North American Network Operators Group
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: DNS Hijacking by Cox

  • From: Steven Haigh
  • Date: Mon Jul 23 20:55:22 2007

Quoting Joe Greco <[email protected]>:


On Mon, 23 Jul 2007, Joe Greco wrote:
> And, incidentally, I do consider this a false positive.  If any average
> person might be tripped up by it, and we certainly have a lot of average
> users on IRC, then it's bad.  So, the answer is, "at least one false
> positive."

The only way any human activity will NEVER have a single false positive,
i.e. mistake, is by never doing anything.

Do people really want ISPs not to do anything? 

I'd prefer that ISP's tends towards taking no action when taking action
has a strong probability of backfiring.

I'd have to say that at this point it is VERY obvious that you have never administered a large (100k users+) network. The procedures and paths of action you wish the largers ISPs to take are just not practical.

From your web site:
"Please Note: Be very certain that your alleged abuse incident actually originated here before submitting a complaint. Do not sumbit a complaint without full headers, logs, and timestamps. We are not a commercial ISP and it is highly unlikely that your abuse incident actually originated here."

Spelling mistakes and "under construction" pages from 2002 aside, it shows that you look to be familiar with dealing with smaller scale operations. The reality of the matter is that large ISPs can do:

1) Nothing (which makes matters worse in the long run)
2) A disruptive fix (will get some false matches, a handful of IRCers vs 100k+ users is acceptable).
3) Kill accounts.

Now lets look at a quick real world result of each of the three above.

1) Your network eventually caves into the ground. You end up being a host for many spam networks and other nasties. Everyone on the internet hates you.

2) A handful of people complain, cry, whimper, and leave. The number of users in this boat won't really have much of an effect on operations or business. Acceptable losses vs doing option 1.

3) You get a reputation of killing 'innocent' peoples accounts due to unknown infections of crud. Business declines, and you end up working for an ISP that would implement option 2.

In reality, the "purist" ideals of Internet access just does not work.

--
Steven Haigh

Email: [email protected]
Web: http://www.crc.id.au
Phone: (03) 9017 0597 - 0404 087 474