Fw: new message

Rich Kulawiec rsk at gsp.org
Mon Oct 26 19:12:30 UTC 2015


Several points.

1. It wasn't just NANOG.  A number of other mailing lists were
targeted.  Whether or not all these attacks were launched by the
same entity is unknown and probably unknowable.

2. The admins at nanog.org address appears to be unresponsive.  Is
there actually anyone reading that?  If so, who?  And why aren't
replies being issued in a timely manner?

3. Mailman includes an "emergency moderation" switch for just such
occasions as this.  When activated, it holds all incoming mailing list
traffic for human attention, i.e., nothing goes out unless manually
approved.  It would have been a good idea to throw that switch as soon
as this started, in order to minimize the consequences.

4. As noted, if outbound traffic is already in the MTA queue, then
it should be halted and manually cleaned out.  This is often annoying
and tedious, but it's better than letting it flush.

5. The admins should probably reach out to the keepers of the most-often
utilized MX's for NANOG message delivery, as no doubt the onslaught of
spam caused degradation of their idea of the sending system's/domain's
spam/non-spam traffic mix.  (I say that knowing that some or possibly
most of those will be impossible to contact: it seems that many people
running mail servers failed the first hour of the first day of Email
Administration 101 and do not read their postmaster mail and act on it.)

6. There are additional pro-active and reactive steps that can be taken
to forestall future such incidents or at least to mitigate them.  I've
reached out (again) offering to bring my expertise to bear on the problem.
None of these steps will be panaceas.  None of them will give guarantees.
But in combination they should at least help decrease the pain.

---rsk



More information about the NANOG mailing list