North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
> From [email protected] Tue May 27 12:06:50 2008 > Subject: RE: amazonaws.com? > Date: Tue, 27 May 2008 18:08:16 +0100 > From: <[email protected]> > To: <[email protected]> > > > If the address-space owner won't police it's own property, > > there is no reason for the rest of the world to spend the > > time/effort to _selectively_ police it for them. > > Exactly!!! > If an SMTP server operator is not willing to police their server > by implementing a list of approved email partners, then why should > the rest of the Internet have to block outgoing port 25 connections? Because the _privilege_ to send packets to other networks has been, from 'day one', conditional on the presumption that the sending network _is_ a "good neighbor" to the networks receiving their traffic. AS SUCH, they have a firm 'moral responsibility' to *NOT* let _their_ users =originate= traffic that is harmful/offensive/abusive to the receiving/destination network. Or, are you arguing for _no_ "acceptable use" policies for _anything_ on the 'net. That anyone should be free to attempt anything against any server/network, and that it is the sole responsibility of the receiving system to build and maintain the defenses against "whatever" any malefactor might decide to do? *AND* that the party providing that black hat' with connectivity should bear no responsibility for anything that their customer's do? Thinking about it, I realize that asking _you_ (an employee of major telephone company) is a silly question -- you have a biased viewopoint from a government-regulated monopoly > The buck needs to stop right where the problem is and that is > on the SMTP servers that are promiscuously allowing almost any > IP address to open an socket with them and inject email messages. Since one _cannot_ stop the -attempts- at the destination end, and the volume of -attempts- (even though they're blocked at the fence-line) *CAN* be enough to to render 'normal' operations of the receiving network impossible -- "it should be obvious to the meanest intelligence" that the matter *must* be addressed at a point _upstream_ from the destination network. It is universally recognized in the real world that 'toxic waste' issues must be dealt with at the _source_ point -- where that toxic waste is produced. AND that the costs of doing so should fall on those who produce them. There is no reason that the Internet should be any different. The polluter is the party who *should* get hits with the majority of the costs of handling the toxic waste they produce, not the party simply tryng to enjoy the 'quiet satisfaction' of their own property. It is arguable that the Internet has advanced from the 'early pioneer' days of the '80s, to a state that is comparable to the height of the "Robber Baron" era -- where everybody was out for 'me first, and to h*ll with whomever isn't big enough, mean enough, and tough enough to stand up to whatever I want to do to take advantage of them. History shows that such attitudes weren't right _for_the_world_as_a_whole_ then, and societal barriers were put in place to prevent such abuses from re-occuring. > > Amazon _might_ 'get a clue' if enough providers walled off > > the EC2 space, and they found difficulty selling cycles to > > people who couldn't access the machines to set up their > > compute applications. > > Amazon might get a clue and sue companies who take such outrageously > extreme action. *SNICKER* The results of such a suit are _utterly_ predictable. There's established case-law going back a couple of _decades_. For, example, look at any of the (100% _unsuccessful) suits that "Cyber Promotions, Inc." filed against any of the several providers that did exactly that to said plaintiff. There's similar case law in England, the Netherlands, Germany, Switzerland, Norway, Finland, and Austrailia -- just to name a few of the places where the matter has been litigated. There are no "rights" on the Internet, only "privileges". Your right to access any part of my network exists only -if- I extend you that privilege. And it _is_ revokable at whim. WITHOUT any need to 'show cause why'. Such a suit as you suggest runs the very real risk that the filing party would be sanctioned as regards "frivolous" filings. > Even if you are being slammed by millions of email > messaged from Amazon address space, that is not justification for > blocking all access to the space. It's a point problem on your > mail server so leave the shotgun alone, and put an ACL blocking > port 25 access to your mail server. FALSE TO FACT. If they generate _enough_ 'unwanted' traffic towards me, that can/will constitute a fairly effective (D)DOS attack -- admittedly, it's only 'slightly' distributed, and it's coming from a single block, so it can be dealt with by some forms of point responses. I _cannot_ deal with volume-based DOS at -my- end of my pipes; it -requires- blocking/limiting the traffic *before* it hits the choke-point that is my external connectivity. When that traffic is coming from a 'well defined' source under a single entity's control, *THAT* -- the source -- is the appropriate place to deal with it. In the alternate case -- a widely distributed set of disparate sources -- other methods (usually involving the immediate "upstreams" -- who presumably have enough bigger resources to be able to 'absorb' a volume of toxic waste that would be fatal to me) are necessary. The fact that such methods are necessary in some circumstances does -not- mean that they are the _preferred_ method in all circumstances. > > I don't believe that horrendously broken email architecture and email > operators with no vision, are sufficient justification for blocking new and > innovative business models on the Internet. 10 months of the year, Amazon > has 10 times as many servers as they need. They want to rent them out > piecemeal and I applaud their innovation. Maybe their model is not perfect > yet, but the solution to that is not to raise a lynch mob. Instead you > should build a better cloud computin> business and beat them that way. I applaud their _intentions_, and deplore their *implementation*. They, like many others, have forgotten that "the Internet" is, in fact, a fairly -unique- institution/facility -- where the 'value' of what _you_ offer is contingent on the 'courtesies' you get for free from the rest of the world. Every internet service provider and service offerer *needs* the 'good will' of its competitors _more_ than it needs any of its own customers. Something like the initial part of the Hippocratic Oath is needed for those who consider Internet-based service offerings -- "First, do no evil." People who fail to control the toxic waste emissions from their property are _not_ "good neighbors", and fail that 'do no evil' test. The same for those who allow toxic waste emissions to flow from their networks over the Internet.