Monkeys RBL timeouts {Scanned by HJMS}

Furnish, Trever G TGFurnish at HERFF-JONES.COM
Mon Sep 29 17:05:32 IST 2003


> -----Original Message-----
> From: Steve Thomas [mailto:lists at STHOMAS.NET]
> Sent: Wednesday, September 24, 2003 3:58 PM
> To: MAILSCANNER at JISCMAIL.AC.UK
> Subject: Re: Monkeys RBL timeouts {Scanned by HJMS}
>
>
> On Wed, Sep 24, 2003 at 05:38:22AM -0400, Gerry Doris is
> rumored to have said:
> >
> > On Wed, 24 Sep 2003, Martin Hepworth wrote:
> >
> > > According to the nanog list monkeys are currently
> undergoing a massive
> > > DDOS against them.
> >
> > Monkeys.com has given up.  They are no longer operational
> and will remain
> > that way.  They have not left there site the same way as orisoft ie.
> > flagging all email as spam.
> >
> > In short, they've given up the good fight and are gone.
>
> The "official" announcement:
>
> http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&oe=UTF-8&ne
> wwindow=1&safe=off&selm=vn1lufn8h6r38%40corp.supernews.com

Really sad to see this happen, and especially to see apathy among large
network providers.  Knowing for a fact that many of the actual admins and
techs at Tier 1 providers are still receptive to calls for help but are
frustrated because they can't act alone to block their own customers, I
wonder if perhaps an effort to organize those providers in a method they can
get approval for would help.

Perhaps creating a system that publicizes "protected zones" of the address
space would allow Tier 1 operators to feel confident updating their access
lists to protect those zones.  For example, the major DNSBLs could get a
"protected zone" that would consist of their registered IP addresses and
which network operators who want to help protect the net could use to update
their egress acls.

Ie MCI may not be comfortable supporting someone who isn't their customer
and who calls them begging for help blocking a DDoS against a host that
should only normally get DNS requests - why should MCI trust Joe Blow over
their own customers (who express their will merely by sending network
traffic)?

But if MCI were presented with the option of choosing to protect a
"registered" public resource that has used a standard mechanism to say "I
only want this kind of traffic", there are good people there who might be
willing to do so, and explaining that to their customers becomes as easy as
telling them, "We participate in the Internet Protected Zones program - for
more info, see ...".

Of course, if the nature of the DDoS is such that the permitted traffic *is*
the DDoS, then this doesn't help. :-/

Apologies to MCI for using them as an example.



More information about the MailScanner mailing list