DNS Hijacking by Cox

I'd prefer that ISP's tends towards taking no action when taking action
has a strong probability of backfiring.

For example, even if you had no clue that it was a legitimate EFNet IRC
server, irc.vel.net is trivially Googleable and you can determine that it
will therefore be used by various real users. Redirecting this would be
a bad thing.

On the flip side, redirecting irc.jgreco.net, because you found it in some
bot's connection directory, when Googled, indicates that there are no
matched documents. While this isn't conclusive proof that it won't break
somebody, it is relatively much less likely to be a customer affecting
issue. Since the domain is relatively new, it would be a lot more
suspicious. You could even try connecting to it (if it existed) to see
what the deal was.

I would still be irate if someone owned a portion of my namespace in that
manner, but as a relative comparison, I could see a much better case for

... JG

Everything has a chance of backfiring. So ISPs should take no action.

Please let me know how your next DDOS attack lasts.

We on EFnet take drones very seriously and do a very good job of
cleaning them. I'd say we are probably one of the larger cleanest irc
networks. 99% of ddos come from hacked drones running on C&C servers
that are not large networks. They run their on ircd or use a tiny
network where they will be unnoticed. I also run 2 undernet servers
that have a much higher drone count. I don't see my servers over there

Now if i could find the legality of it, i would.


Quoting Joe Greco <jgreco@ns.sol.net>:

> And, incidentally, I do consider this a false positive. If any average
> person might be tripped up by it, and we certainly have a lot of average
> users on IRC, then it's bad. So, the answer is, "at least one false
> positive."

The only way any human activity will NEVER have a single false positive,
i.e. mistake, is by never doing anything.

Do people really want ISPs not to do anything?

I'd prefer that ISP's tends towards taking no action when taking action
has a strong probability of backfiring.

I'd have to say that at this point it is VERY obvious that you have never administered a large (100k users+) network. The procedures and paths of action you wish the largers ISPs to take are just not practical.

From your web site:
"Please Note: Be very certain that your alleged abuse incident actually originated here before submitting a complaint. Do not sumbit a complaint without full headers, logs, and timestamps. We are not a commercial ISP and it is highly unlikely that your abuse incident actually originated here."

Spelling mistakes and "under construction" pages from 2002 aside, it shows that you look to be familiar with dealing with smaller scale operations. The reality of the matter is that large ISPs can do:

    1) Nothing (which makes matters worse in the long run)
    2) A disruptive fix (will get some false matches, a handful of IRCers vs 100k+ users is acceptable).
    3) Kill accounts.

Now lets look at a quick real world result of each of the three above.

    1) Your network eventually caves into the ground. You end up being a host for many spam networks and other nasties. Everyone on the internet hates you.

    2) A handful of people complain, cry, whimper, and leave. The number of users in this boat won't really have much of an effect on operations or business. Acceptable losses vs doing option 1.

    3) You get a reputation of killing 'innocent' peoples accounts due to unknown infections of crud. Business declines, and you end up working for an ISP that would implement option 2.

In reality, the "purist" ideals of Internet access just does not work.