@Home Responds to the UDP Notice

Schnake wrote to us with the reply that @Home has posted in news.admin.announce concerning yesterday's call for a UDP. Click below to read it - essentially, they are saying that the problem is clients who've set up proxy servers incorrectly, and that they will be more aggresive in helping customers fix mis-configured proxy servers.

To the USENET Community:

In response to the recent UDP call for @Home Network to be removed from interacting on the USENET, we are submitting an official response with a proposal of short term and long term news spam prevention initiatives. Excite@Home is very committed to participating respectfully on the Internet, and we have taken previous requests for action seriously.

We have found that the primary source of our excessive USENET posting history comes from subscribers who have installed proxy software incorrectly. Unbeknownst to the customer, this mis-configuration has allowed outside access to the @Home news servers, and has resulted in our subscribers becoming spam relays. Because these various IP addresses create holes in our network, spammers have taken advantage of this mis-configuration, and have posted thousands of newsgroup messages through our news machines.

As of today, we are stepping up our involvement and taking more aggressive action by performing frequent network wide scans of our customer base to target proxy servers. Once these customers are identified, we are suspending their news service immediately. Re-enabling will not occur until we are assured that their machines are secure. We feel that this proactive effort will dramatically decrease the amount of extraneous news traffic originating from home.com.

We are committed to promoting better Excite@Home participation on the USENET, and we are in the process of modifying our current news product and news architecture. We are also implementing more user education as a parallel initiative.

With these new tactics in place, we are asking for an extension to our USENET access beyond the 18th of January and we are confident that the USENET community will see positive news statistics coming in the next few days.

David Jackson
Manager, Network Policy Management
Excite@Home
davjackson@excitehome.net

Incredulous

[conami]

I for one have sincere doubts as to the amount of self-policing that @Home is likely to undergo- if they truely mean to install a process that will be beneficial to the internet community as a whole then they will need to begin forcing customers to have their proxy servers tested - my doubts begin here - who determines how well the proxy is/needs to be/ setup, is it @Home or will they submit the proxys to some kind of test that has been agreed on by the Usenet community??????

Re:Incredulous

[alhaz]

I for one doubt their proxy detection will be any better than the dreck you find employed by some irc networks.

The classic WinGate acts like pretty much a socks server, when people are using it as a remote proxy at least.

I indeed run Socks5 on my gateway. And yes, it does bind to the public address. But will it let you proxy through it? No.

Unfortunately, this is still detected as an open proxy.

Re:Incredulous

[dattaway]

My question is what they are going to police. Are they going to prevent the security holes by scanning for the offenders? Or are they going to scan for "servers," such as non Windows users, such as Linux boxen with a personal home page?

I'd like to have cable access, but not a crippled Windows box with all its problems.

Security anyone?

[Lxy]

Somehow I don't think I want @home service. Misconfiguration? Security holes? Yes, I'd like to put my NT server with all my corporate information onto @home's network. Better yet, I'll give you the keys to my house while I'm at it.

Re:Security anyone?

[el_nino]

So you're saying an ISP is to blame for you connecting an insecure computer to the internet?
%japh = (
'name' => 'Niklas Nordebo', 'mail' => 'niklas@' . 'nordebo.com',
'work' => 'www.sonox.com', 'phone' => '+46-708-405095'

Re:Security anyone?

[slykens]

Misconfiguration? Security holes? Yes, I'd like to put my NT server with all my corporate information onto @home's network.

It sounds like you are saying that instead of securing your own server against attack you would prefer your ISP provide a sterile network for you, without your providing additional compensation for that service? Is @home specifically less secure than another ISP? While @home could arguably be the target of more DoS style attacks, I don't see how chosing @home over, say uunet, makes your network any more secure, as far as regular internet service is concerned. The Internet is the Internet, all unfiltered connections are equivilent in their security. @home, from what I understand, does do some basic filtering, please correct me if I am wrong.

Your statement makes a point, however, if you use your ISP to handle some of the essential and regular network services. Personally, I much rather prefer a nice server of my own rather than one at my ISP, especially because I don't trust anyone else with my corporate data, even if I am compensating them for a 'secure' set of servers. One of our local ISPs used the ECPA of 1986 as an excuse to peruse email, and apparently got away with it.

sl

If I worked for @home

[cheese63]

I'd respond by saying:

"Ladies and gentleman of usenet, we've formulated a respose to your so called death penalty, f*** you."
Then I'd moon them.

(What do you mean I ripped off southpark, they got that idea from me... yeah..)

@Home is more than Excite@Home

[jshepher]

The @Home network consists of many companies. 3 that I can think of is Excite@Home, Rogers@Home, and Shaw@Home (the last 2 are Canadian). There are probably others. What are the they doing to stop the spammers?

Re:@Home is more than Excite@Home

[Gunzour]

No, Excite@Home is the entire company. Each cable company (Shaw, Comcast, etc.) is involved in the operation of the service to their own customers, but when Excite@Home speaks, it represents all of @Home. Excite and @Home merged last year, the resulting company, Excite@Home, is partially owned by each of the major cable companies that the service is offered through.

What are they smoking?

[Trifthen]

I may just be a misinformed jackinape, but didn't the @Home network limit customer's uplink bandwidth to 256k, and disallow the running of any and all servers? Isn't the solution as simple as cutting off customers that are running servers? I know the server ban was a reason I didn't buy @Home... I don't see how they can use customer's servers as an excuse.

Re:What are they smoking?

[bjb]

They do state in the legal papers that you are not allowed to run a server on the network, but they only really have that there when they need to shut down an illegal (or bandwidth hogging) customer. Sure, you could run a web server, and FTP server or (quite common) a Quake server. They just don't want you destroying everyone's bandwidth with a $40 consumer connection when your business should really be paying for a several hundred dollar connection.

Remember, the cable modem technology works off of a 'network neighborhood' configuration; if all the people within 1000 ft of your home are downloading pr0n at the same time, your pr0n download may come down at about 3k/sec. It's really to ensure quality in the service.

One thing that was mentioned to me by one of the techs for Comcast@Home is that they monitor upstream for abuse; downstream they don't care about.

--

@home fails to get it

[lorimer]

See, I don't think they really understand the problem here. You can try to be "proactive" about this sort of stuff as much as you want, but holes will keep opening up, and USENET will keep getting spammed through the holes, and once the spam is out,... same old problem. Even if you cut off their news access immediately afterwards, which only serves to aggravate the customer, who won't understand why they're being cut off.

But I'm glad to see the PR department has taken its normal approach to things - put as much spin on the problem as possible in a press release, then stall and see if everyone quits looking.

@home: Just lock down your news servers already. There's no reason for them to be hanging out in the open like that...

Proof that UDP works

[Admiral+Mouse]

This is proof that the UDP works. The whole point of the UDP is to get someones attention in a very meaningfull way, and thats exactly what it accomplished here.

This is also proof that USENET can manage itself just fine without any "central authority".

----

Re:Proof that UDP works

[Ben+Hutchings]

USENET = Unix USErs' NETwork. The capitalisation of network names appears to have been conventional around the time it was started (1980). Now it's more common to use just an initial capital.

Re:Proof that UDP works

[Fjord]

This in and of itself isn't proof that they work, but when added to the resulst of the UDPs of Erols.com, Bell Atlantic, UUnet, Compuserve, TIAC, Netcom, MCI2000.com, PSINet, Starnet Inc, HKT, BBNPlanet, and Ameritech, it's is apparent that UDPs work. However, it is important to bare in mind that UDPs are a last resort, and should only be followed by attempts at discussing the problem with the networks in question.

Shaw@Home answers as well

[B-Rad]

I sent an email to Shaw@Home (Canadian supplier of the @Home service) yesterday regarding the UDP, and here's what they had to say:

--- begin e-mail
We are aware that a UDP has been issued against @Home and it is clearly an @Home issue. @Home is aware of the problem and is working on meeting the requirements to have the UDP lifted so that you will continue to enjoy the use of the news service. Due to the current activity and attention to this issue Shaw does not anticipate that the UDP will go into effect.
--- end e-mail

Am I understanding this right?

[Frater+219]

They're going to scan their network for customer-operated NNTP services and take those customers' news access away, because external spammers have been relaying through the customer-operated systems to the main news server?

Why not just block inbound NNTP connections going to customer systems? If what they want to say is "Our users have no business running their own news servers", then why let them?

This "solution" seems excessively punitive and insufficiently preventative: sure, it'll get the current batch of insecure proxies, but it will not stop the next batch.

"Tools, not rules", people ... if you want a certain kind of network traffic not to happen, you don't just tell people not to do it and beat them with wet noodles when they do. You block it at the firewall.

Re:Wow! Great reaction time

[Indomitus]

Companies usually wait to fix things until others complain because it costs them money. Even if @Home actually follows through on their pledge to help fix whatever "misconfigured proxies" exist, that will cost them money that didn't have to spend for the 2 years prior to this when they were letting it happen. Corporations are, in general, pretty simple entities, whatever costs them money without making them money is bad. Being a good net citizen is bad for them because it costs them money and unless they were threatened with losing more money due to loss of customers (believe me, I know lots of folks who would quit an ISP if they couldn't post to USENET for more than 6 hours) they have no reason to fix things.

Re:My opinion on all of this

[featheredfrog]

Moderate or post, moderate or post.

Aw heck. Post this time.

Everyone replying so far has apparantly not gone to the dejanews site mirroring the UDP article:

http://www.deja.com/getdoc.xp?AN=571636137

which itself refers to the UDP FAQ:

http://www.stopspam.org/usenet/faqs/udp.html

which would indeed answer most of the objections raised here. RTFM folks!!

As a comment on the @home response? Blame-shifting. Don't extend. But at least they didn't backdate the response....

/(o\ I'm not a medievalist - I just play one on weekends!

*Proactive*?

[lyonsj]

I hate the word "proactive" anyway, but if you're going to use it, Excite@Home, at least use it correctly. It was too late to take "proactive" steps the second the UDP announcement was made. Let's see, what's the definition of proactive? "acting in anticipation of future problems, needs, or changes". Well, it would seem that spam is not a future problem for @Home, but rather an existing problem.

Re:My opinion on all of this

[Foogle]

Yes, it is completely legal. No ISP is under any legal obligation to carry another ISP's newsfeeds. It's a cooperative environment with, as-of-yet, no legal enforcement of participation.

-----------

"You can't shake the Devil's hand and say you're only kidding."

Easy access? It doesn't GET much easier!

[Wakko+Warner]

Netscape has a news client. Microsoft Internet Explorer has a news client. www.deja.com lets you post to Usenet even without a client. How much easier can access to Usenet possibly be? If you can access the web, you can access Usenet!!!

Usenet is an open forum, not some closed, unattainable clique like you're making it out to be. (The administrative side of it, however. . .)

-A.P.
--

"One World, one Web, one Program" - Microsoft promotional ad

Re:Easy access? It doesn't GET much easier!

[slashdot-terminal]

Usenet is an open forum, not some closed, unattainable clique like you're making it out to be. (The administrative side of it, however. . .)

