Who care's if it's a draft. Cisco supplies what percent of the Internet's equipment? So they pull a Microsoft and write their own standard. The government would back them up I would think. Now granted they can't force you to upgrade... or can they. Can anyone say IPv6?
Problem is the providers that don't monitor their clients bandwidth. They just say "Oh we don't charge you for bandwidth", which is BS. Educating their customers is a feat.
What about the guy who buys 64kbps because no one will be coming to his box and starts uploading 1GB compressed files to his server?
Answer: You show him his graph and explain what just happened. The first month or so is a trial period to see what their "real" utilization needs are. It's now his responsibility to monitor his usage.
Good monitoring breds flexible solutions.
Back to the guy who blew out his 95th percentile...
With good monitoring I am willing to help him reduce his costs by offering alternatives. Upload your content in the dead zone between 10p.m. and 6a.m. I'll put a wrapper on your inbound graph and as long as you don't exceed an inbound percentile there's no additional cost.
95th Percentile boils down (warning rough figures ahead) to 1:10 minutes of sustained BW a day or 35 hours of sustained BW in a 30 day month.
Couple different flavors:
1. Total (In+Out). 2. Greater of In/Out.
Pick one...
That's why a few years ago I wrote an OSS tool for generating percentile usage graphs for bandwidth utilization. The whole purpose was so that the clients could SEE what their systems were doing.
and on and on and on.
Good timing on this discussion. I been having numerous discussions about BW billing techniques and such for the past two weeks.
"Sure. And what about the time someone who doesn't like me sets up a massive attack that spikes at gigabytes of inbound bandwidth within minutes, and over which I have absolutely no control?"
You have control. You have the ability to choose a provider that's capable providing you with the necessary tools to understand your utilization needs and usage. If your provider can't give you access to a bandwidth utilization graph, go find another one.
"You are asking the customer to write you a blank cheque for something about which he can do nothing, no matter how prepared he may be. That is unreasonable, pure and simple."
I'm not asking my clients for a blank check, I'm asking them to be diligent of their usage. If they get nailed and call me, we're resolving the issue. If they get nailed and don't read their usage graph and scream when they get the bill, what can I do for them then?
Bottom line, it's a two-way street, find a provider you can work with who will work with you.
" First off, you said your self that you work for a big ISP. That means that they have the resources to pay someone like you to monitor this type of thing. That's not the case for "Joe 4U" that just has a couple of boxes in a rack."
Not true, go download a copy of Cricket or MRTG. Been doing it for years, even contributed to the projects to make the monitoring job easier for others in the same boat.
"Second, I said DOS... and I said INCOMING. If someone pulls your subnets from ARIN and starts doing variable UDP DDOS attacks against oh.. I dunno say your DNS servers... what are you going to do? Shut down DNS? Block all UDP? I think not."
Your going to call your provider and get their assistance in resolving it. Even if their "small" it doesn't take much resources to setup bandwidth monitoring, I know it's my business to do this for my clients. I give my clients 24x7 access to see their bandwidth utilization. I instruct them on what they are seeing and what it means to them and their bill. I do this so they are aware ahead of time before a bill shows up. When the POS Windows DNS server starts pounding his server with DNS requests for a domain that doesn't exist and won't take no for an answer I expect him to call me. We'll find a way to stop it even if the turkey admin can't fix his server. BTW That happened less than two weeks ago.
"I own a small networking company that subleases space out of Exodus locations. And I'm telling you, it's not feasible to ask the average CoLo customer to do 24hr bandwidth monitoring, and real-time assessment of threats / packetshaping. When "Joe 4U" is asleep for 8 hours and his box is getting 100Mbits per second in DDOS traffic. There's a problem."
Any reasonable hosting company has the capability to do bandwidth monitoring, and if they don't call me. I know how and I do it for all my customers like I have for the last 8 years. What's it cost? I remember the old insurance ads "For the price of a cup of coffee a day you can...".
"The ISP has the resources and the expertise to solve the problem. It amounts to signing users up to an agreement that allows the ISP to "automatically" take action to prevent this type of unintentional bandwidth usage in the even that they can not contact the customer. Then you block it upstream and Joe 4U doesn't have to take you to court for his $10,000 bill."
