Mele20
Premium
join:2001-06-05
Hilo, HI
edit:
July 24th, @05:21AM
| This has caused a huge uproar. Did you read all the links? Here is just one example of the harm this has done:
"
Tuesday, July 10, 2007
Timewarner/AOL and Verizon are pillaging IRC networks.
Listening to:
Mood:
TIME WARNER/AOL and VERIZON are KILLING IRC!!!
Time Warner/AOL known to many as AOL and RoadRunner are redirecting traffic on IRC ports (such as 6667) to their own network (it says irc.foonet.com but you can't connect to it directly). At this point they force you to join a channel called #badbotbad, at which they put .remove in the subject. Instead of targeting bots, they are targetting everyone, with an outmoded and half assed method. To top it off, they are not restoring access past their transparent proxy and their lower level tech support claims to know nothing of it. Time Warner/AOL just goes to show how they are one to two years behind the curve, as most botnets are now targeting P2P file sharing networks.
Verizon on the other hand has taken to blocking entire IPs, outright! Meaning that users can not connect on any port, nor can they view websites associated with those IPs. This type of behavior by major ISPs can legitimately cause the death of IRC as we know it, thusly killing entire communities by removing an internet users right to choose! FIGHT BACK!! Protect your freedom of choice!
These ISPs have provided us, the IRC Networks, no means of redress! We can not even address our concerns with a real person and there is no way to speak with anyone! We can not even defend ourselves in the process! I personally implore all of you to contact your ISPs and tell them to STOP selectively restricting the internet of their safe communities. Protect your right to choose how to responsibly use your service!
If these ISPs really wanted to solve their problems, they would offer free intrusion scanning and protection for their clients as well as a more comprehensive virus scanning service for their average users! AbleNET is very aggressive against botnets and illegal activity, by choice! We can protect ourselves better than the ISPs can... The ISPs seek only to destroy our communities!
One of our users was nice enough to take screen captures (see reference below), from Time Warner/AOL. As you can see, this is CLEARLY NOT AbleNET!
This is clearly NOT
Reference:
1: »s46.photobucket.com/albums/f116/···net1.jpg
2: »s46.photobucket.com/albums/f116/···net2.jpg
3: »s46.photobucket.com/albums/f116/···net3.jpg
4: »s46.photobucket.com/albums/f116/···net4.jpg
5: »s46.photobucket.com/albums/f116/···net5.jpg
Posted @ 20:22 PM | Views: 965 | Comments: 8
by Anthony (IRCop) @ 00:44 AM, Jul 19 2007
I wrote the following e-mail to Full-Disclosure. I hope beyond hopes that someone can help...
---------------------------------------------------------------------------------- --------------
Subject: Major ISPs arbitrarily blocking IRC and hijacking DNS entries
Greetings:
I am writing to this list because I no longer know where to turn. Over the course of the past 2 to three weeks I have watched my services on the internet become systematically blocked and redirected by no less than 3 major isps in their efforts to stop botnets from connecting to IRC. Allow me to provide a little background info.
My name is Anthony Sanchez and I have run a small irc network, for the past 6 years, along with a couple websites and my mail server (utilized by two people). Approximately 2 weeks ago, we discovered that TimeWarner/Road Runner/AOL was redirecting traffic from irc.ablenet.org port 6667 to their own dummy install of ircd along with commands to connecting users to ".remove" in the event that the connection was a bot. If the end user were to attempt to speak or issue a command, that user was banned from the 'dummy' network.
At about the same time, we noticed that verizon was restricting access to the IPs all together, apparently using some form of port restriction as the DNS still resolved on their name servers correctly. I have documented this informally, with screenshots, on my weblog, found at »anthony.blogs.ablenet.org/ .
As of today, it now appears that Cox is also redirecting traffic apparently in an effort to disable botnets.
As you can see below, the correct resolution of irc.ablenet.org is as follows:
Name: irc.ablenet.org
Address: 65.23.156.37
Name: irc.ablenet.org
Address: 65.19.178.15
Contrary to the truth, cox.net resolves it as so:
Server: ns1.dc.cox.net
Address: 68.100.16.30
Name: irc.ablenet.org
Address: 70.168.70.4
Out of concern, I had emailed the irc-unity.org security discussion list (currently cc'd; I hope that is ok) and confirmed that while not everyone is experiencing this problem, it is not entirely new. That being said, I am not sure anyone has experienced it on this level. We have never harbored botnets; in fact, we have very strict connection policies and have flown under the radar for a good number of years.
I assure you all that we have never and will never contribute to the abuse of the internet. A cursory scan of the general blacklists does not appear to show any submission of my IPs or my URL. To make matters worse, we have no means of recourse or correction. No one has made an effort to contact me with regards to their plans and how I may have been able to prevent what amounts to a systematic crippling of services. I have no way to circumnavigate the domain hijacking, port blocking or traffic redirection being employed. Nor do I have any useful contact information that would put me in contact with any of their network security personnel. These providers, while perhaps noble in their cause, are denying us our right to exist. If we were a large organization, this very likely would not be happening.
I appeal to the members of this list and those that read it. If anyone can offer any form of assistance, knows anyone who can, or can help me get my story out... please do. Beyond the inability to exist, I am concerned for the communities that have
congregated with us and contributed to the greater good. Any and all assistance will be beyond appreciated, as our very existence is at stake and I no longer know what to do...
Best Regards,
Anthony S
Anthony at AbleNET dot Org
»anthony.blogs.ablenet.org/ "
I sympathize with the ISPs but deliberately breaking DNS protocol is simply wrong and a dangerous precedent has been set here.
--
"The same ferocity that our founders devoted to protect the freedom and independence of the press is now appropriate for our defense of the freedom of the internet. The stakes are the same: the survival of our Republic". Al Gore, The Assault on Reason |
bky
Premium
join:2002-07-05
Austin, TX
 ·AT&T U-Verse
edit:
July 24th, @03:19PM
| reply to EGeezer
said by EGeezer  :I wonder how the server owners would respond if they were asked to clean and ban the bot herders and malware pushers from their systems? It seems like cooperation from the system owners would remove any justification for the actions the ISPs took. While that sounds fine in theory, most server ops react too late, depending on the size of the network. I have no clue which irc networks they modified DNS for, so they could have been big or small I suppose.--
My Consulting Plug |
·
·
