GoDaddy.com shuts down entire data center?
Any validatity to this and if so I am suprised that our team has got no calls on not be able to get to certain websites. http://webhostingtalk.com/showthread.php?t=477562 -- http://www.digitalrage.org/ The Information Technology News Center
Elijah Savage wrote:
Any validatity to this and if so I am suprised that our team has got no calls on not be able to get to certain websites.
WOW trying to do to many things at once. What a horrible email LOL. Any validity to this? Because I am suprised that we have not received any phone calls/tickets of customers complaining that they can't get to any of these domains. LOL -- http://www.digitalrage.org/ The Information Technology News Center
On Sun, 15 Jan 2006, Elijah Savage wrote: Any validatity to this and if so I am suprised that our team has got no calls on not be able to get to certain websites. http://webhostingtalk.com/showthread.php?t=477562 I for one applaud godaddy's response. If more piddling "Hosting Providers" with "Datacenters" got turned off when they started spewing abusive traffic, the net would be a much nicer place. Whoever the heck "nectartech" is, I guess they might act a little more responsibly in the future. Or, more probably, they'll just change to another DNS registrar who doesn't care as much about abuse. matto --matt@snark.net------------------------------------------<darwin>< The only thing necessary for the triumph of evil is for good men to do nothing. - Edmund Burke
On Sun, Jan 15, 2006 at 03:32:02PM -0800, Matt Ghali wrote:
On Sun, 15 Jan 2006, Elijah Savage wrote:
Any validatity to this and if so I am suprised that our team has got no calls on not be able to get to certain websites.
http://webhostingtalk.com/showthread.php?t=477562
I for one applaud godaddy's response. If more piddling "Hosting Providers" with "Datacenters" got turned off when they started spewing abusive traffic, the net would be a much nicer place.
Whoever the heck "nectartech" is, I guess they might act a little more responsibly in the future. Or, more probably, they'll just change to another DNS registrar who doesn't care as much about abuse.
FYI, Nectartech is a small hosting shop out of 55 S Market in San Jose. I wouldn't describe them as a "datacenter", since I don't think they own or operate any facilities. Perhaps if they ever managed to find "the command to make two routers talk to each other and be redundant" (a real quote from what has been loosely described as their network admin, I'm not kidding, you can't make stuff like this up :P), their next step might be to find the command to make dns servers talk to each other and be redundant. Reality check time, what we have here is a small hosting shop with a long history of shady customers. I doubt GoDaddy nukes nameservers on a whim, my money is that there was a lot of abuse which went on for a long time without getting any response. Its amazing how quickly some people who don't respond or address abuse issues at all when you're asking nicely will appear and take care of things once you turn them off. The rest is just some random blowhard web hosting customer who gets off on being an ass and blaming everyone but himself and his choice in hosting companies. Hardly an uncommon sight. :) -- Richard A Steenbergen <ras@e-gerbil.net> http://www.e-gerbil.net/ras GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)
Richard, On the other hand , I'm not comfortable with the idea that an organization that provides network infrastructure services under the aegis of the US Government could unilaterally revoke those services for something that is not illegal. By all means, the Justice Dept. and police should move against anyone performing illegal acts such as phishing, I just don't think that it is ICANN or ARIN and GoDaddy's job to police good net citizenship. Joe On 1/16/06 10:07 AM, "Richard A Steenbergen" <ras@e-gerbil.net> wrote:
On Sun, Jan 15, 2006 at 03:32:02PM -0800, Matt Ghali wrote:
On Sun, 15 Jan 2006, Elijah Savage wrote:
Any validatity to this and if so I am suprised that our team has got no calls on not be able to get to certain websites.
http://webhostingtalk.com/showthread.php?t=477562
I for one applaud godaddy's response. If more piddling "Hosting Providers" with "Datacenters" got turned off when they started spewing abusive traffic, the net would be a much nicer place.
Whoever the heck "nectartech" is, I guess they might act a little more responsibly in the future. Or, more probably, they'll just change to another DNS registrar who doesn't care as much about abuse.
FYI, Nectartech is a small hosting shop out of 55 S Market in San Jose. I wouldn't describe them as a "datacenter", since I don't think they own or operate any facilities.
Perhaps if they ever managed to find "the command to make two routers talk to each other and be redundant" (a real quote from what has been loosely described as their network admin, I'm not kidding, you can't make stuff like this up :P), their next step might be to find the command to make dns servers talk to each other and be redundant.
Reality check time, what we have here is a small hosting shop with a long history of shady customers. I doubt GoDaddy nukes nameservers on a whim, my money is that there was a lot of abuse which went on for a long time without getting any response. Its amazing how quickly some people who don't respond or address abuse issues at all when you're asking nicely will appear and take care of things once you turn them off. The rest is just some random blowhard web hosting customer who gets off on being an ass and blaming everyone but himself and his choice in hosting companies. Hardly an uncommon sight. :)
-- Joe McGuckin ViaNet Communications 994 San Antonio Road Palo Alto, CA 94303 Phone: 650-213-1302 Cell: 650-207-0372 Fax: 650-969-2124
On Mon, 16 Jan 2006, Joe McGuckin wrote:
Richard,
On the other hand , I'm not comfortable with the idea that an organization that provides network infrastructure services under the aegis of the US Government could unilaterally revoke those services for something that is not illegal.
It does not have to be illegal. All that is necessary is that customer who purchased the service beware and agree to the policies prior to making the purchase (of course, almost nobody fully reads that long agreement you get presented on the website, but that's another story...) Not being somebody who've ever used godaddy's services, I'm just speculating based on various reports, but I think their registration service agreement is more extensive then domain registration agreement from most other registrars and prohibits use of the domain in connection with spamming as well as in connection with illegal activities. If policies are violated then domain maybe suspended until problem is resolved. I suspect they don't suspend right away and have system of requiring domain owner be available for notification and conversation in case such use (prohibited by their service agreement) is reported. If they do not hear anything about it and reports continue then they take action as allowed by domain registration agreement. What we probably saw is such action after nectartech failed to respond to several notifications and probably kept server running without fully cleaning it up and possibly more then one of their servers was hacked too. This is similar enough situation to what may happen when you run servers on the connection purchased from your ISP and that ISP actually takes abuse reports seriously and has working abuse department that follows up on what is sent them. That this was spinned around as datacenter shutdown on WHT and even got here is a result of both how nectartech wanted itself seen and who they had for dealing with such vendor actions.
