North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: IP spoofing and spamming

  • From: Karl Denninger
  • Date: Tue Oct 28 20:55:47 1997

On Wed, Oct 29, 1997 at 03:11:21AM +0200, Hank Nussbacher wrote:
> Please no religionics.  Part of the below is true - part is what will happen
> in the near future:
> I have a spammer I am trying to block.  He is multihomed to me and ISP X.
> He has address a.b.c.d from me and address a.b.c.e from ISP X.  Users
> started seeing spams from a.b.c.e and complained to ISP X.  He shut off SMTP
> to the customer but the spamming continued.  Turns out the user defaults out
> to me no matter what, so his address was a.b.c.e when coming out of me.  For
> me that is a spoofed address.  I then go to block his spoofed address.  User
> then says, it is a valid address and I have no business blocking his IP
> addresses, whether he has them from me or ISP X.  I then say I'll block SMTP
> and the user says, "show me one letter from a user on the Internet
> complaining to you that I am spamming".  Since his dns is located elsewhere
> and since the IP addresses are not mine, the users aren't complaining to me
> - but to ISP X and perhaps ISP Y (providing him secondary DNS service).  All
> the ISP X & Y attempts to shut out the spam aren't affective due to the
> multihoming.
> What do we do in these cases?
> Thanks,
> Hank

Shut him off.

The bottom line is this:
	You have no obligation to accept traffic from anyone - unless you
	have a contract to the contrary.

	If you have a contract to the contrary, and don't have in there
	provisions sufficient to prevent spamming, then you're negligent 
	and deserve what you get (including blocked by others who get tired
	of you being a spam-source).

The Internet works because people don't abuse other's resources.  If people
abuse my resources, I stop allowing the abuse.  If they threaten to sue, I
laugh and tell them to go right ahead.  We write our contracts so that we 
can shut off people who spam, even on the first offense.  

We also enforce those policies and DO shut off people who spam.  I simply
don't want their money - regardless of how much they pay, they cost me more
than they bring in when all is said and done.  This is true REGARDLESS of
who the customer is.

We further insist that OTHERS who want to talk to us not abuse our resources.

Those who can't fathom this deserve to be firewalled off from each and every
service they abuse.  If the abusers turn to denial of service attacks and/or
deliberate attempts to raise other's costs of doing business (rather than
communicating), then dropping BGP sessions and/or refusing announcements 
from that ASN are appropriate as well.

You don't *HAVE* to put up with it.  If you do, from your customers or
others, its a *choice.  

That *choice* has consequences.

The 'Net only works because people don't do abusive things.  If the norm
becomes doing abusive things then there will be explicit permission
filters in routers and on services rather than denial filters. 

Do you really want to live on a network like that?  I don't.

Karl Denninger ([email protected])| MCSNet - Serving Chicagoland and Wisconsin     | T1's from $600 monthly to FULL DS-3 Service
			     | NEW! K56Flex modem support is now available
Voice: [+1 312 803-MCS1 x219]| 56kbps DIGITAL ISDN DOV on analog lines!
Fax:   [+1 312 803-4929]     | 2 FULL DS-3 Internet links; 400Mbps B/W Internal