Bottom line, the clients need to be educated as to what they are getting into when they put a server on the net. I feel it is the providers responsiblity to provide their clients with the tools to know what their servers are doing and be willing to provide the support to mitigate the effect of DoS attacks, and other "unintended" traffic.
It's a two-way street, how can you expect your clients to pay for something they know nothing about without giving them the tools and information they need to understand their risk?
I run a hosting facility and I can tell you what would happen. The clients would opt for the 'cheaper' option and still complain when they get nailed.
We do bandwidth monitoring for all our clients and provide 24/7 access to the reports so clients know exactly where they stand with regard to their usage.
As I've only read the comments down to this point I haven't seen anyone discuss how bandwidth utilization is actually calculated and billed.
For the most part the comments are in regard to ISP's providing consumer Internet access as opposed to collocation, or hosting which is a different beast.
When we sell a client a T1 they get the bandwidth that will go over a T1.
Collocated clients you have to monitor via switch/router interfaces, NetFlow, et. al. The resources it would take to discern 'real' traffic from 'invalid' traffic would make it not worth the effort of the provider.
As I mentioned we provide clients access to utilization graphs updated every 5 minutes. We explain to them what they mean and get them to understand their own usage. If we or a client detect unusual usage we research it. If it's an attack we attempt to shut it down, if it's legit it stays. That doesn't make the client not responsible for bandwidth directed to or originating from the equipment they chose to put on the Internet.
How about we elect our officials the way they are currently elected, we purchase them like any other product. Make them dance and sing for us and we'll buy the ones we want. The election was turned into the Super Bowl/World Cup you know people would vote. Add a Lottery to boot and your guaranteed to pay for the next one, everyone buys their vote. Just a dream I had once...
Give it in unpronouceable symbol as it's name and then refer to it as. 'The shell formally known as OpenSSH'. Then when everyone is tired of that call it 'The Shell'.
I'm just shaking my head as I read all the reports about these attacks.
I especially like the part about the Banks not telling the FBI that the attacks were coming.
I worked with the FBI and Army Investigators at the end of August when some co/lo hosts on our network were used as launch pads for a trin00 attack. At the beginning we couldn't understand why they would have chosen our network (we're that high profile). Turns out that they saw that one of our Co/Lo boxes had been hacked 24 hours before (it was posted on www.attrition.org). From there they scanned the network looking for other boxes (which they found). Assuming this was their SOP I started checking with other UNIX sites which had been posted on Attrition not long after/before ours and found 4 other sites which had the exact same thing happen.
A few notes from that experience.
1. Person(s) responsible were stupid and made numerous mistakes which allowed me to track them all the way back to one of their base accounts. There I found all the source code and numerous binaries involved in my attack and in the others I mentioned above.
2. Although the DDoS attacks can have a devastating effect on the target I'm more concerned with the effect it had on the source network. Our outbound bandwith never went above 60 mb, (we have 150mb), but our core router was slammed to 100% by having to process millions of tiny UDP packets (which is why it never went above 60mb). This effectivly shutdown our backbone for normal customer traffic (which is how we got the FBI to take notice).
Again this happened in late August, about three weeks after it happened at AboveNet on the west coast. Seems to me like this was their (alpha-beta) testing period.
My concern with these tools is if they can be used to attack backbones instead of sites. i.e. Use many distributed systems to flood backbones with hundreds of millions of tiny UDP packets, keeping their processors so busy they can't pass normal traffic.
We host three of the local radio station encoders for Broadcast.com. Just recently I noticed that they had replaced the Real Audio encoder with the Windows one.
After reading 'Heavy Weather' by Bruce Sterling I gained a better understanding of the term 'Hacker'. In the book no one was called a Hacker, but everyone who was anyone 'hacked' something. Be it networks, credit cards, phone systems, satellites, software, cell towers, whatever. You weren't looked upon with the tinest bit of respect unless you could 'hack' something. That would make everyone 'Hackers'. I think it's a fitting term. You can used the other descriptions to elaborate on the basic 'Hacker'.
