North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: DNS Hijacking by Cox
> Quoting Joe Greco <jgreco@xxxxxxxxxx>: > >> On Mon, 23 Jul 2007, Joe Greco wrote: > >> > And, incidentally, I do consider this a false positive. If any average > >> > person might be tripped up by it, and we certainly have a lot of average > >> > users on IRC, then it's bad. So, the answer is, "at least one false > >> > positive." > >> > >> The only way any human activity will NEVER have a single false positive, > >> i.e. mistake, is by never doing anything. > >> > >> Do people really want ISPs not to do anything? > > > > I'd prefer that ISP's tends towards taking no action when taking action > > has a strong probability of backfiring. > > I'd have to say that at this point it is VERY obvious that you have > never administered a large (100k users+) network. You would be incorrect, by a large margin. > The procedures and > paths of action you wish the largers ISPs to take are just not > practical. No, they're just a little more difficult. I realize that it's more complex to inject a blackhole host route into the IGP of your average large ISP than it is to wreak a little configuration havoc on some recursers. That doesn't make the easier solution correct. > From your web site: > "Please Note: Be very certain that your alleged abuse incident > actually originated here before submitting a complaint. Do not sumbit > a complaint without full headers, logs, and timestamps. We are not a > commercial ISP and it is highly unlikely that your abuse incident > actually originated here." > > Spelling mistakes and "under construction" pages from 2002 aside, it > shows that you look to be familiar with dealing with smaller scale > operations. Yes, sol.net is not a commercial ISP. We're a small, very clean network that provides access to a limited number of other businesses. We're not selling $9.95/month DSL, and the businesses that actually live on our net and sell things have somewhat more "modern" web sites. They're highly vetted, and the last legitimate abuse incident fades in my recollection. However, since a lot of the services we run are still under the legacy domain name, I feel it appropriate to maintain some basic information and contact stuff under the sol.net domain name, even though we stopped using that for business purposes /many/ years ago, and it is used pretty much exclusively for network and other Internet infrastructure systems. Since I get to set the policies, we simply don't take dirty clients. However, we do take on a bunch of unusual things, and there is a sufficient supply of misdirected complaints that we've got a warning on the web page. You wouldn't believe the number of complaints we were getting about "hacking" back when we were serving up SpamCop's graphic images (which is approximately the era which caused us to add that little statement in red). And it doesn't really say anything about what I've done in the past, or what else I also do currently, so really, it might be best to tread rather more carefully. Now, if you want to engage in meaningless insults, I'll be happy to congratulate you on that gorgeous Apache 2 Test Page at crc.id.au ... "At least I have the decency to provide some public information on the network I run." > The reality of the matter is that large ISPs can do: > > 1) Nothing (which makes matters worse in the long run) > 2) A disruptive fix (will get some false matches, a handful of > IRCers vs 100k+ users is acceptable). > 3) Kill accounts. I see you conveniently left out walled gardens and other prudent and reasonable steps that ISP's and schools are successfully taking. I guess I didn't actually expect an impartial discussion, once you lowered yourself to speeling flamez. > Now lets look at a quick real world result of each of the three above. > > 1) Your network eventually caves into the ground. You end up being > a host for many spam networks and other nasties. Everyone on the > internet hates you. > > 2) A handful of people complain, cry, whimper, and leave. The > number of users in this boat won't really have much of an effect on > operations or business. Acceptable losses vs doing option 1. > > 3) You get a reputation of killing 'innocent' peoples accounts due > to unknown infections of crud. Business declines, and you end up > working for an ISP that would implement option 2. And, as noted, you conveniently left out solutions that people actually have up and running today. Slick. > In reality, the "purist" ideals of Internet access just does not work. Well, we're fine with the "purist" ideals over here. It helps to keep problems off the network in the first place. I realize that might not sit too well with ISP's that would rather take money than be a good net neighbour, but that doesn't make it any more right for them. It has more to do with choice than "does not work." ... JG -- Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net "We call it the 'one bite at the apple' rule. Give me one chance [and] then I won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN) With 24 million small businesses in the US alone, that's way too many apples.