-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I've attempted to contact DreamHost NOC or Abuse departments via the numbers in whois but just get voice mail and no call back. I've got a user sending a lot of UDP traffic to 208.113.189.13 port 22. This traffic is very likely undesirable and I'd be willing to pull the plug immediately if I can get confirmation from DreamHost. Failing that I've opened an abuse ticket with the customer and given them 12 hours to respond. - -- Michael Greb Linode.com, LLC -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHeFcN0Qbp4bPZvesRAncgAJ98S3v+I/+wxal0lWZn/9GRHimqUgCg1tXW 5CnD7nmJBMDy4Jht2vxkk2k= =wtUq -----END PGP SIGNATURE-----
On Dec 30, 2007 9:42 PM, Michael Greb <mgreb@linode.com> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
I've attempted to contact DreamHost NOC or Abuse departments via the numbers in whois but just get voice mail and no call back.
I've got a user sending a lot of UDP traffic to 208.113.189.13 port 22. This traffic is very likely undesirable and I'd be willing to pull the plug immediately if I can get confirmation from DreamHost.
Why not call your user and tell them that you see suspect traffic? This is your revenue. I think it makes sense to be proactive, but be proactive for yourself _and_ resolve the issue. -M<
In a previous job (circa mid 2004), I had attempted to get materials removed from a DreamHost client (they where hosting it in violation of my, at the time, employer's copyright). The DreamHost abuse process was completely useless, and we ended up having to take direct action against the website operator to get the content removed. During this process I did some research into DreamHost and found some very interesting articles. Here is a more recently published one that highlights what I am getting at http://www.hyscience.com/archives/2007/05/us_based_terror.php (I should note, the site is still up and still hosted by DreamHost). I am 99.9% sure that after successfully hosting websites for Al-Qaeda for over 3 years (on US based servers, by US citizens, living in the US) they are not going to care much about some SSH port scan. My $0.02, Adam Stasiniewicz -----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of Michael Greb Sent: Sunday, December 30, 2007 8:42 PM To: nanog@merit.edu Subject: DreamHost Contact? -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I've attempted to contact DreamHost NOC or Abuse departments via the numbers in whois but just get voice mail and no call back. I've got a user sending a lot of UDP traffic to 208.113.189.13 port 22. This traffic is very likely undesirable and I'd be willing to pull the plug immediately if I can get confirmation from DreamHost. Failing that I've opened an abuse ticket with the customer and given them 12 hours to respond. - -- Michael Greb Linode.com, LLC -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHeFcN0Qbp4bPZvesRAncgAJ98S3v+I/+wxal0lWZn/9GRHimqUgCg1tXW 5CnD7nmJBMDy4Jht2vxkk2k= =wtUq -----END PGP SIGNATURE-----
In a previous job (circa mid 2004), I had attempted to get materials removed from a DreamHost client (they where hosting it in violation of my, at the time, employer's copyright). The DreamHost abuse process was completely useless, and we ended up having to take direct action against
Stasiniewicz, Adam wrote: the website operator to get the content removed. During this process I did some research into DreamHost and found some very interesting articles. Here is a more recently published one that highlights what I am getting at http://www.hyscience.com/archives/2007/05/us_based_terror.php (I should note, the site is still up and still hosted by DreamHost).
I am 99.9% sure that after successfully hosting websites for Al-Qaeda
for over 3 years (on US based servers, by US citizens, living in the US) they are not going to care much about some SSH port scan. Isn't this what you folks call "freedom of speech" ? -- Leigh
On Mon, 31 Dec 2007, Leigh Porter wrote:
I am 99.9% sure that after successfully hosting websites for Al-Qaeda for over 3 years (on US based servers, by US citizens, living in the US)
Stasiniewicz, Adam wrote: they are not going to care much about some SSH port scan.
Isn't this what you folks call "freedom of speech" ?
There are exceptions to that particular freedom, and many of those exceptions have pretty well-established legal precedents. The First Amendment has been well tested in court. I would think that a website operating inside the US that is providing a communications channel for terrorist groups that have an established pattern of wanting to harm the interests of the US and other countries would fall into one of those well tested exemptions, particularly after 9/11. jms
On Dec 31, 2007, at 10:18 AM, Leigh Porter wrote:
Isn't this what you folks call "freedom of speech" ?
-- Leigh
FOS applies to actions by the government, not to actions taken between two private parties. E.g. DreamHost could easily ban any and all websites about oranges and apples from their servers, and there would be no FOS issue. Cordially Patrick Giagnocavo patrick@zill.net
Mike, I know Dreamhost recently moved their offices so I don't know if that has anything to do with it. I'll give you some numbers/emails that might work since there seems to be a problem reaching these guys: +1.7147064182 +1.2139471032 +1.9096260377 sage@newdream.net josh@newdream.net - One of the founders as well Best of luck to you to getting help. -Ross On 12/30/07, Michael Greb <mgreb@linode.com> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
I've attempted to contact DreamHost NOC or Abuse departments via the numbers in whois but just get voice mail and no call back.
I've got a user sending a lot of UDP traffic to 208.113.189.13 port 22. This traffic is very likely undesirable and I'd be willing to pull the plug immediately if I can get confirmation from DreamHost. Failing that I've opened an abuse ticket with the customer and given them 12 hours to respond.
- -- Michael Greb Linode.com, LLC -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFHeFcN0Qbp4bPZvesRAncgAJ98S3v+I/+wxal0lWZn/9GRHimqUgCg1tXW 5CnD7nmJBMDy4Jht2vxkk2k= =wtUq -----END PGP SIGNATURE-----
participants (8)
-
Barry Shein
-
Justin M. Streiner
-
Leigh Porter
-
Martin Hannigan
-
Michael Greb
-
Patrick Giagnocavo
-
Ross Hosman
-
Stasiniewicz, Adam