URGENT: Operational Integrity Problem with IQ-INTERNET.COM
Reference: Sprint Customer Larry Host Domain: IQ-INTERNET.COM Problem Summary: Out of control mail loop 1. For the past 48 or so hours all e-mail from the domain IQ-INTERNET.COM has been blocked from our domain, STD.COM. All such email is refused with an immediate error message by our (std.com) server. 2. The account lhost@iq-internet.com, owner or adminstrator of this iq-internet.com domain, has been informed of this many times in this period. Messages have been left on their answering machine. Sprint personnel attempted to relay this message to him though I do not know if they were successful. Sprint security personnel have publically and privately (to me) acknowledged the problem. 3. Electronic mail continues to be sent (as of 17:17 EST) from iq-internet.com to world.std.com at a rate of several messages per minute, each one refused. THIS IS NOT A POLICY PROBLEM -- THIS IS A TECHNICAL PROBLEM. There is no reason for a host to send thousands of email msgs each being refused long after being informed of this state of affairs except: a) maliciousness b) severe technical failure or error, or gross operating negligence. I informed Sprint of this several hours ago, I reported it as a *TECHNICAL* problem although apparently Sprint network personnel continue to infer that they can read the system owner's mind and intuit that he is doing this for relatively innocent or purposeful reasons such that Sprint can not get involved. I assert this judgement by Sprint network personnel is a serious error and Sprint is ignoring a severe technical problem to the active detriment of the world-wide internetwork. There is a knowing dereliction of TECHNICAL AND OPERATIONAL responsibilities occurring here, and this abrogation of administrative responsibility is causing my business palpable damage, with full knowledge of authorized Sprint network operational and security personnel and more than sufficient time for them to have responded. xc: Sprint Legal Dept, Software Tool & Die Counsel -- -Barry Shein Software Tool & Die | bzs@world.std.com | http://www.std.com Purveyors to the Trade | Voice: 617-739-0202 | Login: 617-739-WRLD The World | Public Access Internet | Since 1989
What relevance does this have to the NANOG community? rob
Reference: Sprint Customer Larry Host Domain: IQ-INTERNET.COM Problem Summary: Out of control mail loop
1. For the past 48 or so hours all e-mail from the domain IQ-INTERNET.COM has been blocked from our domain, STD.COM. All such email is refused with an immediate error message by our (std.com) server.
2. The account lhost@iq-internet.com, owner or adminstrator of this iq-internet.com domain, has been informed of this many times in this period. Messages have been left on their answering machine. Sprint personnel attempted to relay this message to him though I do not know if they were successful. Sprint security personnel have publically and privately (to me) acknowledged the problem.
3. Electronic mail continues to be sent (as of 17:17 EST) from iq-internet.com to world.std.com at a rate of several messages per minute, each one refused.
THIS IS NOT A POLICY PROBLEM -- THIS IS A TECHNICAL PROBLEM.
There is no reason for a host to send thousands of email msgs each being refused long after being informed of this state of affairs except:
a) maliciousness b) severe technical failure or error, or gross operating negligence.
I informed Sprint of this several hours ago, I reported it as a *TECHNICAL* problem although apparently Sprint network personnel continue to infer that they can read the system owner's mind and intuit that he is doing this for relatively innocent or purposeful reasons such that Sprint can not get involved.
I assert this judgement by Sprint network personnel is a serious error and Sprint is ignoring a severe technical problem to the active detriment of the world-wide internetwork.
There is a knowing dereliction of TECHNICAL AND OPERATIONAL responsibilities occurring here, and this abrogation of administrative responsibility is causing my business palpable damage, with full knowledge of authorized Sprint network operational and security personnel and more than sufficient time for them to have responded.
xc: Sprint Legal Dept, Software Tool & Die Counsel
-- -Barry Shein
Software Tool & Die | bzs@world.std.com | http://www.std.com Purveyors to the Trade | Voice: 617-739-0202 | Login: 617-739-WRLD The World | Public Access Internet | Since 1989
What relevance does this have to the NANOG community?
