[PLUG] Internet Janitors (WAS: VPS Hosting)

brent timothy saner via plug on 12 Jul 2020 11:32:43 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[PLUG] Internet Janitors (WAS: VPS Hosting)

From: brent timothy saner via plug <plug@lists.phillylinux.org>
To: plug@lists.phillylinux.org
Subject: [PLUG] Internet Janitors (WAS: VPS Hosting)
Date: Sun, 12 Jul 2020 14:32:00 -0400
Autocrypt: addr=brent.saner@gmail.com; prefer-encrypt=mutual; keydata= mQINBFKm0mgBEADSI5oeyqRYZ8YWxPbux4CeqaMNh4etuyJmglDRCQB9t1XlvhMDLZWQNqm+ ORBN3YGISUu+X55p10lK/O1w/85zXkAV7Qe6fkvUzSx0tbPWLu4rn4zH9JgTExElhFRv143H W/EKehejEetkNz6JSwGUXNiF5qh1GbKLOmShbmCSKXLcmw05Qj4ELmhkH9OWXpeM0EHmWIEK VSeoIim/g1MYYxKOb1wY3DEubY9zn3lfz9xfLq/xlFMepDyNAEer/qZDSHQqnymdqXlt6L9e mfd4snHLiDfUgG9JOPeMDWeT6XWJDtKKCcZ3JDSMEGgZsFYpwJxJEwPxnfhHJmH8ENxi/8Cu 0fLFvzgAP+VK/Z1egBI7l241fDDREg3e+NWFhUM5bjwBmqk1z8nkRdru+QSMtPl6Erkd+Tbp 7lGGpQwCbI6esdBPkx/nV8+fIPEcsR2G5jG7O9U4J6q3B1nRFrR863SJHudIWV/l59ZvA8kI knDYNOixPLmnoRrO7LNIWe9jpnkZdg34Aa5AjAjGEKwY5EAzqkKuPEMVGqg/36YUcnqYS98W iVgCpaGg6KJqCMVXBfugxd79rtkyT4Oeju/z/Yp2xxXm3Pqcocb1CxbiEYDLJNT7/hyIJ072 4asMz2DTDMIMciP93hPraEtINknPlerNX2XqK03D+gyBGqAL7QARAQABtCtCcmVudCBUaW1v dGh5IFNhbmVyIDxicmVudC5zYW5lckBnbWFpbC5jb20+iQI8BBMBAgAmAhsDBwsJCAcDAgEG FQgCCQoLBBYCAwECHgECF4AFAlLzvnsCGQEACgkQjABML5NIH2vQHxAArz6yjoQqUPoOFBRF P6hXHcMegvh4vZ0xOcoU+7KyUyD2f5jYivQFSVYcRDr7hyHTs3iRr0HKN8dUUSyLkNCc+rd2 FwqftUF2JLqlqpJ4HDXw+5L2rw0+0voy7JpRNtoGlfkh32SHIbTmNwVIFm1yVg+xNk0RAvl8 /NnPzgi0IKgOJNcxicLpy0f0o/uWHKcm6uS8SBZL3col1Wuhwqt/VY7Nz0cCF7IrRNGyMMPF PMRq3A5144U81WQR94iGlpvWku/qnFAvC9NNTllCwFYpiuI2BkndlPO3YqOwcGbVTOO765la Qz9EQn9b9ipnPjOSp9HLhu53RoJyUWogBtijCzEgODYJuflPWoXG4ubB11wP2CRPZzj3KqFE cShAyNwE2bAtHwtqsksII3J46EEQDrHam/0D6F+jNMZK31E/ET9WcdzZhFRGaBd748dRcaoH BaHpviH+GtRZiWtrR0238Df05MtZPTlZi2t4icBIGVN4j0mcMbgVY/5CudLQGa7BSjnKR/uy hJI7ANOHCsIud6rIB9s5qly60bXjOZ4hG1iFIhUFC+zgrOYGZLbJgCaKd5sdBCWOsQwInD/X eWO+6p4bW0YIp0YXZA5+0Uo8EP4t+NzvfGhe19gy8hrJYZGSW1PJDvqvs+b5XO2j5Be6ec2Y 09Ta99U94SxWp3nXpKS5Ag0EUqbSaAEQAMIB/UpTre+NGzkvTmO6wnfQuzJKEEWnX2p/+eQF