Recent klines of hetzner netblocks

General talk about EFnet

Moderators: Website/Forum Admins, EFnet/General Moderators

Silence
Posts: 13
Joined: Fri Aug 15, 2003 11:37 am
Location: Sweden

Re: Recent klines of hetzner netblocks

Postby Silence » Tue Apr 09, 2013 7:34 pm

Hi,

We are not hoping to get any leverage at all. We simply do not want providers that have zero abuse control, or, in this case, a counterproductive one.
The reason they were filtered was because they gave the kiddie the name of the operator. IE; leaking extremely sensitive information, resulting in attacks.
Any sensible company would have replied something along the lines of "we do not have time", or "we will look into it", or "yupp, you are right, the customer is being removed".
They did neither, and just blindly forwarded the email, because, quite frankly, they cant afford to even read emails it seems. Remember, this is the bottom of the barrel as far as prices go.

We do not need Hetzner, and I am sure they will survive without us. Why anyone would want to use a company that simply do not care about abuse it beyond me. However, and again, the problem here is that they leaked sensitive information. Much like a police officer who would tell a suspected murdered who the last witness is. Doesn't make sense, does it? I am sorry you got affected, but may I suggest you change provider to someone that actually provides a service that won't get their entire IP-network banned? There is a reason..

We have emailed them, called them, and tried most methods possible. It's not like we wanted to do this, but we had no choice. Anonymous operators would only lead to ddos on the servers, which is already what happens since most (if not all) opers are spoofed, so your suggestions makes little sense.

Sometimes it is good to do your homework before you assume things. Having said that, thanks for the feedback! :-)
Peter1976
Posts: 0
Joined: Tue Apr 09, 2013 4:50 pm

Re: Recent klines of hetzner netblocks

Postby Peter1976 » Tue Apr 09, 2013 7:50 pm

Silence,

This is not the 90's anymore. If you have beef with some criminal you approach your police department and file a complaint, they will handle the rest. If you have problems with that, try Europol they have a new cybercrime division. Approaching the abuse@ contact and hoping that the provider will do silent investigations themselves, such as sniffing, intruding on privacy is legally not acceptable. What were you expecting them to do? File a report to the police for you? Hopefully not act illegally or they'd get sued. No. Hetzner did all they could do and that was informing their point of contact that abusive behaviour was emanating from a server of theirs. Had they been served a court order from an investigator it may have gone down a little more silent. You brought this on yourself by not going through the right channels, and I have to search new ways to keep in touch with friends, in the worst case leaving efnet completely. -1.

-peter

PS: Hetzner gives out /64's in IPv6 space to customers, doesn't it make sense to block by the /64 first before going for the upstream?
raphidae
Posts: 1
Joined: Mon May 17, 2010 6:46 pm

Re: Recent klines of hetzner netblocks

Postby raphidae » Tue Apr 09, 2013 11:39 pm

Also, IRC is still a privilege and not a right.
Silence
Posts: 13
Joined: Fri Aug 15, 2003 11:37 am
Location: Sweden

Re: Recent klines of hetzner netblocks

Postby Silence » Thu Apr 11, 2013 7:51 am

[quote="Peter1976"]Silence,

This is not the 90's anymore. If you have beef with some criminal you approach your police department and file a complaint, they will handle the rest. If you have problems with that, try Europol they have a new cybercrime division. Approaching the abuse@ contact and hoping that the provider will do silent investigations themselves, such as sniffing, intruding on privacy is legally not acceptable. What were you expecting them to do? File a report to the police for you? Hopefully not act illegally or they'd get sued. No. Hetzner did all they could do and that was informing their point of contact that abusive behaviour was emanating from a server of theirs. Had they been served a court order from an investigator it may have gone down a little more silent. You brought this on yourself by not going through the right channels, and I have to search new ways to keep in touch with friends, in the worst case leaving efnet completely. -1.

-peter

PS: Hetzner gives out /64's in IPv6 space to customers, doesn't it make sense to block by the /64 first before going for the upstream?[/quote]

Why do you think we need Hetzner? What did we bring upon ourselves? These are our servers. We get to decide who uses our free service, and people who do not have any sort of abuse control are filtered. I don't think you know enough about this case to comment, as is clear by your post as it makes little sense.

Why do you seem to think that IRC is a right? Are we getting paid? Why should we help Hetzner make money if they do not cooperate like other providers do? If they do not handle abuse? If they blatantly cause ddos by neglect due to paying low salaries that make it impossible for staff to handle things in a proper way?