YES BINGO GIVE THE PERSON A CIGAR

You said it admining is where the bottleneck gets really bad. It dosn't matter that Pope John Paul III himself endorces the medium and that the people on usenet help poor needy people in Bangledish get food and pokemon cards to their doors it's still about a single person trying to play Ebeneezer Scrooge and trying to determine what goes on. Technically it should be like http and have many, many choices to choose from. For example one of the terminals has a version of MSIE 5 on it could someone tell me exactly how (considering a great deal of evil scooges may have disabled it in some way) access news from there. I think that would help out a great deal right from the start.

I'm an AtHome user.. I don't believe them...

[Bobzibub]

They're at it once again: They think the servers on their customer's machines are to blame for every evil. If they configured *their* network to limit the number of email messages from a customer to say 100/day they might actually stem the flow.

My email addr is chappel + @ + home.com and I get spam cc'd to c*@home.com. They could block this sort of thing out (and I have asked them to) but their claim it is that it is beyond their control.

clowns!

-B

Re:My opinion on all of this

[friedo]

Yes, it is perfectly legal. Remember, no one is being harmed by a UDP. No equipment is being broken or hurt, nothing is being stolen, etc. People are just refusing to propogate messages coming from home.com on their own networks. News admins have no contractual agreement to propogate someone else's messages, just as I have no contractual agreement to do business with, say, a restaurant whose food I don't like.

Re:My opinion on all of this

[schporto]

Your analogy is wrong I think. This is more akin to some of your neghibors relatives dumping trash on your yard. Your then ask you neighbor to stop. Your neighbor ignores you. Repeatedly. You then get a restraining order against your neighbor and all of their relatives.
Each computer connected to USENET collects the news. This just says I'm not going to store news from that address anymore.
-cpd

The call for a UDP

[Grech]

After reading the torrent of flame associated with the previous story, I decided to do some research into @Home's actual practices. The results were shocking, to say the least. As it turns out, a UDP has been in place for the entire Internet since August 28, 1980. The details are here. Frankly, while I think UDP has some serious reliability issues, I don't think we need a new one.

For the humor impaired, please click the link to get the joke.

Burn them at the stake.

[Signal+11]

Set phasers to maximum stun!

I'm at @Home customer who keeps regular logfiles and a firewall. I can tell you right now @Home does NOT scan anything except forwindows filesharing. Some of the @Home network blocks windowsfilesharing at the router, others scan for it and disable it. But if that's what they meant by "scanning for proxies", that's misleading.

Secondly, @Home has, at the time of this posting, not scanned the subnet *I* am on for anything on port 8000, or 8080. For that matter, I have heard a whole lot of nothing on the scanning front.

Thirdly, I have run nmap scans extensively across the @Home network. Sometimes not in stealth mode either. To date, I have received no e-mail from @Home asking me about this (it's for statistics, not hacking, incase they're reading this). This tells me security is very lax for @Home. I would not be suprised if spammers knew this. It's not hard to find out - ask any @Home customer.

Lastly, @Home customers rarely run proxies. I have scanned port 8000 and 8080 - there are maybe 2 per 1024 block of IPs. I have NEVER seen a scan from a remote site to port 8000 or 8080. So drop the charade about this being from "mis-configured proxies".

Also - @home has a strict AUP *against* security scans. They would be in violation of their own AUP to take action like what this guy has mentioned in the article. I was not able to locate their online AUP, but searching here or here should reveal it. If nothing else, I will scan it in and post it, as I still have the copy I signed.

Re:Burn them at the stake.

[overshoot]

Also - @home has a strict AUP *against* security scans. They would be in violation of their own AUP to take action like what this guy has mentioned in the article. I was not able to locate their online AUP, but searching here or here should reveal it. If nothing else, I will scan it in and post it, as I still have the copy I signed.

The @Home AUP

Pay particular attention to the all-inclusive ban on "servers," broadly defined.

Re:Burn them at the stake.

[schon]

Hi..

If I remember correctly, windows file shares by default run over netbios, which is not routeable unless there is a master browser configured to do the deed

You're correct that the windows fileshares use NetBIOS, but NetBIOS over TCP/IP is very much routable, because TCP/IP is routable.

I think you're confusing it with NetBEUI, which is another transport protocol (same/similar level as TCP/IP), which is not routable. (This is Windows' preffered transport protocol.)

Windows LAN's exchange name information via UDP broadcasts, which are (usually) not routable (although this has nothing to do with NetBIOS.)

Shares should still be accessable if accessed in a \\ip.address.here fashion, but shares wouldn't normally get past a router.

Yes, it would - in fact, this is exactly how scour.net works - it indexes NetBIOS shares across the internet, so that you can set up a publicly accessible directory share for people to download media files.

Hope this clears some things up for you..

Re:Burn them at the stake.

[Tower]

I had a 98 box set up as my gateway for my internal net on @home (linux box was "in the shop" with a dead motherboard) - put up the main webpage saying what the box was and that the main drive was shared with no passwd, all of the default PWS scripts were available, and left an old insecure ftp program running... 2 weeks and nobody bothered to screw with me - I was dissapointed ;-)

Now my Linux box with full IPChains is up, and I had to turn off the logging, since there were so many scans and my box was using 98% CPU for syslogd (75MB log after only a couple hours). Not Good... I like the comment about using RJECT instead of DENY, though ;-)

Re:Burn them at the stake.

[Tower]

yeah, @Home doesn't seem to care about my http, ftp, or ssh ports, but hey - only about three people use my box remotely anyway, and there's very little traffic.

I'm just waiting for a clever admin to notice that I'm posting with my @Home address in /. and say "hey, he keeps mentioning that he is running a server!" "maybe we should try to figure out where he is!" "what domain is yummy.home.com so we can tell them?" ;-)

Re:To little too late??

[TheCarp]

> I wonder what the response will be, this is
> essentially the same thing they have been doing
> for a while (I had sendmail misconfigured and
> they sent me an e-mail about it a while back)
> but the problem still exists.

Go read the UDP FAQ that I read yesterday (see
yesterdays article for URL). Many companies
have responded to the UDP call by cleaning up
their act and getting the UDP revoked.

ALL that is being asked for is that they take
spam complaints seriously and make an effort
to secure their own network enough to curb the
spam. Just educate their users and help them.

This is really something that effects their
users without them knowing. Their customers are
misconfiguring proxies. This allows spammers to
use their reseources. The network link that these
people are paying for, is being slowed down
by immoral spammers, who want to make a buck
and don't care who gets hurt in the process.

It is their users that cause the problem, however
its not their users fault. They are ignorant. it
is @Homes responsibility to try to educate them
to keep the network secure.

Still missing the point...

[adamsc]

Well I think that this was a rather bold and audacious move by people. Concidentally is this legal? What happens if for example I am a researcher and want to send a usenet posting to someone and I use the @home service what then? Guess I'm screwed by the "wonderful" community.

It's entirely legal, and ethical as well. You have no innate right to post to USENET. Being a part of any community means that you agree to play by its rules. The Usenet Death Penalty is a last-resort measure and the disruption of innocent users is the entire point, as they may be able to get a non-responsive news admin to prevent further abuse of USENET by their users. Would you consider yourself screwed if your neighbors took legal action because your house had raw sewage spraying out into the street?

My opinion of usenet is general is bad because there are no (hint here) easy to access methods for people using what I would term "public access terminals" where you cannot easily change things and add programs and such. Telnet usually could work but would generally suck.

Are there no web browsers or terminals in your world? You can access USENET from anything capable of browsing the web, as well as the built in news clients in programs like Opera or Netscape, to say nothing of the numerous stand-alone programs that could be run on dedicated news-stations.

Re:Still missing the point...

[ravenwing_np]

What you are implying is that anyone can at any time take away something that I pay for is that right? Why dosn't anyone have any right to post to usenet? Who says? I mean if I pay $$ to post and access usenet then that's what I am paying for.

You are paying for the right to access and post to your ISP's news server. Nowhere does your contract say that it will be guaranteed to propagate to the rest of the net. That is where the UDP comes into play.

Re:Still missing the point...

[baffo]

What you are implying is that anyone can at any time take away something that I pay for is that right? Why dosn't anyone have any right to post to usenet? Who says? I mean if I pay $$ to post and access usenet then that's what I am paying for.

My friend, you seem to be terribly confused. You pay an ISP to have the right to call it, and exchange unmusical noises with it modems, and maybe transfer information. That is what you pay for. If the ISP suddenly turns off all of its modems, you can sue it.
You don't pay to access the USENET: for one reason, the USENET does not really exist. What exist is a bunch of systems that share naming conventions and occasionally agree to carry each others traffic (and not all of it). Of course, if your ISP was unwise enough to write in the contract you agreed upon that you will have access to USENET (for some definition of USENET, mark you), then you can sue the ISP.

I would say that this would be descrimination same as if for some reason every time I tried to post to slashdot malda decided that no matter what nic I got every post
[snipia]
was not allowed to post to slashdot.

Yes, but it would be perfectly within slashdot rights to discriminate against your posts.
Let me make it clear: Slashdot is not a right. The USENET is not a right. IRC is not a right. Photo Net is not a right. They are privileges and favours: as such, they can go away at any time. Just get yourself banned from a MUD/MOO/chat and try to sue ...

As for you "legal entitlement" to using the net in all its forms, I wonder where you heard about it. Is it in your Bill of Rights ? Or in a previously unknown amendment ?

Free Speech is being infringed when you have limited resources (not everybody can have his own newspapers, and for every town there is at most one Speaker's Corner) - but on the Internet anybody can build its own web site.

I really hate it when people build something with their work and patience and time, and then a random guy shows up and says: I have a right to this.

Re:Still missing the point...

[Robert+S+Gormley]

Ahh maybe you should talk to the paranoid people who run the terminals where I live and tell them that I am sure they wouldn't even care. I have never even heard of a stand alone news station in my life (not that it isn't possible).

The people where you live/work won't do it for you. Ergo, it is your god-given right to have someone else do it for you? Or you to dictate to other businesses that "you have a full and legal right" to their resources?

Clue check: You don't.

From the FAQ

[Fjord]

From the UDP FAQ:

What about legal issues? Don't you worry about being sued? As UUnet (and others) have found, there is no legal requirement for other sites to carry or post their messages. Cancel messages are advisory in nature, and the sites which accept them have to have the ability to process them enabled in their software for them to be effective (the vast majority of sites have them enabled). UUnet threatened legal action when they were UDP'ed in August of 1997, but both the US Justice Department and the FBI (and presumably their own legal department after they consulted them) stated that there had been no laws broken and that they refused to investigate or act. Because none of their own equipment or networks were attacked, compromised, or even affected, there was no legitimate Denial Of Service (DOS) complaint that could be filed. What was happening, in effect, was an organized boycott of their messages. Nothing more, nothing less - and there is nothing illegal in all that. There would also be a horrendous negative public relations wave from actually instituting any legal action. When UUnet threatened, even more people came out in support of that UDP, contributions to legal funds were offered by a large number of people, lawyers volunteered to defend those participating in the UDP, and many ISPs promised to alias UUnet permanently (and work to get others to do the same) the moment they actually instituted legal action.

As another example, there was a rogue canceler, nicknamed "the Kikecanceller" [because his racially inspired cancel message paths all had "!kikecancel" (along with "!spiccancel," "!wopcancel," and others) in them], who was active for a short while. This rogue canceler nuked over 25,000 articles for no legitimate reason before his account got canceled. James M. Hawkins, the supervising agent at the FBI's Tulsa office, stated: "We don't have a case. I don't think we're going to be getting involved in the matter." The local United States Attorney's office was contacted about the cancellations and they replied that no law had been broken. (see the NY Times article about the "Kikecanceller". Note: this site requires you to enter a user name and password to access it, although it is free. There have been no reported instances of spam being sent to any test address that was used to enter the site, so it appears as if this data is only used by that site and not released to anyone who might utilize it for a spamlist).

