What's going on?

From markb@infi.net Thu Apr 17 19:49 PDT 1997

Tell me about it. In the course of today's activities, I
learned that one of our users with a small commercial web site
on one of our servers spammed the net from an account on
another ISP. The spam contained a pointer to his URL on
our server.

The spammer in this case is not misusing any of your
resources. A web provider stands on a very tenuous
ground. I fail to understand those--who would vandalize
your network or incite others to vandalize it--who want
to force that choice on you:

From: Michael Dillon <michael@memra.com>

I certainly don't condone any attacks on AGIS but I think this should be a
lesson that Internet users expect a certain standard of behavior from
network providers. While there may be no legal imperative to force network
providers to ehave in a certain way, the will of the people has a way of
making itself felt and we ignore it at our peril.

    (Internet users != hackers)
    
I understand the will of the people to boycot a certain
company or a product, but breaking into others' property?
Sophistry like above deserves some of the blame for the
break-ins.

Some of the mail seems to be holding us partially culpable
for the spam. I'm happy to report that the other ISP is taking
action against the spam complaint, but I don't know of any
interpretation of Netiquette that condemns commercial WWW sites.
I don't know that I'd favor an abuse policy that encompasses
WWW sites, even if they are listed elsewhere in spam mailings,

Where does one draw the line? The phone company that gives
phone service to the email spammer, the gazillion dollar
software and hardware companies that sell their pc/email/browser
products to the spammers? Break into them? It is easy to
imagine the company some of the extermist anti-spammers
would be keeping, at this rate.

This issues has relevance to nanog--the veiled encouragement
to break-ins I see here does result into network operational
problems, more than most of the spams do.

Sanjay.

PS. I don't condone spamming, my company disconnect accounts
that spam _from_ our network.

Why doesn't everyone who has a problem with it. Take _REAL_ action. Like,
oh say.. terminate peering with AGIS 's network? Or ban the routes
emanating from their mail servers. Just pull the MX records, or find out
their mail-server addresses and ban them. Better yet, if you are going to
boycott, terminate peering all together and ban connectivity to/from their
network via any carrier to yours.

I don't overtly have a problem with email-spammers, it is annoying, yes but
most also terminate sending you stuff if you ask nicely and not
fly-off-the-handle at them or flame them publicly.

All I am saying, is if you want to achieve anything, don't do anything
illegal like hacking, or reverse spamming their mail-servers. Just BOYCOTT
the network. Terminate all traffic to/from them to yours and petition
people to follow suit. If you are THAT upset, take REAL action.

Again, I don't have any problems with AGIS, spammers, etc. If you are going
after email spammers, go after news spammers, people who register 10,000
domains to resell them, NSPs who falsely register for large address blocks
and don't use them, or use them inefficiently, go after people who will not
CIDR their announcements. There are SO many areas of broadband abuse that
affect all of the Internet, I don't see the point in focusing in on one
tiny aspect of it.

My opinions are my own, not my company's.

All I am saying, is you want a boycott. BOYCOTT don't screw around and do
illegal things, that makes you as bad as them in my opinion.

Matt Pearson

Redirect all flames to /dev/null

>I certainly don't condone any attacks on AGIS but I think this should be a
>lesson that Internet users expect a certain standard of behavior from
>network providers. While there may be no legal imperative to force network
>providers to behave in a certain way, the will of the people has a way
>of making itself felt and we ignore it at our peril.

    (Internet users != hackers)
    
I understand the will of the people to boycot a certain
company or a product, but breaking into others' property?
Sophistry like above deserves some of the blame for the
break-ins.

Sorry but you're wrong. Let me point out that "Internet users" does not
mean "hackers" (now where have I heard that before? :-). I am referring to
the countless millions of Internet users who get unsolicited commercial
email in their mailboxes and are frustrated because they don't know who to
complain to about it other than their elected representatives.

Where does one draw the line?

Good question but there is no easy answer. However I suspect that people
who understand the Internet intimately will need to be involved in
drawing the line to make sure it makes sense.

This issues has relevance to nanog--the veiled encouragement
to break-ins I see here does result into network operational
problems, more than most of the spams do.

You misunderstand my point. I do NOT encourage breakins, mailbombing,
SYN-flooding or any other kind of attacks as a solution to the SPAM
problem. It's not a technical problem so technical solutions won't cut it.
But it *IS* something that every network provider should think about
carefully because the network does not operate in a vacuum. If a provider
encourages spammers or harbors spammers who attack other providers'
systems then the environment, i.e. the general Internet user population,
*WILL* attack them. Facing up to reality is not the same as condoning or
encouraging that action. And part of facing up to reality is realizing
that the cost of defending your network against the people may be higher
than any benefit gained from taking a hands-off attitude towards your
customer activities.

Michael Dillon - Internet & ISP Consulting
Memra Software Inc. - Fax: +1-250-546-3049
http://www.memra.com - E-mail: michael@memra.com

You're right. There are many different varieties of network abuse. So how
do we define it and how do we communicate to people that they can't *DO*
that?

Michael Dillon - Internet & ISP Consulting
Memra Software Inc. - Fax: +1-250-546-3049
http://www.memra.com - E-mail: michael@memra.com

My honest recommendation although nobody wants to hear it is simple. You
accomplish it the same way telecom, video, and other providers have for
years and years.. GOVERNMENT REGULATION. If every ISP had to get licensed
by the US (or other..) government and a clearly defined set of regulations
were in place, the government would put their foot down on those breaking
the rules, the same way they would shut down NBC if they showed XXX movies
uncut on purpose. If it was an accident they would fine them SOOO heavily
that it would never happen again.