Probably none. But as long as you've mentioned it, I am now feeding my blackhole routing table (full of spammers like iq-internet.com) to several people via OSPF. (I am not willing to feed it with BGP since the potential for leaks is much greater.) Anyone who isn't getting it that wants it should let me know. It only has on it people who have ignored warnings and continued to send unwanted mass e-mail. I make the blackhole feed available free of charge, but you have to sign an agreement promising not to leak the blackhole routes to anyone who has not explicitly asked to receive them. In Star Trek they call this "rotating shield frequencies." You can also follow along with http://www.vix.com/spam/ and edit your own blackhole list. But if you are worried -- and you should be! -- about not checking back and removing people who have stopped spamming, or you would like to be on more of a hair-trigger for having the blackhole routes entered into your network, I am willing to provide a real time feed on the above terms.
On January 3, 1997 at 15:49 rob@elite.exodus.net (Robert Bowman) wrote:
What relevance does this have to the NANOG community?
I thought someone here might be interested, even just for informational purposes, in the operational problems Sprint is causing in the north american network with their negligent and/or incompetent network administration. As of 20:27 EST that mailer loop was still running full bore, about 6 hours after Sprint acknowledged the specific problem report (which they waffled on), and documentably over 24 hours after their staff acknowledged the general problem in public (that is, the specific incident was no surprise, they've been talking about this site's outrageous behavior for at least a full day, I have the mail.) But go ahead, tell your customers that slow-downs and congestion on the net are due to mere demand, and we'll all keep conspiratorially quiet about how arrogant, incompetent billion dollar plus corporations refuse to lift a finger to resolve egregious problems even when it's laid out to them as clearly as can be and theyre given 24+ hours to respond. It's better PR, huh, <wink wink>? Let's keep up that illusion of all being good-spirited and pulling our weight for the common good of the net, even if it is just bullshit (at least in part), otherwise, who knows, someone might lose faith and someone like Bob Metcalfe might write another article just scaring people...can't have that, must keep up appearances! Must hold firm to the claim that we're all rowing as fast as we can! (Some of us certainly are, not my point.) As I write this it's *conceivable* the loop has been stopped, I just checked, but how many here think this development might have just a tiny bit to do with embarrassing Sprint in public? Hands? Yeah, I thought so. I dunno what the hell else to do, to be frank, I really don't. Maybe public embarrassment will work, at least I was decent enough to try to keep my first shot in front of a highly technical audience who can understand exactly what's going on here and keep it all in perspective. If I upset anyone (outside of Sprint), I apologize. -- -Barry Shein Software Tool & Die | bzs@world.std.com | http://www.std.com Purveyors to the Trade | Voice: 617-739-0202 | Login: 617-739-WRLD The World | Public Access Internet | Since 1989
Barry Shein writes:
As I write this it's *conceivable* the loop has been stopped, I just checked, but how many here think this development might have just a tiny bit to do with embarrassing Sprint in public? Hands? Yeah, I thought so.
How about a dose of realism here: The people that need to make the decision to act on this kind of situation probably do not read the nanog mailing list. The people that do read the nanog mailing list have most likely already brought the situation to the right folks attention if what you say is true. So an attempt at embarrasing Sprint here will most likely have no effect. -Hank *speaking for myself and not my employer*
At 10:01 PM -0500 1/3/97, Henry Kilmer wrote:
Barry Shein writes:
As I write this it's *conceivable* the loop has been stopped, I just checked, but how many here think this development might have just a tiny bit to do with embarrassing Sprint in public? Hands? Yeah, I thought so.
How about a dose of realism here:
The people that need to make the decision to act on this kind of situation probably do not read the nanog mailing list. The people that do read the nanog mailing list have most likely already brought the situation to the right folks attention if what you say is true. So an attempt at embarrasing Sprint here will most likely have no effect.
Let me propose a different reason for posting this here. I recognize this is not the stop-spam list. It is, however, operational. Barry originally raised the issue Sprint was "trying to read the mind of their client." Two people responded they had been spammed heavily from the same source, two people not at world.std.com. I just got hit again; the addressee list, I think, is recent posters on comp.dcom.sys.cisco. These reports help give ammunition to pass back to Sprint that this is not an isolated incident.
