Massive abuse from your network

[Ben Browning]

At 11:34 PM 6/23/2004, Christopher L. Morrow wrote:
I'd also point out someting that any provider will tell you: "Spammers
never pay their bills."
Yes, but this is not a problem for a large carrier, as the people that 
receive it sure do. In other words, the money you lose on the spammer is 
subsidized by all the people that pay you to receive it.

This is, in fact (for you nanae watchers), the
reason that most of them get canceled by us FASTER... Sadly, non-payment
is often a quicker and easier method to term a customer than 'abuse', less
checks since there is no 'percieved revenue' :(
A revenue check has no place in abuse terminations.
---
   Ben Browning <[EMAIL PROTECTED]>
  The River Internet Access Co.
 WA Operations Manager
1-877-88-RIVER  http://www.theriver.com