[87997] in North American Network Operators' Group
Re: GoDaddy.com shuts down entire data center?
daemon@ATHENA.MIT.EDU (Patrick W. Gilmore)
Tue Jan 17 02:10:01 2006
In-Reply-To: <20060117063258.83924.qmail@web30409.mail.mud.yahoo.com>
Cc: "Patrick W. Gilmore" <patrick@ianai.net>
From: "Patrick W. Gilmore" <patrick@ianai.net>
Date: Tue, 17 Jan 2006 02:09:21 -0500
To: nanog@nanog.org
Errors-To: owner-nanog@merit.edu
On Jan 17, 2006, at 1:32 AM, Jim Popovitch wrote:
> I want to say, from an outsider's perspective, that I whole
> heartily applaud GoDaddy on the actions they took [...]
There seems to be a wide split on this topic. I was wondering if
people would privately tell me yes or no on a few questions so I can
understand the issue better.
1) Do you think it is acceptable to cause any collateral damage to
innocent bystanders if it will stop network abuse?
2) If yes, do you still think it is acceptable to take down 100s of
innocent bystanders because one customer of a provider is misbehaving?
3) If yes, do you still think it is acceptable if the "misbehaving"
customer is not intentionally misbehaving - i.e. they've been hacked?
3) If yes, do you still think it is acceptable if the collateral
damage (taking out 100s of innocent businesses) doesn't actually stop
the spam run / DoS attack / etc.?
These are important question to me, and I'm surprised at the number
of people who seem to feel so very differently than I thought they
would feel - than I personally feel. Would people mind sending me
private e-mails with yes/no answers? Longer answers are welcome, but
yes/no will do.
Using the case under discussion as an example, I am wondering why
anyone thinks taking down 100s of innocent domains is a good way to
stop a single hacked machine from doing whatever it is doing? If you
somehow think all that is worth it, take a close look at your cost /
benefit analysis. At this rate, every business on the Internet will
be out of business before we take out even a single moderately large
botnet.
I am also wondering why anyone thinks the miscreant will stop just
because the legitimate owner's domain no longer resolves? Not only
is the machine likely to continue sending spam as if nothing
happened, we aren't even "catching" the guy. I guess you could say
"well, it put pressure on his hosting provider to clean the infected
machine", which is true. I just think that's a bit silly. But maybe
I'm the one who's silly.
Lastly, I wonder what "average" people - people who run businesses on
hosting providers who really don't understand all this computer stuff
- think about such actions. How many 100s of people have we just
alienated for life to stop - er, NOT stop - a single zombie? And how
many of their friends are going to hear over an over how the Internet
is not a real business and no one should put any faith in it?
Is this really a good thing?
--
TTFN,
patrick