Right, exactly, it's possible that someone's attempt at spam can become an out of control operational problem when thousands of mail msgs are looping uncontrollably and non-stop for 48+ hours. That's all, that's what happened, the guy crossed a line from simple spamming to obviously out of control behavior. What's the rationale, that he likes to get thousands of mail bounces? That this is his business? I brought this here precisely because it had become, in my opinion, an operational problem and had ceased to be a simple spam, and Sprint was being non-responsive AS A MATTER OF POLICY. That's a problem. Ya know, folks, this isn't the only spam I've ever encountered, believe it or not. -- -Barry Shein Software Tool & Die | bzs@world.std.com | http://www.std.com Purveyors to the Trade | Voice: 617-739-0202 | Login: 617-739-WRLD The World | Public Access Internet | Since 1989
On January 3, 1997 at 22:01 hank@rem.com (Henry Kilmer) wrote:
Barry Shein writes:
As I write this it's *conceivable* the loop has been stopped, I just checked, but how many here think this development might have just a tiny bit to do with embarrassing Sprint in public? Hands? Yeah, I thought so.
How about a dose of realism here:
The people that need to make the decision to act on this kind of situation probably do not read the nanog mailing list. The people that do read the nanog mailing list have most likely already brought the situation to the right folks attention if what you say is true. So an attempt at embarrasing Sprint here will most likely have no effect.
You forgot the part about this going on for the past 48 hours with no action, then suddenly on a Friday night the dams break. Ok, have it your way if you like your story better.
-Hank *speaking for myself and not my employer*
-- -Barry Shein Software Tool & Die | bzs@world.std.com | http://www.std.com Purveyors to the Trade | Voice: 617-739-0202 | Login: 617-739-WRLD The World | Public Access Internet | Since 1989
FYI, I have received several spams from this source in the last few days, and have sent complaints to appropriate abuse/postmaster accounts at providers including Sprint. The question in my mind is increasingly not what is in the source client's mind, but whether the traffic is violating Sprint's usage policies. Anyone else been receiving abuse from this source? Howard Berkowitz At 5:26 PM -0500 1/3/97, Barry Shein wrote:
Reference: Sprint Customer Larry Host Domain: IQ-INTERNET.COM Problem Summary: Out of control mail loop
1. For the past 48 or so hours all e-mail from the domain IQ-INTERNET.COM has been blocked from our domain, STD.COM. All such email is refused with an immediate error message by our (std.com) server.
2. The account lhost@iq-internet.com, owner or adminstrator of this iq-internet.com domain, has been informed of this many times in this period. Messages have been left on their answering machine. Sprint personnel attempted to relay this message to him though I do not know if they were successful. Sprint security personnel have publically and privately (to me) acknowledged the problem.
3. Electronic mail continues to be sent (as of 17:17 EST) from iq-internet.com to world.std.com at a rate of several messages per minute, each one refused.
THIS IS NOT A POLICY PROBLEM -- THIS IS A TECHNICAL PROBLEM.
There is no reason for a host to send thousands of email msgs each being refused long after being informed of this state of affairs except:
a) maliciousness b) severe technical failure or error, or gross operating negligence.
I informed Sprint of this several hours ago, I reported it as a *TECHNICAL* problem although apparently Sprint network personnel continue to infer that they can read the system owner's mind and intuit that he is doing this for relatively innocent or purposeful reasons such that Sprint can not get involved.
I assert this judgement by Sprint network personnel is a serious error and Sprint is ignoring a severe technical problem to the active detriment of the world-wide internetwork.
There is a knowing dereliction of TECHNICAL AND OPERATIONAL responsibilities occurring here, and this abrogation of administrative responsibility is causing my business palpable damage, with full knowledge of authorized Sprint network operational and security personnel and more than sufficient time for them to have responded.
xc: Sprint Legal Dept, Software Tool & Die Counsel
-- -Barry Shein
Software Tool & Die | bzs@world.std.com | http://www.std.com Purveyors to the Trade | Voice: 617-739-0202 | Login: 617-739-WRLD The World | Public Access Internet | Since 1989
On Fri, 3 Jan 1997, Howard C. Berkowitz wrote:
providers including Sprint. The question in my mind is increasingly not what is in the source client's mind, but whether the traffic is violating Sprint's usage policies.
Yes it is. They claim that you can be removed from their mailing lists by replying with "NO MAIL" as the subject line, but it does not work. I just received another SPAM from them. Michael Dillon - Internet & ISP Consulting Memra Software Inc. - Fax: +1-604-546-3049 http://www.memra.com - E-mail: michael@memra.com
Today seems to be my day for cluttering up NANOG with world-scope problems:
providers including Sprint. The question in my mind is increasingly not what is in the source client's mind, but whether the traffic is violating Sprint's usage policies.