Re:My opinion on all of this

[ptomblin]

Speaking as a news administrator with 13 years experience:
Is it legal?
Damn right it's legal. You have no "right" to make me carry your news. If I chose not to carry news from your site, there isn't a damn thing you can do to force me to carry it.
What happens if for example I am a researcher and want to send a usenet posting to someone
You don't send usenet postings to someone, you send email to someone. If your research relies upon Usenet, then you should get Usenet access at your research establishment. There are commercial Usenet access companies, and there is Dejanews.
Guess I'm screwed by the "wonderful" community
No, you're screwed by @Home's lax attitude towards open relays and spammers. They've been told numerous times to clean up their act, and refused. Pre-announcing the UDP is a last ditch attempt to get @Home to take us seriously.

Re:My opinion on all of this

[Frater+219]

And tell me what kind of legal basis does anyone have for doing something like this? I mean I am sure that high ideals are nice and various forms of protest are also ok but also extremists cannot be tollerated.

Legal basis? If I own a news server, I can accept whatever kind of article I want to -- and refuse to accept whatever kind of article I want to, as well. That's called "private property". A UDP is just a large number of news server administrators saying "We're not going to accept articles from this site, because they have refused to stop spamming."

As for "extremists" -- these aren't extremists. These are the sysadmins who built the fucking thing. If we're playing baseball with my ball, and you decide that you'd rather use my ball to bean your little sister instead of playing the game, I'm going to take my ball away and not let you play with it.

Re:Fine, @home, but...

[Foogle]

Would you care to point out which law is being broken through this "collective DoS attack"? No ISP is under any legal obligation to carry @Home's newsfeed... They do it out of courtesy, just like everyone else. If @Home is unwilling to put a stop to their spammers then the rest of the Internet will do it for them.

-----------

"You can't shake the Devil's hand and say you're only kidding."

Re:Fine, @home, but...

[chromatic]

'Break the law'? 'DoS attack'? That's not how Usenet propagation works.

The large news feeds pass along messages from other sites as a courtesy. They use their own resources (time, disk space) to do so. If they choose not to pass along messages from another site due to volume of useless postings, poor Net behavior, or whatever, that is their right.

If you had guests over who made a mess in your bathroom, shaved your dog, filled up all your trash cans, started yelling obscenities and advertising slogans whenever someone tried to start a conversation, and left all of your doors and windows unlocked, would you invite them back?

Neither would the news admins participating in UDPs.

--

So who is buying this?

[Tridus]

So the problem is not @home users spamming usenet, the problem is @home users setting up proxies incorrectly so that external users can spam usenet. Is that right?

Well, its Creative... I'll give them that.

This really is the best they could come up with on short notice. I mean they can't possibly get their staff to actually enforce usenet spam rules, considering that would require hiring more staff who have a clue what usenet *is*.

Considering how small @home's user base is compaired to someone like AOL, the fact that they are being targeted by the UDP shows just how bad the problem is, their users must be generating tremendous amounts of spam per user to cause such problems.

I for one don't believe this solution of theirs is a real solution at all, and until the numbers show that the problem has gone down dramatically, I say hit them with the UDP as planned. If the numbers between now and then do show that they are having an impact in their efforts, then give them more time. But make them be the first to move, don't give an inch until they do something about it. Its the only way to deal with big corporations that don't actually give a damn about the Net itself or anything except their own bottom line.

Sounds like Wingate.

[scumdamn]

I think they're talking about the old version of Wingate that was setup by default to allow anyone to connect to anyone else. The perpetrators are probably just bouncing their messages off of a bunch of known Win9x machines running Wingate.

What about email?

[tilly]

If they scan your computer and find you have an email server (which a lot of Linux users do for personal use) will it be shut down?

Wondering...

Ben

Re:My opinion on all of this

[phantomlord]

Basically what you people are doing is akin to being annoyed that you neighbor paints his house a certain color or decided to have a barbecue or something with some of his/her friends and they drank beer (which you may not like). Then you decide to throw a hand grenade into the house to "teach em'" I mean this move was quasi-legal at best and you know it.

Flat out wrong... nobody's forcing @Home to shutodown their servers... A more correct analogy would be automatically burning anything in your snail mailbox that has a bulk postage rate stamped on it. Sure, some of that mail may be interesting but the large majority of it is useless junk that you don't care about coming from someone trying to scam you. Are you saying that it's "quasi-legal" at best for me to burn my mail? Are you now dictating what I can and can't do with the mail in my mailbox? The USPTO still delivers the snail mail spam just like the usenet backbone will still offer usenet spam... the UDP is simply a bunch of citizens collectively burning their junkmail.

Did I miss something?

[slashdot-terminal]

If I am an ISP sysadmin I do ***NOT*** own the network or even the machine that the network is attatched to. I do not even own a single byte of data that is transfered in any way shape or form. I am sorry to be this blunt but if I for example hire a person to squish grapes to make wine the grape masher does not have a word of say at all in the process of making the wine. All he has to do is smash grapes and not complain. All that he does is carry out orders from others using a set of fuzzy logic and AI that machines cannot perfect in that particular case.

@Home == Netcom!

[swordgeek]

Does anyone remember when Netcom was sentenced with the UDP? (about two years ago maybe?) It was an almost identical situation, if I remember. Netcom refused (for ages!) to respond to any abuse complaints, and refused to lock down their servers. When the UDP was announced, they made some shuffling, 'we'll fix it' noises, but did roughly bugger-all. This went back and forth until the UDP was finally put into effect, with fairly devastating consequences. After a while, Netcom relented and started to behave.

I don't like the fact that these companies are so irresponsible that we have to take a big stick to 'em, but ultimately it will prove successful. I vaguely remember that it's easier to reinstate a UDP once it's been applied once, so any number of half-measures on @Home's part will fail. Responsible behaviour is the only way out of this.

Re:Proof that UDP works - AGREED!!

[Daeslin]

A see a lot of incredularity (plus some remaining "Hey, that's not fair) on other posts, and while I'm in general, a cynic, I have to agree with this. Sure, there's some bald-faced lies in here (i.e. the claim that they've always responded to the community), but that's to be expected from managment. As a techie that's worked in a couple of suit-type financial businesses, I'll attempt to suggest a probable dialog: admin in charge of way too much to management: Hey, we keep getting complaints about our usenet setup. I'm swamped and not a usenet expert. I either need some time dedicated to reading "Managing Usenet News" and someone to take over some of my work, or better yet, you should hire someone just for that. manager: Use.net? What's site's that? Why should we manage it? I don't have the headcount. Skip it. Admin to boss: Hey, I read on slashdot yesterday that we're getting UDP'd (since you haven't given me the duty to actually keep up on the admin news groups as I should, I didn't even see the post). Also about a bijillion torked off users are calling and emailing us. manager: What's udp? techie: manager: They can't do that! techie: manager: techie: We need to promise to crackdown and actually plug the holes, they'll almost certainly go for the promise, but they'll continue to watch us like hawks. Once they've gone this far, it's not that hard to reinstate the sentence if we lapse. manager : Do it. Write up a reponse and I'll couch it in appropriate language (which he completely bumbles, due to lack of understanding of his audience, but that's to be expected) Result? The cluestick approach will probably work once again. You just need a big enough stick, and on the net, short of an IDP, and arguable the RBL, the UDP is the biggest stick around. --Jason

@Home will prob ban static IPs. Thanks guys! Not.

If this is true, @Home will probably just ban users from having static IP addresses[*], running servers, and running Linux (because it's potentially "dangerous"). Kudos to the Usenet cabal for forcing ISPs to limit their offerings to what the stupidest common user can handle. And should @Home take this action, will the members of the cabal support (with UDP level backup) the Linux users linked to @home cable modems? I doubt it. You're just ruining it for all of us.

Yes Cox@Home still offers static IP addresses to subscribers in a few markets such as Las Vegas.

There IS a danger to the UDP

[konstant]

One theme we are seeing kicked around this board (by our friendly neighborhood Libertarian contingent :) is the statment that the UDP's success proves that central oversight, ie. government interference, is unnecessary.

This is largely true. The UDP is a demonstration of successful self-coordination and democratic mob action. Individual admins opt-in to the UDP, or they opt-out, with only their own consciences as judge.

However, traditionally, governmental oversight has never been necessary in cases like this one, where an entity is punished for harming others. As the Libertarians correctly point out, community action will generally take care of such rogues. But government has been necessary in cases where a universally unpopular, but legal, viewpoint is expressed by an ostracized group.

Consider a group basically everyone despises: white supremacists. If an ISP were to rise up, comprised entirely of Aryan Nation skinheads, and if their thousands of clients were to post every day their noxious personal opinions all over the web, there is a smal but real possibility that some news admins would call for a UDP against the service. There is also the possibility that this UDP would go into effect, although no actual crime or harm had been committed, and the silenced participants were exercising their constitutional rights to free speech.

In cases like the hypothetical one above, civil rights legislation has a real and legitimate role to play. In the UDP FAQ, it is mentioned that only a government can legally perform censorship. However, Libertarians can't have it both ways - either they can accept civil liberties checks and regulations from the Feds, or they must assume the responsibility of allowing Usenet to become a government unto itself. At that point, the distinction between censorship and "private choice" becomes indistinct.

I'm not against the UDP or weak government, but I'm not against centralized civil rights standards either - that is the notion behind the constitution of the United States after all.

-konstant
Yes! We are all individuals! I'm not!

Re:There IS a danger to the UDP

[Last+Warrior]

This is a very touchy issue.

It is illegal to prevent free speech over publicly funded mediums. The internet is a tool for everyone.

On the other side, usenet servers along with web servers, ftp servers, irc servers and the like are the sole property of the organization that makes them available on the internet. Content that flows across these private systems and networks is within the sole judgement of the operators of that service and they can, for any reason, terminate,cancel,or dispense with materials they deem unfit.

This may not be a blow in the favor of free speech, but is the law and is logically founded.

In the future I see similar issues with email, web traffic, and things like irc. People believe that email is a right and a service, but dont realize that at the drop of a hat, it can be taken away.

The government is not in control here..

If you dont like your isps censoring practices, then you sare free to switch isp's. There will always be those of us who despite out viewpoints will always defend the rights of others to have viewpoints. no matter ow dispicable they might be.

Last Warrior

Re:There IS a danger to the UDP

[Malc]

"Consider a group basically everyone despises: white supremacists. If an ISP were to rise up, comprised entirely of Aryan Nation skinheads, and if their thousands of clients were to post every day their noxious personal opinions all over the web, there is a smal but real possibility that some news admins would call for a UDP against the service. There is also the possibility that this UDP would go into effect, although no actual crime or harm had been committed, and the silenced participants were exercising their constitutional rights to free speech.

