joej at Rocknyou.com
joej at Rocknyou.com
Sun Apr 6 02:47:10 UTC 2003
Jacks right on the money there. Traffic being generated and directed
to my network uses bandwidth, something I/my company pays for.
Since its a cost I am tasked to prove/disprove its benefit, so.
Perhaps if one isn't probing and/or reporting utilization trends and usage
this would not be so much an issue, but on my networks it is. If I were to take the
stance of "oh but its not hurting anything" you bet most of my IPOPs would
look like ripe pickings for the masses of kiddie scripters/hackers.
Its part of the job to police and keep clean the networks I'm responsible
for. As well I do the inverse, if I get a complaint about some activity from
within one of my netblocks I do my best to follow up on it and see its not some
new "feature" of M$ or a fat fingered configuration somewhere. I actually welcome
the complaint as it may bring to my attention something/one that is gone wrong.
Granted I'm not about to nit pick a few packets type in error by some poor sap on AOL, but in this case over 400 would enlighten a response to you/your provider.
Perhap this is "old school" thinking but in my model of networks its a proven and
Well just my 2¢s.
/* "Well if all the bits are 1's then we charge more"
"Why is that?"
"Larger audience" */
----- Original Message -----
From: "Jack Bates" <jbates at brightok.net>
To: "Matthew S. Hallacy" <poptix at techmonkeys.org>
Cc: "McBurnett, Jim" <jmcburnett at msmgmt.com>; <nanog at merit.edu>
Sent: Saturday, April 05, 2003 12:16 PM
Subject: Re: Abuse.cc ???
> Matthew S. Hallacy wrote:
> > How was this traffic causing harm to your network? I'd rather have them
> > dealing with people actively breaking into systems, DoS'ing, etc than
> > terminating some customer who's probably infected with the latest
> > microsoft worm.
> Worm control is important. If we let them run rampant, then they will
> build up to a critical mass and become DOS quality. One of my transit
> customers was ignoring the worm reports I was sending him. Interesting
> enough, he DOS'd his own routers as several of the people infected were
> behind NAT generating 11,000 connections in less than a minute. Ever
> seen a C3640 with 11,000 NAT translations? In this case, it's a customer
> that didn't have high end equipment. If he'd had high end equipment,
> then others would suffer the performance hit, not to mention extra noise
> making it harder to detect purposeful scans and attacks. Some worms,
> like Code Red, cause a DOS on web enabled equipment as well. The F
> variant, for example, will shut down Net2Net dslams, some cisco
> equipement, and I'm sure a lot of other things.
More information about the NANOG