On Mon, 16 Jan 2006, Richard A Steenbergen wrote:
The rest is just some random blowhard web hosting customer
I disagree with this particular part. I think its quite clear that this was not "random blowhard hosting customer" but somebody close to nectartech owner who owner knew could get through walls put by some companies and if not annoy the hell out of them afterward and spin it around in [in]appropriate way. -- William Leibzon Elan Networks william@elan.net
william(at)elan.net wrote:
On Mon, 16 Jan 2006, Richard A Steenbergen wrote:
The rest is just some random blowhard web hosting customer
I disagree with this particular part. I think its quite clear that this was not "random blowhard hosting customer" but somebody close to nectartech owner who owner knew could get through walls put by some companies and if not annoy the hell out of them afterward and spin it around in [in]appropriate way.
Precisely. It wasn't just some random blowhard web hosting customer. It was a carefully selected web hosting customer specifically chosen for his expertise at being a blowhard. -- Jay Hennigan - CCIE #7880 - Network Administration - jay@west.net NetLojix Communications, Inc. - http://www.netlojix.com/ WestNet: Connecting you to the planet. 805 884-6323
william(at)elan.net wrote:
On Mon, 16 Jan 2006, Richard A Steenbergen wrote:
The rest is just some random blowhard web hosting customer
I disagree with this particular part. I think its quite clear that this was not "random blowhard hosting customer" but somebody close to nectartech owner who owner knew could get through walls put by some companies and if not annoy the hell out of them afterward and spin it around in [in]appropriate way.
Precisely. It wasn't just some random blowhard web hosting customer. It was a carefully selected web hosting customer specifically chosen for his expertise at being a blowhard.
He sounds like a blowhard to me, and he delayed them getting back online as quick as he could. GoDaddy gave him the same sphiel I've heard 100 times i.e. here's our procedures please do x, y, and z. If you look at the guys web page, he takes pride in being a blow hard so don't fret, he'd disagree with you too. No doubt he's reading NANOG and probably yelling at the mailing admins about how he has to sign up for two lists vs. one and how stupid we all are. -M<
I want to say, from an outsider's perspective, that I whole heartily applaud GoDaddy on the actions they took and the consistent professionalism exhibited by their tech support representative. Despite obvious (and heavily edited) calls to the same agent, the consumer was informed in a professional manner of his/her avenue for resolution. No doubt remains in my mind that the caller was not caught blind by this situation. Go Daddy has a privacy policy that no doubt prohibits them from releasing details of their side of this case, however to me the recording suggests that the caller knew this was the end result, not a sudden surprise move, and they just wanted to circumvent standard proceedure. The caller's prior thought to record, what appears as a standard call to tech-support, is insightful and should be an obvious sign of his motivation. Let me explain my perspective. I am a long standing customer of data center services, and I fully appreciate network operators' efforts to stem the spread of spam and viruses. I run a few non-profit public mailing lists and the emails from my systems traverse your networks hourly. I work quikly and diligently with service providers to overcome issues where our paths cross. I have never been a Go Daddy customer, but I certainly appreciate their stand on this issue. I will probably never be a Nectartech customer after this episode. -Jim P. ----- Original Message ---- From: william(at)elan.net <william@elan.net> To: Joe McGuckin <joe@via.net> Cc: Richard A Steenbergen <ras@e-gerbil.net>; Matt Ghali <matt@snark.net>; Elijah Savage <esavage@digitalrage.org>; NANOG <nanog@merit.edu> Sent: Monday, January 16, 2006 3:43:53 PM Subject: Re: GoDaddy.com shuts down entire data center? On Mon, 16 Jan 2006, Joe McGuckin wrote:
Richard,
On the other hand , I'm not comfortable with the idea that an organization that provides network infrastructure services under the aegis of the US Government could unilaterally revoke those services for something that is not illegal.
It does not have to be illegal. All that is necessary is that customer who purchased the service beware and agree to the policies prior to making the purchase (of course, almost nobody fully reads that long agreement you get presented on the website, but that's another story...)
On Jan 17, 2006, at 1:32 AM, Jim Popovitch wrote:
I want to say, from an outsider's perspective, that I whole heartily applaud GoDaddy on the actions they took [...]
There seems to be a wide split on this topic. I was wondering if people would privately tell me yes or no on a few questions so I can understand the issue better. 1) Do you think it is acceptable to cause any collateral damage to innocent bystanders if it will stop network abuse? 2) If yes, do you still think it is acceptable to take down 100s of innocent bystanders because one customer of a provider is misbehaving? 3) If yes, do you still think it is acceptable if the "misbehaving" customer is not intentionally misbehaving - i.e. they've been hacked? 3) If yes, do you still think it is acceptable if the collateral damage (taking out 100s of innocent businesses) doesn't actually stop the spam run / DoS attack / etc.? These are important question to me, and I'm surprised at the number of people who seem to feel so very differently than I thought they would feel - than I personally feel. Would people mind sending me private e-mails with yes/no answers? Longer answers are welcome, but yes/no will do. Using the case under discussion as an example, I am wondering why anyone thinks taking down 100s of innocent domains is a good way to stop a single hacked machine from doing whatever it is doing? If you somehow think all that is worth it, take a close look at your cost / benefit analysis. At this rate, every business on the Internet will be out of business before we take out even a single moderately large botnet. I am also wondering why anyone thinks the miscreant will stop just because the legitimate owner's domain no longer resolves? Not only is the machine likely to continue sending spam as if nothing happened, we aren't even "catching" the guy. I guess you could say "well, it put pressure on his hosting provider to clean the infected machine", which is true. I just think that's a bit silly. But maybe I'm the one who's silly. Lastly, I wonder what "average" people - people who run businesses on hosting providers who really don't understand all this computer stuff - think about such actions. How many 100s of people have we just alienated for life to stop - er, NOT stop - a single zombie? And how many of their friends are going to hear over an over how the Internet is not a real business and no one should put any faith in it? Is this really a good thing? -- TTFN, patrick
On Tue, Jan 17, 2006 at 02:09:21AM -0500, Patrick W. Gilmore wrote:
On Jan 17, 2006, at 1:32 AM, Jim Popovitch wrote:
I want to say, from an outsider's perspective, that I whole heartily applaud GoDaddy on the actions they took [...]
