North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Abuse.cc ???
Jacks right on the money there. Traffic being generated and directed to my network uses bandwidth, something I/my company pays for. Since its a cost I am tasked to prove/disprove its benefit, so. Perhaps if one isn't probing and/or reporting utilization trends and usage this would not be so much an issue, but on my networks it is. If I were to take the stance of "oh but its not hurting anything" you bet most of my IPOPs would look like ripe pickings for the masses of kiddie scripters/hackers. Its part of the job to police and keep clean the networks I'm responsible for. As well I do the inverse, if I get a complaint about some activity from within one of my netblocks I do my best to follow up on it and see its not some new "feature" of M$ or a fat fingered configuration somewhere. I actually welcome the complaint as it may bring to my attention something/one that is gone wrong. Granted I'm not about to nit pick a few packets type in error by some poor sap on AOL, but in this case over 400 would enlighten a response to you/your provider. Perhap this is "old school" thinking but in my model of networks its a proven and working theory. Well just my 2�s. -Joe /* "Well if all the bits are 1's then we charge more" "Why is that?" "Larger audience" */ ----- Original Message ----- From: "Jack Bates" <[email protected]> To: "Matthew S. Hallacy" <[email protected]> Cc: "McBurnett, Jim" <[email protected]>; <[email protected]> Sent: Saturday, April 05, 2003 12:16 PM Subject: Re: Abuse.cc ??? > > Matthew S. Hallacy wrote: > > > > How was this traffic causing harm to your network? I'd rather have them > > dealing with people actively breaking into systems, DoS'ing, etc than > > terminating some customer who's probably infected with the latest > > microsoft worm. > > > > Worm control is important. If we let them run rampant, then they will > build up to a critical mass and become DOS quality. One of my transit > customers was ignoring the worm reports I was sending him. Interesting > enough, he DOS'd his own routers as several of the people infected were > behind NAT generating 11,000 connections in less than a minute. Ever > seen a C3640 with 11,000 NAT translations? In this case, it's a customer > that didn't have high end equipment. If he'd had high end equipment, > then others would suffer the performance hit, not to mention extra noise > making it harder to detect purposeful scans and attacks. Some worms, > like Code Red, cause a DOS on web enabled equipment as well. The F > variant, for example, will shut down Net2Net dslams, some cisco > equipement, and I'm sure a lot of other things. > > > -Jack |