I'm sorry, but we have no obligations to private companies. They have no obligations to us. It is a free world, and this was a decision made with that in mind.

This will be the last comment I make on a topic that has already been discussed way too much.

Johan
insidious
Posts: 0
Joined: Thu Apr 11, 2013 12:24 pm

Re: Recent klines of hetzner netblocks

Postby insidious » Thu Apr 11, 2013 12:35 pm

Well, EFnet has banned more than hetzner in a mass fashion lately. But, as an irc network administrator in the past. I completely understand the isp ban. More often than not, reporting issues to an isp, results in absolutely nothing. This passing of personal information to a private individual, could've caused serious personal harm. In my opinion, that's far worse than doing nothing at all.
I'd suggest opers/admins be given a strong confidentiality footer to use in any future correspondence. There could've been legal process that could've been taken if such an email was forwarded with that in place. Just a suggestion.

Peace be international! Hey Silence, love ya buddeh! >;)
nstlgc
Posts: 0
Joined: Thu Apr 11, 2013 3:09 pm

Re: Recent klines of hetzner netblocks

Postby nstlgc » Thu Apr 11, 2013 3:19 pm

I think Silence's last comment pretty much shows his colour. Sorry bud, but you come off as pretty immature. Yes, you don't need Hetzner. Yes, IRC is a right, not a privilige. Yes, you are some sort of IRC god that can take away priviliges. That doesn't make you right though.

You had problems coming from a server. Maybe the server was hacked, maybe the server owner was an evil guy, maybe the server was actually operated by Hetzner employees being malicious. You don't know.

You choose to contact the uplink of the box and send them your private information. For a second, stop and realise that you might already have sent your precious private information to the wrong guy in a certain scenario. Let's assume though this is not the real scenario, and Hetzner employees were not the malicious people you were after.

With them being an uplink, what would you expect them to do? Treat their customer as a criminal without proof? I think it is more than fair of them to assume that the customer is handling in good faith and forward them your email - the same would have happened if you had sent your email to an uplink of Hetzner: they would have forwarded your mail to Hetzner. Just what is it that makes you assume that Hetzner would do something different?

For years, we have been screaming that ISPs are dumb pipes. They should not police the internet.

That being said, your entire response focused not on that, but on the fact that it is your right to ban them from your servers. And you are right, IRC is a privilege. These are your servers, you can ban them. But that doesn't mean you are right in doing so - we just can't blame you for it.

Something happened that you didn't like and now you are wielding your powers to "show them". That is pretty sad. On top of that, your answer just makes you come off a bit childish.

Thank god not all server operators on EFnet seem to agree with you.
User avatar
Handle With Care
Posts: 182
Joined: Wed Oct 26, 2005 6:53 pm
Location: Southern California

Re: Recent klines of hetzner netblocks

Postby Handle With Care » Thu Apr 11, 2013 10:22 pm

Just some notes of interest: I've rarely seen any topic on these forums generate such interest (over 10k views in just a few days). However, it should be noted (click on the nick of the poster) that they seem to have registered on this board only to post here on this topic, which is their right. I observed over a hundred new registrees sitting on these forums on that initial day, when the numbers rarely exceed a dozen or two. It should also be be noted that posts of those just registered are held for a moderator. On checking the moderator logs, I find not a single post or poster has been deleted, i,e, all posts have been approved and all are displayed.

As for what happened, I observed several hours of discussions amongst EFnet admins and opers of much spam/flooding and DOS attacks eminating from hetzner and what should be done about it. I also observed reports of the disappointing results of attempts to get hetzner to intervene with their subscriber(s). The eventual actions were undertaken only after much discussion, waiting, and warning to hetzner of the consequences of them doing nothing.

Where do we go from here? If hetzner takes appropriate action to prevent EFnet servers being attacked again, I am sure the blocks will be removed. Hetzner is hardly the first provider to be blocked from EFnet. I've even seen other large networks block entire countries. If they don't, there are hundreds of other IRC networks and none of the objectors to EFnet's actions seem to be ignorant of that.

