From markb@infi.net Thu Apr 17 19:49 PDT 1997
Tell me about it. In the course of today's activities, I learned that one of our users with a small commercial web site on one of our servers spammed the net from an account on another ISP. The spam contained a pointer to his URL on our server.
The spammer in this case is not misusing any of your resources. A web provider stands on a very tenuous ground. I fail to understand those--who would vandalize your network or incite others to vandalize it--who want to force that choice on you:
From: Michael Dillon <michael@memra.com>
I certainly don't condone any attacks on AGIS but I think this should be a lesson that Internet users expect a certain standard of behavior from network providers. While there may be no legal imperative to force network providers to ehave in a certain way, the will of the people has a way of making itself felt and we ignore it at our peril.
(Internet users != hackers) I understand the will of the people to boycot a certain company or a product, but breaking into others' property? Sophistry like above deserves some of the blame for the break-ins.
Some of the mail seems to be holding us partially culpable for the spam. I'm happy to report that the other ISP is taking action against the spam complaint, but I don't know of any interpretation of Netiquette that condemns commercial WWW sites. I don't know that I'd favor an abuse policy that encompasses WWW sites, even if they are listed elsewhere in spam mailings,
Where does one draw the line? The phone company that gives phone service to the email spammer, the gazillion dollar software and hardware companies that sell their pc/email/browser products to the spammers? Break into them? It is easy to imagine the company some of the extermist anti-spammers would be keeping, at this rate. This issues has relevance to nanog--the veiled encouragement to break-ins I see here does result into network operational problems, more than most of the spams do. Sanjay. PS. I don't condone spamming, my company disconnect accounts that spam _from_ our network.
At 08:30 PM 4/17/97 -0700, Sanjay Dani wrote:
I certainly don't condone any attacks on AGIS but I think this should be a lesson that Internet users expect a certain standard of behavior from network providers. While there may be no legal imperative to force network providers to ehave in a certain way, the will of the people has a way of making itself felt and we ignore it at our peril.
(Internet users != hackers)
I understand the will of the people to boycot a certain company or a product, but breaking into others' property? Sophistry like above deserves some of the blame for the break-ins.
Why doesn't everyone who has a problem with it. Take _REAL_ action. Like, oh say.. terminate peering with AGIS 's network? Or ban the routes emanating from their mail servers. Just pull the MX records, or find out their mail-server addresses and ban them. Better yet, if you are going to boycott, terminate peering all together and ban connectivity to/from their network via any carrier to yours. I don't overtly have a problem with email-spammers, it is annoying, yes but most also terminate sending you stuff if you ask nicely and not fly-off-the-handle at them or flame them publicly. All I am saying, is if you want to achieve anything, don't do anything illegal like hacking, or reverse spamming their mail-servers. Just BOYCOTT the network. Terminate all traffic to/from them to yours and petition people to follow suit. If you are THAT upset, take REAL action. Again, I don't have any problems with AGIS, spammers, etc. If you are going after email spammers, go after news spammers, people who register 10,000 domains to resell them, NSPs who falsely register for large address blocks and don't use them, or use them inefficiently, go after people who will not CIDR their announcements. There are SO many areas of broadband abuse that affect all of the Internet, I don't see the point in focusing in on one tiny aspect of it. My opinions are my own, not my company's. All I am saying, is you want a boycott. BOYCOTT don't screw around and do illegal things, that makes you as bad as them in my opinion. Matt Pearson Redirect all flames to /dev/null ------------------------------------------------- Matthew E. Pearson Vice President of Development Games-Online Inc. http://www.games-online.com
On Fri, 18 Apr 1997, Matthew E. Pearson wrote:
There are SO many areas of broadband abuse that affect all of the Internet, I don't see the point in focusing in on one tiny aspect of it.
You're right. There are many different varieties of network abuse. So how do we define it and how do we communicate to people that they can't *DO* that? Michael Dillon - Internet & ISP Consulting Memra Software Inc. - Fax: +1-250-546-3049 http://www.memra.com - E-mail: michael@memra.com
At 09:38 PM 4/17/97 -0700, Michael Dillon wrote:
On Fri, 18 Apr 1997, Matthew E. Pearson wrote:
There are SO many areas of broadband abuse that affect all of the Internet, I don't see the point in focusing in on one tiny aspect of it.
You're right. There are many different varieties of network abuse. So how do we define it and how do we communicate to people that they can't *DO* that?