Funny you should mention it. I had the same issue when I was young and the part that I kept coming back to was the poem. For those who have never read it, it's work the read.
http://www.geocities.com/SoHo/Gallery/3495
Strange thing is that last Thursday I was struck by the desire to search out this poem on the web. Took an hour to find. I'm glad I did.
It's hard to explain to my 6yr that the author of his favorite books and CDs is gone.
Anyone remember "Free To Be You & Me"? He played a strong role in that record/CD as well.
I wont forget it. That's because my facility is hosting www.panamsat.com. The company who's sat blew it's zap. How is this relevant? Well the server that site was running on that day was a pentium 166 with 64mb of ram running Linux. This server is shared among other clients such as Ritz Carlton Hotels. On the day after the breakdown that 'puny' box handled 1.2million hits for www.panamsat.com alone. We routinely host sites on our shared servers which total 1 million+ a day. Were about to add yet another one that does 1.5m a day by itself.
I wish these folks would check their facts before making stupid statements.
Haven't read too much of the comments, but I would suggest 1. Sponsors, 2. Donations by the users (both money and/or support of systems.
After building a decent sized ISP (2 DS3's) during the past 4 years I'm ready to move on, but would love to have a place I can hang out and help support "over the wire".
Slashdot Mirror
Here where H Rosen's new digs are? She gets to make up the IP regs for a whole country. Remember we're just "liberating them".
I've asked the question:
"If your driving in a vehicle at the speed of light and you turn your lights on, would they do anything?" - Stephen Wright
My favorite answer was "Are they Halogen bulbs?"
Who care's if it's a draft. Cisco supplies what percent of the Internet's equipment? So they pull a Microsoft and write their own standard. The government would back them up I would think. Now granted they can't force you to upgrade... or can they. Can anyone say IPv6?
Been doing that for 7 years.
Problem is the providers that don't monitor their clients bandwidth. They just say "Oh we don't charge you for bandwidth", which is BS. Educating their customers is a feat.
What about the guy who buys 64kbps because no one will be coming to his box and starts uploading 1GB compressed files to his server?
Answer: You show him his graph and explain what just happened. The first month or so is a trial period to see what their "real" utilization needs are. It's now his responsibility to monitor his usage.
Good monitoring breds flexible solutions.
Back to the guy who blew out his 95th percentile...
With good monitoring I am willing to help him reduce his costs by offering alternatives. Upload your content in the dead zone between 10p.m. and 6a.m. I'll put a wrapper on your inbound graph and as long as you don't exceed an inbound percentile there's no additional cost.
95th Percentile boils down (warning rough figures ahead) to 1:10 minutes of sustained BW a day or 35 hours of sustained BW in a 30 day month.
Couple different flavors:
1. Total (In+Out).
2. Greater of In/Out.
Pick one...
That's why a few years ago I wrote an OSS tool for generating percentile usage graphs for bandwidth utilization. The whole purpose was so that the clients could SEE what their systems were doing.
and on and on and on.
Good timing on this discussion. I been having numerous discussions about BW billing techniques and such for the past two weeks.
"Sure. And what about the time someone who doesn't like me sets up a massive attack that spikes at gigabytes of inbound bandwidth within minutes, and over which I have absolutely no control?"
You have control. You have the ability to choose a provider that's capable providing you with the necessary tools to understand your utilization needs and usage. If your provider can't give you access to a bandwidth utilization graph, go find another one.
"You are asking the customer to write you a blank cheque for something about which he can do nothing, no matter how prepared he may be. That is unreasonable, pure and simple."
I'm not asking my clients for a blank check, I'm asking them to be diligent of their usage. If they get nailed and call me, we're resolving the issue. If they get nailed and don't read their usage graph and scream when they get the bill, what can I do for them then?
Bottom line, it's a two-way street, find a provider you can work with who will work with you.
" First off, you said your self that you work for a big ISP. That means that they have the resources to pay someone like you to monitor this type of thing. That's not the case for "Joe 4U" that just has a couple of boxes in a rack."
