[48974] in North American Network Operators' Group
Re: SPEWS?
daemon@ATHENA.MIT.EDU (Steven J. Sobol)
Thu Jun 20 14:36:08 2002
Date: Thu, 20 Jun 2002 14:35:16 -0400 (EDT)
From: "Steven J. Sobol" <sjsobol@JustThe.net>
To: Andy Johnson <andyjohnson@ij.net>
Cc: nanog@nanog.org
In-Reply-To: <00d701c21886$b6fb1df0$a7a616cf@andyj>
Errors-To: owner-nanog-outgoing@merit.edu
On Thu, 20 Jun 2002, Andy Johnson wrote:
> Doesn't anyone see the irony here? Fighting abuse with abuse is somewhat
> counter-productive.
*Spamming* or launching a DoS attack in response to spam is definitely
abusive. I understand your point here. I don't think it's an invalid one.
I do believe that whether escalations are abusive is a question that is
open to debate. Indeed, I believe the question *should* be debated.
> This all boils down to more or less the user missing/not receiving an
> important email. So by blacklisting a netblock which originated SPAM, and
> more importantly, its neighbors (or in SPEWS case, the entire AS and
> netblocks announced from it), you are preventing valid emails from being
> delivered. So SPEWS is just as guilty of depriving people of their mail as
> spammers are IMO.
Which is more important? The right to express yourself or the right for
a property owner to protect his property? I've always claimed that
property rights trump free-speech rights, and where spam is concerned,
the courts have agreed with me (e.g. the AOL case and the CompuServe
case against Sanford Wallace back in the mid-1990's).
Now, the big question with blocking is whether or not your users are aware
of the blocking happening. In a service-provider environment, a good
network admin will make his customers aware of the blockage and either
have them agree to it or allow them to turn it off. But that is not a
moral or ethical issue. That's a contractual issue. If the provider is
arbitraily blocking stuff without telling his customers, yes, that can
be said to be a moral or ethical issue, but I make the assumption, for
the sake of this particular thread, that the customers know what's going
on.
As to whether it's counter-productive, again, whether or not it is is
based in large part on whether or not the customers have agreed to it.
My opinion is that the end-users *must* always have final say over what is
blocked or not blocked.
> Regarding your last comment, when tracking down and filtering a DoS, do
> you filter just the offending IP space, or ALL netblocks announced by that
> AS?
Neither; I don't run any devices that need to speak BGP. If I did, I'd
start by filtering the offending IPs only. If I still saw attacks coming
from elsewhere in the ISP's netspace I would broaden the range of the
blocks.
--
Steve Sobol, CTO JustThe.net LLC, Mentor On The Lake, OH 888.480.4NET
- I do my best work with one of my cockatiels sitting on each shoulder -
6/4/02:A USA TODAY poll found that 80% of Catholics advocated a zero-tolerance
stance towards abusive priests. The fact that 20% didn't, scares me...