My honest recommendation although nobody wants to hear it is simple. You accomplish it the same way telecom, video, and other providers have for years and years.. GOVERNMENT REGULATION. If every ISP had to get licensed by the US (or other..) government and a clearly defined set of regulations were in place, the government would put their foot down on those breaking the rules, the same way they would shut down NBC if they showed XXX movies uncut on purpose. If it was an accident they would fine them SOOO heavily that it would never happen again. I hate to say it but it appears that the Internet cannot run itself anymore because big-business does not want to sit down and play by the rules (not that there are any). Almost all the Internet "authorities" are a joke, they cant really do ANYTHING, they could be sued for making decisions that hurt one company or another, and at most meetings it usually at some point breaks down into mud slinging and accusations. There is no way that I can see logically to level the playing field for all participants, and allow every participant equal say or right to dispute a problem in an equitable manner except for government regulation (at least here in the US). Would this hurt business? Doubtfull for -serious- companies, look how many independent TV stations there are, or radio stations not part of the big 3 networks? No counting cable even. All it means is that a company would have to make a serious commitment to customer service, and maintain interconnection agreements overseen by the feds. If there was a problem between providers, the government would step in and mediate it. Also, if you think I am too liberal or a democrat I am not. In fact I am an Independant voter, and I am actually rather conservative about government. I just think this is one place where they could do good. In the end I think they will step in anyhow. After all, are ISPs so different than long-distance phone companies who lease lines from RBOCs, connect residential and business consumers, and take data interstate? Sound familiar to anyone? If you think the FCC isn't going to do something to regulate ISPs.. think again.. they could get the mandate far easier than you would like to belive. Unless some miracle happens and everyone drops the egos, drops the attitudes, and sits down at the table and irons out REAL standards, REAL policies, and REAL enforcement procedure, you can bet REAL money that the federal government will step in and regulate. Look how many lawsuits vs. ISPs / Online Services have come up in the last year for quality of service problems, look at the CDA! We better do something QUICK before Uncle Sam gets any bright ideas. My $0.2 Send all flames to /dev/null or root@127.0.0.1 ------------------------------------------------- Matthew E. Pearson Vice President of Development Games-Online Inc. http://www.games-online.com
Also, if you think I am too liberal or a democrat I am not. In fact I am an Independant voter, and I am actually rather conservative about government. I just think this is one place where they could do good. In the end I think they will step in anyhow. After all, are ISPs so different than long-distance phone companies who lease lines from RBOCs, connect residential and business consumers, and take data interstate? Sound familiar to anyone? If you think the FCC isn't going to do something to regulate ISPs.. think again.. they could get the mandate far easier than you would like to belive.
government regulation would do exactly what it has done for radio and tv. it would be almost impossible for startups to play, even if you maintain a minimum level of service, simply because it is too expensive. it would drive out small players who may have a lot of good to contribute. also, there is no way to tell the government how much regulation they are allowed. if they decide they want to come in and violate constitutional rights left and right (government controlled encryption for american citizens on the government controlled internet, anyone?) then there is little that can be done to stop them. you can't defend yourself against the vampire once you have invited him across your doorstep. so perhaps that is the trade-off. high-probability of network stability vs. freedom. personally, i think government intervention would only serve to stunt on-line activity, but the big 3 are looking at the bottom line and i am sure see a different picture. b3n
Matthew E. Pearson wrote:
My honest recommendation although nobody wants to hear it is simple. You accomplish it the same way telecom, video, and other providers have for years and years.. GOVERNMENT REGULATION.
You want the same people who brought us safety devices that kill children (airbags) to regulate the net? That the best way I know of to turn double and triple digit growth into single digit growth/stagnation. Please, please be careful of what you ask for. -peter
Matthew E. Pearson wrote:
My honest recommendation although nobody wants to hear it is simple. You accomplish it the same way telecom, video, and other providers have for years and years.. GOVERNMENT REGULATION.
which govenment ? Regards, aid -- U-NET Ltd, UK
Adrian J Bool wrote:
Matthew E. Pearson wrote:
My honest recommendation although nobody wants to hear it is simple. You accomplish it the same way telecom, video, and other providers have for years and years.. GOVERNMENT REGULATION.
which govenment ?
