[98037] in North American Network Operators' Group
Re: DNS Hijacking by Cox
daemon@ATHENA.MIT.EDU (Steven Haigh)
Mon Jul 23 20:58:47 2007
Date: Tue, 24 Jul 2007 10:49:18 +1000
From: Steven Haigh <netwiz@crc.id.au>
To: Joe Greco <jgreco@ns.sol.net>
Cc: nanog@merit.edu
In-Reply-To: <200707231537.l6NFbtet043731@aurora.sol.net>
Errors-To: owner-nanog@merit.edu
Quoting Joe Greco <jgreco@ns.sol.net>:
>
>> On Mon, 23 Jul 2007, Joe Greco wrote:
>> > And, incidentally, I do consider this a false positive. If any average
>> > person might be tripped up by it, and we certainly have a lot of averag=
e
>> > users on IRC, then it's bad. So, the answer is, "at least one false
>> > positive."
>>
>> The only way any human activity will NEVER have a single false positive,
>> i.e. mistake, is by never doing anything.
>>
>> Do people really want ISPs not to do anything?
>
> I'd prefer that ISP's tends towards taking no action when taking action
> has a strong probability of backfiring.
I'd have to say that at this point it is VERY obvious that you have =20
never administered a large (100k users+) network. The procedures and =20
paths of action you wish the largers ISPs to take are just not =20
practical.
From your web site:
"Please Note: Be very certain that your alleged abuse incident =20
actually originated here before submitting a complaint. Do not sumbit =20
a complaint without full headers, logs, and timestamps. We are not a =20
commercial ISP and it is highly unlikely that your abuse incident =20
actually originated here."
Spelling mistakes and "under construction" pages from 2002 aside, it =20
shows that you look to be familiar with dealing with smaller scale =20
operations. The reality of the matter is that large ISPs can do:
1) Nothing (which makes matters worse in the long run)
2) A disruptive fix (will get some false matches, a handful of =20
IRCers vs 100k+ users is acceptable).
3) Kill accounts.
Now lets look at a quick real world result of each of the three above.
1) Your network eventually caves into the ground. You end up being =20
a host for many spam networks and other nasties. Everyone on the =20
internet hates you.
2) A handful of people complain, cry, whimper, and leave. The =20
number of users in this boat won't really have much of an effect on =20
operations or business. Acceptable losses vs doing option 1.
3) You get a reputation of killing 'innocent' peoples accounts due =20
to unknown infections of crud. Business declines, and you end up =20
working for an ISP that would implement option 2.
In reality, the "purist" ideals of Internet access just does not work.
--=20
Steven Haigh
Email: netwiz@crc.id.au
Web: http://www.crc.id.au
Phone: (03) 9017 0597 - 0404 087 474
