Slashdot Log In
@Home Responds to the UDP Notice
from the trying-to-protect-oneself dept.
To the USENET Community:
In response to the recent UDP call for @Home Network to be removed from interacting on the USENET, we are submitting an official response with a proposal of short term and long term news spam prevention initiatives. Excite@Home is very committed to participating respectfully on the Internet, and we have taken previous requests for action seriously.
We have found that the primary source of our excessive USENET posting history comes from subscribers who have installed proxy software incorrectly. Unbeknownst to the customer, this mis-configuration has allowed outside access to the @Home news servers, and has resulted in our subscribers becoming spam relays. Because these various IP addresses create holes in our network, spammers have taken advantage of this mis-configuration, and have posted thousands of newsgroup messages through our news machines.
As of today, we are stepping up our involvement and taking more aggressive action by performing frequent network wide scans of our customer base to target proxy servers. Once these customers are identified, we are suspending their news service immediately. Re-enabling will not occur until we are assured that their machines are secure. We feel that this proactive effort will dramatically decrease the amount of extraneous news traffic originating from home.com.
We are committed to promoting better Excite@Home participation on the USENET, and we are in the process of modifying our current news product and news architecture. We are also implementing more user education as a parallel initiative.
With these new tactics in place, we are asking for an extension to our USENET access beyond the 18th of January and we are confident that the USENET community will see positive news statistics coming in the next few days.
David Jackson
Manager, Network Policy Management
Excite@Home
davjackson@excitehome.net
Security anyone? (Score:3)
If I worked for @home (Score:3)
"Ladies and gentleman of usenet, we've formulated a respose to your so called death penalty, f*** you."
Then I'd moon them.
(What do you mean I ripped off southpark, they got that idea from me... yeah..)
@Home is more than Excite@Home (Score:3)
Proof that UDP works (Score:4)
This is proof that the UDP works. The whole point of the UDP is to get someones attention in a very meaningfull way, and thats exactly what it accomplished here.
This is also proof that USENET can manage itself just fine without any "central authority".
----
Shaw@Home answers as well (Score:5)
--- begin e-mail
We are aware that a UDP has been issued against @Home and it is clearly an @Home issue. @Home is aware of the problem and is working on meeting the requirements to have the UDP lifted so that you will continue to enjoy the use of the news service. Due to the current activity and attention to this issue Shaw does not anticipate that the UDP will go into effect.
--- end e-mail
Re:My opinion on all of this (Score:4)
Aw heck. Post this time.
Everyone replying so far has apparantly not gone to the dejanews site mirroring the UDP article:
http://www.deja.com/getdoc.xp?AN=571636137
which itself refers to the UDP FAQ:
http://www.stopspam.org/usenet/faqs/udp.html
which would indeed answer most of the objections raised here. RTFM folks!!
As a comment on the @home response? Blame-shifting. Don't extend. But at least they didn't backdate the response....
/(o\ I'm not a medievalist - I just play one on weekends!
Re:My opinion on all of this (Score:3)
The call for a UDP (Score:3)
For the humor impaired, please click the link to get the joke.
Still missing the point... (Score:3)
From the FAQ (Score:4)
From the UDP FAQ [stopspam.org]:
What about legal issues? Don't you worry about being sued? As UUnet (and others) have found, there is no legal requirement for other sites to carry or post their messages. Cancel messages are advisory in nature, and the sites which accept them have to have the ability to process them enabled in their software for them to be effective (the vast majority of sites have them enabled). UUnet threatened legal action when they were UDP'ed in August of 1997, but both the US Justice Department and the FBI (and presumably their own legal department after they consulted them) stated that there had been no laws broken and that they refused to investigate or act. Because none of their own equipment or networks were attacked, compromised, or even affected, there was no legitimate Denial Of Service (DOS) complaint that could be filed. What was happening, in effect, was an organized boycott of their messages. Nothing more, nothing less - and there is nothing illegal in all that. There would also be a horrendous negative public relations wave from actually instituting any legal action. When UUnet threatened, even more people came out in support of that UDP, contributions to legal funds were offered by a large number of people, lawyers volunteered to defend those participating in the UDP, and many ISPs promised to alias UUnet permanently (and work to get others to do the same) the moment they actually instituted legal action.