There seems to be a wide split on this topic. I was wondering if people would privately tell me yes or no on a few questions so I can understand the issue better.
1) Do you think it is acceptable to cause any collateral damage to innocent bystanders if it will stop network abuse?
2) If yes, do you still think it is acceptable to take down 100s of innocent bystanders because one customer of a provider is misbehaving?
3) If yes, do you still think it is acceptable if the "misbehaving" customer is not intentionally misbehaving - i.e. they've been hacked?
3) If yes, do you still think it is acceptable if the collateral damage (taking out 100s of innocent businesses) doesn't actually stop the spam run / DoS attack / etc.?
I don't think anyone (well ok, anyone sane, I know we have a few nutjobs on this list :P) thinks that arbitrarily blocking service to hundreds or thousands of users because someone is unknowingly hacked is an appropriate way to address network abuse. I really have no idea how aggressive GoDaddy is with enforcing their AUP, as I don't personally use their services, but based on what I know about the affected customer and what I can read from the affected whiner's website I'm certainly not going to jump to the conclusion that GoDaddy is running around like a hopped up abuse desk worker on a power trip, shutting off service to random innocent people because they feel like it. The question at hand is, at what point does a registrar providing services have an ethical or moral obligation to step in and do something when they do encounter an excessive level of abuse by someone using their services? At what point does ARIN revoke the allocation of a blatant and persistant spammer who is violating the law without being stopped? I think the answer is that clearly this isn't something they want to be doing on a regular basis, any more than an ISP wants to be responsible for filtering every packet that goes through their routers looking for warez and kiddie porn, yet I have seen them do it in certain rare and severe cases of unrelenting abuse. Maybe it is a judgement call, maybe it isn't. Bottom line, dealing with abuse is an ass job, and I certainly wouldn't want it. Some days you're doing a good thing because you shut down a spammer, some days you're doing a bad thing because you shut down innocent services along with it (and some days you're just fending off "stop hax0ring me on port 80 or I'll sue you and call the CIA" e-mails). I highly suspect that GoDaddy doesn't involve itself in these kinds of issues lightly, which means that in all likelihood the level of abuse was severe, with no communication from the person they suspended service to. I for one have never heard of anyone I know having their GoDaddy service suspended for this kind of thing. Unless someone has some actual facts that GoDaddy is engaging in this kind of activity, I'm inclined to give them the benefit of the doubt. This means, at least for now lumping them in the "respecting them for taking a stand regarding the abuse of their service" category, rather than the "wackjob conspiracy theorist power-crazed zealot" category we all know and love. :) -- Richard A Steenbergen <ras@e-gerbil.net> http://www.e-gerbil.net/ras GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)
On Tue, 2006-01-17 at 03:19 -0500, Richard A Steenbergen wrote:
The question at hand is, at what point does a registrar providing services have an ethical or moral obligation to step in and do something when they do encounter an excessive level of abuse by someone using their services?
I think the issue here is not so much what happened, but how it happened. The phishing problem was originally reported to godaddy and then passed on to nectar on 1/9 (a Monday). It also appears the nectar folks resolved the problem on the same day. After that point godaddy continued to receive complains about the same problem and rather than checking to see if the problem still existed, they just assumed it did. Nectar appears to have even responded to godaddy stating that the problem had already been resolved long before service was cut. IMHO the big issue is that service was cut on a Friday night just as the only folks empowered to resolve the situation have left for the weekend. I can see cutting service during a weekday morning to get the client's attention on the matter. Doing it at a time when you know you'll be causing a long term outage is just plain nasty. HTH, Chris
Patrick W. Gilmore wrote:
On Jan 17, 2006, at 1:32 AM, Jim Popovitch wrote:
I want to say, from an outsider's perspective, that I whole heartily applaud GoDaddy on the actions they took [...]
There seems to be a wide split on this topic. I was wondering if people would privately tell me yes or no on a few questions so I can understand the issue better.
1) Do you think it is acceptable to cause any collateral damage to innocent bystanders if it will stop network abuse?
In some cases. Our policy is to minimize such. Example: Customer has a NATted network with multiple machines sharing one global address. One of the machines at customer's premise is causing abuse (virus, etc.) Null-routing one specific IP address will cause collateral damage to the non-infected machines at that customer, but I think most of here would agree that such is justified. Obviously, if the impact of the abuse is minimal, having the customer fix the problem before shutting anything down is preferred. Another example would be a customer's webserver which has many name-based virtual hosts, one of which is abusive, and you are providing IP connectivity. By null-routing one IP you are causing collateral damage to the non-abusive virtual host customers of your customer, but I think most would think that justified.
2) If yes, do you still think it is acceptable to take down 100s of innocent bystanders because one customer of a provider is misbehaving?
I assume here that you mean "Customer of a customer". Again, it depends. If the customer has continual problems controlling abuse from his customers, or you suspect that your customer is playing "whack-a-mole", or the abuse is ongoing and/or serious and you can't identify which of customer's customers is the cause (spoofed source addresses, etc.) in some cases yes.
3) If yes, do you still think it is acceptable if the "misbehaving" customer is not intentionally misbehaving - i.e. they've been hacked?
Again, it depends on the seriousness of the abuse and its affect on the network, as well as the frequency thereof and the seriousness of the customer in rectifying the problem. Also whether you can reasonably isolate the abuse and disconnect only the customer's abusive customer.
3) If yes, do you still think it is acceptable if the collateral damage (taking out 100s of innocent businesses) doesn't actually stop the spam run / DoS attack / etc.?
If it doesn't stop it but stops your network from being a part of it, yes. If it has no affect on it at all, then you're probably pulling the wrong plug.
These are important question to me, and I'm surprised at the number of people who seem to feel so very differently than I thought they would feel - than I personally feel. Would people mind sending me private e-mails with yes/no answers? Longer answers are welcome, but yes/no will do.
This is IMHO operational, so posting publicly. I don't think this is as black-and-white as to warrant simple yes-no answers. There are policies involved as well as your agreements with your peers/upstreams. If the issue is serious enough that you risk losing your own connectivity because you can't stem the abuse from a customer's customer, then you may need to do so, or the end result will be that you become part of greater collateral damage.
