[149308] in North American Network Operators' Group
RE: Thanks & Let's Prevent this in the Future.
daemon@ATHENA.MIT.EDU (George Bonser)
Wed Feb 1 12:01:41 2012
From: George Bonser <gbonser@seven.com>
To: Kelvin Williams <kwilliams@altuscgi.com>
Date: Wed, 1 Feb 2012 17:00:43 +0000
In-Reply-To: <CANEysbEnLj4ck7EZsL14KS9KHvOH_+z8K3TexB81HdTmiyng0w@mail.gmail.com>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
> I'd like to get a conversation going and possibly some support of an
> initiative to spend that extra 30-seconds to verify ownership and
> authorization of network space to be advertised. Additionally, if
> someone rings your NOC's line an industry-standard process of verifying
> "ownership"
> and immediately responding by filtering out announcements. There's no
> sense in allowing a service provider to be impaired because a spammer
> doesn't want to give up clean IP space. Do you protect a bad customer
> or the Internet as a whole? I pick the Internet as a whole.
>=20
> How can we prevent anyone else from ever enduring this again? While we
> may never stop it from ever happening, spammers (that's what we got hit
> by
> today) are a dime a dozen and will do everything possible to hit an
> Inbox, so how can we establish a protocol to immediate mitigate the
> effects of an traffic-stopping advertisement?
One problem is the number of routing registries and the requirements differ=
for them. The nefarious operator can enter routes in an IRR just as easil=
y as a legitimate operator. There was a time when some significant network=
s used the IRRs for their filtration policy. I'm not sure how many still d=
o.
But generally speaking, if someone calls me and I can verify that they real=
ly are a POC for the entity that is assigned an address allocation (general=
ly some verification method beyond email if the subnet their MX record poin=
ts to is part of the hijacking!) then I am going to do whatever I can to he=
lp them out provided what they are asking for is reasonable and within my c=
apabilities. It shouldn't be too hard to verify. If someone claims to be =
with a commercial entity of Foo.COM then the entity is likely listed in the=
phone book and a phone call can take care of my personal verification requ=
irement. =20
Back in the days of Cyberpromo and Sanford Wallace, what I did was used TCP=
wrappers on my mail server so that when I received a connection from a Cyb=
erpromo net block, I hairpinned the connection back to his MX server using =
netcat so when he connected to me, the HELO he received was from his own ma=
il server, which gladly accepted mail from Cyberpromo. He could pump mail =
to me all day long if he wanted to, but his mailq wasn't going to get any s=
maller.
The problem of email spam is an interesting one that has been battled for a=
very long time and is probably better discussed on a list dedicated to tha=
t topic.
