Gmail contact please?

2014-04-11 Thread Dave Rand 
Is there a good contact at Gmail that can take care of a persistant issue 
for me?

Thanks in advance,

Dave Rand
d...@kelkea.com or d...@bungi.com

--

ATT/SBC Global to AS13285 routing issue

2011-08-08 Thread Dave Rand 
If someone from ATT or SBC global could contact me off list, please? 

2.96.0.0/13 is pretty much unreachable from portions of the Bay Area from
the sbcglobal network.  I've opened a couple of tickets on this, but no
joy yet.

Thank you

--

Re: Nato warns of strike against cyber attackers

2010-06-08 Thread Dave Rand 
[In the message entitled Re: Nato warns of strike against cyber attackers on 
Jun  8, 16:03, J. Oquendo writes:]
 
 All humor aside, I'm curious to know what can anyone truly do at the end
 of the day if say a botnet was used to instigate a situation. Surely
 someone would have to say something to the tune of better now than
 never to implement BCP filtering on a large scale. Knobs, Levers, Dials
 and Switches: Now and Then (please sir, may I have some more ?) is 7
 years old yet I wonder in practice, how many networks have 38/84
 filtering. I'm wondering why it hasn't been implemented off the shelf in
 some of the newer equipment. This is not to say huge backbones should
 have it, but think about it, if smaller networks implemented it from the
 rip, the overheard wouldn't hurt that many of the bigger guys. On the
 contrary, my theory is it would save them headaches in the long run...
 Guess that's a pragmatic approach. Better that than an immediate
 pessimistic one.
 

It's really way, way past time for us to actually deal with compromised
computers on our networks.  Abuse desks need to have the power to filter
customers immediately on notification of activity.  We need to have tools to
help us identify compromised customers.  We need to have policies that
actually work to help notify the customers when they are compromised.

None of this needs to be done for free.  There needs to be a security
fee charged _all_ customers, which would fund the abuse desk.

With more than 100,000,000 compromised computers out there, it's really
time for us to step up to the plate, and make this happen.


--

Re: Nato warns of strike against cyber attackers

2010-06-08 Thread Dave Rand 
[In the message entitled Re: Nato warns of strike against cyber attackers on 
Jun  8, 14:30, Brielle Bruns writes:]
 
 Legit customers get caught in the cross-fire, and they suffer - but at 
 the same time, those legit customers are the only ones that will be able 
 to force a change on said provider.
 
 They contact us, and act all innocent, and tell people we're being 
 unreasonable, neglecting to tell people at the same time that the 
 'unreasonable' DNSbl maintainer only wants for them to do a simple task 
 that thousands of other providers and administrators have done before.
 


I'm somewhat familiar with the concept :-)

But yes, this indeed is currently the only effective way to cause change
at the ISP level.  Ferg is very correct in that Change Is Coming at
the goverment level.  That is the wrong place for it to happen, but it
will also be very effective.

I'm hopeful that more networks will take it upon themselves to make it happen
before it is forced on them.


--

Re: Nato warns of strike against cyber attackers

2010-06-08 Thread Dave Rand 
[In the message entitled Re: Nato warns of strike against cyber attackers on 
Jun  8, 13:33, Owen DeLong writes:]
 
 I realize your fond of punishing all of us to subsidize the ignorant, =
 but I would rather see those with compromised machines pay the bill for =
 letting their machines get compromised than have to subsidize their =
 ignorant or worse behavior.
 

I'm fond of getting the issues addressed by getting the ISPs to be involved
with the problem.   If that means users get charged clean up fees instead
of a security fee, that's fine.

ISPs remain in the unique position of being able to identify the customer,
the machine, and to verify the traffic.  It can be done.

--

Re: Nato warns of strike against cyber attackers

2010-06-08 Thread Dave Rand 
[In the message entitled Re: Nato warns of strike against cyber attackers on 
Jun  9,  0:26, Steven Bellovin writes:]
 
 A liability scheme, with penalties on users and vendors, is certainly =
 worth considering.  Such a scheme would also have side-effects -- think =
 of the effect on open source software.  It would also be a lovely source =
 of income for lawyers, and would inhibit new software development.  The =
 tradeoff may be worth while -- or it may not, because I have yet to see =
 evidence that *anyone* can produce really secure software without =
 driving up costs at least five-fold.
 


The vast majority of users that I interact with (and yes, I am first to admit
that it has been only thousands, perhaps less than 10,000 over the years, so
it is a small sample) are quite happy to be informed of a compromised system.

It's not, for the most part, that they are malicious.  Just unaware.  The bad
guys are very stealthy, and the but, I can't see anything wrong on my
screen! is a huge obstacle to overcome.  Once they are made aware of the
problem, the vast majority work quickly to fix it.  Yes, some are clueless.
Some want someone else to fix it.  But most are simply unaware that they
have been owned, and want the infection gone.

We've tried to educate users for tens of years of the dangers of unsafe
computing.  Doesn't work.  The users have been trained to click and install
whatever they are told, because that makes it work.

But when they _are_ compromised, and _are_ informed, most users do seek out a
fix.  Some will do it themselves.  Some will hire someone to do it for them.

When abuse desks content-filter reports, and don't pass on notifications to
the customer, or wait until there are more complaints, or... this ends up
with networks that have massive levels of infection.  Yes, I know - we're all
busy, and abuse@ is kind of the last priority on most networks, but it really
is bad out there, and we need the network operators to help.  Please.

For those network operators that would like a 5 year view on their network,
please drop me an email with your ASN, and I'll be happy to send you a text
file, xls, or ods (your pick) of a view of the historical spam traffic.
No obligation, and no salesman will call.  Really.



--

Re: Repeated Blacklisting / IP reputation

2009-09-09 Thread Dave Rand 
[In the message entitled Re: Repeated Blacklisting / IP reputation on Sep  8, 
14:34, Joe Greco writes:]
  there is a fundamental disconnect here.  the IP space is neutral.
  it has no bias toward or against social behaviours.  its a tool.
  the actual/real target here are the people who are using these tools
  to be antisocial.  blacklisting IP space is always reactive and 
  should only beused in emergency and as a -TEMPORARY- expedient.
  
  IMHO of course., YMMV.
 
 
 If people were given an option to block this IP for 30 minutes, 24 hours,
 30 days, 12 months, 5 years, or forever - I wonder how many people would
 just shrug and click forever.
 
 This may lead to the discovery of another fundamental disconnect - or two.
 


IP address space is neutral, but the operators of the space either permit,
or deny, the social behaviour which comes from these spaces. 

For what it's worth, I just completed a study of about 5 years of data on
spam.  I looked at 100,000,000 IP addresses which had sent me spam.

The median duration of sending was 300 days.  There was a pronounced peak at
2-3 years of about 30%.  The vast majority was more than 30 days.

forever is pretty close to right, based on current behaviour.

--