In cases like the hypothetical one above, civil rights legislation has a real and legitimate role to play. "

Unfortunately such legislation would be hard to enforce. Effective legislation would require international aggreements. The legal definition of free speech in the US differs from elsewhere in world - attempting to change it in anyway to put in line with an international agreement might be one hardest things to do in America. If your hypothetical aryan group were outside your country of residence, it is obvious that such legislation could only enforce the blocking of the incoming data. It would be hard to plug all of the holes without measures such as those in Saudia Arabia where the government controls and screens/censors all international internet connections.

I think that this is an issue that we become more pressing in the next few years as the internet seeps into more parts of society around the world. National governments are going to want to impose restrictions so that the internet within their national boundaries meets the local laws. What is socially/legally acceptable in Holland might not be so in France. But the way the internet has grown and is interconnected makes this increasing difficult to "fix".

I think that this is an interesting issue that we will see more of. I'm sure we'll have more heated debates in the not so distant future. The UDP is the most effective method we have available to us.

Re:There IS a danger to the UDP

[Rombuu]

Consider a group basically everyone despises: white supremacists. If an ISP were to rise up, comprised entirely of Aryan Nation skinheads, and if their thousands of clients were to post every day their noxious personal opinions all over the web, there is a smal but real possibility that some news admins would call for a UDP against the service. There is also the possibility that this UDP would go into effect, although no actual crime or harm had been committed, and the silenced participants were exercising their constitutional rights to free speech.

A) First amendment applies to government, not private citizens administrating NNTP servers, or the companies the own NNTP servers.
B) Anyone can choose to carry or not carry any group or message they want to don't want to.

Whats the issue?

Re:There IS a danger to the UDP

[DaveTerrell]

Consider a group basically everyone despises: white supremacists. If an ISP were to rise up, comprised entirely of Aryan Nation skinheads, and if their thousands of clients were to post every day their noxious personal opinions all over the web, there is a smal but real possibility that some news admins would call for a UDP against the service. There is also the possibility that this UDP would go into effect, although no actual crime or harm had been committed, and the silenced participants were exercising their constitutional rights to free speech.

There has never been a UDP invoked against any ISP for any action except abusive amounts of unsolicited commercial postings. Never. Nor will there ever be. If you think that could happen, you really don't understand the people who run Usenet at all.

Re:There IS a danger to the UDP

[konstant]

I would like to comment on some of the responses I'm seeing to my post.

Essentially, the counterargument is that the individual servers are owned privately and thus nobody has the right to speak using those private resources.

However, that is precisely my point. On the Internet, there is not much in the way of public property. Imagine a physical world in which there were no public sidewalks, squares or roads. Free speech could effectively be killed by the private owners of territory forbidding speech on their grounds. That is the danger I was trying to illustrate - a future world too completly balkanized, to the utter exclusion of publicly owned, centrally overseen venues for unpopular speech.

-konstant
Yes! We are all individuals! I'm not!

Nonsense, @Home

[xant]

I use @Home, and I also use IP Masquerading (which is substantially similar to a proxy). I have also helped tons of people set up IP Masquerading. While exploits of the kind that they are talking about are certainly possible (especially using something like Win98SE's internet connection sharing or similar weak-security Internet sharing tools), to imply that hackers are posting spam using this method is ludicrous.

There are several reasons why. #1: Consider that the volumes of spam we're talking about - probably gigabytes upon gigabytes - would easily paralyze a cable modem connection, particularly when, for most @Home users, the upload cap is approximately 128Kbps (approx. ISDN speed). For anyone to make use of this exploit would require probably a dozen cracked systems per spammer.

#2 Every one of those systems is already being used by a human being (scratch that - several human beings; we are talking about a proxy here), who are going to complain to @Home, at which point they would have put a stop to the spamming.

#3: A UDP is only proposed after repeated attempts to notify the non-compliant admins of the problem. When @Home was notified, they could have found the addresses that the spam was posted from and discovered this "proxy" problem much earlier. Indeed, proxy problem or not, @Home could have remedied the situation much earlier than they are.

#4: Occam's Razor. Mr. Jackson's explanation is not the simplest one that fits all the facts. The simplest explanation is that @Home users are being allowed to post unadulterated spam and not being punished for it.

Having said that, I'm betting the spam problem goes away before the deadline. This is the usual "we don't have a problem and we're fixing it" notice that goes out after most of the UDP's, and usually, the UDP doesn't have to be enacted because the ISP knows (and simply refuses to admit) that they have a problem - and they fix it to avoid the punishment.

Re:Nonsense, @Home

[jCaT]

#1: Consider that the volumes of spam we're talking about - probably gigabytes upon gigabytes - would easily paralyze a cable modem connection, particularly when, for most @Home users, the upload cap is approximately 128Kbps (approx. ISDN speed). For anyone to make use of this exploit would require probably a dozen cracked systems per spammer.

I've got one word for you: Crossposting. If you can hit 10-20 newsgroups with one 5k post of text, do that 1000 times- you've just posted to 10,000 newsgroups with about 5 meg of upload traffic. At 128k, that doesn't take _that_ long. Besides, they probably do it at 3am when the cable modem user is asleep anyways.

#2 Every one of those systems is already being used by a human being (scratch that - several human beings; we are talking about a proxy here), who are going to complain to @Home, at which point they would have put a stop to the spamming.

Uh,hello? if they set up the proxy incorrectly that probably means they're not exactly the most clue-ful internet users. All they know is that their service is slowing down- and based on previous posts, @home doesn't give a rat's ass about slow service.

Re:Hypocrites

[friedo]

Indeed. And also remember, that, to quote your own argument, no one is harmed by a DOS attack. So, friedo, obviously you will not complain if I mount a prolonged and sustained DOS attack on you because I disagree with somethin gposted by ANOTHER user of your ISP, right?

This argument is rediculous. If you do a DOS attack on a network you are hurting that network by saturating its pipes. A DOS attack is just that, an attack against someone else's network and equipment. A UDP is a refusal to accept messages originating from someone else's network. A UDP applies to the networks refusing to accept messages, not to the network they are originating from. Agreed, the users of the UDP'ed network suffer, but in America, that's why we have the ability to choose which ISP we go with. A good ISP wouldn't get UDP'ed.

A UDP is Wrong

[Ticker]

To me, it seems analogous to the following:

You don't like snail mail from AOL, Microsoft, and a few other American based companies. Therefore you decide to go around to everyone's house and take any mail, coming from any American address, out of their mail boxes and you put all of that mail into a pile. In order to receive the mail, the recipients need to go grab the mail from the pile.

Yes, yes, yes. I know. You don't have any obligation to carry the news yourself. I have read the UDP FAQ, I have been on USENET for many years, I even run a few news servers myself.

If you don't like it, decide to organize an OPT-IN boycott. Setting up cancelbots, etc, is an OPT-OUT boycott. If a news server admin doesn't want to participate in the UDP, they must specifically change their news server config to do so. I'm pretty sure that most news servers are set by default to accept ANY cancel message whatsoever.

Any UDP involving cancelbots is not analogous to a "I don't like 'X' network, so I will not carry their packets" situation, it is more similar to "I don't like 'X' network, so I will spoof their IP and send TCP Resets to any packets coming out of their network. If people don't like the TCP resets, they don't have to accept them." Of course, you know very well that most servers will accept TCP resets appearing to come from the host itself.

That being said, I support a non-invasive OPT-IN UDP (boycott) against @Home, because although some of the @Home affiliates/cable providers do a good job of abuse handling, some do not and @Home itself just plain sucks in handling abuse complaints.

Re:A UDP is Wrong

[Ticker]

Taking your statement of "there's no right or wrong" to the extreme would mean it's also okay for me to hack into your system, right?

If somethings unethical, it's unethical. It's that simple. It has nothing to do with morality, it has to do with ethics.

Re:My opinion on all of this

[NMerriam]

What if I want to get say a binary group or two?

Then subrscribe to a news service -- you seem to be under the impression that having an ISP account gives your rightful access to anything you want. it doesn't. if you want a good quality newsfeed without restrictions and wihtout this kind of idiocy, you have to get a subscription to a REAL news server.

I hardly see how I should be at fault because a sysadmin wanted
to keep his little discussions under his control and not allow anyone by his close friends or others who have a spare T-1 to
use get a newsfeed

that's like complaining becuase the guy down the street won't let you into his party -- it's his party, and he can cry if he wants to. if you want news access from someone's computer that they control and are incharge of, you'll have to work out some sort of a deal with him, whether it's paying for it or getting to be friends with him.

Is there any way to actually do an end run around the news servers and simply create my own private
slow nntp server? Everyone says that hd space is so cheap now adays so why can't I get a standard 56k modem and then
get all the data from some reliable server

Guy, do you have any clue how large and expensive it is to run a news server? This isn't a mailing list, you're talking about a few hundred gigabytes a day of data. if you don't have a t1 line and a lot of servers don't think you can just "hook up" for free. No one gets news feeds for free, they have to pay for them. @Home pays for theirs, and so does every other ISP.

I would love to have digests of my favorite newsgroups mailed to me every let's say day or so. The
news server could just in fact mail me the digest hourly or so if it was too much to do it daily. With all this magical bandwith
I see no reason that someone can't do something to see this through to reality.

What magical bandwidth? We're not talking about a mailing list here -- this is gigabytes and gigabytes of data! If you want someone to send you a digest, then find someone willing to give you that service. if you can't, maybe you SHOULD set up a news server to provide that service. You'll have to pay for news feeds from others (until you're big enough to get a free peering agreement), but you get to resell it to customers.

Re:My opinion on all of this

[slashdot-terminal]

USENET is a cooperative entity. No site is under any obligation to carry any other site's traffic. No site carries all of USENET, Every site administrator decides independently what
USENET traffic will be carried at that site. If an administrator decides not to carry certain traffic, he is answerable to his own users; he is not answerable to the originators of the
traffic.


And therein lies the problem with what is actually going on in terms of access. If I want to e-mail someone I can simply type in the address and send it to anyone I want to. If I want to go to a web page I can as well. What I cannot easily do is arbitraly look at a particluar news group on any particlar site. There is not simple means yet in place that will allow me to just type in news://alt.jimmy.slashdot-comments.athome.discuss or something like that and then just find a central archive or a mirror that has *every* posting for an agreed period of time. I do *not* want my admin to be in control of what I see. Do you? Do you really want to have filtered content that isn't just decided by a filter but by say Alan Keys (Republican presidential candiate)? Would it get you a little upset if another server was run by Bill Gates himself and all linux groups were banned? When it hits too close to home then people get a little uncomfortable about it but when it dosn't affect us then it's all ok right? Really what they should have said in the draft for nntp (why did they create it anyway when we can have e-mail?) is that is was a inherently sensored medium and that it would never be totally open? Can you say that about the implimentation of SMTP? No you cannot they are way to do it but the archieture does not support it in the draft 100% like nntp does.

The UDP is a suggestion to individual site administrators, no more.

Just like the school bully who makes it a "suggestion" to give him your lunch money so that he can buy smokes or he'll brain you with a lead pipe.

"Hmmm...who can we blame this on..."

[Cheerio+Boy]

It seems to me that they are trying very hard to push te blame off on their users and not taking responsibility for their actions. It's their sysadmins and security people who are at fault here. I don't even think the "corporate" level had any clue at all. (I sent an e-mail, like everyone else, informing them of the UDP announcement. Instead of sending it to the support people though I sent it to the "Corporate PR" e-mail address on their site. ;-) (Before you ask - no I didn't get a response.)