As another example, there was a rogue canceler, nicknamed "the Kikecanceller" [because his racially inspired cancel message paths all had "!kikecancel" (along with "!spiccancel," "!wopcancel," and others) in them], who was active for a short while. This rogue canceler nuked over 25,000 articles for no legitimate reason before his account got canceled. James M. Hawkins, the supervising agent at the FBI's Tulsa office, stated: "We don't have a case. I don't think we're going to be getting involved in the matter." The local United States Attorney's office was contacted about the cancellations and they replied that no law had been broken. (see the NY Times article about the "Kikecanceller". Note: this site requires you to enter a user name and password to access it, although it is free. There have been no reported instances of spam being sent to any test address that was used to enter the site, so it appears as if this data is only used by that site and not released to anyone who might utilize it for a spamlist).
Re:Incredulous (Score:3)
The classic WinGate acts like pretty much a socks server, when people are using it as a remote proxy at least.
I indeed run Socks5 on my gateway. And yes, it does bind to the public address. But will it let you proxy through it? No.
Unfortunately, this is still detected as an open proxy.
So who is buying this? (Score:3)
Well, its Creative... I'll give them that.
This really is the best they could come up with on short notice. I mean they can't possibly get their staff to actually enforce usenet spam rules, considering that would require hiring more staff who have a clue what usenet *is*.
Considering how small @home's user base is compaired to someone like AOL, the fact that they are being targeted by the UDP shows just how bad the problem is, their users must be generating tremendous amounts of spam per user to cause such problems.
I for one don't believe this solution of theirs is a real solution at all, and until the numbers show that the problem has gone down dramatically, I say hit them with the UDP as planned. If the numbers between now and then do show that they are having an impact in their efforts, then give them more time. But make them be the first to move, don't give an inch until they do something about it. Its the only way to deal with big corporations that don't actually give a damn about the Net itself or anything except their own bottom line.
Re:@Home is more than Excite@Home (Score:3)
Re:Proof that UDP works - AGREED!! (Score:3)
Re:Incredulous (Score:4)
I'd like to have cable access, but not a crippled Windows box with all its problems.
Re:Proof that UDP works (Score:3)
There IS a danger to the UDP (Score:4)
This is largely true. The UDP is a demonstration of successful self-coordination and democratic mob action. Individual admins opt-in to the UDP, or they opt-out, with only their own consciences as judge.
However, traditionally, governmental oversight has never been necessary in cases like this one, where an entity is punished for harming others. As the Libertarians correctly point out, community action will generally take care of such rogues. But government has been necessary in cases where a universally unpopular, but legal, viewpoint is expressed by an ostracized group.
Consider a group basically everyone despises: white supremacists. If an ISP were to rise up, comprised entirely of Aryan Nation skinheads, and if their thousands of clients were to post every day their noxious personal opinions all over the web, there is a smal but real possibility that some news admins would call for a UDP against the service. There is also the possibility that this UDP would go into effect, although no actual crime or harm had been committed, and the silenced participants were exercising their constitutional rights to free speech.
In cases like the hypothetical one above, civil rights legislation has a real and legitimate role to play. In the UDP FAQ, it is mentioned that only a government can legally perform censorship. However, Libertarians can't have it both ways - either they can accept civil liberties checks and regulations from the Feds, or they must assume the responsibility of allowing Usenet to become a government unto itself. At that point, the distinction between censorship and "private choice" becomes indistinct.
I'm not against the UDP or weak government, but I'm not against centralized civil rights standards either - that is the notion behind the constitution of the United States after all.
-konstant
Yes! We are all individuals! I'm not!
Nonsense, @Home (Score:5)
There are several reasons why. #1: Consider that the volumes of spam we're talking about - probably gigabytes upon gigabytes - would easily paralyze a cable modem connection, particularly when, for most @Home users, the upload cap is approximately 128Kbps (approx. ISDN speed). For anyone to make use of this exploit would require probably a dozen cracked systems per spammer.