Yes it is. They claim that you can be removed from their mailing lists by replying with "NO MAIL" as the subject line, but it does not work. I just received another SPAM from them.
I refuse to remove myself from every spam list that gets made. That would be several per day, 365 days per year, soon to to be dozens per day. Rather, I expect users to behave themselves and I expect ISP's to educate their users to behave themselves (or cut them off if they won't) and I expect NSP's to cut off ISP's who won't educate and control their user populations. "Receiver pays" isn't just a direct marketing panacea, it's a license to remove people from your routing table if they won't stop wasting your money. http://www.vix.com/spam/ has more details. (Note that I don't run that page, I just host it.)
On January 3, 1997 at 18:17 michael@memra.com (Michael Dillon) wrote:
On Fri, 3 Jan 1997, Howard C. Berkowitz wrote:
providers including Sprint. The question in my mind is increasingly not what is in the source client's mind, but whether the traffic is violating Sprint's usage policies.
Yes it is. They claim that you can be removed from their mailing lists by replying with "NO MAIL" as the subject line, but it does not work. I just received another SPAM from them.
Once more, it's not spam, it is clearly an out of control process, it continues sending thousands and thousands of messages even when they are all refused by a site, for 48+ hours, and no administrator at the source site acknowledges the problem, there's no reason to even believe anyone is there (you get an answering machine, email is unanswered, etc.) That's a technical/operational problem (or has to be treated as such.) IQ-INTERNET.COM should be blocked until they indicate that they are credibly in control of their software. It is impossible for me to believe that they can be allowed to claim that they are doing something purposeful and within their rights when we can show that for 48 hours they have sent thousands of messages, several per minute, which have all been returned with errors. That's like believing a guy driving down a hill without brakes is merely in a rush. Look, even Spam-King Slaton, the best living argument for post-natal abortion, can have a bug forcing his site's connectivity to be shut down. It happens, and it's even more likely to happen at a site like his where he prefers unattended operation involving sending out, I assume, millions of email msgs automatically. Let's try hard to get our collective heads out of our collective asses, OK? We all know what a loop out of control is. -- -Barry Shein Software Tool & Die | bzs@world.std.com | http://www.std.com Purveyors to the Trade | Voice: 617-739-0202 | Login: 617-739-WRLD The World | Public Access Internet | Since 1989
In our previous episode, Howard C. Berkowitz was heard to say:
FYI, I have received several spams from this source in the last few days, and have sent complaints to appropriate abuse/postmaster accounts at providers including Sprint. The question in my mind is increasingly not what is in the source client's mind, but whether the traffic is violating Sprint's usage policies.
Anyone else been receiving abuse from this source?
iq-internet.com / net is Jeff "Spam King" Slaton's latest scheme. Sprint has said several times that they are "re-working" their spam policy, and that a new, improved policy would be availible Real Soon Now, and might even be enforced. Robbie -- Robbie Honerkamp robbie@mindspring.com
This has little or nothing to do with any "spam" policy. If a site completely blocks email traffic from another site, and that site many hours (over a day) after being reliably informed of this and asked to stop continues to send thousands of messages all falling into a rathole, then that is not spam, that is software out of control, an operational problem. To deduce otherwise simply because the source is a known spammer is pure mind-reading as to intent. How can a person claim they are merely exercising some right as a "spammer" when ALL THEIR MAIL IS BEING TOSSED ON THE FLOOR WITH ERRORS? That's not spamming, any more than hitting yourself on the head with a bat is baseball. Sprint can certainly, if they cared, verify that thousands of messages were being bounced unconditionally yet the other site continued running one or more software loops sending messages. To me this is not much different than creating a broadcast storm etc., someone is asleep at the wheel or malicious, to the point that it justified intervention by a vendor as a purely operational problem, no matter what the "rea mens" (legal term for "state of mind" or "motivation") of the source of the problem is. As a culture we're getting way too sucked into this "oh woe there's nothing we can do" mentality, to the point of acting completely impotent even in the face of actually rather easy to fix problems. These spammers have created a state of panic and confusion in some people, listen to yourselves! Look, if someone sends packets at you at a fairly high rate, regardless of the contents, and you have asked it be stopped at the source, and they don't, and you have gone so far as to block its very purpose and return an error msg on each and every logical transaction attempt, and yet they still come, THAT IS AN OPERATIONAL/TECHNICAL PROBLEM and justifies third-party intervention. Let's stop being so damned morally confused. One message in my mailbox is spam, thousands of messages being refused for 48+ hours, non-stop, is an operational/technical incident, no one is seeing or cares about the content, it's just an out of control software process which needs to be treated as such, and stopped. QED. -- -Barry Shein Software Tool & Die | bzs@world.std.com | http://www.std.com Purveyors to the Trade | Voice: 617-739-0202 | Login: 617-739-WRLD The World | Public Access Internet | Since 1989
On Fri, 3 Jan 1997, Barry Shein wrote:
Let's stop being so damned morally confused. One message in my mailbox is spam, thousands of messages being refused for 48+ hours, non-stop, is an operational/technical incident, no one is seeing or cares about the content, it's just an out of control software process which needs to be treated as such, and stopped.