Not true, go download a copy of Cricket or MRTG. Been doing it for years, even contributed to the projects to make the monitoring job easier for others in the same boat.
"Second, I said DOS... and I said INCOMING. If someone pulls your subnets from ARIN and starts doing variable UDP DDOS attacks against oh.. I dunno say your DNS servers... what are you going to do? Shut down DNS? Block all UDP? I think not."
Your going to call your provider and get their assistance in resolving it. Even if their "small" it doesn't take much resources to setup bandwidth monitoring, I know it's my business to do this for
my clients. I give my clients 24x7 access to see their bandwidth utilization. I instruct them on what they are seeing and what it means to them and their bill. I do this so they are aware ahead of time before a bill shows up. When the POS Windows DNS server starts pounding his server with DNS requests for a domain that doesn't exist and won't take no for an answer I expect him to call me. We'll find a way to stop it even if the turkey admin can't fix his server. BTW That happened less than two weeks ago.
"I own a small networking company that subleases space out of Exodus locations. And I'm telling you, it's not feasible to ask the average CoLo customer to do 24hr bandwidth monitoring, and real-time assessment of threats / packetshaping. When "Joe 4U" is asleep for 8 hours and his box is getting 100Mbits per second in DDOS traffic. There's a problem."
Any reasonable hosting company has the capability to do bandwidth monitoring, and if they don't call me. I know how and I do it for all my customers like I have for the last 8 years. What's it cost? I remember the old insurance ads "For the price of a cup of coffee a day you can...".
"The ISP has the resources and the expertise to solve the problem. It amounts to signing users up to an agreement that allows the ISP to "automatically" take action to prevent this type of unintentional bandwidth usage in the even that they can not contact the customer. Then you block it upstream and Joe 4U doesn't have to take you to court for his $10,000 bill."
Bottom line, the clients need to be educated as to what they are getting into when they put a server on the net. I feel it is the providers responsiblity to provide their clients with the tools to know what their servers are doing and be willing to provide the support to mitigate the effect of DoS attacks, and other "unintended" traffic.
It's a two-way street, how can you expect your clients to pay for something they know nothing about without giving them the tools and information they need to understand their risk?
I run a hosting facility and I can tell you what would happen. The clients would opt for the 'cheaper' option and still complain when they get nailed.
We do bandwidth monitoring for all our clients and provide 24/7 access to the reports so clients know exactly where they stand with regard to their usage.
As I've only read the comments down to this point I haven't seen anyone discuss how bandwidth utilization is actually calculated and billed.
For the most part the comments are in regard to ISP's providing consumer Internet access as opposed to collocation, or hosting which is a different beast.
When we sell a client a T1 they get the bandwidth that will go over a T1.
Collocated clients you have to monitor via switch/router interfaces, NetFlow, et. al. The resources it would take to discern 'real' traffic from 'invalid' traffic would make it not worth the effort of the provider.
As I mentioned we provide clients access to utilization graphs updated every 5 minutes. We explain to them what they mean and get them to understand their own usage. If we or a client detect unusual usage we research it. If it's an attack we attempt to shut it down, if it's legit it stays. That doesn't make the client not responsible for bandwidth directed to or originating from the equipment they chose to put on the Internet.
How about we elect our officials the way they are currently elected, we purchase them like any other product. Make them dance and sing for us and we'll buy the ones we want. The election was turned into the Super Bowl/World Cup you know people would vote. Add a Lottery to boot and your guaranteed to pay for the next one, everyone buys their vote. Just a dream I had once...
While they do ship their equipment with FTP and Telnet open (sorta, thanks NMAP) it doesn't feel like responding to requests.
Thanks for the info.
as I gaze at my brand new ZyXEL Prestige 645 DSL bridge that arrived a mere two weeks ago with my DirectTV -> Speakeasy DSL transition.
and I wonder...
Give it in unpronouceable symbol as it's name and then refer to it as. 'The shell formally known as OpenSSH'. Then when everyone is tired of that call it 'The Shell'.
Whaduyatink?
Remember the day the satellite blew it's zap and all those pagers stopped working a few years back?
