Specifically, I want to know why Comcast makes itself so hard to reach.
I'll bet I could get them to talk to me about this host if it were DDoS'ing
me, or if I aggressively NMAP'd it at 25Mbits/sec for 48 hours straight.
Based on the comments in many forums, I think that is a sucker bet.
Its always been hard for non-customers to reach any ISP. Have you talked
to your upstream provider about your problem? Perhaps your upstream ISP
could block port 53 for you?
I've been talking about the problem for 10 years. I don't think it has
gotten any better or worse.
But because the problem is "non-serious" they do not even reply to e-mail.
Trouble is, it's *their* definition of "serious" being applied, while *I*
am the one receiving this traffic.
Other than auto-responders, how often do ISPs respond to e-mail from
non-customers? Customers can't even contact some ISPs by e-mail, you
must fill out a special web form.
Is your definition of *serious* the same as other people's definition
of *serious*? Ranking all the *serious* problem reports received every
day, how does your *serious* report rank? Higher or lower than the FBI,
spam, the latest e-bay scam, a 25Meg nmap scan for 48 hours straight or
wildcards in the .COM zone?
What this has in common spam is that a company wants margin from last mile
transit but won't incur the reasonable and customary costs of policing their
customers. They expect to get margin on 10,000,000 customers but only incur
"customer care" costs on a 10,000 customer basis. This is what I meant in
the bad old days when I called spam a form of "cost shifting" or "conversion".
Simply put, because Comcast can't be bothered, everyone else on the 'net pays
their avoided costs in various indirect ways.
Comparing things to spam is a good way to stir up emotion, but doesn't
help the discussion very much.
How should an ISP tell the difference between "good" DNS packets and "bad"
Its the fact the recipient doesn't want to receive the packet for
whatever reason, not that the packet itself is "bad." If the ISP
blocked people from doing dynamic DNS updates, I imagine someone would
complain about blocking Dynamic DNS instead. Heck there are companies
that make their business out of enabling people to dynamically update
their DNS records.
What is needed is for individuals to be able to signal "packet blocking"
on a one-to-one basis. What makes the packets "bad" isn't any technical
reason. If you had Comcast at your house and wanted to dynamically update
your DNS server over the Internet, why should Comcast block you from doing
You aren't complaining about your dynamic update packets or even all
dynamic updates. You are complaining about someone sending you packets
you don't want. And more precisely, you are complaining that Comcast is
failing to send you other packets you want to receive, i.e. a response to
your e-mail packets.
Currently, the most common method is the recipient drops the packets
after receiving them. Blocking at the source is difficult, and often
involves layer 8, 9, 10 issues; such as identifying the source,
identifying the "bad" packets, deciding if the packet violates a RFC, TOS,
AUP, etc. Should the sender be blocked from sending packets to anyone,
or just the one person who doesn't want to receive the packets.
Is miconfiguring your Microsoft Windows system a criminal violation
deserving prison or fines? Should the sentencing guidelines take into
account if you use a Macintosh or Linux system instead of Microsoft?
> Why is dynamic DNS update enabled by default on some operating systems?
Microsoft's culpability in this mess is not even on my mind today. They will
at least talk about their role in the situation, so they're more responsible
than Comcast this week.
If you just want to talk about it, Ok. Lets talk. We can talk for years
without doing anything. Meanwhile more and more people are installing
Microsoft Windows bleah with the same default settings.
For the same reasons ISC won't change the default settings in BIND, I
wouldn't be surprised the Microsoft made the same arguments for not
changing the default settings in Windows. It was only after Sendmail
and the other mailers changed the default settings in their products
that slowed down the increase of open mailers. Why could Sendmail
change its defaults, but other vendors won't change their product
I've been thinking how to use ICMP to signal different types of
responses; and even how "smart" edges on both ends of a communication
could establish and enforce policies. Most of these are non-malicious
communications involving misconfigured systems. Edge communications
avoids problems with the host system, but has problems with multi-path
communications and source validation.