------- =_aaaaaaaaaa0 Content-Type: text/plain; charset="us-ascii" Content-ID: <7075.940517071.1at_private> In message <380E13E0.E4166BFFat_private>, Eric Toll writes: > Let me know if you like this idea, or if you think I'm insaine on this. There's alot more of these coming; see attached for another example. -- C. Harald Koch <chkat_private> "It takes a child to raze a village." -Michael T. Fry ------- =_aaaaaaaaaa0 Content-Type: message/rfc822 Content-ID: <7075.940517071.2at_private> Return-Path: <owner-unix-athomeat_private> Message-ID: <380D3BB2.1E23AF3Aat_private> Date: Tue, 19 Oct 1999 20:49:06 -0700 From: David Ambrose <stargazer1at_private> Organization: @Home Network X-Mailer: Mozilla 4.5 [en]C-AtHome0405 (Win95; U) X-Accept-Language: en MIME-Version: 1.0 To: Unix at home <unix-athomeat_private> Subject: [Fwd: [tepat_private: It's a product, it's supposed to do that]] Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-unix-athomeat_private Precedence: bulk Reply-To: unix-athomeat_private Got this from a friend. How obnoxious can you get? Tom Perrine wrote: > > Folks, > > About a month ago we started getting reports of ISDN lines staying up > for 7x24. And my own ISDN line started doing the same thing. I tried > rebooting the pipeline router, disconnected from the home net, and the > line would come back up immediately. > > The home router (not any of the hosts behind it) was being ping'ed, on > average about every 2-3 minutes, from anywhere between 2 and 4 hosts > out on the Internet. > > All the signs pointed to an attempt to mount a "cost them some money" > attack on us. The source IP addresses would change, the DNS PTR > records were missing or pointed to names similar to those used in > dial-up pools, the source machines were locked-down in some ways, wide > open in others (typical script kiddie box). > > I finally started calling the source ISPs, with an offer to help them > find the intruders. The response was scary: > > "It's supposed to do that, it's a product." > > This company, Akamai Technologies, is trying to calculate optimal and > efficient paths for "guaranteed and optimal delivery of Internet > content". > > To do this, they pick thousands of IP addresses at random, and then > ping them every few minutes. Forever. Once they find you, they never > stop until you complain. I pointed out that random pinging could cost > other people money, and they said they had had complaints but they > always promptly removed addresses from their lists. > > Sounds just like the excuses the SPAMers use, to me. > > For now there are just a few nets where these things live, but I think > that the boxes will soon be sold to anyone who wants to deliver > "content". > > While I agree that this is possibly useful research-like stuff, their > cavalier attitude about "target selection" and being responsible for > the losses they cause has put them on my "target selection list." If > they want to measure RTTs across the net they can either deploy their > own d*mn boxes, or at least get permission from the target, or take > some due diligence steps to make sure they aren't crossing any "pay > for play" network links. > > They cost us some money in ISDN bills, and labor hours to track them > down. The "don't have a position" on whether or not they will pay for > financial losses they cause. They'll be getting a bill anyway. The > local FBI office and the local DA are both convinced that there is a > good case for any number of violations of CA state and/or Fed law, if > losses are incurred through the negligence of Akamai. All we have to > do is decide to press charges. > > I'm going to see what their response to the billing is. We'll take it > from there. > > Here are some of the IP addresses that you may see this ping traffic from: > > 206.132.160.42 > 209.67.231.* > 216.32.65.143 > > Some of the addresses have PTRs, and some don't. Some are in > akamaitechnologies.com and some are in globalcenter.com. > > Some folks may want to block traffic from their nets at border > routers. We *had* left ping open on our ISDN routers because there > was some small value in it, but we'll be closing that soon. > > *sigh* > > --tep ------- =_aaaaaaaaaa0--
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:44:31 PDT