Well our company hosts www.panamsat.com the coporate site for the satellite company.
On that day the site was running along with 50 other shared hosting sites on a pentium 166mhz w/64mb RAM running Slackware and a 1.2.x Linux kernal.
Prior to that day the site would take ~1000 hits a day, but by the end of the day just that site alone took 1.2millon hits.
From that I know that a properly configured Linux server could take at least a few million hits a day.
Forget the FUD, if you want scalable stability don't use Windows.
I'm just shaking my head as I read all the reports about these attacks.
I especially like the part about the Banks not telling the FBI that the attacks were coming.
I worked with the FBI and Army Investigators at the end of August when some co/lo hosts on our network were used as launch pads for a trin00 attack. At the beginning we couldn't understand why they would have chosen our network (we're that high profile). Turns out that they saw that one of our Co/Lo boxes had been hacked 24 hours before (it was posted on www.attrition.org). From there they scanned the network looking for other boxes (which they found). Assuming this was their SOP I started checking with other UNIX sites which had been posted on Attrition not long after/before ours and found 4 other sites which had the exact same thing happen.
A few notes from that experience.
1. Person(s) responsible were stupid and made numerous mistakes which allowed me to track them all the way back to one of their base accounts. There I found all the source code and numerous binaries involved in my attack and in the others I mentioned above.
2. Although the DDoS attacks can have a devastating effect on the target I'm more concerned with the effect it had on the source network. Our outbound bandwith never went above 60 mb, (we have 150mb), but our core router was slammed to 100% by having to process millions of tiny UDP packets (which is why it never went above 60mb). This effectivly shutdown our backbone for normal customer traffic (which is how we got the FBI to take notice).
Again this happened in late August, about three weeks after it happened at AboveNet on the west coast. Seems to me like this was their (alpha-beta) testing period.
My concern with these tools is if they can be used to attack backbones instead of sites. i.e. Use many distributed systems to flood backbones with hundreds of millions of tiny UDP packets, keeping their processors so busy they can't pass normal traffic.
Or is it just me?
We host three of the local radio station encoders for Broadcast.com. Just recently I noticed that they had replaced the Real Audio encoder with the Windows one.
Sigh...
Aw who cares, I listen to MP3 stations anyway.
If your driving in a vehicle at the speed of light and you turn your lights on would they do anything?
After reading 'Heavy Weather' by Bruce Sterling I gained a better understanding of the term 'Hacker'. In the book no one was called a Hacker, but everyone who was anyone 'hacked' something. Be it networks, credit cards, phone systems, satellites, software, cell towers, whatever. You weren't looked upon with the tinest bit of respect unless you could 'hack' something. That would make everyone 'Hackers'. I think it's a fitting term. You can used the other descriptions to elaborate on the basic 'Hacker'.
Funny you should mention it. I had the same issue when I was young and the part that I kept coming back to was the poem. For those who have never read it, it's work the read.
http://www.geocities.com/SoHo/Gallery/3495
Strange thing is that last Thursday I was struck by the desire to search out this poem on the web. Took an hour to find. I'm glad I did.
It's hard to explain to my 6yr that the author of his favorite books and CDs is gone.
Anyone remember "Free To Be You & Me"? He played a strong role in that record/CD as well.
Goodbye Shel.
I wont forget it. That's because my facility is hosting www.panamsat.com. The company who's sat blew it's zap. How is this relevant? Well the server that site was running on that day was a pentium 166 with 64mb of ram running Linux. This server is shared among other clients such as Ritz Carlton Hotels. On the day after the breakdown that 'puny' box handled 1.2million hits for www.panamsat.com alone. We routinely host sites on our shared servers which total 1 million+ a day. Were about to add yet another one that does 1.5m a day by itself.
I wish these folks would check their facts before making stupid statements.
Ok, now that I have an account...
Haven't read too much of the comments, but I would suggest 1. Sponsors, 2. Donations by the users (both money and/or support of systems.
After building a decent sized ISP (2 DS3's) during the past 4 years I'm ready to move on, but would love to have a place I can hang out and help support "over the wire".