Home page logo
/

nanog logo nanog mailing list archives

Re: Hey, QWEST clean up your network
From: John Brown <jmbrown () chagresventures com>
Date: Thu, 28 Aug 2003 21:51:20 -0600


Sorry to those that may be on other lists.  

Given general operational nature, I posted to NANOG, so that:
1. money can talk, others will see one view of this provider
2. operationally maybe something will get done
3. policy wise maybe this provider will change its policy
4. Qwest said their people had installed the ACL's properly
   my evidence is to the contrary.

The customer that was impacted is certainly considering
their options.  I suspect they will vote with their checkbook.

PS: Slew == 1 Private email list, 1, Well known public list
            1 Local Public-ish list.

Slew != as large as it may have sounded...

Policies are sometimes in place for good reasons, sometimes
because the makers of said policy are void clue. To assume
they are inplace for good reason is a leap imho.

Some Qwest people I've worked with on this issue are rich
with clue, others (ergo via the nice normal paths) are not.

My thanks to those that have clue, and my suggestion to 
management that they help those without clue.




On Thu, Aug 28, 2003 at 09:36:37PM -0600, Danny McPherson wrote:

Not sure how many places you intend to post this or related
messages, but if you've got a problem vote with your money.
Whining to NANOG and a slew of other mailing lists and still
giving money to Qwest seems silly to me...

Likewise, the Qwest folks likely aren't quite as clueless as
you've attempted to portray them over the last few days, silly
policies (policies that are clearly in place for a reason) can
be fixed -- and I assure you, above all else, money talks...

-danny

On Thursday, August 28, 2003, at 09:25 PM, John Brown wrote:



Seems like QWEST doesn't have any edge ACL's in place to deal
with this lovely worm issue.

Count           Source Prexix, rounded up to a /16

144             208.46.0.0
199             65.114.0.0
347             208.45.0.0
462             65.118.0.0
486             65.119.0.0
702             208.44.0.0
----
2340                TOTAL Packets out of 2500 for 2 seconds

This is ICMP and TCP MS bad traffic for a 2500 packet
capture on a DS1 that is directly connected to Qwest.
Ergo, Qwest is the transit provider.  Capture period
was about 2 seconds.  ICK

According to Qwest Tech/Noc people they can't leave
filters up for more than 1 day.

Given that this worm has lasted more than 1 day, I'd
think its reasonable to leave filters up for say more
than one day ????


The other thing I learned from QWEST IP-NOC was that
it seems managment decided *NOT TO* filter packets related
to this worm issue at the edge......

john brown
AS 10480 and others




  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault