North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Open, anonymous services and dealing with abuse

  • From: Daniel Reed
  • Date: Mon Feb 16 16:26:08 2004

On 2004-02-16T12:58-0500, Sean Donelan wrote:
) On Mon, 16 Feb 2004, Daniel Reed wrote:
) > On 2004-02-15T17:33-0500, Sean Donelan wrote:
) > ) Why don't IRC operators require authentication of their users?
) > ) Why don't SMTP operators require authentication of their users?
) The operator of the anonymous service should deal with the consequences
) of maintaining that anonymitity.  ISPs authenticated their users.  But

And in large part, we do. I am an IRC Operator on a large IRC network,
called EFnet, and I do report abuse whenever it occurs in my presence.

Unfortunately, I have never received an affirmative response from an ISP
after reporting such abuse; never received a request for additional
information; and certainly never seen the problem host cease to be a problem
after reporting.

I am perhaps one of the few operators still interested in abuse reporting;
many have simply resigned themselves to finding abusers using constantly-
evolving techniques and simply banning them from the network when they are
found. This helps us in the short term, but is only an arms race in the long
term. It is a commonly held belief that any type of subscription service
will be repeatedly evaded through technical innovation; the fix must come
from the providers.

The problem appears to be that many network operators do not think of
themselves as anything beyond commercial network providers. Many appear
loath to take any effort above and beyond ensuring their users' bills are
paid regularly, or their budgets are kept low, etc.  Many will have RFC 2142
contacts, but appear to discard incoming mail. Some, such as Charter
Communications, do not even have these mandatory addresses (mail is not
accepted for <[email protected]>).

) Restuarant operators are responsible for the safe preparation of the food
) they serve and the cleanliness of their resturants.  It is not up to the
) highway department to prevent sick people from visiting your restuarant
) or to monitor the trucks transporting food on the highway.

And on the other hand, it is the CDC that would perform an outbreak
isolation, not the restaurant staff.

The CDC would also trace who the infected person had contact with and take
steps to verify their health, etc.  The restaurant could not possibly hope
to have the resources or training to effectively deal with people walking in
off the street carrying a deadly pathogen, and still have enough resources
to provide a decent service.

Daniel Reed <[email protected]>
The pursuit of pretty formulas and neat theorems can no doubt quickly
degenerate into a silly vice, but so can the quest for austere
generalities which are so very general indeed that they are incapable
of application to any particular. -- Eric Temple Bell, Mathematician