Unflattering comments about ISPs and DDOS
This article in ZDNET UK entitled "WIth ISPs like this, who needs enemies?" http://comment.zdnet.co.uk/andrewdonoghue/0,39027004,39175983,00.htm contains some rather unflattering comments about ISPs who don't help customers deal with DDOS attacks. The head of security technology for a major ISP named in the article said: "Why should ISPs do something? It's very much as if people want something for nothing. This noise is superfluous and silly." The thinking is this. There are two operational problems here, one big and one small. The big one is when your customer is the target of DDoS. The small one is when your customers originate the DDoS. I think the writer is telling us to treat these as two sides of the same problem. If management buys into this view then it would make the business case for the operational effort needed to clean up botnets. And if enough people clean up the bots on their network, then a case can be made for depeering (or severely damping) networks that don't clean up their act. --Michael Dillon
On Mon, Dec 06, 2004 at 04:56:49PM +0000, Michael.Dillon@radianz.com wrote:
And if enough people clean up the bots on their network, then a case can be made for depeering (or severely damping) networks that don't clean up their act.
Agreed. But few, if any, will "clean up their act". For instance, consider: http://news.com.com/2102-1034_3-5218178.html which is a news story discussing the enormous number of spam-spewing zombies on Comcast's network and which says (in part): "Based on my conversations last week, Comcast's network engineers would like to be more aggressive. But the marketing department shot down a ban on port 25 because of its circa $58 million price tag--so high partially because some subscribers would have to be told how to reconfigure their mail programs to point at Comcast's servers, and each phone call to the help desk costs $9." Since Comcast has elected not to pay that hypothetical $58 million dollar price tag, see if you can guess who is. Those costs (whatever they are) don't just evaporate into nothingness merely because Comcast isn't picking up the tab. Please note that since then, they've begun doing *some* port-25 blocking: http://news.com.com/2102-1038_3-5230615.html But I can't find any evidence that they're doing anything other than reactively blocking port 25 connections based on some usage threshold. And of course that's purely symptomatic treatment for the problem-of-the-moment: it doesn't cure the disease, doesn't un-zombie the zombies and thus it lets them do anything/everything else they want. ---Rsk
On Mon, 6 Dec 2004, Rich Kulawiec wrote:
"Based on my conversations last week, Comcast's network engineers would like to be more aggressive. But the marketing department shot down a ban on port 25 because of its circa $58 million price tag--so high partially because some subscribers would have to be told how to reconfigure their mail programs to point at Comcast's servers, and each phone call to the help desk costs $9."
Thats quite ok, if theyre unwilling to filter port 25 on their end, we are more than happy to filter port 25 on our end. Many have already done this. -Dan
"Based on my conversations last week, Comcast's network engineers would like to be more aggressive. But the marketing department shot down a ban on port 25 because of its circa $58 million price ...
Thats quite ok, if theyre unwilling to filter port 25 on their end, we are more than happy to filter port 25 on our end. Many have already done this.
right, me too, but a surprising number of my friends strangely believe that their ~1Mbit/sec home dsl connection (which 100millions of less-clued people have) should be able to originate e-mail the same way their ~1Mbit/sec work DS-1 line (which only a few million had, and most of those cluefully) did. therefore, while i reject e-mail from dsl on a wholesale basis, i have to whitelist certain friends on a retail basis -- which is madness without end. far better for the cable and dsl providers to kill off outbound smtp by default and then re-enable it when a customer waves the right clue-flag. [off-topic: lots of you/us have proposed global whitelists to solve this kind of thing, but nobody has yet figured out how a scalable community can have a single definition of "that which is good"... so don't start that thread again just because it seems desireable (which it is) and technically easy (also).] -- Paul Vixie
Since Comcast allows spamming (doesn't do anything to stop it) people should start spamming the phones at the help desk and let them know about the spam on their network. Although - two wrongs don't make a right. Best Wishes, Blake L. Smith XtremeBandwidth.com, Inc. 949-330-6400 Office 949-606-7100 Fax www.XtremeBandwidth.com -----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of Rich Kulawiec Sent: Monday, December 06, 2004 4:19 PM To: nanog@merit.edu Subject: Re: Unflattering comments about ISPs and DDOS On Mon, Dec 06, 2004 at 04:56:49PM +0000, Michael.Dillon@radianz.com wrote:
And if enough people clean up the bots on their network, then a case can be made for depeering (or severely damping) networks that don't clean up their act.
Agreed. But few, if any, will "clean up their act". For instance, consider: http://news.com.com/2102-1034_3-5218178.html which is a news story discussing the enormous number of spam-spewing zombies on Comcast's network and which says (in part): "Based on my conversations last week, Comcast's network engineers would like to be more aggressive. But the marketing department shot down a ban on port 25 because of its circa $58 million price tag--so high partially because some subscribers would have to be told how to reconfigure their mail programs to point at Comcast's servers, and each phone call to the help desk costs $9." Since Comcast has elected not to pay that hypothetical $58 million dollar price tag, see if you can guess who is. Those costs (whatever they are) don't just evaporate into nothingness merely because Comcast isn't picking up the tab. Please note that since then, they've begun doing *some* port-25 blocking: http://news.com.com/2102-1038_3-5230615.html But I can't find any evidence that they're doing anything other than reactively blocking port 25 connections based on some usage threshold. And of course that's purely symptomatic treatment for the problem-of-the-moment: it doesn't cure the disease, doesn't un-zombie the zombies and thus it lets them do anything/everything else they want. ---Rsk
On 12/06/04, "Blake L. Smith - XtremeBandwidth.com, Inc." <blake@xtremebandwidth.com> wrote:
Since Comcast allows spamming (doesn't do anything to stop it) people should start spamming the phones at the help desk and let them know about the spam on their network. Although - two wrongs don't make a right.
Also, that's been tried before (first instance I can remember being AGIS, circa 1996-1997), and has never had any appreciable direct effect. Other tactics still work better. -- J.D. Falk okay, what's next? <jdfalk@cybernothing.org>
participants (6)
-
Blake L. Smith - XtremeBandwidth.com, Inc.
-
Dan Hollis
-
J.D. Falk
-
Michael.Dillon@radianz.com
-
Paul Vixie
-
Rich Kulawiec