[afnog] UCEPROTECT-Network Level 3, who takes the blame?

John Walubengo jwalu at yahoo.com
Tue Jul 24 15:26:47 UTC 2007


Oduor,

am not a provider. just manage a mid-sized college
network(400Pcs, Campuswide LAN and WAN systems) . 

i never used your ticketing system since I just emailed the
info or support group for your ISP and got into email
conversation with somebody at the other end. 

I think I was doing targeted blocking rather than a whole
range. cant remember the specific IPs but they were about 3
IP that may have included your main resource servers (mail,
dns, web, whatever they may have been, the spamming did
stop.

and yes, we can review this offline if you wish.

walu.
--- "S. Oduor" <soduor at accesskenya.com> wrote:

> > Even after hardening our mailserver, the MailScanner
> kept
> > showing huge amounts of spam from the AccessKenya
> network.
> > I emailed the then admin to sort it out and (s)he
> promised
> > to look into it but after a week of no change I
> technically
> > dropped communication
> 
> By you emailing the admin directly might not have been
> very wise even if
> you knew him on personal basis, Most admins normally
> receive so much mails
> & they filter them based on from addresses to manage
> system
> alerts/notifications & a few emails from known
> individuals so definatly
> some mails go unread by the admin especially those not
> logged on their
> selected folders. most abuse calls are normmally logged
> to abuse at foo.bar,
> postmaster at foo.bar or support at foo.bar did you do this ?
> Did you get a
> ticket number on the same ? What range did you block and
> what is the
> current status on your server ? I have forwarded this
> complaint to the
> right party if you have the ticket that was assigned pls
> forward it
> off-list & would also like to know the range that was
> blacklisted on your
> server ? are you a provider of some sort & how many
> domains do you host if
> so.
> 
> 
> > Which now begs the question who should take the
> > responsibility of cleaning up downstream hosts coming
> into
> > your network?
> 
> The responsibility starts with the downstream host admin
> & also service
> provider. On service provider level you may need to work
> on things to
> regulate connectivity to your hosts like blocking port 25
> to mitigate
> exploits and probably forcing them to use your outbound
> mail server that
> does scanning of emails but this really has to rely on
> your internal
> policy or you might end up becoming a regulator than a
> provider, in some
> 1st world you can be sued for this so policy will be very
> important. For
> errant cases of a spamming host due to malware or open
> relay the Service
> provider normally blocks off outbound communication until
> this is
> re-addressed its better than having an Rbl block your
> downstream host that
> ends up spoiling your reputation.
> 
> 
> >it looks like UCEPROTECT opted to do exactly what i did
> - it may not be
> right, but it does provide a quick relief of sorts, with
> casualties ofcourse.
> 
> I disagree , so did you block all the IP's that start
> with 196.207.0.0/8 ,
> what criteria did you deploy and what loss has you
> company or firm gotten
> from your act ? You have just blocked probably more than
> 5 Providers
> because you cant single out a subnet thats errant pls
> re-visit the
> solutions to your problems its even causing more problems
> to you and your
> customers.
> 
> Off topic KCCT.AC.KE seems to be owned by the Govt & I
> know a percentage
> of the money I work for goes to support it in form of
> Tax, if you are sure
> you've applied policies similar to UCEPROTECT thats
> criminal pls sort it
> out , I want value for my money.
> 
> Rgds
> Oduor Sam.
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> -----------------------------------------
> This email was sent using Communicatons Solutions LTD
> WebMail.
>    " "
> http://www.accesskenya.com/
> 



      ____________________________________________________________________________________
Fussy? Opinionated? Impossible to please? Perfect.  Join Yahoo!'s user panel and lay it on us. http://surveylink.yahoo.com/gmrs/yahoo_panel_invite.asp?a=7 




More information about the afnog mailing list