Using the case under discussion as an example, I am wondering why anyone thinks taking down 100s of innocent domains is a good way to stop a single hacked machine from doing whatever it is doing? If you somehow think all that is worth it, take a close look at your cost / benefit analysis. At this rate, every business on the Internet will be out of business before we take out even a single moderately large botnet.
The present example seems to be a combination of poor communication, bad attitude and sloppy network design from what I've seen here. It's unclear to me exactly what GoDaddy shut down, and the only data points we have to go on are admittedly edited conversations that took place after the plug was pulled. What went on beforehand? Did Nectar indeed make a good faith effort to correct the original problem? Was their attitude the same as shown on the phone calls? How long had the problem existed, had it happened before, and did Nectar keep an open dialogue as to the steps they were taking to fix it? Did GoDaddy have less intrusive options to shut down just the abuser?
I am also wondering why anyone thinks the miscreant will stop just because the legitimate owner's domain no longer resolves? Not only is the machine likely to continue sending spam as if nothing happened, we aren't even "catching" the guy. I guess you could say "well, it put pressure on his hosting provider to clean the infected machine", which is true. I just think that's a bit silly. But maybe I'm the one who's silly.
I think this was a case of a fake phishing website rather than outgoing spam spew. If the domain was the target of a phish, then causing it not to resolve would keep the phisher from reaping any benefit from the abuse although the spam run would likely continue, at least for a while until the phisher realizes it is in vain.
Lastly, I wonder what "average" people - people who run businesses on hosting providers who really don't understand all this computer stuff - think about such actions. How many 100s of people have we just alienated for life to stop - er, NOT stop - a single zombie? And how many of their friends are going to hear over an over how the Internet is not a real business and no one should put any faith in it?
Well, "average" people who run businesses on hosting providers" probably should hire someone who does understand all this computer stuff to do some due diligence on the providers they are considering. If their prospective providers netblocks are repeatedly mentioned in SPEWS, Spamhaus, Spamcop, and NANAE, they may want to look elsewhere. Googling "Nectartech abuse" is interesting. As far back as July of last year they were battling GoDaddy over spam and abuse issues. It doesn't look like this should have been all that big of a surprise. In fact, Nectartech's predictions in post 23 of the following thread are eerily accurate. http://www.webhostingtalk.com/showthread.php?s=&threadid=422612
Is this really a good thing?
If steps are taken to minimize collateral damage, yes. Allowing the abuse to continue causes collateral damage to the rest of the Internet for as long as it continues. The choice often boils down to severe collateral damage to a few or raising the noise level and collateral damage to the Internet as a whole. Is cutting off ten customers of an infected customer better than allowing this customer's virus to infect tens of thousands of random hosts on the net worth it? If you're one of the tens of thousands, yes. If you're one of the ten customers, no. -- Jay Hennigan - CCIE #7880 - Network Administration - jay@west.net NetLojix Communications, Inc. - http://www.netlojix.com/ WestNet: Connecting you to the planet. 805 884-6323
----- Original Message ----- From: "Patrick W. Gilmore" <patrick@ianai.net> To: <nanog@nanog.org> Cc: "Patrick W. Gilmore" <patrick@ianai.net> Sent: Tuesday, January 17, 2006 1:09 AM Subject: Re: GoDaddy.com shuts down entire data center?
On Jan 17, 2006, at 1:32 AM, Jim Popovitch wrote:
I want to say, from an outsider's perspective, that I whole heartily applaud GoDaddy on the actions they took [...]
There seems to be a wide split on this topic. I was wondering if people would privately tell me yes or no on a few questions so I can understand the issue better.
1) Do you think it is acceptable to cause any collateral damage to innocent bystanders if it will stop network abuse?
If the damage of the persistant abuse is greater than the lost of the innocent persons, yes.
2) If yes, do you still think it is acceptable to take down 100s of innocent bystanders because one customer of a provider is misbehaving?
Yes I do and more than likely, so do you. If you are a common end point for all of my users and I'm the common end point for yours, either of us has the right to deny access to the other at any point for no reason really. Now, should your network start flooding me or vice versa, one of us, if not both, will toss up some filters. If either of our networks is larger than the other and causing a dos for the other end, the effected one of us would have no recourse but to contact the upstream of the source point and request assistance.
3) If yes, do you still think it is acceptable if the "misbehaving" customer is not intentionally misbehaving - i.e. they've been hacked?
Intentional or not, it doesn't negate the fact that the system has been hacked and is now owned by someone other than the actual owner. If one of my systems were to be hacked and I miss it, and it starts causing problems for your network, I expect my network to be filtered. If your filters aren't effective enough to deal with the issue, and I'm not helping you to correct the problem, I expect you to go to my carrier to file a complaint.
3) If yes, do you still think it is acceptable if the collateral damage (taking out 100s of innocent businesses) doesn't actually stop the spam run / DoS attack / etc.?
There is no simple yes / no for this one. It would depend on the circumstances of the issue. <snip>
Using the case under discussion as an example, I am wondering why anyone thinks taking down 100s of innocent domains is a good way to stop a single hacked machine from doing whatever it is doing? If you somehow think all that is worth it, take a close look at your cost / benefit analysis. At this rate, every business on the Internet will be out of business before we take out even a single moderately large botnet.
You can wonder why, however I, IMHO, think that if more carriers would take that stance, then the problems that we face daily would be much less severe. Currently, there's not much to keep the big players in check when it comes to their network. Now, imagine, what could happen if they were forced to play by the same rules that we have to go by? If our network is causing problems, our uplink(s) have the authority to disconnect them for that generally. Can you see Sprint, SBC/AT&T, L3, Cogent, AOL, Cox, etc having those same rules applicable to them or be depeered from all peers and become network dead? Now, is it feasible to do such a thing? Not usually because it causes financial issues on both sides of the depeering. That's because the internet that we have is used as a means of financial gain and isn't geared for being easily segregated in the event of compromise. Yet, that's the current mechanism for a compromised end user. The same means should be used all the way to the NAP imo.
I am also wondering why anyone thinks the miscreant will stop just because the legitimate owner's domain no longer resolves? Not only is the machine likely to continue sending spam as if nothing happened, we aren't even "catching" the guy. I guess you could say "well, it put pressure on his hosting provider to clean the infected machine", which is true. I just think that's a bit silly. But maybe I'm the one who's silly.