Doe, the Sultan of the Sovereign Comet of Hale-Bopp. -peter
why the U.S. government of course. don't you know that we own the internet? just ask our legislators:-) :-) :-). Jeff Young young@mci.net
Return-Path: owner-nanog@merit.edu Received: from merit.edu (merit.edu [35.1.1.42]) by postoffice.Reston.mci.net (8.8.5/8.8.5) with ESMTP id IAA18084; Fri, 18 Apr 1997 08:38:25 -0400 (EDT) Received: from localhost (daemon@localhost) by merit.edu (8.8.5/merit-2.0) with SMTP id IAA23271; Fri, 18 Apr 1997 08:31:39 -0400 (EDT) Received: by merit.edu (bulk_mailer v1.5); Fri, 18 Apr 1997 08:31:02 -0400 Received: (from daemon@localhost) by merit.edu (8.8.5/merit-2.0) id IAA23225 for nanog-outgoing; Fri, 18 Apr 1997 08:31:01 -0400 (EDT) Received: from mail.u-net.net (mail.u-net.net [194.119.128.80]) by merit.edu (8.8.5/merit-2.0) with ESMTP id IAA23214 for <nanog@merit.edu>; Fri, 18 Apr 1997 08:30:57 -0400 (EDT) Received: by mail.u-net.net id <28697-11079>; Fri, 18 Apr 1997 13:24:38 +0100 Date: Fri, 18 Apr 1997 13:24:37 +0100 (BST) From: Adrian J Bool <aid@paranoia.u-net.net> cc: nanog@merit.edu Subject: Re: What's going on? In-Reply-To: <335761D1.5FB4@tdi.net> Message-ID: <Pine.SOL.3.91.970418132351.10247G-100000@paranoia> MIME-Version: 1.0 To: unlisted-recipients:; (no To-header on input) Sender: owner-nanog@merit.edu Content-Type: TEXT/PLAIN; charset=US-ASCII Content-Length: 286
Matthew E. Pearson wrote:
My honest recommendation although nobody wants to hear it is simple. You accomplish it the same way telecom, video, and other providers have for years and years.. GOVERNMENT REGULATION.
which govenment ?
Regards,
aid
-- U-NET Ltd, UK
"Matthew E. Pearson" writes:
My honest recommendation although nobody wants to hear it is simple. You accomplish it the same way telecom, video, and other providers have for years and years.. GOVERNMENT REGULATION.
Joy. Just what everyone needs.
I hate to say it but it appears that the Internet cannot run itself anymore
The net is largely working just fine, thank you. Perry
On Fri, 18 Apr 1997, Perry E. Metzger wrote:
"Matthew E. Pearson" writes:
My honest recommendation although nobody wants to hear it is simple. You accomplish it the same way telecom, video, and other providers have for years and years.. GOVERNMENT REGULATION.
Oh God help us all. Government regulation would kill the net faster than a bug under a magnifying glass. The "governments" of would have no right meddling in such a thing, and any one of them who thinks they should make a quick buck off taxing the net should be thrown out of office on their butts. Now that I have that out of my system; Really, spam sucks. I don't know where it comes from. Every morning I wake up with a pipe of email about money making schemes and how to find lost cousins and I just want to punish whoever sent me it. Maybe instead of complaining to people like AGIS, we should go after the people who write the spamming software... or better yet, the people who distribute lists of email addresses. They are the root of the problem, and should be removed with extreme prejudice. I personally believe that no network internet provider should really have regulations as to what their customers do. They simply provide someone with bandwidth, how they use that bandwidth is their own business, but when it starts to harm other machines and waste resources of people who are NOT on their network, then service should be discontinued. Just my $1.50 Jordy -- Jordan Mendelson : www.wserv.com/~jordy Web Services, Inc. : www.wserv.com
"Matthew E. Pearson" writes:
My honest recommendation although nobody wants to hear it is simple. You accomplish it the same way telecom, video, and other providers have for years and years.. GOVERNMENT REGULATION.
We have plenty of laws that can be applied to spam and other _gross_ abuses of the Internet. We do not need a branch of the FBI for the Internet. Fraud is fraud if it is done by mail or e-mail. Denial of service attacks are clearly against the law in many countries, states and provinces. I do not think we wish the heavy hand of government(s) attempting to regulate content that is, for the most part, out of our control or poking it's nose into routing policies and peering agreements. IMHO - Cooperation among ISPs can do more than any government can. Cooperation can cross borders with far more ease than government agents. (lest they are spies) -- From: Joseph T. Klein, Titania Corporation http://www.titania.net E-mail: jtk@titania.net Sent: 18:51:14 CST/CDT 04/18/97 If the Internet stumbles, it will not be because we lack for technology, vision, or motivation. It will be because we cannot set a direction and march collectively into the future. -- http://info.isoc.org/internet-history/#Future
On Fri, 18 Apr 1997, Matthew E. Pearson wrote:
My honest recommendation although nobody wants to hear it is simple. You accomplish it the same way telecom, video, and other providers have for years and years.. GOVERNMENT REGULATION. If every ISP had to get licensed by the US (or other..) government and a clearly defined set of regulations [...] I hate to say it but it appears that the Internet cannot run itself anymore because big-business does not want to sit down and play by the rules (not
[Many lines of "the government is the solution" deleted]
We better do something QUICK before Uncle Sam gets any bright ideas.
