DNS Hijacking by Cox

• Previous message (by thread): DNS Hijacking by Cox
• Next message (by thread): DNS Hijacking by Cox
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> Quoting Joe Greco <jgreco at ns.sol.net>:
> >> On Mon, 23 Jul 2007, Joe Greco wrote:
> >> > And, incidentally, I do consider this a false positive.  If any average
> >> > person might be tripped up by it, and we certainly have a lot of average
> >> > users on IRC, then it's bad.  So, the answer is, "at least one false
> >> > positive."
> >>
> >> The only way any human activity will NEVER have a single false positive,
> >> i.e. mistake, is by never doing anything.
> >>
> >> Do people really want ISPs not to do anything?
> >
> > I'd prefer that ISP's tends towards taking no action when taking action
> > has a strong probability of backfiring.
> 
> I'd have to say that at this point it is VERY obvious that you have  
> never administered a large (100k users+) network. 

You would be incorrect, by a large margin.

> The procedures and  
> paths of action you wish the largers ISPs to take are just not  
> practical.

No, they're just a little more difficult.  I realize that it's more 
complex to inject a blackhole host route into the IGP of your average 
large ISP than it is to wreak a little configuration havoc on some
recursers.  That doesn't make the easier solution correct.

>  From your web site:
> "Please Note: Be very certain that your alleged abuse incident  
> actually originated here before submitting a complaint. Do not sumbit  
> a complaint without full headers, logs, and timestamps. We are not a  
> commercial ISP and it is highly unlikely that your abuse incident  
> actually originated here."
> 
> Spelling mistakes and "under construction" pages from 2002 aside, it  
> shows that you look to be familiar with dealing with smaller scale  
> operations.

Yes, sol.net is not a commercial ISP.  We're a small, very clean network 
that provides access to a limited number of other businesses.  We're not
selling $9.95/month DSL, and the businesses that actually live on our net
and sell things have somewhat more "modern" web sites.  They're highly 
vetted, and the last legitimate abuse incident fades in my recollection.

However, since a lot of the services we run are still under the legacy
domain name, I feel it appropriate to maintain some basic information and
contact stuff under the sol.net domain name, even though we stopped using 
that for business purposes /many/ years ago, and it is used pretty much 
exclusively for network and other Internet infrastructure systems.

Since I get to set the policies, we simply don't take dirty clients.
However, we do take on a bunch of unusual things, and there is a
sufficient supply of misdirected complaints that we've got a warning
on the web page.  You wouldn't believe the number of complaints we
were getting about "hacking" back when we were serving up SpamCop's
graphic images (which is approximately the era which caused us to add
that little statement in red).

And it doesn't really say anything about what I've done in the past, or
what else I also do currently, so really, it might be best to tread
rather more carefully.

Now, if you want to engage in meaningless insults, I'll be happy to
congratulate you on that gorgeous Apache 2 Test Page at crc.id.au ...

"At least I have the decency to provide some public information on the
network I run."

> The reality of the matter is that large ISPs can do:
> 
>     1) Nothing (which makes matters worse in the long run)
>     2) A disruptive fix (will get some false matches, a handful of  
> IRCers vs 100k+ users is acceptable).
>     3) Kill accounts.

I see you conveniently left out walled gardens and other prudent and
reasonable steps that ISP's and schools are successfully taking.  I
guess I didn't actually expect an impartial discussion, once you lowered
yourself to speeling flamez.

> Now lets look at a quick real world result of each of the three above.
> 
>     1) Your network eventually caves into the ground. You end up being  
> a host for many spam networks and other nasties. Everyone on the  
> internet hates you.
> 
>     2) A handful of people complain, cry, whimper, and leave. The  
> number of users in this boat won't really have much of an effect on  
> operations or business. Acceptable losses vs doing option 1.
> 
>     3) You get a reputation of killing 'innocent' peoples accounts due  
> to unknown infections of crud. Business declines, and you end up  
> working for an ISP that would implement option 2.
 
And, as noted, you conveniently left out solutions that people actually
have up and running today.  Slick.

> In reality, the "purist" ideals of Internet access just does not work.

Well, we're fine with the "purist" ideals over here.  It helps to keep
problems off the network in the first place.  I realize that might not
sit too well with ISP's that would rather take money than be a good net
neighbour, but that doesn't make it any more right for them.

It has more to do with choice than "does not work."

... JG
-- 
Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net
"We call it the 'one bite at the apple' rule. Give me one chance [and] then I
won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN)
With 24 million small businesses in the US alone, that's way too many apples.

• Previous message (by thread): DNS Hijacking by Cox
• Next message (by thread): DNS Hijacking by Cox
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]