Sorry to those that may be on other lists. Given general operational nature, I posted to NANOG, so that: 1. money can talk, others will see one view of this provider 2. operationally maybe something will get done 3. policy wise maybe this provider will change its policy 4. Qwest said their people had installed the ACL's properly my evidence is to the contrary. The customer that was impacted is certainly considering their options. I suspect they will vote with their checkbook. PS: Slew == 1 Private email list, 1, Well known public list 1 Local Public-ish list. Slew != as large as it may have sounded... Policies are sometimes in place for good reasons, sometimes because the makers of said policy are void clue. To assume they are inplace for good reason is a leap imho. Some Qwest people I've worked with on this issue are rich with clue, others (ergo via the nice normal paths) are not. My thanks to those that have clue, and my suggestion to management that they help those without clue. On Thu, Aug 28, 2003 at 09:36:37PM -0600, Danny McPherson wrote:
Not sure how many places you intend to post this or related messages, but if you've got a problem vote with your money. Whining to NANOG and a slew of other mailing lists and still giving money to Qwest seems silly to me...
Likewise, the Qwest folks likely aren't quite as clueless as you've attempted to portray them over the last few days, silly policies (policies that are clearly in place for a reason) can be fixed -- and I assure you, above all else, money talks...
-danny
On Thursday, August 28, 2003, at 09:25 PM, John Brown wrote:
Seems like QWEST doesn't have any edge ACL's in place to deal with this lovely worm issue.
Count Source Prexix, rounded up to a /16
144 208.46.0.0 199 65.114.0.0 347 208.45.0.0 462 65.118.0.0 486 65.119.0.0 702 208.44.0.0 ---- 2340 TOTAL Packets out of 2500 for 2 seconds
This is ICMP and TCP MS bad traffic for a 2500 packet capture on a DS1 that is directly connected to Qwest. Ergo, Qwest is the transit provider. Capture period was about 2 seconds. ICK
According to Qwest Tech/Noc people they can't leave filters up for more than 1 day.
Given that this worm has lasted more than 1 day, I'd think its reasonable to leave filters up for say more than one day ????
The other thing I learned from QWEST IP-NOC was that it seems managment decided *NOT TO* filter packets related to this worm issue at the edge......
john brown AS 10480 and others