black hat .cn networks

Franklin Lian Franklin.Lian at
Tue May 8 16:01:43 UTC 2001

I happened to act as the sysadmin for ChinaNet back in 1995 for a
while, and I come from China so I guess I can help a little bit on
what the sysadmin situation "might be" in China.  However, I can be
completely wrong because I left China in 1998.

Please see my comments interleaved, again this is my personal opinion
only and might not reflect today's situation.  This message will only
help you guys how it was in past.

"neil d. quiogue" wrote:
> Well there may be a myriad of reasons on why the admins of those ISPs do not
> respond:
> 1. abuse/postmaster goes to some mailbox no one reads like root which
> contains a bunch of other messages.

The training for the sysadmin of China ISP is quite limited and
it is quite possible that some root messages were not readed in
time, it might be read weeks or months later, so even it was read
by sysadmin, he or she might not response due to the delay.

> 2. Language issue has been mentioned and it's a valid one.  I don't think
> many admins are aware of those translators.

The English skill is definitely a big issue for those sysadmins, and
this problem made them harder to master all the techniques required
by sysadmin job.

> 3. They don't know how to handle such cases.

More or less.  See above no.2 comment.

> 4. They don't care?

I partially agree.  The no.2 and no.3 contributes to this a lot.

It is very embarrassed that the China ISPs didn't and maybe couldn't 
respond the abuse reports as other ISP operator does in the world,
but I do believe they are making progress everyday along with the
Internet development in China and coordination of networks grows.

Human resource is always a big issue for China PTT.


> I don't think the encoding matters much since one is sending from a
> non-Big5/SJIS encoding to Big5/SJIS encoding and those that support
> Big5/SJIS support the other encodings.  The other way around might be a
> problem though.
> But the nonresponse is a valid concern.  I wonder if I'll be censored soon.
> :-)
> Regards,
> Neil D. Quiogue
> PSINet Hong Kong Ltd.
> "Information and attachments herein are intended for the named recipients
> only.  It may contain attorney-client privileged or confidential matter.
> If you have received this message in error, please notify the sender
> immediately, and destroy the original message.  Do not disclose the
> contents to anyone.  Thank you."
> ----- Original Message -----
> From: "Dan Hollis" <goemon at>
> To: "Wing Wong" <dualwing at>
> Cc: <nanog at>
> Sent: Tuesday, May 08, 2001 4:50 PM
> Subject: RE: black hat .cn networks
> >
> > On Tue, 8 May 2001, Wing Wong wrote:
> > > On Mon, 7 May 2001, Dan Hollis wrote:
> > > > On Tue, 8 May 2001, Paul Lantinga wrote:
> > > > > Justin, et al, do you have any *proof* that these attacks are coming
> from
> > > > > Chinese attackers on Chinese machines?
> > > > We may never know since mainland china admins never respond to abuse
> mails.
> > > Ever consider the possibility that the admins in question don't
> understand
> > > English? It'd be like if someone sends you a Big5 or SJIS encoded
> message
> > > complaining about spam or cracks and all you see is binary jiberish on
> > > your screen.
> > > Even romanized communications would be difficult to understand.
> >
> > I can use babelfish, why can't they?
> >
> > Yes, babelfish is less than perfect, but I can usually grok the gist of an
> > email.
> >
> > And if babelfish isnt good enough, there's others.
> >
> > FWIW I've had a chinese friend in canada send a BIG5 email once and the
> > same -- no response.
> >
> > -Dan
> >
> >

More information about the NANOG mailing list