North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Attn MCI/UUNet - Massive abuse from your network

  • From: Paul Vixie
  • Date: Thu Jun 24 20:42:55 2004

chris has been answering a lot of complaintage here today.  here's my omnibus:

> ...
> 2) 701 gets complaints, notifies good customer Exodus who terms the
> ...
> 13) return to step 2
> 
> This process happens repeatedly, spammers know they can get about a month
> of time (or more, depending on upstreams and hosting providers in question)
> ...

so, normal business case or risk analysis would seem to have led uunet to
put procedures in place that would try to break this loop.  for example, if
a complaint indicated that a known spammer was back downstream of as701 but
through a different customer of yours, you'd null-route their cidr block
BEFORE "notifying good customer who terminates".  all you have to do to
break this kind of loop is make it less profitable, or more expensive, for
the person who is presently benefitting from your lack of procedures.  you
don't have to stop the spam, merely reverse the shifting of costs.

but that presumes it's costing you more than you're making from it, which is
probably a very difficult business case to make to upper management.  by the
lack of ordinary cost control and risk analysis, your management team shows
their true colours.

> The 'security' or 'safety' of the backbone is not affected by:
> 
> 1) portscaning by morons for openshares
> 2) spam mail sending
> 3) spam mail recieving
> ...
> So, the issue of termination for this reason isn't really valid. Hence the
> off-topic-ness of this thread.

what about

  4) using receiver-side blackholes to make up for lack of sender-side policy

you can terminate the thread, but the fact that you and sean aren't willing
to disco spewing endsystems is leading to intentional internet instability,
and that means sooner or later, this thread will be back, just like always.
-- 
Paul Vixie