Regardless they are still blaming the user when they should be blaming themselves.

A slap on the wrist?

[In-Doge]

So does this mean that the UDP will be lifted?

I know this is a little on a larger scale, but this is probably the metaphorical equivalent of "don't spank me mommy, I won't do it again!!"

Does this mean that @home should not still be punished? The damage has been done, and has been done for a very long time. Like someone said on NANA.usenet, it took 2-3 years of net abuse by @home to have a UDP put on them. 3 years of spam? And finally action has been taken on it.. only to have it blown off by a press release?

IMO I think @home needs a little time to think about what it did.

Oh, and on another note, aren't these people using residential accounts? Last time I checked, accounts that were spamming were cancelled. Flat out, all across the board. Not "Once these customers are identified, we are suspending their news service immediately."

*sigh*

And still continuing to miss the point...

[Robotech_Master]

Your argument essentially boils down to the equivalent of, "Because I pay money to go into a building to watch a movie, I have the right to do anything I want to there! It's my money!" If you try doing that in real life, see how far it gets you.

USENET is not a "public" (ie, government-run) forum. It's a whole bunch of private machines strung together, and when you buy an account with USENET, you buy the right to use one of those private machines to access the content carried from the rest of those machines.

Sometimes one of those private machines will start dumping crap into the channels used by the rest of those private machines. The owners of those other machines will take every possible initiative to try to get the owner of that one crap-spewing machine to cut it out. Finally, strictly as a last resort , they will tell the owner of that machine, "Until you get your act together, you can't join in any of our reindeer games" and thus kick him out of the network.

Yes, this hurts the little people who subscribe through that machine. That's the whole point! Now the owner of that machine will find himself under pressure from within as well as from without--either he fixes the problem, or his users leave him for other services that can provide what they need. And since the UDPers always give a good amount of notice, I would guess that most of the time a UDP is threatened, it never actually becomes necessary because the sheer threat of it is enough to force the offender to clean up his act.

At any rate, as others have noted, participation in a UDP is strictly voluntary; any site can configure itself to ignore cancels from UDPers. In practice, of course, few do, so the threat remains effective.

This is simply an example of USENET's self-regulation mechanisms at work...when someone gets too out of line, he either gets kicked back into line or gets kicked out. It's actually kind of neat, seeing how a system with no one governing body in charge can still regulate itself. Sort of gives you hope for humanity.

from someone who's been there...

[Kethryvis]

I used to work for an ISP as its postmistress/abuse type. When I took on the job, we were #1 on the spamhippo list, and were being threatened with a UDP(to take effect within a few days). Within 2 days I had the news spamming under control. **2 days** folks. In those two days, I cancelled something like 14 accounts. POOF!! Problem solved. Now, the ISP I worked for did not have the scope that @Home does, but it just goes to prove that if you just inforce your AUP (it ain't just there for looks yanno) you don't have the problem. You'll have flare ups from time to time, but you can put that fire out and poof. You're in usenet happy land. All you need is a logging server and the headers. It doesn't even take a lot of brains to do it. All @Home really needs to do is grab a bunch of techs who aren't doing anything, give 'em the spams, access to query the logging server and I bet within a few days they wouldn't have a problem anymore. I know we didn't.

May not be an issue

[barzok]

RoadRunner in Central NY blocks port 25 inbound. We can bounce all the mail we want around inside the TWCNY network (and send mail out), but no one from outside can send mail direct to my box.

Fortunately, they haven't blocked ports 21, 23, 23 and 80 (to name a few important ones). Not yet anyway. Now, if @Home blocked a port or 2 on their systems, could this be avoided altogether? Some RR folks are really upset that 25 is blocked for us, I'm dealing with it; the service is still better than dial-up. And it does give me some peace of mind that people can't try to abuse my box via sendmail. I'm just wondering if @Home is posturing with this "we're going on a hunt" thing because they don't understand that it may be as simple as flipping a virtual switch on the routers, and KNOW that they don't understand how to run things well.

wrong problem, wrong solution

[jetson123]

It is questionable that what @Home claims is the problem is actually the problem. Even if it were, scanning for proxy servers would be the wrong solution.

@Home needs to protect their news servers so that only authenticated customers can post (proxy or not). If there is a spam, they can then identify where it came from and should selectively take action against that customer. Since @Home actually runs cables to their customer's homes, they don't even have the problem that customers cancel and resubscribe under a different identity; unlike other ISPs, they actually can enforce their policies. The UDP against them should continue until they do.

Re:Hypocrites

[slashdot-terminal]

If I don't want to accept a telephone call from you into my house, that is legal. If everyone in the world decides to not answer when you call, that is legal.

How about the 911 system that's a call to. What about calling the government for something or maybe the IRS or someone you have a contract with, or perhaps your school or work to tell them that you are ill and cannot go in today? Those are calls too.

But, if we decide to call your # constantly, thus preventing you from using your phone we are causing harm to you.

How exactly does this prevent me from calling out? In my area of the world even if a bunch of people try to call me (not necessarily several million people) I will still be able to answer the phone and still be able to physically pick it up and then do whatever I want like make a call to Enzios pizza for a large sausage pizza with anchovies or something like that (assuming that his line isn't busy trying to call me at the same time).

Preventing you from using your own facilities is entirely different from us deciding to not listen to you on -our- facilities.

That effectively kills the whole point of doing something like networking. To play a networked game with someone you first need a network to connect it with. If I have a car and everyone everywhere won't sell me gas then that kills the function of the car preventing me from using my facilities at all (unless I own a refinery and get my own oil well).

What about a hospital. Suppose I get shot because I disagree with you about usenet accesses and interfaces. I stagger to the hospital is also in on the conspiracy to shun me so I sit (or more exactly lay face down) in the middle of the street and die. You see there are little things like laws that say that if in circumstanced like those that you were obligated to help because you could give care. Just because you don't like the look of the guy because he isn't a member of club usenet dosn't mean you have the right to do anything that prevent equal access. Would you say it would be descrimination to prevent black people from eating in the same places, drinking from the same water fountains, using the same facilities and serving in the army with you? Well people in the good ol' days did (read 1865-1964 with passage of the Civil Rights Act of 1964) exactly that. What will eventually become a standard is that access that I pay for that is being given out to the public will happen no strings attatched and such. You say spam is a problem? Well then why don't we use all the new fangled technology and create better networks to handle trafic in a free society. I I have millions of dollars to spend I ceternally am not hurting for profit or resources.

Re:My opinion on all of this

[slashdot-terminal]

No. Any ISP can refuse to honor cancels, and certainly pathhost aliasing is an individual ISP's decision. In addition, the cancel messages are coded with a special "psuedo-site" in
the Path: header which allows ISPs to accept normal cancels but not accept UDP cancels, or only accept certain UDP cancels (if there is more than one UDP under way
simultaneously). A normal spam cancel can be aliased out by pathhost aliasing the "!cyberspam" psuedo-site. In addition, there are psuedo-sites for Make Money Fast chain letter
cancels ("!mmfcancel"), UDPs ("!udpcancel"), and for each individual UDP that might be in progress (![sitename]udp"). An ISP can choose to honor or ignore any or all of these if it
so desires.

So then give me an example of a news server which did or does not follow the UDP? Can you even think of or list one? It's just like the reason everyone uses windows because the next guy does it.

Not an overnight fix.

[ldenison]

The problem is not @Home's news servers. They are not "open". They only allow postings from @Home's customer base. The problem is that the customers themselves have proxy software running that they haven't bothered to secure.

The one solution that might make sense is for @Home to secure their news servers with an authentication method required each time a client wishes to read or post. They can tie this password with the users email password in their database. This should help defeat the proxy spam problem.

Some may argue that it is @Home's responsibility to educate their customers - which I partly agree with. But this process takes time, and is not an easy task.

Take two million computer illiterate households who decided to jump on the internet so they could buy books and cd's for grandma and grandpa for Xmas. Now picture Junior installing wingate or some other proxy software on mom and dad's machine so he could irc from both home and school. Of course, Junior didn't bother to secure the proxy - but that's neither here nor there. Now picture the difficulties involved in the ISP educating this household in what went wrong and how to fix it.

The USENET community should have patience and provide assistance. It's the UDP itself that has forced @Home to take such drastic action as shutting down news access to it's customers who have misconfigured proxies. So maybe folks should think twice before they scream about @Home "blaming" it's users. The last thing any company wants is bad customer service. The UDP forced the issue, and forced @Home to take this stance.

Don't get me wrong, I'm sure @Home could have been more responsive in the past... but keep in mind that the USENET community at large probably would not be privvy to @Home's behind the scenes activity; Nor would they be intimately aware with the number of emails or phone calls the @Home abuse department has made to their customers to correct misconfigured proxies.

The bottom line (IMO) is that USENET has given @Home an ultimatum, and @Home is responding. But this is not the sort of problem that @Home can fix overnight. The nature of their service and the shared network topology inherent in the cable network design create some unique security hassles. Everyone should do their best to understand the nature of the work required before they blast @Home for being unresponsive or for just not caring.

Lonnie

Re:Not an overnight fix.

[otis+wildflower]

Nor would they be intimately aware with the number of emails or phone calls the @Home abuse department has made to their customers to correct misconfigured proxies.

The wonderful thing about the UDP is precisely that it forces the spam issue regardless of the ISP's internal issues. The UDP folks look (rightly, imo) at ISPs as basically black boxes which either generate/perpetuate spam or do not, and act accordingly.

Look at it from another angle: Joe Ethical Admin has been bugging Sandy Clueless Manager for weeks or months about this, but gotten no real mandate to put fixes in because of low priority. UDP drives that priority up, and actually _helps_ Joe do the right thing!

As long as UDP remains ethical and fair in the 'prelude' phase (documented, adequate time to repent, adequate technical assistance) I have no problem with it, or with the pain it causes target ISPs. Sometimes you need to feel pain to know something needs fixing.

The bottom line (IMO) is that USENET has given @Home an ultimatum, and @Home is responding. But this is not the sort of problem that @Home can fix overnight.

Well, if they are responding adequately, I'm sure the UDP will be suspended or lifted. Check up on the history of the UDP: the 'judges' are pretty forgiving of truly repentant offenders.

The nature of their service and the shared network topology inherent in the cable network design create some unique security hassles. Everyone should do their best to understand the nature of the work required before they blast @Home for being unresponsive or for just not caring.

If they didn't think of abuse issues ahead of time during the design phase, they deserve what they get! It's not like IP networking hasn't existed for 20+ years.. There's solutions to this, which quite honestly should have been documented and applied at the time of the network rollout. And if the technically correct behavior is being stifled by non-technical considerations, it's things like UDP and MAPS that help force technical concerns up higher in the list, and that's nothing but a good thing.

Your Working Boy,

Yes, you missed something.

[Robotech_Master]

Man, all your posts should be moderated up as "Funny". :) I never cease to be amused by watching the kooks scuttle out like roaches when the light comes on in response to discussion of a UDP...

What is the network made of? Think about that for a moment. It's not made of T1 and T3 and other cables and routers...because by themselves, those wouldn't have any information flowing through them.

Soylent Green is made of peop--er, ahem, the network is made of computers. And each computer in that network is owned by someone. Be it a university, a corporation, a single person...all these count as individuals in the eyes of the law.