#2 Every one of those systems is already being used by a human being (scratch that - several human beings; we are talking about a proxy here), who are going to complain to @Home, at which point they would have put a stop to the spamming.
#3: A UDP is only proposed after repeated attempts to notify the non-compliant admins of the problem. When @Home was notified, they could have found the addresses that the spam was posted from and discovered this "proxy" problem much earlier. Indeed, proxy problem or not, @Home could have remedied the situation much earlier than they are.
#4: Occam's Razor. Mr. Jackson's explanation is not the simplest one that fits all the facts. The simplest explanation is that @Home users are being allowed to post unadulterated spam and not being punished for it.
Having said that, I'm betting the spam problem goes away before the deadline. This is the usual "we don't have a problem and we're fixing it" notice that goes out after most of the UDP's, and usually, the UDP doesn't have to be enacted because the ISP knows (and simply refuses to admit) that they have a problem - and they fix it to avoid the punishment.
A UDP is Wrong (Score:3)
You don't like snail mail from AOL, Microsoft, and a few other American based companies. Therefore you decide to go around to everyone's house and take any mail, coming from any American address, out of their mail boxes and you put all of that mail into a pile. In order to receive the mail, the recipients need to go grab the mail from the pile.
Yes, yes, yes. I know. You don't have any obligation to carry the news yourself. I have read the UDP FAQ, I have been on USENET for many years, I even run a few news servers myself.
If you don't like it, decide to organize an OPT-IN boycott. Setting up cancelbots, etc, is an OPT-OUT boycott. If a news server admin doesn't want to participate in the UDP, they must specifically change their news server config to do so. I'm pretty sure that most news servers are set by default to accept ANY cancel message whatsoever.
Any UDP involving cancelbots is not analogous to a "I don't like 'X' network, so I will not carry their packets" situation, it is more similar to "I don't like 'X' network, so I will spoof their IP and send TCP Resets to any packets coming out of their network. If people don't like the TCP resets, they don't have to accept them." Of course, you know very well that most servers will accept TCP resets appearing to come from the host itself.
That being said, I support a non-invasive OPT-IN UDP (boycott) against @Home, because although some of the @Home affiliates/cable providers do a good job of abuse handling, some do not and @Home itself just plain sucks in handling abuse complaints.
And still continuing to miss the point... (Score:3)
USENET is not a "public" (ie, government-run) forum. It's a whole bunch of private machines strung together, and when you buy an account with USENET, you buy the right to use one of those private machines to access the content carried from the rest of those machines.
Sometimes one of those private machines will start dumping crap into the channels used by the rest of those private machines. The owners of those other machines will take every possible initiative to try to get the owner of that one crap-spewing machine to cut it out. Finally, strictly as a last resort , they will tell the owner of that machine, "Until you get your act together, you can't join in any of our reindeer games" and thus kick him out of the network.
Yes, this hurts the little people who subscribe through that machine. That's the whole point! Now the owner of that machine will find himself under pressure from within as well as from without--either he fixes the problem, or his users leave him for other services that can provide what they need. And since the UDPers always give a good amount of notice, I would guess that most of the time a UDP is threatened, it never actually becomes necessary because the sheer threat of it is enough to force the offender to clean up his act.
At any rate, as others have noted, participation in a UDP is strictly voluntary; any site can configure itself to ignore cancels from UDPers. In practice, of course, few do, so the threat remains effective.
This is simply an example of USENET's self-regulation mechanisms at work...when someone gets too out of line, he either gets kicked back into line or gets kicked out. It's actually kind of neat, seeing how a system with no one governing body in charge can still regulate itself. Sort of gives you hope for humanity.
wrong problem, wrong solution (Score:3)
@Home needs to protect their news servers so that only authenticated customers can post (proxy or not). If there is a spam, they can then identify where it came from and should selectively take action against that customer. Since @Home actually runs cables to their customer's homes, they don't even have the problem that customers cancel and resubscribe under a different identity; unlike other ISPs, they actually can enforce their policies. The UDP against them should continue until they do.