Why should you or I be the ones responsible for catching the miscreant when the compromised system isn't on our network? If it were, then that task would fall to us to do so. If the threat of a delinking were over our heads, we'd have some major incentive to find the idiot and make sure he's not on our net anymore wouldn't we.
Lastly, I wonder what "average" people - people who run businesses on hosting providers who really don't understand all this computer stuff - think about such actions. How many 100s of people have we just alienated for life to stop - er, NOT stop - a single zombie? And how many of their friends are going to hear over an over how the Internet is not a real business and no one should put any faith in it?
Average people think email is secure. Average people think that email is instant. Average people think that updates and patches are a hinderance and not necessary. Average people think that the internet is flawless. Average people think that their current provider is the internet. Average people don't care what happens outside of their cable/dsl modem or their linksys/dlink router. Average people just want it to work and don't want to know what's behind the scenes to make the *magic*.
Is this really a good thing?
Yes, they need to know that the net is like a shark in the water. It may not get you today, tommorrow or never. But that doesn't mean you want to swim in shark infested waters without taking proper precautions.
-- TTFN, patrick
:) Mike P.
On Mon, 16 Jan 2006, Jim Popovitch wrote: [jim, please wrap your text!]
I have never been a Go Daddy customer, but I certainly appreciate their stand on this issue. I will probably never be a Nectartech customer after this episode.
Hear Hear. After reading the GoDaddy domain registration legal agreement, available at: https://www.godaddy.com/gdshop/legal_agreements/show_doc.asp?se=%2B&ci=1839&pageid=REG%5FSA especially section 7, "Restriction of Services, Right of Refusal", I have to give them a big thumbs up. It is good to see that wielding a Big Stick, and actively working for the Good Guys has not hindered GoDaddy from achieving quite a bit of success in the market. matto --matt@snark.net------------------------------------------<darwin>< The only thing necessary for the triumph of evil is for good men to do nothing. - Edmund Burke
Matt Ghali <matt@snark.net> writes:
Hear Hear. After reading the GoDaddy domain registration legal agreement, available at: https://www.godaddy.com/gdshop/legal_agreements/show_doc.asp?se=%2B&ci=1839&pageid=REG%5FSA especially section 7, "Restriction of Services, Right of Refusal", I have to give them a big thumbs up.
It is good to see that wielding a Big Stick, and actively working for the Good Guys has not hindered GoDaddy from achieving quite a bit of success in the market.
The first and second paragraphs are sane. The last paragraph gives Go Daddy the right to capriciously and arbitrarily delete your domain for any reason they wish ("Morally objectionable activities will include, but not be limited to...") Put an ethnic joke on your blog? Lose your registration. Put up an "I'm a dissatisfied Go Daddy customer" page? Lose your registration. Run a non-2257-compliant adult site (that doesn't show minors, just doesn't have the paperwork) outside of the US? Lose your registration. Mirror tubgirl and goatse-man? Lose your registration. Host a site that Go Daddy can plausibly consider "morally objectionable" (gambling? whiskey reviews?)... Lose your registration. Now that Go Daddy has ensured that I'll never do business with them (which is a shame; I liked certain lawsuits that they brought in the past, but if being their customer means subscribing to their thought police, count me out), I think it's time to carefully go over the registration agreements with the registrars I use... never know when someone will slip in something truly odious, and the argument that none of them would be so crazy as to try it appears to be incorrect. ---Rob
--On January 17, 2006 7:27:20 AM -0500 "Robert E.Seastrom" <rs@seastrom.com> wrote:
Now that Go Daddy has ensured that I'll never do business with them (which is a shame; I liked certain lawsuits that they brought in the past, but if being their customer means subscribing to their thought police, count me out), I think it's time to carefully go over the registration agreements with the registrars I use... never know when someone will slip in something truly odious, and the argument that none of them would be so crazy as to try it appears to be incorrect.
This thread gets less and less operational....however...I'm trying to keep this in scope...I think this relates operationally because we all have and enforce AUPs and ToS on our customer bases, both internal, and external. We also have AUPs and ToS enforced on us, by business relationships and peerings, etc. Most ToS and AUP out there at the consumer level state basically the service is worthless, that we can and will d/c you at will, without cause, at our whim. Overzealous lawyering has made this a necessity. How much any of these might or might not stand up in court, I have no clue. As you get into the business world some ToS and AUP become more weighty, but far more structured. Giving both sides clearer and well defined policies and practices for responding to issues. Requiring notification, escalation, etc. I think what matters is the way that the AUPs are applied. This case...the facts...don't match up. webhosting.info (not an authoritative source mind you, but a datapoint) only sees ~150 hosts by this ISP. From what I understand this number is from whois data with nameservers pointing to theirs. Contrast this with mydyndns.org, google.com, ebay.com, prioritycolo.com, wellsfargo.com (ok so this ones not that much more, at ~800), even sun.com has more domains listed. Those last two aren't even 'in the business' and they have more. While they may have a large datacenter, I'm not even remotely sure that this incident darkened the whole thing. It might've taken rDNS offline, but that's far from darkening a whole datacenter. It sounds like another WHTer puffing themselves up to being bigger than they are. They *must* be small to let a *CUSTOMER* advocate for them to a third party! Nectartech clearly knew about this and sanctioned it, and the person recording the phone calls has pointed this out more than once. There are no facts in this case either way, because it is really Go Daddy against Nectartech. And Nectartech has a lot more reason to lie to make itself look better in front of its customers. If their whole datacenter went dark then it's some unrelated thing, or some really bad practice (such as somehow establishing iBGP based on domain names maybe? hell I dunno). I've seen so much utter BS spouted by a lot of the self proclaimed web hosts on WHT that I'm not inclined to believe his side of the story any more (or any less) because of it. Go Daddy has to my knowledge never been draconian in applying their AUP (I think atleast some of us here would know about it if so).
On Tue, 17 Jan 2006, Robert E.Seastrom wrote:
The first and second paragraphs are sane. The last paragraph gives Go Daddy the right to capriciously and arbitrarily delete your domain for any reason they wish ("Morally objectionable activities will include, but not be limited to...")