I hate to say it but it appears that the Internet cannot run itself anymore
because big-business does not want to sit down and play by the rules (not
that there are any). Almost all the Internet "authorities" are a joke, they
cant really do ANYTHING, they could be sued for making decisions that hurt
one company or another, and at most meetings it usually at some point
breaks down into mud slinging and accusations.

There is no way that I can see logically to level the playing field for all
participants, and allow every participant equal say or right to dispute a
problem in an equitable manner except for government regulation (at least
here in the US). Would this hurt business? Doubtfull for -serious-
companies, look how many independent TV stations there are, or radio
stations not part of the big 3 networks? No counting cable even. All it
means is that a company would have to make a serious commitment to customer
service, and maintain interconnection agreements overseen by the feds. If
there was a problem between providers, the government would step in and
mediate it.

Also, if you think I am too liberal or a democrat I am not. In fact I am an
Independant voter, and I am actually rather conservative about government.
I just think this is one place where they could do good. In the end I think
they will step in anyhow. After all, are ISPs so different than
long-distance phone companies who lease lines from RBOCs, connect
residential and business consumers, and take data interstate? Sound
familiar to anyone? If you think the FCC isn't going to do something to
regulate ISPs.. think again.. they could get the mandate far easier than
you would like to belive.

Unless some miracle happens and everyone drops the egos, drops the
attitudes, and sits down at the table and irons out REAL standards, REAL
policies, and REAL enforcement procedure, you can bet REAL money that the
federal government will step in and regulate. Look how many lawsuits vs.
ISPs / Online Services have come up in the last year for quality of service
problems, look at the CDA!

We better do something QUICK before Uncle Sam gets any bright ideas.

My $0.2

Send all flames to /dev/null or root@127.0.0.1

Also, if you think I am too liberal or a democrat I am not. In fact I am an
Independant voter, and I am actually rather conservative about government.
I just think this is one place where they could do good. In the end I think
they will step in anyhow. After all, are ISPs so different than
long-distance phone companies who lease lines from RBOCs, connect
residential and business consumers, and take data interstate? Sound
familiar to anyone? If you think the FCC isn't going to do something to
regulate ISPs.. think again.. they could get the mandate far easier than
you would like to belive.

government regulation would do exactly what it has done for radio and
tv. it would be almost impossible for startups to play, even if you
maintain a minimum level of service, simply because it is too
expensive. it would drive out small players who may have a lot of good
to contribute.

also, there is no way to tell the government how much regulation they are
allowed. if they decide they want to come in and violate constitutional
rights left and right (government controlled encryption for american
citizens on the government controlled internet, anyone?) then there is
little that can be done to stop them. you can't defend yourself against
the vampire once you have invited him across your doorstep.

so perhaps that is the trade-off. high-probability of network stability
vs. freedom. personally, i think government intervention would only
serve to stunt on-line activity, but the big 3 are looking at the bottom
line and i am sure see a different picture.

b3n

Matthew E. Pearson wrote:

My honest recommendation although nobody wants to hear it is simple. You
accomplish it the same way telecom, video, and other providers have for
years and years.. GOVERNMENT REGULATION.

You want the same people who brought us safety devices that kill
children
(airbags) to regulate the net? That the best way I know of to turn
double
and triple digit growth into single digit growth/stagnation.

Please, please be careful of what you ask for.

-peter

Matthew E. Pearson wrote:
>
> My honest recommendation although nobody wants to hear it is simple. You
> accomplish it the same way telecom, video, and other providers have for
> years and years.. GOVERNMENT REGULATION.

which govenment ?

Regards,

aid

Adrian J Bool wrote:

> Matthew E. Pearson wrote:
> >
> > My honest recommendation although nobody wants to hear it is simple. You
> > accomplish it the same way telecom, video, and other providers have for
> > years and years.. GOVERNMENT REGULATION.

which govenment ?

Doe, the Sultan of the Sovereign Comet of Hale-Bopp.

-peter

You draw the line at what is clearly abuse of legitimate resources. Mail
has a legitimate purpose. Browsers and phone company access can be used
in 'legitimate' ways. Unsolicited commercial email on the Internet is
an attack which makes unauthorized use of resources belonging to other
people to offset advertising cost. Netscape sells its browser to everyone,
and it never intended to have it used for spamming, any more than Eric
intended sendmail to be used for it. (Quite the contrary, of course, I
would assume.)

The unsolicited email is generally obnoxious and distasteful. You won't
see pornography advertisements under your windshield wiper when you come
out from shopping. And the fact that the "spammers" hide their origin
as cleverly as they can is the final piece of illegitimacy. There is
legitimate and illegitimate use of resources, and spam is illegitimate.
Whether to fight fire with fire is another question entirely, but the
blame for spam clearly falls on the spammers themselves, and I would not
have any sympathy for a SYN flooded web page advertised via spam.

My honest recommendation although nobody wants to hear it is simple. You
accomplish it the same way telecom, video, and other providers have for
years and years.. GOVERNMENT REGULATION. If every ISP had to get licensed
by the US (or other..) government and a clearly defined set of regulations

[...]

I hate to say it but it appears that the Internet cannot run itself anymore
because big-business does not want to sit down and play by the rules (not

[Many lines of "the government is the solution" deleted]

We better do something QUICK before Uncle Sam gets any bright ideas.

Don't you feel a little silly posting both these statements in the same
message? You certainly look it:(

--- David Miller