Hang on a cotton pickin' second (Score:5)
Woah. Woah there. Slow down just a second.
Right. Burn 'em at the stake? Let's see why again?
They didn't say they did. They said they will.
Right, I just don't get this. Do you know how long a scan takes? I'm not talking a script kiddie's nmap for open ports. I mean systematically probing an entire network for a stated behaviour with a sufficient timeout that you won't miss really slow servers (like, oh, say, ones that are already pumping piles of spam). They announced they'd start this as of today. Clue: it's not done yet.
And what do ports 8000 and 8080 have to do with this anyway? Are you talking about web proxies? They're a problem, sure, but tell me again how scanning for web proxies will get @Home out of the UDP? Can you even tell if @Home is scanning you on the NNTP port?
Heh. Gotta love the way you admit breaking your own ISP's rules on a public forum. And there are ways to judge relative security of an ISP. "I've run lots of scans and not been busted yet" is not one of them.
Signal 11, and everyone else, stop jumping on people when they admit they have a problem. This is good. @Home are doing the right thing when they admit this. It is the vital first step without which no further action can be taken. I know it's tempting to scream and roar at someone because they're evil, or because they snubbed you in the past. But these same people that are evil or snubbed you are the ones that we most need to take this step.
Please. If you think you can challenge @Home's statement, forward your evidence to the UDP people so they can consider it properly (clue: slashdot is not the best place to do this). But every time I see someone taking that first step and being met with ill-informed cries to burn, let 'em burn, I have to ask myself if I can actually ask the next guy to take it in good faith. I'm rapidly coming to the conclusion that I can't.
Dave
--
Re:Not an overnight fix. (Score:5)
The wonderful thing about the UDP is precisely that it forces the spam issue regardless of the ISP's internal issues. The UDP folks look (rightly, imo) at ISPs as basically black boxes which either generate/perpetuate spam or do not, and act accordingly.
Look at it from another angle: Joe Ethical Admin has been bugging Sandy Clueless Manager for weeks or months about this, but gotten no real mandate to put fixes in because of low priority. UDP drives that priority up, and actually _helps_ Joe do the right thing!
As long as UDP remains ethical and fair in the 'prelude' phase (documented, adequate time to repent, adequate technical assistance) I have no problem with it, or with the pain it causes target ISPs. Sometimes you need to feel pain to know something needs fixing.
The bottom line (IMO) is that USENET has given @Home an ultimatum, and @Home is responding. But this is not the sort of problem that @Home can fix overnight.
Well, if they are responding adequately, I'm sure the UDP will be suspended or lifted. Check up on the history of the UDP: the 'judges' are pretty forgiving of truly repentant offenders.
The nature of their service and the shared network topology inherent in the cable network design create some unique security hassles. Everyone should do their best to understand the nature of the work required before they blast @Home for being unresponsive or for just not caring.
If they didn't think of abuse issues ahead of time during the design phase, they deserve what they get! It's not like IP networking hasn't existed for 20+ years.. There's solutions to this, which quite honestly should have been documented and applied at the time of the network rollout. And if the technically correct behavior is being stifled by non-technical considerations, it's things like UDP and MAPS that help force technical concerns up higher in the list, and that's nothing but a good thing.
Your Working Boy,
Yeah, but they broke the rules when they posted it (Score:5)
However, let's look at how it was posted. First, it was crossposted to the news.admin hierarchy. This is a no-no. They want you posting to the newsgroup that it is appropriate to. But let's overlook that transgression. It might have been an oversight on Mr. Jackson's part.
But he also forged the approval headers for the moderated newsgroups that he posted to. And that is a big no-no. Especially when you're pleading for your network's life. And it requires premeditation. You don't forge the headers by accident.