Do you believe that your philosophical objections to the language absolves you as a customer from the minimal due dilligence of knowing what you are agreeing to? --matt@snark.net------------------------------------------<darwin>< The only thing necessary for the triumph of evil is for good men to do nothing. - Edmund Burke
On Tue, 17 Jan 2006, Matt Ghali wrote:
On Tue, 17 Jan 2006, Robert E.Seastrom wrote:
The first and second paragraphs are sane. The last paragraph gives Go Daddy the right to capriciously and arbitrarily delete your domain for any reason they wish ("Morally objectionable activities will include, but not be limited to...")
Do you believe that your philosophical objections to the language absolves you as a customer from the minimal due dilligence of knowing what you are agreeing to?
Find me a registrar that DOESN'T have that kind of language in their user agreements, then tell me if anyone wishing to do any kind of e-commerce has a choice. I've gone off on a tear about this before: A registrar has a license to print money. Boilerplate user agreements that leave the user zero recourse are the standard. I haven't seen a registrar yet that doesn't have this kind of verbiage completely freeing them from liability for *any* action taken on a domain registration, including none. - billn
On Tue, 17 Jan 2006, Matt Ghali wrote:
On Tue, 17 Jan 2006, Robert E.Seastrom wrote:
The first and second paragraphs are sane. The last paragraph gives Go Daddy the right to capriciously and arbitrarily delete your domain for any reason they wish ("Morally objectionable activities will include, but not be limited to...")
Do you believe that your philosophical objections to the language absolves you as a customer from the minimal due dilligence of knowing what you are agreeing to?
Find me a registrar that DOESN'T have that kind of language in their user agreements, then tell me if anyone wishing to do any kind of e-commerce has a choice.
There are plenty. But they are usually resellers of the larger registrars. That's part of the reason to pay the extra $1 to use an ICANN accredited registrar.
I've gone off on a tear about this before: A registrar has a license to print money. Boilerplate user agreements that leave the user zero recourse are the standard. I haven't seen a registrar yet that doesn't have this kind of verbiage completely freeing them from liability for *any* action taken on a domain registration, including none.
Since this isn't a registrars list I can only say that you should go discuss that with some registrars and i think you'll find that your statement isn't entirely factual. For example, GoDaddy has a 24/7 support system, regardless of what people think about it, that did answer the phone and process the problem. That's a minimum of a ~half a million dollar investment on the spot. I'm NOT a registrar and I don't represent them, but I think they make their money on services more than domains. Anyhow, I think this thread is totally off topic at this point, as well as Marc Perkel is off topic, asking Marc Perkely what he thinks is off topic, and this thread should die a horrific death. It's on the way to a /dev/null forward as we speak. -M<
--On January 16, 2006 10:32:58 PM -0800 Jim Popovitch <jimpop@yahoo.com> wrote:
I want to say, from an outsider's perspective, that I whole heartily applaud GoDaddy on the actions they took and the consistent professionalism exhibited by their tech support representative. Despite obvious (and heavily edited) calls to the same agent, the consumer was informed in a professional manner of his/her avenue for resolution. No doubt remains in my mind that the caller was not caught blind by this situation. Go Daddy has a privacy policy that no doubt prohibits them from releasing details of their side of this case, however to me the recording suggests that the caller knew this was the end result, not a sudden surprise move, and they just wanted to circumvent standard procedure. The caller's prior thought to record, what appears as a standard call to tech-support, is insightful and should be an obvious sign of his motivation.
Theres a clear case of he said they said going on with this case. Nectartech is making claims that they fixed the issue. Also note that the caller is not a Nectartech employee at all. He's a customer who's also friends with the owner. Atleast that's what he says in WHT thread. In any event I don't think Nectartech handled this very well, and more likely than not still had a problem and were given ample time to properly correct it.
I'm not sure how on-topic this is/was, but considering long thread and different opinions that were expressed before, I believe some here may want to have additional information I recently read: http://www.emailbattles.com/archive/battles/phish_aacgebeeje_hc/ The article author talked to both nectartech and godaddy and is also including copies of emails from nectartech side as to their conversations with godaddy. The last one (on how domain can be reactivated) you may find most interesting if you're not otherwise familiar with godaddy's policies: http://www.trimmail.com/news/archive/extra/godaddy_v_nectartech/14012006/ Also here is a quote from godaddy that also seems on-topic as to what was discussed on this thread at nanog before: "The phone call was not up to our high standards and it's being addressed internally. The Abuse Department is available 24/7, 365 days a year." At the end article it says "Update 18 January 2006: NectarTECH owner Nick Mariani dropped us a line to let us know that Go Daddy senior management is talking to him. Although we profess no ownership of a crystal ball, we're guessing these two old pals will ultimately stick together." Since I also "profess no ownership of crystal ball", I used my favorite net tool (you surely can guess by now what it is). The results (as of January 20th) are as follows: [DOMAIN whois information for NECTARTECH.COM ] Domain Name: NECTARTECH.COM Namespace: ICANN Unsponsored Generic TLD - http://www.icann.org TLD Info: See IANA Whois - http://www.iana.org/root-whois/com.htm Registry: VeriSign, Inc. - http://www.verisign-grs.com Registrar: FABULOUS.COM PTY LTD. - http://www.fabulous.com Whois Server: whois.fabulous.com Name Server[whois+dns with ip] NS1.NECTARTECH.COM 69.50.224.2 Name Server[whois+dns with ip] NS2.NECTARTECH.COM 69.50.225.2 Updated Date: 20-Jan-2006 Creation Date: 26-Feb-2002 Expiration Date: 26-Feb-2007 Status: REGISTRAR-LOCK For full copy of whois data and aup please see: http://www.completewhois.com/cgi-bin/whois.cgi?query=28433753&options=retrieve BTW - the read comments at the end of the article may also be quite interesting if you want to get an additional point of view on nectartech... -- William Leibzon Elan Networks william@elan.net
I'm not sure how on-topic this is/was, but considering long thread and different opinions that were expressed before, I believe some here may want to have additional information I recently read: http://www.emailbattles.com/archive/battles/phish_aacgebeeje_hc/
The article author talked to both nectartech and godaddy and is also including copies of emails from nectartech side as to their conversations with godaddy. The last one (on how domain can be reactivated) you may find most interesting if you're not otherwise familiar with godaddy's policies: http://www.trimmail.com/news/archive/extra/godaddy_v_nectartech/14012006/
The customer service aspects of it are less impressive. I originally thought, based on information available at that time, that GoDaddy did a decent, or even a good job, at "handling" the call. Today, I think they did an OK job. Nothing exemplary, but definately not bad from an operations perspective. What is interesting is the concept of calling a rack, or a row, a "datacenter". It's becoming more commonplace for terms to be exaggerated these days i.e. "datacenter". Another interesting point is that GoDaddy charged a $199 reconnect fee. They punished the operator for the behavoir of their customers. -M<
Martin Hannigan wrote:
Another interesting point is that GoDaddy charged a $199 reconnect fee. They punished the operator for the behavoir of their customers.
