Loading in 2 Seconds...
Loading in 2 Seconds...
Postcards From the States: Some Succinct Suggestions From a North American Cyber Security Consultant Sans Portfolio To His African Colleagues Joe St Sauver, Ph.D. firstname.lastname@example.org, email@example.com Security Programs Manager, Internet2 7th Wide Open Access Meeting, Accra, Ghana
Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.
Postcards From the States: Some Succinct Suggestions From a North American Cyber Security Consultant Sans Portfolio To His African Colleagues
Joe St Sauver, Ph.D. firstname.lastname@example.org, email@example.com
Security Programs Manager, Internet2
7th Wide Open Access Meeting, Accra, Ghana
November 2nd-3rd, 2009
"I’m having trouble emailing you/ getting email from you -- are our emails getting blocked for some reason? Guess we’ll just have to rely on snail mail postcards for now. Hope you’re okay, my friend!"
"Tried to find an email address for your postmaster, abuse guy, sysadmin, or network people to sort this out, but none of the addresses in whois worked. How frustrating!"
-- Whois point of contact data may have grown inaccurate over time (or lack contact info entirely!)
-- RFC2142-required contact addresses may be missing
-- No one may be reading (and dealing with!) complaints sent to those addresses which do exist
-- Mailboxes may be overflowing or misconfigured
--Spam or virus filtering may be used on abuse reporting addresses, making it hard to report spam or viruses
"Tried visiting your ISP’s web site today. Wow, it was really slow! Is it that slow for you all the time? I could hardly stand it! How do you and your family stand it every day? You should switch ISPs!"
-- Track usage of your connection’s capacity with RRDtool so you’ll be able to see if/when things “go crazy.” You need an early warning system!
-- Use deep packet inspection appliances (DPI) to analyze your traffic so you’ll know how your bandwidth is being used -- is it going to flash video sites? Peer-to-peer applications? Porn web sites? Spam? DDoS traffic? Something else?
-- Drop unwanted traffic before it can congest choke points on your infrastructure; often the same DPI appliances that can categorize traffic can also actively filter, limit or prioritize traffic.
"Just had an idea. I wonder if a lot of your problems aren’t related to the fact that your ISP’s users are “anonymous?” If there was better accountability, maybe they could find and kick the bad guys out!"
By implication, then:
"Forgot to mention: once you know about customers causing problems, don’t keep that info to yourself! Report those abusers to the authorities, and when you legally can, share that info with your peers."
Make sure your terms of service make it clear that:
"Looks like some of our communication problems are purely mechanical. For example, I guess your IP addresses don’t have “in-addrs,” whatever those are. Maybe your ISP should try adding those?"
"Another “mechanical thing” I just heard about: I guess your ISP isn’t doing SPF or DKIM, either. Those are additional really good technologies that help control abuse and insure accountability."
% dig +short citibank.com txt"v=spf1 a:mail.citigroup.com ip4:220.127.116.11 ~all"
This translates to, "Only accept email HELO'ing as citibank.com from mail.citigroup.com, or from the IPv4 address 18.104.22.168. All other email HELO'ing as citibank.com should probably NOT be accepted ('softfail')."
Note: see www.openspf.org for for more information about creating and using SPF records.
"Also tell your ISP: they should get signed up for these things called “feedback loops.” Feedback loops give your ISP copies of messages from them that are being reported as spam."
"Looks like your ISP has some entries on the Spamhaus Block List. Urge your ISP to get those problems fixed and those SBL entries removed! It would really help your email deliverability I think!"
"While I was talking with some network engineers, they mentioned that we’re going to RUN OUT of IPv4 addresses in just a couple of years. Did you know this? Are you beginning to deploy IPv6 now?"
"It was great to just get your email, and to hear that you’ve been out of touch because of a camping vacation with your family! Sorry to have been worrying so much when it was just a power surge that took down your own system while you were on the road! I hate it when that happens to me!
"Now that you’re back home and on line again, what do you think of some of those ideas I sent along? Regards, Joe."