Broadband routers and botnets - being proactive

Joel Jaeggli joelja at
Tue May 15 23:53:52 UTC 2007

michael.dillon at wrote:
>> Addressing the complaint that my response to Gadi was too harsh, I can
>> only say
>> that, to someone who isn't aware of the history, my response may seem
>> harsh, 
> I *AM* aware of the history and your response seems harsh. Especially so
> because you complained about a message which was about exploits in CPE
> access routers, not botnets. Any kind of router vulnerability/exploit is
> on topic for NANOG. And people who don't take the trouble to read
> messages and critique the message content, should not post to the list
> at all. We don't need you using NANOG to fight your personal flamewar
> with Gadi.

I don't see cpe as being all that different than hosts, except that
they're slower and less flexible.

The thing is it would be really nice to have some functional separation
between the business of this list which is operating a network, and the
security focused lists, and the botnet/phishing/spam lists, addressing
policy lists, the internet standards list, and so forth.

You and I and lots of other people on this list are on on many or all of
those sorts of lists. While cross-pollination is acceptable and in fact
desired dragging the business of one group of community interests in to
the domain of another is not appropriate.

In the particular case of Gadi, I resent the persistent grandstanding
and offers of assistance and assurances that's he's on the job. That's
essentially all advertising for his consulting business and I don't
think it's appropriate on this list. I for one do not flog the products
of my employer on this list, nor do you, or most other people who

I tolerate this sort of behavior  in the security arena (read  bugtrac
these days) though I resent the fact that it's de rigeur in the space
for many disclosures to essentially be advertising for the consultants
doing the work, virus updates are advertising for anti-virus companies etc.

>> but
>> anyone who has seen the endless trolling of NANOG-L, the numerous
> requests
>> (public and private) asking Gadi to cut it out, the extensive
> discussions
>> on
>> IRC, in private email and elsewhere will understand that the
> forcefulness
>> of my
>> request is appropriate given the fact that all previous attempts to
> end
>> this
>> needless disruption of NANOG-L have been ineffective.
> Well, since I have some knowledge of these communications and the fact
> that a number of people have thanked Gadi for his work and urged him to
> continue posting to the NANOG list from time to time, I do *NOT*
> understand the forcefulness of your request.
> The fact is that there are two sides to this story, and that the 8000 or
> so NANOG members are somewhat divided on the issue. But one thing is
> clear, messages like yours are not useful to any of the list members,
> but many of Gadi's messages *ARE* useful to some of the list members. In
> a group of 8000 people, I expect the best anyone can hope for is that
> most of the messages on the list will be useful to some of the list
> members.
> If that isn't good enough for you, there is a mailing list committee and
> a steering committee that you can complain to, but privately please, not
> on the list.
> --Michael Dillon

More information about the NANOG mailing list