Which is, IMHO, *sometimes* appropriate and sometimes not. I hear that the victim of the disconnection actually was a bit of a spam spewer. If there have been repeated problems with him not dealing with abuse problems from his customers, disconnection is definitely justified. If this was the first or second incident, probably not. -- Steve Sobol, Professional Geek 888-480-4638 PGP: 0xE3AE35ED Company website: http://JustThe.net/ Personal blog, resume, portfolio: http://SteveSobol.com/ E: sjsobol@JustThe.net Snail: 22674 Motnocab Road, Apple Valley, CA 92307
Joe McGuckin wrote:
On the other hand �, I'm not comfortable with the idea that an organization that provides network infrastructure services under the aegis of the US Government could unilaterally revoke those services for something that is not illegal.
You could say I do that. I am not a registrar, but I do host DNS for many domains. So if my customer spams and I cut them off, including DNS, do you have a problem with that too? -- Steve Sobol, Professional Geek 888-480-4638 PGP: 0xE3AE35ED Company website: http://JustThe.net/ Personal blog, resume, portfolio: http://SteveSobol.com/ E: sjsobol@JustThe.net Snail: 22674 Motnocab Road, Apple Valley, CA 92307
On Mon, 16 Jan 2006 11:36:39 -0800, "Joe McGuckin" <joe@via.net> said:
By all means, the Justice Dept. and police should move against anyone performing illegal acts such as phishing, I just don't think that it is ICANN or ARIN and GoDaddy's job to police good net citizenship.
You forget that the internet-services are based on best-effort. Anything else will require accountability for everyone involved. That is accountability going both ways so that users also can be held accountable for *all* their actions. To achieve that you'll have to toss any idea of anonymity for internet users. Wonder if that is what those who complain about restricive AUPs really want ;) Besides, whose authorities should do excactly what? Global legislation for the internet is just about as big an illusion as the "new economy" the internet once was assumed to create. //per -- Per Heldal http://heldal.eml.cc/
On Mon, 16 Jan 2006, Richard A Steenbergen wrote:
FYI, Nectartech is a small hosting shop out of 55 S Market in San Jose. I wouldn't describe them as a "datacenter", since I don't think they own or operate any facilities.
Heh, I used to work at a small hosting shop out of 55 S. Market- it was (then) called BBN Planet. I guess these schmoes rent a cage from Genuity (or whatever they are called now).
Perhaps if they ever managed to find "the command to make two routers talk to each other and be redundant" (a real quote from what has been loosely described as their network admin, I'm not kidding, you can't make stuff like this up :P), their next step might be to find the command to make dns servers talk to each other and be redundant.
Seriously. You need to be spewing a lot of cak onto the net for your _domain registrar_ to take notice.
The rest is just some random blowhard web hosting customer who gets off on being an ass and blaming everyone but himself and his choice in hosting companies. Hardly an uncommon sight. :)
The priceless part is that we probably never would have noticed, had he not had the hubris to record the conversations, and then publish the URL to them. I love it when the lusers are nice enough to clearly identify themselves. matto --matt@snark.net------------------------------------------<darwin>< The only thing necessary for the triumph of evil is for good men to do nothing. - Edmund Burke
On 15-Jan-2006, at 18:15, Elijah Savage wrote:
Any validatity to this and if so I am suprised that our team has got no calls on not be able to get to certain websites.
I think the main thing I learned from that is that there are a surprising number of hosting companies and self-professed data centre operators who really don't know much about the DNS. Joe
On 15-Jan-2006, at 18:15, Elijah Savage wrote:
Any validatity to this and if so I am suprised that our team has got no calls on not be able to get to certain websites.
I think the main thing I learned from that is that there are a surprising number of hosting companies and self-professed data centre operators who really don't know much about the DNS.
The GoDaddy guy didn't do such a bad job. It sounds like they had some procedures and they followed them. http://marc.perkel.com/audio/godaddy.mp3 Operationally, not having someone on the shift who can make decisions is not a good thing. It's like having a NOC with no shift supervisor. If you're big enough - a manager. Disclaimer: In now way, shape, or form, should that be inferred as a plug for or against GoDaddy. I'm nuetral. Best! -M<
On 1/16/06, Martin Hannigan <hannigan@world.std.com> wrote:
Operationally, not having someone on the shift who can make decisions is not a good thing. It's like having a NOC with no shift supervisor. If you're big enough - a manager.
Disclaimer: In now way, shape, or form, should that be inferred as a plug for or against GoDaddy. I'm nuetral.
The way a policy is enforced - how, in what situations etc - is what matters. Most if not all ISP AUPs say basically the same mom and apple pie thing (no net abuse or we'll shut you down) If what this guy says is right, his domain was taken down just because one of his servers was broken into and spammed through. I havent heard godaddy's side of the story yet - might be better to reserve judgement till they comment. -- Suresh Ramasubramanian (ops.lists@gmail.com)
I think the main thing I learned from that is that there are a surprising number of hosting companies and self-professed data centre operators who really don't know much about the DNS.
Or even what the word "datacenter" means. Sounds to me like a rack of servers or a cage was suspended, not "an entire datacenter" which was claimed several times. The recorded phone call was basically a lesson in how NOT to escalate a call, from both sides involved. From the customer's side if he'd not been so confrontational, he probably would have gotten his problem solved. From the operator's side, they should have a procedure for dealing with abuse and critical escalations 7/24. Just my perception. --chuck
On Sun, 15 Jan 2006, Elijah Savage wrote:
Any validatity to this and if so I am suprised that our team has got no calls on not be able to get to certain websites.