ZgDhObvwhvZr7C3I9wP3JnAP3LoJqrnmp78qE2v7snlSG1i66hqcj8Cw2EkBRLFsseva2uI5 B63RLrV0tTXN86nmHhw8qJ2GBu84Ddw7KtYoCRbq902eWsgWxRJVwAK+ip24tVVJxaR23nkO FwU+suYRDhiM9GLVj2waomgJK60dhxLOLZSRwJ0S1A2pu16GEx8USEoz7WNDJgx8PJPSzyH5 U7h9hXhpTEvS8nOV5G7YhksKBR6ECjmleCSehBaotVTAhXTfoh9fyCusMBwizLBoS8GmPUnv nUlvJzyAzu1KxnFzpwEk9ZBgLqWxzC/i4PZKrpqG7n5JqgEl0gg+7fn5Sdwq14Trg+djDGa5 c8n5hXEyszWTka53AhVCn8yq01zYNZoMDG6adYku/g3n5mBxKYuSoMkzuPRgihpsrhN/0RGY nJRDw5cpAjywWhTfFWGaAz6mDNhCV9daoqAoFjmIt9PAFeTrHj0XZXW7C53t4Qor9Nc5goh5 jlw7vv58CpdF0dPF6jLhDL2AYtplqwdPQr8+hj8WyFW8Rbj/OOj/z/JdDa6xCqfvh0udGLVa FDwQXZ1D4sqjwABhqdCppYb9TSq0TzR2LyZDnn/JZied2Q2LypPbsoGa3qd//w5W6NczABEB AAGJAh8EGAECAAkFAlKm0mgCGwwACgkQjABML5NIH2tCDBAAiMHQIKXCnm3XOcBuArJ8l0Yp W7q9KWF1YtmK+Jg+JqF8vTR7qvJ1djpVJVzCbL73bSrw24bLjHhcATuBsQxYPu2sSulcPB8n ri3ki/rWiWpNtjykKi6z56o+vDmbVH8UyA++zHQIaOx7tyKnh4w1F2i46132yMHLHFAdQkAl AJRMIQ6E0AKK9t61r+NJ0KT8g1h9PMcJkPWkGmQjT9eahLlO1H3kua0xCZ264CFUkpYo7t0I Y9BuRafzrqRqrYBJzEeDSd2dNz8u+jTF8RlHyaiePcTE9R1A41mK2vDCgWAbmXW8eruVz+Av zdXSNr6erccamRmeTIyJ5WpGeoA/ZeTDVSLzU2/i/PK2yI/8DTwWnt0iLC+8qvbz+E27/8i5 x5w3PosUjXzHQugBZO0xrBqti9rWV6u73zAE07EKaGfTm4Py3HRfysmFijcT0xpEeuilXM72 TixP75enqXN45ouwrapBcjAM3oxn+eVAagtzMUjXjHJBP5g5PHCRTuzakNzvFu1YNV9Oec8S O+hoQAuW6Wy5NfCN3Bg+KHPu/U6Lw9TcbFtCGOswMx9U2Thuj7FeULli5tj/kLahOOMO0N++ msHrJNNWa2ekU9GJ1NDCOGH0zYF4F5dxrdNxuOGzz6a0+5o1DBaWUEN0wAMceluJNnqv0qni AGmGDY9HHUM=
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=to:references:from:autocrypt:subject:message-id:date:user-agent :mime-version:in-reply-to; bh=zdDA5L1kzCr716lQN4CPNOAl64rPsF80UOoCpV+lt24=; b=PdngBTj0BbUQNrypkQd+B6egRLM7ExLX9Zw/6Zw1R9gYwNCILVkTU/u+9cxLUNIvBL gtuoVw9F1hz5zRIhauAGPmSmJRMr17Q5/3POa/TWc/vNuaHsluIk2ux/rBF6pWv9lu/Y VLnTm+3GVId6IJzJUX5BMPJYSYxnOZ8ayKV18gEG6QNit2Sjsy60Jxt0HwMCVKOVjhR0 wjhqsc8A8cr1NYB+ZWgBk0XhDC6FIqW3ya+BjoIEvmb3FPWeeSDWkCALVJqz7Kve9Cg0 SpZMo+z7BvvWsavz1zP+f3LvVv1xvr24/pV/twGylXh1vspeLqrjceJhIURZYevtlgeu e8zw==
Reply-to: brent timothy saner <brent.saner@gmail.com>
Sender: "plug" <plug-bounces@lists.phillylinux.org>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.9.0

