RE: We've been hit by the spammers, please have mercy
I'm posing this question on this list as it is about policies and routing at the NAP level (and is not asking if it is technically possible). With providers such as AGIS who refuse to address the issue (spam) with their customers it is clear that leaving it up to the provider to squelch spamming doesn't always work. I just read an article about bulk mailing where Cyberpromo has tools and access to allow sending approx. 100 messages per second with spoofing etc. so we know that the bulk mailers are continuing to work on new and better tools for their "service". Routing by TCP domain or host doesn't work because the spammers hijack other sites sendmail resulting in constantly changing source hops, plus the spammers spoof sender domain IDs in the mail headers. The IP addresses change less frequently and would seem a little more difficult to fake. During the NSF days there were acceptable use policies that governed activities that were considered inappropriate to NSF and which could result in denial of access across their wires. Since that seemed to hold up over the years, would it be possible (or legal) for the NAPs etc. to have similar policies about SPAM which could result in traffic from non-compliant sites not being routed? - James Wilson (NetSurfer) http://www.pixi.com/~netsurf/ http://www.sersol.com/
[Quoted message reformatted to wrap at 80 columns] On May 7, "James D. Wilson" <netsurf@pixi.com> wrote:
During the NSF days there were acceptable use policies that governed activities that were considered inappropriate to NSF and which could result in denial of access across their wires.
Since that seemed to hold up over the years, would it be possible (or legal) for the NAPs etc. to have similar policies about SPAM which could result in traffic from non-compliant sites not being routed?
Personally, I'd rather not see the NAP operators take this much of an active stance on anything. They're the closest thing the Internet is ever gonna have to a "common carrier" that actually /does/ carry anybody's traffic. Next, they'd find themselves called in to resolve peering disputes, and it'd be a big mess. But if more sites -- especially larger ones -- were to drop peering with companies that blatantly ignore reports of abuse and attacks from within their networks, that would have a very similar impact. This has happened in the past from time to time, when incorrect routes were being mistaknely propogated, or to help stop syn-flooding and similar denial of service attacks. I've been wondering for quite a while why AGIS is unwilling to realize that mail server hijacking /is/ a denial of service attack to most providers, and deal with it accordingly. ---------========== J.D. Falk <jdfalk@cybernothing.org> =========--------- | "A straight line may be the shortest distance between two points... | | but it is by no means the most interesting." | | -- Jon Pertwee as Doctor Who in "Doctor Who and | | the Time Warrior" by Robert Holmes (BBC, 1974) | ----========== http://www.cybernothing.org/jdfalk/home.html ==========----
On Wed, 7 May 1997, J.D. Falk wrote: ==> I've been wondering for quite a while why AGIS is unwilling to ==> realize that mail server hijacking /is/ a denial of service ==> attack to most providers, and deal with it accordingly. Phil Lawlor only sees the money in the spam business. He could care less if it bothers anyone. /cah
At 04:13 PM 5/7/97 -0400, J.D. Falk wrote:
[Quoted message reformatted to wrap at 80 columns]
On May 7, "James D. Wilson" <netsurf@pixi.com> wrote:
During the NSF days there were acceptable use policies that governed activities that were considered inappropriate to NSF and which could result in denial of access across their wires.
Since that seemed to hold up over the years, would it be possible (or legal) for the NAPs etc. to have similar policies about SPAM which could result in traffic from non-compliant sites not being routed?
Personally, I'd rather not see the NAP operators take this much of an active stance on anything. They're the closest thing the Internet is ever gonna have to a "common carrier" that actually /does/ carry anybody's traffic. Next, they'd find themselves called in to resolve peering disputes, and it'd be a big mess.
Let's start small then, and have everyone do ingress filtering on packets from their customers, ensuring the IP addresses on arriving packets are correct. We've been hit several times recently with floods of packets from RFC1918 addresses, for example. I also frequently see reply packets with bogus addresses that are the apparent spray from a web server under attack with random source addresses. The ISPs who have T1 and below customer links should be able to do filtering with the routing equipment they have. If not, then specify routers that CAN handle the load when you do buy upgrades. The backbone providers should also be able to do ingress filtering IF the routers they buy are specified to do it. The complaint to date I've heard is that the routers they have can't keep up. Fine. Getting everyone to filter isn't going to happen overnight, but it MUST happen sooner rather than later. It has to happen before anyone attempts to charge per-packet for transit, I would think. Daniel Senie mailto:dts@openroute.com Sr. Staff Engineer http://www.openroute.com/ OpenROUTE Networks, Inc. (a wholly owned subsidiary of Proteon, Inc.)
participants (4)
-
Craig A. Huegen
-
Daniel Senie
-
J.D. Falk
-
James D. Wilson