Just as a whole bunch of people who own a club may decide, collectively, that they don't want some other person in it, the whole bunch of people who own the network's computers may decide that they don't want some other person's computer using it. That's perfectly legal. As has been explained to you over and over and over and over. But you don't seem to get it, and will continue not to get it.

Oh well...at least you're providing a good reason for dozens of informed people to post their explanations so that those who are merely ignorant of the facts instead of stubbornly wrong-headed can make up their minds...

Re:Yes, you missed something.

[slashdot-terminal]

Just as a whole bunch of people who own a club may decide, collectively, that they don't want some other person in it, the whole bunch of people who own the network's
computers may decide that they don't want some other person's computer using it. That's perfectly legal. As has been explained to you over and over and over and over. But you
don't seem to get it, and will continue not to get it.

About the club concept I have similar reactions and say that (from the mind of Homer Simpson) that I am ashamed of this "crappy club for jerks". If I own a resteraunt can I just deny a certain class of people let's just say anyone I want from comming in? Perhaps anyone who has red on that day cannot in any way enter my establishment because I hate red. Is this fair. The federal government says no (not necessarily the states but they are funny anyway any not too concerned about collevtive rights or freedoms merely about money). I may not get it because I do not agree. If I provide a public service I cannot exclude on a certain class of people. Every case must be handled on a case, by case basis. When you get into networks of computers or networks of people you have to objectively look at each case and decide for yourself. Such blanket rulings have been completely repealed in regards to laws why not about another equally bad problem of access? Will you just start an ISP called "KKKISSp" where only members of the clan can join? They tried this type of thing at the Citadel and it didn't fly because it was ruled that even though it was manely a private school it had to let someone in. They violated rules that are there to keep things in a fair playing field. God do you really think if it we just trivially easy to set up an equal service that the UDP would mean anything. By logic we can see that the barrier to entry (like almost every single network app in the universe) has been raised to prevent the "rabble" from getting in.

Oh well...at least you're providing a good reason for dozens of informed people to post their explanations so that those who are merely ignorant of the facts instead of stubbornly
wrong-headed can make up their minds...

How about talking to some of the @home customers who were effected by the UDP maybe if they actually rely on the internet and usenet in particlar they would not see eye to eye with you or anyone who wants to make the internet the next experiment in some utopian plan. Utopias have constantly failed throughout history. Now I see the internet in it's true light for what it is. It's not a utopia but a group of little grubby extreme capitalist scrooges who just want to create an extension of the "gentleman's club" to new and frightening extreme. You my friends have created 1984. You can think of me as a fool and an idiot. You can even moderate each and every single post and reduce my karma to -100 I still feel that I have a valid point about how we stricture public resources and how we should interact with people who are not to our liking. If you want a new internet then create one. If you want a new slashdot then create one. If you want to create that gentleman's club and invite all your rich little friends to play then fine but just don't tout it as the be all and the end all of communications. Get all the major fortune 500 companies on it and then get everyone and their mother to be there too (need a big hall to get all those in). Then you leave about 10 people standing out in the bleak, dark, cold and assume that you cannot have responsibility for making sure that those people are invited when it becomes a de facto standard. I hope that usenet dies a horrible, screaming, bloody, death, I hope that your news groups get spammed silly and that you keep instituting various measures that are designed to 'help' matters in various ways. That will only kill the open nature of the forum and make it useless and a waste of time (like it's not already). Do I care? Well I like to have things open so that anyone can actually join and participate but when the next emergent Stalin comes down the pike I can't just let it live.

Re:Yes, you missed something.

[M_Talon]

At the risk of being beat down for being redundant, let me point out the flaws in your argument in a logical, rational fashion.

First off, your rights to read or even post to Usenet have not been abridged. What has been done is that the other Usenet server admins have chosen to ignore anything coming from your domain. You can still post stuff, but only @Home and those not participating in the VOLUNTARY boycott will see it.

Secondly, this is not a case of elitism or bias. The UDP is a response to repeated abuses coming from a source. The abuses were reported and action on them was requested. Because @Home did not take appropriate action to stop the spam after multiple requests, the UDP was threatened. To borrow your "club" analogy, this is similar to the patrons asking someone to tone down their behavior when their being a twit. If the person insists on acting out, the club staff have the right to toss him out on his ear.

Thirdly, realize this. A UDP is put into place because a particular ISP refused to respond to complaints. It is in no way a slight against you or any other users (unless of course you're one of the spammers). The question you should be asking yourself is "what did @Home do to deserve this", for they did do SOMETHING. UDP's aren't given out lightly. They are usually because the ISP was apathetic to complaints...something you might want to keep in mind when subscribing or resubscribing to them.

In closing, the biggest flaw in your last argument is you assume being on the Internet is a right. It is not. It is a privilege. Abuse the privilege, and it can be taken away...just like a driver's license. @Home abused their privilege to be a part of Usenet, and they were punished for it. If you personally abuse your Net privilege, you think @Home won't hesitate to wipe your account? It's simple logic, but too many people think they're entitled to things they are not. Trust me, it's easy to ged rid of a disruptive influence and back it up in court.

You have the right to be heard, but not be an arse. Others have the right to choose to listen or not.

Spreading misinformation

[Joe+Rumsey]

I know I'm late to the party here, but there are lots of things wrong with this post:

1) You are not an @Home customer, you are a roadrunner customer.

2) Scans on ports 8000 and 8080 have jack squat to do with news proxies.

3) 2 proxies (and again your statistics are meaningless wrt news proxies) per 1024 addresses is PLENTY for them to be abused by non roadrunner customers (see point 1 for why this has nothing to do with @home customers). If roadrunner has 100,000 customers, that's almost 200 potential sites through which spam can be sent. And I believe @Home is much bigger than roadrunner.

Re:WTF?

[overshoot]

WTF is this? You know how many people I know that setup @home service with an old Linux box to proxy off the cable connection to the rest of the house? I know about 4 people that this is seriously going to piss off. They don't spam and their systems are very secure, but it looks like they are going to be @Home's sacrificial lamb to the UDP.

@Home says they're going to enforce their AUP, and your friends complain because they're currently violating it by running Linux boxen? Didn't they read the AUP before signing up? @Home is very clear that servers of all kinds (file, print, telnet, you name it) are no-nos. Don't like it? Don't sign with @Home.

And yes, we walk the walk. We paid for the wiring all the way from the curb to the server and then they changed the AUP. Still on 56k.

Re:My opinion on all of this

[slashdot-terminal]

NNTP is different from e-mail. e-mail is a "push" system where everything ends up in your mail folder -- you don't really have a choice of not receiving your e-mail. NNTP is a
"pull" system where you as a reader can actually choose which newsgroups and which posts to read. Think about NNTP of something like the forums here on /. Would you
rather read them online or have all posts in your mail folder? Didn't think so ...

If I could use an offline modeling system to get them, organize them, and use them in any way possible them yes. As it is now I miss out on all the really interesting stuff because I just happen to be away from a dedicated t-1 (that is constantly denied the the average citizen) and cannot see what others have posted or respond to it. I have more access to e-mail or perhaps an offline modeling system than access to some random IP based service. If someone would just make sure that everyone had equal access we wouldn't have the lawsuits from the ADA about equal unfettered access to various services.

"No Servers" rule is for residential only

[turg]

Both the no servers rule and the upload bandwidth limitiations are for residential customers only.

When you get business service, you can have servers, choose from many different levels of bandwidth limitation, have multiple static IP's (paying extra for each of these things, of course, after paying way more than residential users to start with).

Hang on a cotton pickin' second

[davew]

Woah. Woah there. Slow down just a second.

Right. Burn 'em at the stake? Let's see why again?

I can tell you right now @Home does NOT scan anything except for...

They didn't say they did. They said they will.

Secondly, @Home has, at the time of this posting, not scanned the subnet *I* am on for anything on port 8000, or 8080

Lastly, @Home customers rarely run proxies. I have scanned port 8000 and 8080

Right, I just don't get this. Do you know how long a scan takes? I'm not talking a script kiddie's nmap for open ports. I mean systematically probing an entire network for a stated behaviour with a sufficient timeout that you won't miss really slow servers (like, oh, say, ones that are already pumping piles of spam). They announced they'd start this as of today. Clue: it's not done yet.

And what do ports 8000 and 8080 have to do with this anyway? Are you talking about web proxies? They're a problem, sure, but tell me again how scanning for web proxies will get @Home out of the UDP? Can you even tell if @Home is scanning you on the NNTP port?

Also - @home has a strict AUP *against* security scans.

Heh. Gotta love the way you admit breaking your own ISP's rules on a public forum. And there are ways to judge relative security of an ISP. "I've run lots of scans and not been busted yet" is not one of them.

Signal 11, and everyone else, stop jumping on people when they admit they have a problem. This is good. @Home are doing the right thing when they admit this. It is the vital first step without which no further action can be taken. I know it's tempting to scream and roar at someone because they're evil, or because they snubbed you in the past. But these same people that are evil or snubbed you are the ones that we most need to take this step.

Please. If you think you can challenge @Home's statement, forward your evidence to the UDP people so they can consider it properly (clue: slashdot is not the best place to do this). But every time I see someone taking that first step and being met with ill-informed cries to burn, let 'em burn, I have to ask myself if I can actually ask the next guy to take it in good faith. I'm rapidly coming to the conclusion that I can't.

Dave

--

Re:Hypocrites

[friedo]

You've misunderstood the entire nature of free society. Government services such as E911 centers and hospitals have a social contract that says they will help people who need emergency medical care. Your comparison of a UDP to racism does not hold water. If I discriminate against a black person, I am refusing service to that person based on something they are not in control of, and, as any education person will tell you, something that does not have bearing on their character or other traits over which they excercise control. Usenet is a meritocracy; the penalty enacted upon @Home is a result of their failure to correct things under their control. Yes, this does prevent their users from accessing usenet. No, their users are not guaranteed a fundamental human right to access Usenet. Users who require access to Usenet should understand that their provider is incompotent and is unable to provide that access, and subscribe to another ISP.

Yeah, but they broke the rules when they posted it

[signe]

OK, so they posted a response. I actually know the guy that posted it (somewhat). Yay Mr. Jackson. You read the news.admin.* groups.

However, let's look at how it was posted. First, it was crossposted to the news.admin hierarchy. This is a no-no. They want you posting to the newsgroup that it is appropriate to. But let's overlook that transgression. It might have been an oversight on Mr. Jackson's part.

But he also forged the approval headers for the moderated newsgroups that he posted to. And that is a big no-no. Especially when you're pleading for your network's life. And it requires premeditation. You don't forge the headers by accident.

And not only that, but he has now attempted this three times. The first time it was canceled by someone who I assume is one of the moderators with the message "No forged headers on my watch". Then Mr. Jackson posted it again. It was cancelled again with the message "No, kids, you don't get it. No forge-approvals. No crossposting in NANAP." Now it has been posted a third time.

So how serious can @Home be if they have commited multiple acts of net abuse all on their own in responding to the action being taken against them for their customers' net abuse?

-Todd
---

Re:If the UDP went through (correct me if I'm wron

[Raunchola]

"All USENET traffic originating from home.com would be blocked on UPD-participating NNTP servers."

True.

"All USENET traffic originating OUTSIDE of home.com would still pass through to @Home's NNTP servers, articles being available for @Home users to read."

Yep.

