RE: RBL-type BGP service for known rogue networks?
From: "Roeland M.J. Meyer" <rmeyer@mhsc.com>
I agree. MHSC lost an entire market plan, hosting third-party secure mail, becasue third-party mail services must allow relaying that is at minimum semi-open. At the time SMTP AUTH didn't exist (Until it's use becomes more wide-spread it still isn't real useful). The anti-relay bunch are killing a valid business model.
This brings up an interesting point that I haven't seen discussed much. What should happen when various business models for using the internet conflict? Who gets to decide? Or how do we collect and distribute the information so individual sites can decide for themselves? I think all the examples I know about involve network abuse, or at least activities that will be considered as network abuse by many sensible people. Maybe the common theme is cost-shifting. I'm including support costs as well as up-front traffic/server costs. The obvious example is an ISP who wants to take spammers as customers, or host web servers for spammers. The next example is an ISP with a good looking anti-spam section in their AUP but they take a long time to enforce it. How long should it take to disconnect a flagrant spammer? ... How about ISPs that tolerate crackers or smurfers? What about ISPs that are just slow or incompetent at backtracking abusive traffic with forged headers or setting up filters to drop forged headers from their customers? AllAdvantage is another good example to consider. I have no interest in what they offer and I generally like having new/different businesses connected to the internet. But their system encourages spam, so we all get to pay for AllAdvantage's business in increased spam-fighting costs. I'm sure they could stop the spam (or rather almost all of it), but that would increase their costs. Another example that was recently mentioned was ISPs that are teaming up with phone companies. The phone company does the billing and gives the ISP a cut so the ISP doesn't have to keep customer records and hence those ISPs will have troubles disconnecting crackers. Again, the ISPs could do a reasonable job of making sure their customers are good netizens, but it will raise their cost of doing business.
What should happen when various business models for using the internet conflict?
the first major one may have been the ans vs. uu/psi war that resulted in the formation of the cix. the one where al ate rick's lunch and got an upset tummy. randy
[ On Sunday, July 9, 2000 at 18:38:42 (-0700), Hal Murray wrote: ]
Subject: RE: RBL-type BGP service for known rogue networks?
What should happen when various business models for using the internet conflict? Who gets to decide? Or how do we collect and distribute the information so individual sites can decide for themselves?
Well, as the name implies, this is an "Inter"net. Nothing guarantees every connected network will be able to exchange traffic with every other network any more than every net will be directly connected to every other. As Randy says exchange points can solve some of the issues though of course that still doesn't mean that everyone who needs to exchange traffice needs to meet at the appropriate exhange points. The other questions you raise are somewhat more interesting, but I think in the end it boils down to remembering as an Internet user (if you are just one of those connected networks, for example) that you might not be able to exchange traffic with absolutely everyone you wish to do so with unless you (and perhaps they) go to somewhat extraordinary lengths to implement more direct interconnections. The best we can hope for is that the true backbone providers continue to think like phone companies, and that they continue to avoid mixing their backbone business with end-user business. Perhaps eventually there will be some form of sane government regulations that keep these assumptions true for the most part. -- Greg A. Woods +1 416 218-0098 VE3TCP <gwoods@acm.org> <robohack!woods> Planix, Inc. <woods@planix.com>; Secrets of the Weird <woods@weird.com>
On Sun, 9 Jul 2000, Hal Murray wrote:
What should happen when various business models for using the internet conflict? Who gets to decide? Or how do we collect and distribute the information so individual sites can decide for themselves?
Natural selection?
The obvious example is an ISP who wants to take spammers as customers, or host web servers for spammers. The next example is an ISP with a good looking anti-spam section in their AUP but they take a long
AGIS pretty much self destructed by taking the attitude "we just provide internet connectivity...we don't police what our customers (e.g. Cyberpromo) do with that connectivity." By the time they realized this wasn't winning them any friends (other than the spamhouses), it was too late.
How about ISPs that tolerate crackers or smurfers? What about ISPs that are just slow or incompetent at backtracking abusive traffic with forged headers or setting up filters to drop forged headers from their customers?
They get blackholed by parts of the net :) I once dealt with an ISP that was infested by crackers. They knew they had them, but didn't want to expend the effort necessary to get rid of them. Sooner or later, either the cops will force them to get a clue when they have to help locate one of the crackers, or the crackers will get malicious and trash the place. Until then, it's business as usual. It's really scarey thinking (actually knowing) that thousands of people use ISPs like this, where the boys next door have root (administrator actually :) and may be snooping everyone's email, and the owners know about it and just don't care. ---------------------------------------------------------------------- Jon Lewis *jlewis@lewis.org*| I route System Administrator | therefore you are Atlantic Net | _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
participants (4)
-
Hal Murray -
jlewis@lewis.org -
Randy Bush -
woods@weird.com