Are you saying that Sprint's router's or Sprint's customer's CPU has the operational problem? If it is the former then obviously Sprint should do something about it. But it seems to me that the problem is that this site is Spamming and that mostlikely falls under SAPrint's policies about Spamming. I don't see how it is a technical or operational problem involving all of Sprint's Network services. Perhapse you should contact the operators of the supposed run amok sendmail and lean directly on them to stop sending you packets. You can allways put a filter in your router to block traffic from that host. Or maybe you should ask Sprint to apply the filter on their side of you DSx pipe. G
As I said, sending thousands of messages into a rathole after being informed is not spamming, it's an operational problem. Stop trying to play the devil's advocate and consider simply what is right and what is wrong. Sending thousands of bouncing msgs for 48+ hours after being told repeatedly what's going on (or attempts thereto) is not "spam", it's simply a process out of control, whatever the original intent might have been. On January 3, 1997 at 19:32 geoffw@v-site.net (Geoff White) wrote:
On Fri, 3 Jan 1997, Barry Shein wrote:
Let's stop being so damned morally confused. One message in my mailbox is spam, thousands of messages being refused for 48+ hours, non-stop, is an operational/technical incident, no one is seeing or cares about the content, it's just an out of control software process which needs to be treated as such, and stopped.
Are you saying that Sprint's router's or Sprint's customer's CPU has the operational problem? If it is the former then obviously Sprint should do something about it. But it seems to me that the problem is that this site is Spamming and that mostlikely falls under SAPrint's policies about Spamming. I don't see how it is a technical or operational problem involving all of Sprint's Network services. Perhapse you should contact the operators of the supposed run amok sendmail and lean directly on them to stop sending you packets. You can allways put a filter in your router to block traffic from that host. Or maybe you should ask Sprint to apply the filter on their side of you DSx pipe.
G
-- -Barry Shein Software Tool & Die | bzs@world.std.com | http://www.std.com Purveyors to the Trade | Voice: 617-739-0202 | Login: 617-739-WRLD The World | Public Access Internet | Since 1989
On Fri, 3 Jan 1997, Barry Shein wrote:
As I said, sending thousands of messages into a rathole after being informed is not spamming, it's an operational problem.
Sorta like what you're doing to the list right now eh? I think we've all heard your point and made a concious decision as to its being right or wrong. Fine, dandy, now shut about it already, bitching to NANOG about what sprint is/isn't doing about it isn't going to make a difference that I can tell. In fact its most likely going to make your posistion even more problematic by annoying and basically angering folks who would otherwise be willing to help you.
Sending thousands of bouncing msgs for 48+ hours after being told repeatedly what's going on (or attempts thereto) is not "spam", it's simply a process out of control, whatever the original intent might have been.
Be that as it may, your consistent bitching and whining isn't going to solve the situation. Have you tried the word I've learned to live by? its this word call 'ESCALATION', talking to some front line techie at sprint isn't going to solve the issue, bitching about the front line techie isn't going to solve the issue. Escalating until you get to someone who can take care of the situation (without being an ass about it) just might do the trick though. [-] Brett L. Hawn (blh @ nol dot net) [-] [-] Networks On-Line - Houston, Texas [-] [-] 713-467-7100 [-]
participants (9)
-
Barry Shein -
Brett L. Hawn -
Geoff White -
Henry Kilmer -
Howard C. Berkowitz -
Michael Dillon -
Paul A Vixie -
robbie@tomservo.mindspring.com -
Robert Bowman