...

Where is Milo Medin when we need him?

how would he be helping?

He would have pulled the plug. The story is from the very early days of the internet, probably long before NANOG existed. Milo worked at NASA and found a cracker from Finland on one of NASAs machines. The link from Finland to the rest of the world went through Norway to NASA. (That's THE link, there was only one link connecting all of Scandinavia to the rest of the net.) So Milo called the guy in Finland and said "Please fix it". The reply was "We can't do anything. We respect civil liberties." Soon he got the message because he wasn't connected to the net any more. If anybody has a good URL for the story, please let me know. I found one reference in google-books that said 1988. Hmm, is this how people talk about you after you are dead? J Dave Burstein dropped me a note about this thread – I don’t usually follow NANOG much these days. So I figured I should respond to make sure all the facts were straight. Let me clarify what happened in the case of the Finnish idiot. At the time, I worked for NASA and among other things ran the root nameserver at Ames (ns.nasa.gov). We managed systems very tightly, and the root was instrumented well and was notifying that someone at one of the larger Finnish universities was trying the usual measures to break into the machine. We saw these all the time – people tried the usual tftp or other tricks, and moved on when they didn’t get satisfaction. But this particular individual just kept on trying different things over the course of a couple days, and distinguished himself as being a real pain. So I figured I needed to take some action. I went to the NIC database, and called up the University’s POC for the address block, saying that one of their students was attempting to break into a US Government computing resource (a criminal offense) and violating the AUP of the networks that connected them. They refused to act – basically saying that they didn’t feel bound by US law, blah blah, etc… So then I called up the Nordunet guys in Stockholm, who connected all Scandinavian countries together via a 128 Kbps link to the JVNC supercomputer center in Princeton. As I recall, no one returned my call or my emails, though Mats and company usually were quite on the ball. The probing was continuing on the root, so I decided to call my friend Elise Gerich at the NSFnet, and ask her if she wouldn’t put in a null route to the university in Finland in the core backbone network, figuring that cutting off the connectivity to the university would get someone’s attention. She said that she would really prefer I call Sergio Heker at Princeton, who managed the link and could install a null route there where the link came in as a more targeted solution. When I told Sergio what was happening (one of the root’s being attacked), and that no one was doing anything about it, he said he would take care of it. Instead of installing a null route, he walked into the machine room where the main JVNC nodes were located, walked to the satellite DSU that connected JVNC to Stockholm, and pushed the loopback button. So it is really Sergio who deserves credit for this story, not me. No more probes on the root server. J I am told the following morning the grad student responsible for this was met by a group of angry system administrators as he entered his office. The conversation went like something this according to one of the people there: IT admin: Did you notice that the Internet is down today? Student: I noticed that – is something broken with our connection? IT admin: In fact, not only our university can’t talk to the Internet, but no one in Finland can. Student: Oh, really? IT admin: In fact, no one in all of Scandinavia can reach the Internet today. Student: Wow, that is a big problem. Why are talking to me about it? IT admin: Because it is all YOUR fault! Stop messing around with those NASA servers! The connection was restored later that day, and no one from Finland tried breaking into the root anymore, at least not while I was still there at Ames. I don’t believe the grad student was ever jailed, though I suspect he may have needed a fresh set of underwear that day. This is the story as best as I can remember it, and it was around 1990 as opposed to 1988 as I recall. Back in the old days, people cared about policing bad behavior. I could tell you tons of stories where people had to take action to keep the routing system safe from abuse. If there was routing braindamage, people would just fix it. The old AUP served as the enforcement vehicle. Now of course things are much more complicated, and folks are less concerned with “public health” than honoring contracts, etc… But it was not always this way. Thanks, Milo