"@Home users could still post USENET articles, which would reside on @Home's servers (though not make it outside), and @Home users could still read other @Home user postings."

Yep.

The basic premise here is that the UDP keeps posts from @Home from propogating (sp?) to sites participating in the UDP. @Home users can still download posts as usual, it's just that when they post, nobody's really going to see them. But they can still see everything else, and yes, even the spam :)

Re:@Home will prob ban static IPs. Thanks guys! No

[overshoot]

@Home will probably just ban users from having static IP addresses[*], running servers, and running Linux (because it's potentially "dangerous").

They already do on at least two counts. You can't run servers of any kind (e.g., shared printers on your LAN) and you have to use their Special Modified Version of Infernal Exploder to access account info. Most @Home systems also don't use static IP.

Public Access USENET

[Robotech_Master]

Well, let's see. There's Deja & Remarq just for starters.

Yahoo also has a listing of public-access USENET sites. Sadly, spammers being who and what they are, most public-access sites that allow posting soon become abused right out of existence.

For those willing to pay a bit of extra money, there is also Yahoo's commercial news server category.

There are always choices for USENET service. Even if you already pay your ISP for its USENET, additional access elsewhere isn't really all that expensive. These are also viable options for people who use free dialin services like AltaVista or Blue Light that don't provide anything beyond bare-bones dialup access.

REJECT, not DENY (offtopic)

I'm tired of you filling up my DENY log files with your stupid scans!

Hi, just MHO, but I think you get more mileage out of REJECT than DENY... my home machine uses DENY for pings, and REJECT for portscans.. it's a little bit more traffic, but it can fool scanners into thinking that you're not firewalled

what does it matter? well, deception... I'd rather keep 'em guessing than let them KNOW that some ports are filtered.. because (after all), if you're filtering ports, it must be because you have something to protect, right? With NMAP, a portscan reveals ports that are open, and ports that are filtered.. but ports with nothing running at all are ignored... REJECT spoofs this behavior..

Oh, and I DENY pings because it frequently stops address-scans dead (no machine responds at that address, so they don't bother to portscan it later..).. again all part of the "keep-'em-guessing" defense..

Again, this is just IMHO...

Clueless or a troll - the great question

[adamsc]

What you are implying is that anyone can at any time take away something that I pay for is that right? Why dosn't anyone have any right to post to usenet? Who says?[...] I challenge the concept that just because I am on the internet that I have to follow someone's little "code of ethics"

It's almost scary to think that anyone could misunderstand the Internet on so many levels. Nobody will make you follow the rules of a community but they certainly can choose to ignore you completely when you don't. Your ISP carries packets to other networks; once a packet leaves their network they have no obligation as there is nothing they can do at that point. USENET works exactly the same way - your ISP lets you post to their server but they cannot force anyone else to put your posts on their servers.

I mean if I pay $$ to post and access usenet then that's what I am paying for. ... if I don't want to follow them then I am still legally entitled to use the net in all it's forms.

Where are you entitled to anything of the sort? It's not in your ISP's contract and there's no legal backing whatsoever - where does this magical entitlement come from?

Are there no web browsers or terminals in your world? You can access USENET from anything capable of browsing the web, as well as the built in news clients in programs like Opera or Netscape, to say nothing of the numerous stand-alone programs that could be run on dedicated news-stations.

Ahh maybe you should talk to the paranoid people who run the terminals where I live and tell them that I am sure they wouldn't even care. I have never even heard of a stand alone news station in my life (not that it isn't possible). Why haven't more of the freebie e-mail people operate more of a news access system? What are they affraid of? If I have an operating budget like yahoo.com or hotmail.com of over $20,000,000 a year to do what I please with my technology what is the hold up?

Ask them. It's their business to run as they see fit...

Actually, on second thought, the last thing we need is another idiot on USENET:
Forget I said anything at all about USENET being easy to access in a number of different ways. It's really very hard and confusing, far too complicated for anyone to want to use it. No fun at all. Stick to AOL - you'll fit right in there.

Corrections (please moderate this UP)

[Signal+11]

I jumped the gun - I am a *roadrunner* customer, not @Home. With the merger-mania going on I missed this, so my comments about @Home are mistaken. Mediaone/roadrunner still sucks. I'd say what I posted is still accurate, but I'm not their customer so I don't have the authority nor credibility to say so.

Slashdot does not have the ability to cancel posts, so please moderate this up so people can be made aware that this post contains several factual errors. I appologize.

~ Signal 11

Pay Attention: USENET IS NOT A PUBLIC RESOURCE!

[adamsc]

I still feel that I have a valid point about how we stricture public resources and how we should interact with people who are not to our liking

You would have a valid point if USENET was a public resource. It's not.

Re:My opinion on all of this

[Bakeneko]

Would it get you a little upset if another server was run by Bill Gates himself and all linux groups were banned?

There is such a beast (or at least was)... Its called news.microsoft.com, and at least for a while it only carried microsoft.* news groups... and didn't propigate them anywhere.

Was I annoyed that I couldn't get ABPE there? No. Would I have been annoyed if the admin had cancelled every last post with the word Linux in it? N.. Ok maybe, but it was THEIR server. And if I didn't like it, I could go elsewhere.

Quite often, if I post in alt.games.whitewolf, that post will show up in some of the newsservers I check, but not others. Most likely its just an artifact of the feed process, but who knows, perhaps somewhere along the line, I annoyed a news admin at a central feed and he's blacklisted me. Do I lose sleep over this? No.

USENET is, and has been since 1990 when I started messing with it, one of those things that is something of a crapshoot. Expecting some sort of guaranteed carry by every news server "on it" is just plain ridiculous.

Tim Gaastra

Re:My opinion on all of this

[NMerriam]

"A few hundred gigabytes a day" is obviously
way too high, but what is it really?

I apologize -- it's "only" 90 gigabytes a day. News statistics

Re:My opinion on all of this

[bmetzler]

As it is now I miss out on all the really interesting stuff because I just happen to be away from a dedicated t-1 (that is constantly denied the the average citizen)

What? Dedicated T1 lines are denied to the average citizen? I didn't realize that. On what basis are they denied? Perhaps you can't get a T1 line in residential areas? No, that's not it...

-Brent

What arrogance on @home's part.

[Tridus]

So now they're forging moderation headers to spam their message out to the Internet? Do these people have absolutly *no clue* at all?

Lets do a brief recount of the events...

1. @home creates an environment ripe for spam, which people take advantage of. Admins do nothing.

2. Usenet admins contact @home about fixing the problem, @home does nothing.

3. Usenet admins finally get sick and tired of waiting, and call for a UDP.

4. @home finally responds, by effectively spamming a meaningless PR reply.

Gee, I guess they are really apologetic eh? Their egos must be absolutely huge over there to think that they can get away with this.

I can see it now...

*The scene is a large tower, where the President of @home is sitting in a throne laughing and counting money. Someone comes in and tells him about the UDP*

Pres: Those worms dare to challenge me!? HA!! HAHAHAHAHA!

I hope the Usenet admins bash @home into the ground with this UDP until they actually admit to their problems, fix them, *AND* Apologize for forging the moderation information to get their post put up three times. Anything less is unacceptable at this point, they've crossed a line.

Re:What are you talking about???

[bmetzler]

Your analogy sucks.

Yes, but so does your's :)

The UDP is the same thing as if legal action was taken against your HOUSE because you had raw sewage spilling out onto the streets. It is now up to the owners of the house to correct the problem, fix the sewage leak, and then have the legal action stopped.

No, it's more like the whole neighborhood was quarentined because your neighbor was pouring raw sewage into the street. You could get out, but couldn't have friends over, mail couldn't be delived, shipments of new PC's couldn't be received.

Actually, a better analogy would be that the UDP is like quarentining off a whole apartment complex because one of the tenants was dumping raw sewage out in the back and comtaminating the cities water, but the apartment manager was refusing to do anything about the situation.

Yes, it's not your fault, and you're suffering to, but the person responsible, isn't responsible, and it's not only affecting you, whether you admit it or not, but a whole other group of people. So the city shuts off your water, and you move out if you have to, unless the apartment manager deals with it.

-Brent

Re:@Home will prob ban static IPs. Thanks guys! No

[overshoot]

You are wrong on both counts

Maybe.

you only need the @home pluggin to access your user information.

IOW, you do have to be using "approved" software. Or is this plugin available for Linux?

The server issue varies by agreements(AUP) with the local cable operator.

Not according to the @Home AUP

Just what we need...

[mindstrm]

Another reason for @home to block incoming traffic to my machine without asking me.

Re:My opinion on all of this

[alhaz]

One of the other things you're missing here is that the UDP is not yet in effect. @home can still pull their heads out and do something about it.

Re:My opinion on all of this

[alhaz]

So, why don't you just blame the usenet cabal?

And they are

[drix]

Well, looks like @Home isn't lying for once. Found this in the ol' syslog this morning:

Jan 13 02:25:39 linux kernel: Packet log: input REJECT eth1 PROTO=6 24.0.94.130:
50771 24.5.134.128:119 L=44 S=0x00 I=16336 F=0x0000 T=242 SYN (#47)
[john@linux john]# nslookup 24.0.94.130
Server: linux.house
Address: 192.168.0.1

Name: ops-scan.home.net
Address: 24.0.94.130

[john@linux john]#

For those not in the know port 119 is NNTP, which presumably is what caused them to get UDPd in the first place. Thehe.. they won't find my 7 ipmasqed computers, of these me & my friends ipchains are sure. BTW anyone know how to defend against the TCP stack OS identification "DOS" (for lack of a better word)? To be honest, I don't even want to hear them bitching about Linux or anything else.

--

@Home has made this bed.

[Inoshiro]

Here's the situation. The basic service where I live is 40$ with 100$ for installation (you can sweet talk the selling people, and they'll usually give you a free install as part of some 24/7 install or another). However, past your first CM (which is 40$ per month), you have to pay 20$ for each additional IP address past the first one. People think they can get around this any old way. I know some people, and was over with them at their neighbour's christmas party. They had 3 computers, but were unwilling to pay Shaw double the price for 2 more IPs. Their solution? Install Win[Proxy|Gate] (can't remember exactly which). Windows Proxy software is pathetic in terms of security, often riddled with easy to trigger buffer overflows. Add to that the fact that most people say "allow 0.0.0.0/24" to make their LAN setup painless, and the fact that they never audit their logs. It's a recipe for disaster. And it happens because @Home charges per IP.

My solution? I have my own firewall. It automagically blocks any hosts that probe it, I've audited it, I've nmapped it, and I've even attacked with with script kiddie tools (and had script kiddies attack it from a few IPs, which have since been ipchains blocked).

What will happen? Since I run a webserver (homepage), mail server (@Home servers are spammed like nuts), DNS server (my hostname), FTP server (my files), SSH server (secure remote admin from anywhere), and occasionally host Quake games (not recently, though) and Icecast (mainly for LAN tunes), they'll probably throw the book at me. People like me are going to get hurt. People who run Winproxies are going to get a stern talking to, but they'll likely get off scott free.

Why? Because they're closer to the AUP (the never enforced AUP). All the people inside @Home I've talked to have always said that they only enforce the AUP when they see gigs/day transfers (huge warez/porn/spammers, basically). I'm just a side victim, running the illegal servers.
---

But I like alt.sex.*

[Inoshiro]

It's so much cheaper than Source Adult Video!

