Policies affecting the Internet as a whole - Hitting where it hurts

Neil_J_McRae2 · December 27, 1996, 4:08pm

On Fri, 27 Dec 1996 09:47:25 -0600
"Chris A. Icide" <chris@nap.net> alleged:

Anyway, to get to the point, I along with several others have been in
contact with the ISP, which is aware of the individual's activity and
refuses to deal with those activities since "there are no laws affecting
his use of our system in this manner, and we have no recourse." So,
my question to you folks is, would something like the intentional black
holing of the source network for this user (he apparently sources all
attacks from one swamp Class C address) be an appropriate incentive
to the ISP to deal with the problem? If so, where would be a good place
to announce such measures, their goal, evidence, etc? I can see how
such a thing could easily get out of hand if it's not taken seriously.

You're stepping on thin ice, I'd say you'd be best to cover your own
arse and let people worry about their own in cases such as this.

The last thing the Internet needs is some dodgy cartell deciding on
who is allowed access and who isn't. Although I've had similair experience
mostly from academic sites.

Regards,
Neil.

David_Schwartz1 · December 27, 1996, 4:29pm

I think a list of sites that refuse to deal with troublemakers
(with details) would be extremely useful. If people want to use it to
blackhole traffic, that would be their decision.

Even more importantly, you could check it before choosing an ISP
or provider to be sure that your provider is running a clean ship. That
way you don't get inconvenienced by other provider's defensive acts
against your provider.

As an added bonus, you have some more assurance that your provider
will come to your aid if you are mail bombed, ping flooded, or hacked in
some other way. Providers that deal effectively with their own customers
when they create trouble are much more likely to assist their own
customers when they are attacked.

David Schwartz
WIZnet

Robert_A_Pickering_J · December 27, 1996, 6:40pm

> The last thing the Internet needs is some dodgy cartell deciding on
> who is allowed access and who isn't. Although I've had similair experience
> mostly from academic sites.

I agree wholeheartedly with this statement. The problem is that you want
people to use the Internet responsibly, but there are differing degrees
of responsibility. We need to re-define or re-distribute proper use
guidelines again. As an ISP we don't limit what people want to do on
the Internet, as policy. However, we also have policies against various
types of "Internet abuse". Spamming, cracking, etc. We take a very hard
line of these types of activities. However, that didn't stop AOL from
blacklisting us. (See below)

  I think a list of sites that refuse to deal with troublemakers
(with details) would be extremely useful. If people want to use it to
blackhole traffic, that would be their decision.
  David Schwartz
  WIZnet

The problem is: who is defining the list? AOL placed fuse.net
on their blacklist. This prevented all of our subscribers from mailing
into AOL. We found out that the reason they blacklisted us was that
they received 144 complaints from their users about junk mail from Fuse.
The problem: they were all about the same mail message. One of my
ex-users mailed a message to about 1500 AOL subscribers. So, because
0.00206% of their subscriber base complained, they placed our domain
on their list ((144/7,000,000)*100). They didn't contact us, they didn't
find out what our polcies were, they didn't even bother to find out if the
user was actually posting from our site (they were, but AOL couldn't
verify this).

The moral. If you're going to create blacklists, make sure you have good
definitions of how someone gets on, how they are notified that they are
on (so they can respond), and how they can get off. AOL had none of this
in place. My helpdesk just started to get flooded with calls of people
who couldn't mail family members at AOL. Also, AOL was silently removing
the messages. No bounces, just deletes. So, we had no way of knowing
they were doing it, the mail just didn't show up.

This incident has made me very wary of listmakers, and has opened my
eyes on the receiver's point of view.

Thoughts?

If anyone's interested in reading our customer agreement, you're
more than welcome. http://www.fuse.net/Fuse/customer/ca.html
It's somewhat vague, but that gives us a lot of leeway as people come
up with new and different ways to abuse the service. Today spamming,
tomorrow iphone telemarketing?

Michael_Dillon1 · December 27, 1996, 7:21pm

You and your users should lay charges against AOL. They were in violation
of the ECPA which forbids them from deleting email like that the same way
the laws forbid a postal carrier from burning letters they don't want to
deliver.

And if anyone else is thinking of taking similar action to block email,
make sure you either filter port 25 in the router or you bounce back all
the email so that the sending party knows the mail is not going to be
delivered. Once you accept an email message you have a legal obligation to
deliver it to the addressee.

Michael Dillon - Internet & ISP Consulting
Memra Software Inc. - Fax: +1-604-546-3049
http://www.memra.com - E-mail: michael@memra.com

Bradley_Dunn · December 27, 1996, 7:53pm

Ok. I nominate UUNet to be the first on the list. (No, this isn't a UUNet
flame, read on.)

Recently one of their customers decided the incoming directory on our FTP
server would be a good place to start a warez site. We mailed help@uu.net
and noc@uu.net. Our mail included the src IP address and the times that
the uploading of the warez occurred. They were fairly quick to respond
with UUNet's policy on these matters. Basically they will only take action
when told to do so by a law-enforcement agency.

Ok, fine. I understand that they have to protect their interests and that
there are legal implications to all of this. I tend to agree that this
position is the safest one to take.

This raises important issues, though. What do we expect providers to do?
Do we expect them to take action based on email received from
unknown people? It seems from some of the other posts on this topic that
we do expect that.

Getting back to the post that started this thread, the culprit appears to
be from Romania. Since we've all read _The Cuckoo's Egg_, we know that
getting anything done about international cracking is very difficult (or
has this changed?). So it is a catch-22. I think very few people on this
list have the time/resources to pursue prosecution for attacks, unless the
attacks are extremely damaging (ie you can prove to the authorities that
it cost you a LOT of money). Yet, just letting this stuff slide by is not
only frustrating, it does nothing to solve the problem.

I think if you are getting attacked from a specific IP or block of IPs,
you have every right to filter those packets. I question the prudence of a
'blacklist', though.

Just some random thoughts...

-BD