[olug] Cox and port 25

Jay Hannah jay at jays.net
Tue Jul 1 00:00:01 UTC 2003



On Mon, 30 Jun 2003, William E. Kempf wrote:
> I can understand why a company would niavely create such contracts, but
> they really should rethink the decision!

-shrug-  I guess I see it as the company wanting to put as much legal
firepower/fodder in their corner in advance as possible. Whether or not
they'd win in court is an open question, but at least they have an
accepted AUP as Exhibit A if an abuser decides to sue them. AUPs are CYA
for our out of control litigious society. No ISP wants an abuser to claim
they were never told they couldn't do something, therefore have the right
to do it until a judge specifically tells them otherwise. Safer to tell
them up front they can't do a bunch of stuff.

> I'm not convinced they have the final "legal veto".  I believe that if I
> had the desire and the cash, I could take them to court over this and
> prevail.

Could be. It just seems to me that the AUPs *try* to protect the ISP in
advance. If customers don't want to agree to the AUP, they're free to go
somewhere else for their bandwidth (if they have other options).

> > (They can't *just* go by a bandwidth stipulation, because a porn/warez
> > downloading fiend probably doesn't have a "server", but still clogs
> > their network. Multiple clauses, multiple protections from unruly
> > customers.)
>
> Uhmm... you just made my case for me. ;)

I did? I thought my case was to throw all the clauses the ISP can think of
into the AUP in advance, so they have a series of "customer X did not
comply with the AUP!" excuses to drop an abuser w/o getting sued?

> It won't take much for the spammers to continue to relay through Cox.
> Case in point, *if* my system were used as a relay prior to this, it will
> still be used as a relay now, as my system is set up to use Cox as a
> gateway.  It may be a little easier for them to trace the problem back to
> *me*, but that doesn't get them any closer to the spammer, nor stop the
> spammer from using them.  I could provide a worm that allowed me to
> exploit Cox customer's computers in this manner with little effort.

Sure. But I assume the whole motivation for Cox is that if abuse is
coming from your cable modem:

1) It's easier for them to block your abuse outbound on port 25 in their
SMTP gateways than blocking your floating (DHCP) IP address in their
firewalls.

2) It's easier for them to confirm or deny SMTP abuse reports when they
can refer to a single, central set of maillog(s); instead of trying to
watch TCP/IP level logs on their firewalls.

In either case, they have faster response to blocking the spammer (by
blocking you). On the other hand, if neither 1 nor 2 is true, then I have
no idea why Cox did what they did.

I am severely lacking in the technical information underlying their
decision... Anyone know a powerhouse @ Cox we can ask frank questions?

> Again, they didn't take any IPs out.  They locked a door, but left a
> window open.

But presumably the window is easier to close than the door. Plus
worms/viruses/etc. who only attempt to go out doors won't spam via the
window. -grin-

> > At the same time, I'm not a fan of Big Brother or sweeping actions from
> > monopolies. Cox chose what they chose. Customers may choose to come or
> > go to or from them because of it. Cox may choose to reverse their
> > decision. The spam struggle marches on.
>
> Unfortunately, there's nothing for me to go to, or I would.

Really? You have no DSL option? You could choose their spendy "@ Work"
offering[1]. If suing monopolies had any effect (*cough*Microsoft*cough*)
you could look into that. (I'm still bitter about RAV.)

> Spam won't go away, and will only be drastically curtailed when we drop
> the current protocols and design something new from the ground up, that
> can be secured.

Really? I haven't studied any technical solutions to the problem. Do you
have a URL I can read? I thought the spam war was a human engineering
problem.

> Laws are useless, if you can't enforce them. ;)

(*cough*Microsoft*cough* -grin-)

j

(still bitter about RAV)

[1] If the company "At Home" went out of business, howz come Cox's
business oriented offering is still called "At Work"? -ponder-




More information about the OLUG mailing list