;)
---

Re:@Home will prob ban static IPs. Thanks guys! No

[Tower]

They assign static IP's here in Rochester, MN... though one time I misstypeded when I reconfigured, and it worked anyway... the only reason I caught it is because my dhs.org alias stopped working 8^) DHCP does work, of course, but in windoze you need to set your computer name to whatever whack string they assign you (like CB23472347A7577 - not as nice as the hostnames that are done by IP... that's for sure). That number is probably in the underside on my cable modem (MAC address) - I'll have to check when I get home...

I, too, was scanned..

[Inoshiro]

Hmmm...

From: xxxx (Dylan) 02:30
Subject: 01/13/00:02.30: Active system ATTACK!
To: xxxx (Dylan)


Active System Attack Alerts
=-=-=-=-=-=-=-=-=-=-=-=-=-=
Jan 13 02:16:12 xxxxxx portsentry[1627]: attackalert: SYN/Normal scan from host: ops-scan.home.net/24.0.94.130 to TCP port: 119
Jan 13 02:16:12 xxxxxx portsentry[1627]: attackalert: Host 24.0.94.130 has been blocked via dropped route using command: "/sbin/ipchains -I input -s 24.0.94.130 -j DENY -l"

Security Violations
=-=-=-=-=-=-=-=-=-=
Jan 13 02:16:12 xxxxxx portsentry[1627]: attackalert: SYN/Normal scan from host: ops-scan.home.net/24.0.94.130 to TCP port: 119
Jan 13 02:16:12 xxxxxx portsentry[1627]: attackalert: Host 24.0.94.130 has been blocked via dropped route using command: "/sbin/ipchains -I input -s 24.0.94.130 -j DENY -l"

Unusual System Events
=-=-=-=-=-=-=-=-=-=-=
Jan 13 02:16:12 xxxxx portsentry[1627]: attackalert: SYN/Normal scan from host: ops-scan.home.net/24.0.94.130 to TCP port: 119
Jan 13 02:16:12 xxxxx portsentry[1627]: attackalert: Host 24.0.94.130 has been blocked via dropped route using command: "/sbin/ipchains -I input -s 24.0.94.130 -j DENY -l"


BwuhahahahahhahahahahahahahZHahh!!!
I love IDS :-)
---

Re:My opinion on all of this

[phil+reed]

If I want to e-mail someone I can simply type in the address and send it to anyone I want to.

No, you can't. The receiving site is under no obligation to accept your mail. They could easily look up your domain name and refuse to receive mail from you.

If I want to go to a web page I can as well.

And that site is perfectly able to reject your connection if the owner so desires. You do not have a right to send me e-mail or view my web pages.


...phil

But you know what you're doing...

[Booker]

Yes, you know how to set up IP Masq correctly... but if I recall correctly, there were some free versions of WinGate (or somesuch thing) that defaulted to allowing connections from anywhere on any interface - and the free version did NOT allow you to log connections. People sniffed them out, and the fun began.

I agree with you, though, that for @Home to start taking action on this only after the UDP threat is inexcusable.
----

Facts!

[slashdot-terminal]

1. I am not an @home customer
2. I have never spammed anyone and I probably never will. I don't think bulk e-mail is very effective and considerig how many people act like they haven't taken their prozac today I guess I really shouldn't try.
3. If anyone even tries to sue me they would have wished they haden't. I can't believe that people are that dense.
4. I just want to back up the feelings that I have and that have been growing due to rampant abuses of power and the fact that a little conspiracy has essentially screwed a whole class of people over. I have had smart ass sysadmins pull things on me in the past for extremely sketchy reasons.
5. The net shouldn't cost so god damned much in the first place. Technology is advancing right? Well instead of wasting that time playing quake improve the backbone of your news servers or make it possible for anyone to run a news server. For example people have pointed out that mirrorign all of the groups would be "impossible" (yeah right) but what about one? I think that a single 40Gb hd would work quite well for just one group for at least a week or more wouldn't you agree?
6. I have yet to actually control a coputer totally that was connected to any network at all. Most of the poeple who have are in fact incompetents and don't really belong with that type of power in the first place.
7. As we have found out in the world of computing compression is our best friend. Just compress the files and then transmit them compressed simple as that.

Please don't threaten me or personally attack me again ok?

Re:Facts!

[Robotech_Master]

I just want to back up the feelings that I have and that have been growing due to rampant abuses of power and the fact that a little conspiracy has essentially screwed a whole class of people over.

Dude, you're seeing things from a strictly user-based perspective. There are a lot of things in the 'net that are beyond user control...but choice of ISP isn't one of them. If your ISP does something you don't like--be that yanking things from you, or behaving so badly as to get themselves UDP'd--then you can change to another.

I've posted elsewhere in this thread about public-access or commercial news servers. They are out there; you can use them, and since USENET is all they do, you can be darned sure they do it pretty well. You're not strictly locked into one ISP forever, you know.

The net shouldn't cost so god damned much in the first place.

Guess what? It doesn't anymore. In fact, if I lost my school account, I could 'net completely for free just by using a dialin account from someone like AltaVista, Bluelight.com, Worldspy, or any of the dozen other free-dialup ISPs out there. (Granted, I'd be stuck in Windows as none yet support Linux, but still.) Add those to a news-only ISP, and you've got free news.

Re:My opinion on all of this

[sjames]

Would it get you a little upset if another server was run by Bill Gates himself and all linux groups were banned?

Actually, no. I'd use Deja News or gety a real ISP (Who wants Bill Gates as an ISP anyway?). Or, you can contract with a news provider that carries what you want (That's available for $9.95/month BTW). Then they are under contract and the rules are a little different.

when you go to the local book store, do you get irate if they don't stock every single book in print? Do you feel that they are obligated to stock anything I care to publish (even if it's just a book of advertisements)? Perhaps the local Christian church should start offering the Satanic Bible next to the regular Bible in the pews.

ust like the school bully who makes it a "suggestion" to give him your lunch money so that he can buy smokes or he'll brain you with a lead pipe.

Nonsense. Any news admin who chooses can ignore the UDP with absolutely zero consequences (other than a spool full of spam from the subject of the UDP).

Re:My opinion on all of this

[sjames]

What exactly does X-NoArchive do?

Just what it says. It is a request from the poster that the message NOT be archived. Deja is polite and honors that request.

I mean take the linux-kernel mailing list. I would love to have digests of my favorite newsgroups mailed to me every let's say day or so.... With all this magical bandwith I see no reason that someone can't do something to see this through to reality.

Go to Silicon Valley and shake a tree. A venture capitolist will fall out. Yell "E-COMMERCE, SERVICE INDUSTRY, NEWS PORTAL". He will hand you a big wad of cash. Now, IPO, get rich and climb a tree. In other words, if you think it's all so very cheap and easy, GO DO IT! Nobody's stopping you. You can be that sombody!!!

Clueless

[lee]

I just talked to an @home rep, Josh, about this UDP. I tried to explain. He said "If this usenet corportation has a problem with @home users, then it is there problem." He also said, "You can't expect us to be responsible for spam just because it comes from our network.

I have @home. I say the UDP is well deserved.

Two quick points.

[Parity]

Decisions about UDP are made on newsgroups, not slashdot.

Traditionally, a declared UDP has been unaffected by rhetoric and is lifted only by dramatic evidence of real change.

--Parity

Re:@Home will prob ban static IPs. Thanks guys! No

[Inoshiro]

As for servers and Linux, they don't care about Linux and don't leave your servers on default ports.

Parse error: it doesn't make sense for them to not leave my servers on default ports..

Do you mean "Just don't leave daemons bound to the default ports, and they won't notice" ?
---

Re:@Home will prob ban static IPs. Thanks guys! No

[Inoshiro]

I use Shaw@Home here in the interior of Saskatchewan, and I have a very static IP (DHCP, yes; changing after lease expires, no -- it renews fine forever).

If you're worried about portscanning, Portsentry is very good. I used its "reverse" bind capability to make it automagically ipchains any fscking portscanner into the ground (FIN/SYN, or standard connect scanner).
The @Home people, irc.home.com, and a friend doing a test FIN scan are the only ones to set it off so far (except for when I tried Win2k on the LAN, and it started probing port 445 for no reasons -- fecking MS). It's really good, and I feel better knowing it's there (and emailing me updates every 15 minutes) :-)
---

Re:@Home will prob ban static IPs. Thanks guys! No

[Tower]

well, when I look at my info on their website, and on the printed paper they gave us back in June/July, it has all of the standard static IP info, and they told me themselves that if that's what you have, then that's what you've got...

Re:No one accepts blame anymore!

[mzito]

Did you read the post? They're going to scan for proxy servers that are open. If a user has a properly configured proxy server, there should be no way to distinguish that machine from a normal machine hooked up to the cable modem.

I don't buy into the "only gurus should be messing with such mystical things" argument, but at the same time, if someone doesn't configure their software properly, its perfectly acceptable for someone to step in and say, "Because your software is indirectly contributing to a problem, we are going to put a stop to it". Hopefully then the user will step back, find the problem, reconfigure it, and everyone will be better off. The blame isn't on @home for this. Yes, they probably could have been more on the ball about dealing with the customers who were spammers, but as an @home customer, I know a) how many people are running WinGate without really having a strong grasp of the issues involving that and b) how many portscans float by my machine on a day to day basis.

I think the UDP was warranted, and I believe that the response from @home was also. It is people with unsecured proxies that contribute to the problem, not "anyone using a home network". As I said previously, the only ones who will be affected by this scan are those whose proxies are incorrectly configured.

Matthew J Zito, CCNA

Re:@Home will prob ban static IPs. Thanks guys! No

[mwburden]

Speaking (AFAIK) for all of the @HOME network: The ban on servers is ONLY on servers that are "visible" from outside your LAN. This would not prevent you (for example) from running a print server on your LAN (as long as it wasn't accessible from outside of your LAN). This makes sense, since their intention is to keep people from chewing up bandwidth (unless they pay extra money for the @WORK service), not to impose silly restrictions on people (although they sometimes manage to do that, too).

Speaking only for the AT&T @HOME service: Although DHCP is used to make it easy to configure your network connection, the IP address itself is fixed. DHCP is not required, and Linux is one of the operating systems that is listed as supported.

My own configuration is that my lan is hidden behind a firewall (a *MUST HAVE* for any LAN with a full time Internet connection!!) with NAT capability (GNAT Box. http://www.gnatbox.com if you're interested. The free version allows up to five hosts on the protected network to access the Internet simultaneously.) The side benefit to this is that I only needed a single IP address to give Internet access to all four machines on my LAN.

I have my firewall configured to NOT use DHCP to configure the external address, which makes my network a little safer from "man in the middle" attacks. Not only is configuring the address statically expressly permitted, but it was actively encouraged by the tech who installed my cable modem.

Also, I am using my own network card to communicate with the cable modem. Again, AT&T @HOME took this in stride without even blinking.

Finally, I am using an unmodified Netscape 4.7 (downloaded directly from Netscape, not the version that AT&T @HOME gives you on their CD). I don't have any problem accessing either my account settings or the exclusive content that AT&T @HOME provides (FWIW).

From what I've seen, since AT&T bought TCI, things have been getting better and better in our area. Of course, if your @HOME service isn't provided by AT&T then YMMV.