Don't you feel a little silly posting both these statements in the same message? You certainly look it:( --- David Miller ---------------------------------------------------------------------------- It's *amazing* what one can accomplish when one doesn't know what one can't do!
On Thu, 17 Apr 1997, Sanjay Dani wrote:
I certainly don't condone any attacks on AGIS but I think this should be a lesson that Internet users expect a certain standard of behavior from network providers. While there may be no legal imperative to force network providers to behave in a certain way, the will of the people has a way of making itself felt and we ignore it at our peril.
(Internet users != hackers)
I understand the will of the people to boycot a certain company or a product, but breaking into others' property? Sophistry like above deserves some of the blame for the break-ins.
Sorry but you're wrong. Let me point out that "Internet users" does not mean "hackers" (now where have I heard that before? :-). I am referring to the countless millions of Internet users who get unsolicited commercial email in their mailboxes and are frustrated because they don't know who to complain to about it other than their elected representatives.
Where does one draw the line?
Good question but there is no easy answer. However I suspect that people who understand the Internet intimately will need to be involved in drawing the line to make sure it makes sense.
This issues has relevance to nanog--the veiled encouragement to break-ins I see here does result into network operational problems, more than most of the spams do.
You misunderstand my point. I do NOT encourage breakins, mailbombing, SYN-flooding or any other kind of attacks as a solution to the SPAM problem. It's not a technical problem so technical solutions won't cut it. But it *IS* something that every network provider should think about carefully because the network does not operate in a vacuum. If a provider encourages spammers or harbors spammers who attack other providers' systems then the environment, i.e. the general Internet user population, *WILL* attack them. Facing up to reality is not the same as condoning or encouraging that action. And part of facing up to reality is realizing that the cost of defending your network against the people may be higher than any benefit gained from taking a hands-off attitude towards your customer activities. Michael Dillon - Internet & ISP Consulting Memra Software Inc. - Fax: +1-250-546-3049 http://www.memra.com - E-mail: michael@memra.com
On Thu, 17 Apr 1997, Sanjay Dani wrote:
Some of the mail seems to be holding us partially culpable for the spam. I'm happy to report that the other ISP is taking action against the spam complaint, but I don't know of any interpretation of Netiquette that condemns commercial WWW sites. I don't know that I'd favor an abuse policy that encompasses WWW sites, even if they are listed elsewhere in spam mailings,
Where does one draw the line? The phone company that gives phone service to the email spammer, the gazillion dollar software and hardware companies that sell their pc/email/browser products to the spammers? Break into them? It is easy to imagine the company some of the extermist anti-spammers would be keeping, at this rate.
You draw the line at what is clearly abuse of legitimate resources. Mail has a legitimate purpose. Browsers and phone company access can be used in 'legitimate' ways. Unsolicited commercial email on the Internet is an attack which makes unauthorized use of resources belonging to other people to offset advertising cost. Netscape sells its browser to everyone, and it never intended to have it used for spamming, any more than Eric intended sendmail to be used for it. (Quite the contrary, of course, I would assume.) The unsolicited email is generally obnoxious and distasteful. You won't see pornography advertisements under your windshield wiper when you come out from shopping. And the fact that the "spammers" hide their origin as cleverly as they can is the final piece of illegitimacy. There is legitimate and illegitimate use of resources, and spam is illegitimate. Whether to fight fire with fire is another question entirely, but the blame for spam clearly falls on the spammers themselves, and I would not have any sympathy for a SYN flooded web page advertised via spam. __ Matt Wallace
participants (12)
-
Adrian J Bool -
Ben Black -
david@sparks.net -
Jeff Young -
Jordan Mendelson -
Joseph T. Klein -
Matt Wallace -
Matthew E. Pearson -
Michael Dillon -
Perry E. Metzger -
Peter -
Sanjay Dani