On a personal level, I've known Silence for a long time, as he is one of the senior EFnet admins, only being exceeded in age by a few, including me, who at almost 72, am the 2nd eldest oper on EFnet. I know (observed it) that he tried very hard to be helpful in this circumstance as he always does. Nobody blocks an entire provider without excellent cause.
Peter1976
Posts: 0
Joined: Tue Apr 09, 2013 4:50 pm

Re: Recent klines of hetzner netblocks

Postby Peter1976 » Fri Apr 12, 2013 10:41 am

[quote="Silence"][quote="Peter1976"]Silence,

This is not the 90's anymore. If you have beef with some criminal you approach your police department and file a complaint, they will handle the rest. If you have problems with that, try Europol they have a new cybercrime division. Approaching the abuse@ contact and hoping that the provider will do silent investigations themselves, such as sniffing, intruding on privacy is legally not acceptable. What were you expecting them to do? File a report to the police for you? Hopefully not act illegally or they'd get sued. No. Hetzner did all they could do and that was informing their point of contact that abusive behaviour was emanating from a server of theirs. Had they been served a court order from an investigator it may have gone down a little more silent. You brought this on yourself by not going through the right channels, and I have to search new ways to keep in touch with friends, in the worst case leaving efnet completely. -1.

-peter

PS: Hetzner gives out /64's in IPv6 space to customers, doesn't it make sense to block by the /64 first before going for the upstream?[/quote]

Why do you think we need Hetzner? What did we bring upon ourselves? These are our servers. We get to decide who uses our free service, and people who do not have any sort of abuse control are filtered. I don't think you know enough about this case to comment, as is clear by your post as it makes little sense.

Why do you seem to think that IRC is a right? Are we getting paid? Why should we help Hetzner make money if they do not cooperate like other providers do? If they do not handle abuse? If they blatantly cause ddos by neglect due to paying low salaries that make it impossible for staff to handle things in a proper way?

I'm sorry, but we have no obligations to private companies. They have no obligations to us. It is a free world, and this was a decision made with that in mind.

This will be the last comment I make on a topic that has already been discussed way too much.

Johan[/quote]

I don't think you need Heztner at all, let me tell you why I need them. They offer cheap VPS's that someone like me can afford, there world isn't made of just rich people you know. Furthermore Hetzner offers FreeBSD VPS's, something very different from the rest of the providers who seem to only jump on the Linux bandwagon. In my 2 years or so at Hetzner I've been very satisfied with them, and even today I won't be leaving them even if efnet bans them. When I said you brought this on yourself, it was about the fact that you set yourself up for leaking to the customer. Let me explain how Hetzner works. They aren't an ISP. They are a dedicated server and colo provider who happen to also offer VPS's. Their dedicated servers are pretty much money and not everyone can afford them, it's nice that they offer VPSs. On top of that there is customers at Hetzner that start-up their own VPS provision in fact becoming a VPS provider. They usually run a dedicated server with QEMU, VMware, KVM, or whatever else there is. They in effect become a lower Tier from hetzner. Hetzner realises this and thus a point of contact is set up, in case of email. So when an abuse comes in it is forwarded to this point of contact.

In your case the abuse was criminal. So one asks themselves why did you not approach your europol or police liason to manage this? That's what the police is there for! And you're not being leaked by them. The police work together in that if you... an efnet server in the Netherlands gets packeted and you contact your police liason they will work with the federal german police in cracking down these people. You don't approach the provider at all, the police do, after consulting with a judge of law who serves some kind of warrant. Hetzner surely has gone through these channels before and may even have infrastructure in place for the Kriminalpolizei.

As far as me thinking efnet IRC is a right. That's not what I think. I'm part of the efnet community and have been for 18 years, I've even been an efnet oper for a very short time. You come to realise after some while that IRC isn't just about the opers or their good and bad decisions but about the users who make this community flourish. Not all users coming out of some Internet corner are bad, but their options are limited on how they can reach this community. For example. I have several networks that I can use IRC from. Let's say three. One doesn't allow me to go on efnet due to policy, sucks I know but that's how it is. Another just has lost access to efnet and that's why I'm here. And a third still allows me access to efnet and that's why I'M still talking with my friends. Many of us have already branched out to other IRC networks because it is our opinion that efnet is shrinking/dying.

In the end, you blocked all of Hetzner. Bad decision. I keep on getting the idea that by your talk about Hetzner that there is some other cause why you would panic and ban the entire upstream network. But the decision is yours. Do remember that in the times of Soviet Russia when one person screwed up their entire community were punished. In the west we seem to think of this as a rather harsh and not free conduct. And seldom fair.