Casting blame may be a fun exercise. Listening to others cast blame gets old fast. The more useful question here is whether there are lessons the rest of us can learn from this incident. The most important lesson is probably that your problems will almost always be more important to you than to somebody else. If you end up with a business killing problem, it doesn't matter if it's somebody else's fault -- you're the one who will be out of business. Likewise, you shouldn't go wandering out into heavy traffic just because the drivers are required by law to stop for you. Choosing your vendors carefully is important. Having a backup plan for what to do if your vendors fail you is a good thing, but it's nice not to have to use the backup plan. Likewise, if something is really important to you, make sure your vendors know that. Nobody wants to suddenly find out in the middle of the night that they're responsible for something critical. Knowing what's important to you in advance can help you figure out what arrangements need to be made. If your hosting operation won't run without power, Internet connectivity, and DNS, making sure your power, connectivity, and DNS are robust matters a lot. If your business can continue to operate for a few days without toner for your laser printer, choosing a less reliable toner supplier is probably ok. If you do need to call your vendors, having a clear explanation of what's going on is often a good thing. "An entire datacenter" is an awfully vague term. If that were all of, say, Equinix Ashburn, it would be a big enough deal that government regulators would probably be concerned. But a room in the back of somebody's office with a rack of servers in it could also be justifiably called a "datacenter" (and a rack of servers in the back of somebody's office could also be important to somebody). It's probably better to be able to say, "x number of domains are down, representing y amount of revenue for our company and z critical service that the rest of the Internet relys on. This might put us out of business." This still may not get the desired response -- it's not your vendor who is going to be put out of business -- but it at least gives the person on the other end of the phone call some idea of what they're dealing with. Protecting everything you've decided is important may be expensive. It may not be worth the cost. It's best to have made that calculation before the problem starts, when there's still time to spend money on protection if you do decide it's worth it. Not having all your DNS servers in the same domain, or registered through the same registrar, isn't a "best practice" that has previously occurred to me, but it makes a lot of sense now that I think about it. Looking at the big TLDs, .com and .net have all their servers in the gtld-servers.net domain, but Verisign controls .net and can presumably fix gtld-servers.net if it breaks. UltraDNS has their TLD servers (for .org and others) in several different TLDs. Maybe that is to protect against this sort of thing. And there's a PR lesson here, too. I'd never heard of Nectartech before this, and I'm guessing that's the case for a lot of NANOG readers. Having heard this story, I'd be hesitant to register a domain with GoDaddy, and that was presumably the goal. But I'd be hesitant to rely on a company with a name like GoDaddy anyway, just because of the name. Now that I've heard of Nectartech, I know them as the company that had the outage. That's not exactly a selling point. I've certainly got sympathy for Mr. Perkel. I've learned a lot of the lessons above the hard way, some due to my own miscalculations and some due to working for companies that didn't value my time and stress levels as highly as I would have liked (choosing your employers carefully is important too...). These lessons don't apply just to networking. The loss prevention department of a bank once locked my account for "suspicious activity" on a Friday afternoon and then left for the weekend. I had two dollars in my wallet, and didn't have much food. Escalating as far as I could through the ranks of people working the bank's customer service lines on Friday evening, I didn't manage to find anybody who didn't think I should just wait until Monday. Multiple accounts at different banks, neither of which is the bank that locked my account, now seem like a very good idea. -Steve
On Tuesday 17 Jan 2006 01:04, you wrote:
Not having all your DNS servers in the same domain, or registered through the same registrar, isn't a "best practice" that has previously occurred to me, but it makes a lot of sense now that I think about it.
I think the general consensus in the DNS field is that for security reasons it is preferable to have as small a set of DNS servers (or perhaps as small as set of differently configured servers! Hmm physical security....) in the hierarchy above you as possible, since compromise of any of these could affect the results obtained for your domain. See also DJBs "Trusted Servers" note. http://cr.yp.to/djbdns/notes.html Here there is a clear conflict between security through redundancy against accident, and resistant to compromise. Although it can be mitigated by choosing well managed parents zones. Incidently we have DNS servers in two domains, but that is historical, and both top level domains are managed by Verisign, and delivered via the same set of servers. Thus we are dependent on "root-servers.net", "gltd-servers.net" and our own servers, only in the resolution of our own domain names (and customer domains, where those domains are in .com/.net). Of course arguably the effective working of some services (email?) are now also dependent on reverse DNS working well, and the delegation of that is different again. That said I think the idea is sound against some issues (at which point one should probably also use different providers for the DNS registration services, since if their procedures are flawed....). However it does increase the risk of certain types of malicious activity, as in general it is sufficent to compromise one DNS server involved in serving a name to compromise the majority of the traffic (at least in theory, I haven't had a chance to prove this in anger yet). Since we are moving a couple of our nameservers from their current domain, I think I'll look at putting them under co.uk, as the UK seems to have tidied up its DNS management quite nicely in recent years. Also during recent event it has struck me that the hierarchy of servers involved in providing DNS services is quite small, and has quite different characteristics to the other records in the DNS. I'm beginning to wonder if having the scaffolding in the protocol itself is the right way, but that is a debate that has raged before, and is off topic here.
In message <200601170913.46868.simonw@zynet.net>, Simon Waters writes:
I think the general consensus in the DNS field is that for security reasons it is preferable to have as small a set of DNS servers (or perhaps as small as set of differently configured servers! Hmm physical security....) in the hierarchy above you as possible, since compromise of any of these could affect the results obtained for your domain.
See http://www.usenix.org/events/imc05/tech/ramasubramanian.html --Steven M. Bellovin, http://www.cs.columbia.edu/~smb
participants (23)
-
Bill Nash -
Chris Brenton -
chuck goolsbee -
Elijah Savage -
goemon@anime.net -
Jay Hennigan -
Jim Popovitch -
Joe Abley -
Joe McGuckin -
Martin Hannigan -
Matt Ghali -
Michael Loftis -
Micheal Patterson -
Patrick W. Gilmore -
Per Heldal -
Richard A Steenbergen -
Robert E.Seastrom -
Simon Waters -
Steve Gibbard -
Steve Sobol -
Steven M. Bellovin -
Suresh Ramasubramanian -
william(at)elan.net