On Sun, 9 Jul 2000, Hal Murray wrote:

I think all the examples I know about involve network abuse, or at least activities that will be considered as network abuse by many sensible people. Maybe the common theme is cost-shifting. I'm including support costs as well as up-front traffic/server costs.

The obvious example is an ISP who wants to take spammers as customers, or host web servers for spammers. The next example is an ISP with a good looking anti-spam section in their AUP but they take a long time to enforce it. How long should it take to disconnect a flagrant spammer? ...

How about ISPs that tolerate crackers or smurfers? What about ISPs that are just slow or incompetent at backtracking abusive traffic with forged headers or setting up filters to drop forged headers from their customers?

I suspect there isn't anyone on this list who has told someone (or at least thought about telling someone) "you're too stupid to use the internet, go away". Stupid people generally don't like being told they are stupid, and as much as we may not like it, they continue to use the internet anyways. There is no IQ test given to those who get internet connections, no licensing, no qualification exam, so we'll pretty much have to accept that stupid people will find their way into our lives, then proceed to setup open mail relays, networks with open directed broadcasts, and RedHat Linux machines. These people may later go on to realize the errors of their ways, but as long as experienced people keep dieing and new people keep getting born, people will make mistakes. Auditing and security your servers and mail relays, having people trained in tracing spoofed packet streams or catching the crackers, having equipment capable of DOING it (if this is even possible), and having sufficient numbers of people necessary to handle the tasks (ever tried responding to the number of spam complaints a fair sized ISP gets, and seperating the false claims from the real ones? Its not fun), is NOT a cheap or easy proposition. So the question is, how do we want to get "other networks" to provide the things? Educate them? Motivate them? Threaten them? Sue them? Ignore them? What do we consider to be an acceptable level of time where we try to be nice, before we decide that they're not going to respond without being not-nice? Who makes this decision? The only way it will be sufficiently "under control" for some people's tastes will be government regulation forcing people to meet a certain level of standards in these things. Thats obviously not what we want. But let me ask this... how many of us who complain about other people's networks and lack of response when we need help, actually run perfect networks outselves? Can you honestly say you have every mail relay in your network accounted for and secured? Can you honestly say you have every one of your customers RFC2267 filtered so they can't attack others? Can you honestly say you have training and policies in place for the expiditious tracing of spoofed packets across your network? Can you honestly say you look into every spam and abuse complain you receive, correctly seperate the real incidents from the paranoia, and handle all issues in a timely fashion? I suspect if your network is of any real size, the answer is NO. So why don't we all take a little bit of time to go work on these things in our own networks now, then encourage our customers to do the same. Just a thought. :P -- Richard A Steenbergen <ras@e-gerbil.net> http://www.e-gerbil.net/humble PGP Key ID: 0x138EA177 (67 29 D7 BC E8 18 3E DA B2 46 B3 D8 14 36 FE B6)