On 7/12/20 10:27, Rich Kulawiec via plug wrote:
> On Fri, Jul 10, 2020 at 11:15:58AM -0400, christine via plug wrote:
>> I work at Linode and host all my stuff there would def. recommend ;)
> 
> Linode certainly has a better track record than Digital Ocean, OVH,
> Vultr/Choopa, and other operations that are absolute cesspools.  However,
> there are still chronic issues with outbound abuse/attacks from Linode
> that have not been adequately addressed.  If Linode is serious about
> being a competent/professional operation then that needs to happen.
> 
> (Arguably, it should have already happened: it is the first
> responsibility of every system/network administrator to ensure
> that whatever they're running is not an operational hazard to
> everyone/everything on the Internet.  This responsbility supersedes
> all others at all times.  Anyone who isn't prepared for that, anyone
> who isn't dedicated to that, anyone who can't or won't make that happen
> not only isn't a professional - they're not even a competent amateur.
> They're simply not good enough to run *anything* plugged into the Internet.)
> 
> ---rsk

As someone who's worked in hosting in various forms in the past, I can
tell you platitudes and demands like this are nice, but they don't work
in a practical form because Real-Life(TM) is a little more grey than
black-and-white.

Should providers be doing due diligence? Sure! However, there are
problems with making a hard-and-fast rule. Consider the following.

1.) You're a VPS provider. You seee a massive outbound surge of email
traffic (DST 25/TCP, 465/TCP, etc.). Is this instance a spam service? Or
is it hosting a massively popular newsletter? How do you investigate
this without violating the privacy (or anonymity) of the customer?

2.) You notice torrent traffic. Are they seeding copyrighted material?
Or are they helping mirror a distro's ISOs?

3.) You notice a huge number of HTTP connections. Are they the victim of
a slowloris[0]? Or have they been slashdotted and their webserver
configuration/website code hasn't been optimized well?

4.) You notice a huge number of outbound connections in general. Are
they initiating an attack? Or are they the victim of a TCP SYN-ACK
reflection attack?

Short of installing a rootkit, there's no guarantee you're going to be
able to reliably check what they're actually doing if it's using a
TLS-transported messaging system. The argument can be made that you
oughtn't be able to know; with State/corporation-sponsored espionage on
the rise, privacy and anonymity are in high demand and are very, very
low in supply.

Additionally, the amount of analytics and DPI you need to do for every
email server/torrent seeding instance/whatever running on guests on your
fleet is ASTOUNDING. You're talking about an unrealistic cost benefit
payoff.

Instead, it'd be more beneficial to encourage *customers* who don't know
what they're doing to hire outside help or leave their playground for a
homelab/VM first. The vast majority of the abuses seen on the Internet
are due to misconfigured services that attackers compromise and take
advantage of, not first-level abuse. So if you stick to your philosophy
and make it a hard rule, you've now killed off a significant amount of
your customer base when the *proper* response is "you should hire a
sysadmin who has experience with this service".

Linode has outbound abuse because *they attract people who have no
server administration experience*, not because they aren't doing due
diligence. They're popular, they have a significant amount of hosting,
so it happens more there. If you file abuse reports with Linode, they
actually are handled.

What you're suggesting, in other words, is the digital equivalent of
"thoughtcrime" - applying ill intent/malignance onto a situation with no
inside knowledge before any actual violation was committed.

"Innocent until proven guilty" applies to more than just law. Is it
inefficient? Sure, but it's the most fair thing we have. In the
meanwhile, it may be more beneficial to teach people how to read and
understand RFCs and teach them best practices if they're interested in
putting something on the Internet rather than trying to fix it with
measures akin to China's Golden Shield. But, of course, that actually
takes time and effort.

[0] https://en.wikipedia.org/wiki/Slowloris_(computer_security)

Attachment: signature.asc
Description: OpenPGP digital signature

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

References:
- [PLUG] VPS Hosting
  - From: Casey Bralla via plug <plug@lists.phillylinux.org>
- Re: [PLUG] VPS Hosting
  - From: Rich Kulawiec via plug <plug@lists.phillylinux.org>
- Re: [PLUG] VPS Hosting
  - From: Tim Allen via plug <plug@lists.phillylinux.org>
- Re: [PLUG] VPS Hosting
  - From: christine via plug <plug@lists.phillylinux.org>
- Re: [PLUG] VPS Hosting
  - From: Rich Kulawiec via plug <plug@lists.phillylinux.org>

Prev by Date: Re: [PLUG] Remote to an Ubuntu desktop
Next by Date: Re: [PLUG] Anyone here have restore-from-suspend failures on F32?
Previous by thread: Re: [PLUG] VPS Hosting
Next by thread: Re: [PLUG] VPS Hosting
Index(es):
- Date
- Thread