Last statement, I don't like my privileges being trampled on.

-peter
Silence
Posts: 13
Joined: Fri Aug 15, 2003 11:37 am
Location: Sweden

Re: Recent klines of hetzner netblocks

Postby Silence » Sat Apr 13, 2013 11:48 am

Hi,

I would just like to point out that this decision was hardly mine alone. It was a mutual decision amongst many admins, and many networks. I was not the one personally hurt in all this. I wasn't even involved in the original incidence, so to think that this is me acting out after having been personally offended, is poor judgment at best. I was merely behind the statement, in my role as EU-Secretary. I support the action wholeheartedly and do not feel a need to motivate who gets access to my servers.

But like I said, I consider this topic closed. This was not a decision made by me as a person, the server I represent, or even the network we are linked to. This was many people reaching the same conclusion at the same time, across three networks that I know of. That might be an indication. It might not be. Either way, let's all move on with our lives.

I am sure Hetzner can set up their own IRCD, if they want to. We are sorry this has affected you, but this really was the best solution.

Silence
Thunder
Posts: 0
Joined: Sun Apr 14, 2013 8:21 pm

Re: Recent klines of hetzner netblocks

Postby Thunder » Sun Apr 14, 2013 8:27 pm

IF they are banned how come people like storm and his jupes are still connected? (ASN:24940): IP: 2a01:4f8:131:3004::16a2:a74b. Company: HETZNER-ASHetznerOnlineAG. Is this selective removal of Hetzner and selective allowing of people? are some opers and admins allowing selective users to still connect even when they are known kiddies causing jupes and ddos and are known for not just ddosing other efnet users but for ddosing the efnet servers and ipv6 providers?
User avatar
Handle With Care
Posts: 182
Joined: Wed Oct 26, 2005 6:53 pm
Location: Southern California

Re: Recent klines of hetzner netblocks

Postby Handle With Care » Sun Apr 14, 2013 9:46 pm

Please provide logs of any misbehavior (violations of policies of EFnet or server to which they are connected) from these or any other IPs and they will be dealt with, as appropriate, at the next consistory.
Thunder
Posts: 0
Joined: Sun Apr 14, 2013 8:21 pm

Re: Recent klines of hetzner netblocks

Postby Thunder » Mon Apr 15, 2013 12:34 am

router (solaris@2a01:4f8:131:3004::16a2:a74b)
serv : irc.homelien.no Who Cares
host : 2a01:4f8:131:3004::16a2:a74b

ok so proof its connected is there as dropped the ip and asn and who owned the ip was not enough.. you can see router is connected via irc.homelien.no thats a hetzner ip... you did NOT answer the question and it was , so since there are still hetzner blocks on efnet does this mean admins and opers are selectivly allowing people access from netzner blocks? if so why allow packet kiddys to connect still? I thought this was a global choice. whats the point in this thread , are you saying unless you threaten efnet ircd's with ddos you will not get the privlidge of using efnet? what happened to uniformity in choices and matters? I was helpfully pointing out that if you are tyring to kline all of hetzner apparently you are missing some blocks because its still there in part. or is this going to be another " look in the other direction " kind of situation when someone points something out....
User avatar
Handle With Care
Posts: 182
Joined: Wed Oct 26, 2005 6:53 pm
Location: Southern California

Re: Recent klines of hetzner netblocks

Postby Handle With Care » Mon Apr 15, 2013 1:31 am

That is something that is more appropriately addressed directly to hetzner. Without logs of actual misbehavior, there is not much that can be done. Mass blocks for all of EFnet is only done after consultation and agreement of EFnet admins.
User avatar
Kottalizer
Posts: 18
Joined: Sat Jun 25, 2011 1:11 pm

Re: Recent klines of hetzner netblocks

Postby Kottalizer » Thu Apr 25, 2013 8:29 am

User avatar
Handle With Care
Posts: 182
Joined: Wed Oct 26, 2005 6:53 pm
Location: Southern California

Re: Recent klines of hetzner netblocks

Postby Handle With Care » Thu Apr 25, 2013 6:07 pm

This situation would be an exception. On complaints of misbehavior, logs are necessary. Of course, any log can be "adjusted," which is why it wouldn't necessarily be accepted as fact, but, rather, initiate further investigation. In this particular instance, since no requested log was supplied, the issue is moot.

Return to “General”

Who is online

Users browsing this forum: No registered users and 2 guests