And not only that, but he has now attempted this three times. The first time it was canceled by someone who I assume is one of the moderators with the message "No forged headers on my watch". Then Mr. Jackson posted it again. It was cancelled again with the message "No, kids, you don't get it. No forge-approvals. No crossposting in NANAP." Now it has been posted a third time.
So how serious can @Home be if they have commited multiple acts of net abuse all on their own in responding to the action being taken against them for their customers' net abuse?
-Todd
---
Re:Burn them at the stake. (Score:3)
If I remember correctly, windows file shares by default run over netbios, which is not routeable unless there is a master browser configured to do the deed
You're correct that the windows fileshares use NetBIOS, but NetBIOS over TCP/IP is very much routable, because TCP/IP is routable.
I think you're confusing it with NetBEUI, which is another transport protocol (same/similar level as TCP/IP), which is not routable. (This is Windows' preffered transport protocol.)
Windows LAN's exchange name information via UDP broadcasts, which are (usually) not routable (although this has nothing to do with NetBIOS.)
Shares should still be accessable if accessed in a \\ip.address.here fashion, but shares wouldn't normally get past a router.
Yes, it would - in fact, this is exactly how scour.net works - it indexes NetBIOS shares across the internet, so that you can set up a publicly accessible directory share for people to download media files.
Hope this clears some things up for you..
Re:Yes, you missed something. (Score:3)
First off, your rights to read or even post to Usenet have not been abridged. What has been done is that the other Usenet server admins have chosen to ignore anything coming from your domain. You can still post stuff, but only @Home and those not participating in the VOLUNTARY boycott will see it.
Secondly, this is not a case of elitism or bias. The UDP is a response to repeated abuses coming from a source. The abuses were reported and action on them was requested. Because @Home did not take appropriate action to stop the spam after multiple requests, the UDP was threatened. To borrow your "club" analogy, this is similar to the patrons asking someone to tone down their behavior when their being a twit. If the person insists on acting out, the club staff have the right to toss him out on his ear.
Thirdly, realize this. A UDP is put into place because a particular ISP refused to respond to complaints. It is in no way a slight against you or any other users (unless of course you're one of the spammers). The question you should be asking yourself is "what did @Home do to deserve this", for they did do SOMETHING. UDP's aren't given out lightly. They are usually because the ISP was apathetic to complaints...something you might want to keep in mind when subscribing or resubscribing to them.
In closing, the biggest flaw in your last argument is you assume being on the Internet is a right. It is not. It is a privilege. Abuse the privilege, and it can be taken away...just like a driver's license. @Home abused their privilege to be a part of Usenet, and they were punished for it. If you personally abuse your Net privilege, you think @Home won't hesitate to wipe your account? It's simple logic, but too many people think they're entitled to things they are not. Trust me, it's easy to ged rid of a disruptive influence and back it up in court.
You have the right to be heard, but not be an arse. Others have the right to choose to listen or not.
Re:There IS a danger to the UDP (Score:3)
Essentially, the counterargument is that the individual servers are owned privately and thus nobody has the right to speak using those private resources.
However, that is precisely my point. On the Internet, there is not much in the way of public property. Imagine a physical world in which there were no public sidewalks, squares or roads. Free speech could effectively be killed by the private owners of territory forbidding speech on their grounds. That is the danger I was trying to illustrate - a future world too completly balkanized, to the utter exclusion of publicly owned, centrally overseen venues for unpopular speech.
-konstant
Yes! We are all individuals! I'm not!
And they are (Score:4)
For those not in the know port 119 is NNTP, which presumably is what caused them to get UDPd in the first place. Thehe.. they won't find my 7 ipmasqed computers, of these me & my friends ipchains are sure. BTW anyone know how to defend against the TCP stack OS identification "DOS" (for lack of a better word)? To be honest, I don't even want to hear them bitching about Linux or anything else.
--
Re:Burn them at the stake. (Score:3)
Now my Linux box with full IPChains is up, and I had to turn off the logging, since there were so many scans and my box was using 98% CPU for syslogd (75MB log after only a couple hours). Not Good... I like the comment about using RJECT instead of DENY, though