SDF Punted, Due to DDOS

bullshizzle writes "The longest running Public Access UNIX System (SDF, running BSD) est. 1989 had their services terminated abruptly by NWLink because of a DDoS attack. Termination was carried out immediately without prior notification, which violates their contract (page1, page2). Complaints can be filed to the Washington State Attorney General's Office by filling out this simple form conveniently located online. You can follow the story at lonestar.org." While still bad, I've been corrected - SDF was *not* the longest running public access Unix - ArborNet (Located right here in my town) has been around for at least a number more years.

Easy to get rid of a company you don't like

[Zeinfeld]

Looks to me as if NWLink set an idiotic precedent. Someone attacks your site, they yank the plug.

The problem I have with the stories is that they are very brief, only giving one side. One wonders if there was more history here.

Can you say "lawsuit"?

[john.r.strohm]

Disclaimer: I am not a lawyer, and I do not play one on TV. Having said that, based on a quick read of the contract, NWLink is on very shaky legal grounds, and SDF looks to have a very solid case against them.

Sorry Won't Fly.

[linuxdoctor]

According to the copy of the agreement, "Northwest Linux may terminate the Agreement at any time and for any reason by prividing written notice of termination and refunding a pro rata portion of fees paid by Customer to Northwest Link for servies not yet rendered."

It doesn't say "prior written notice" but simply "written notice." That means that they can pull the plug on you at any time and tell you why afterwards.

It's interesting that the previous sentence says "either party" can terminate only for breaches of the contract that are not corrected within 15 days. In reality that only applies to Customer since the next sentence authorizes Northwest Link to do whatever it feels like doing.

Anyway, we only have half the story. It would be nice to see what Northwest Link has to say.

Tough luck.

What a shame! And who's to blame?

[teqo]

I have got my SDF public shell access at lonestar about two years ago, and I love it! It's (almost, because they required people to send in a buck to show they seriously want to use it and don't create lots of fake accounts) free, they have nice services, rely mostly on their users' affection and willingness to donate money or equipment to them, and you can upgrade for some money to use more features... I hope they will manage to migrate to their new hoster...

What puzzles me is that NWLink seemd to have disconnected SDF because they fell preyto some DDoS'ing, they were not actively involved in some (D)DoS towards other sites, at least that's how I read the announcement!

Consequently, this DDoS might have been one of the most successful one reported, since it not only hogged their connection and thus technically Dos'sed them for a while, but this led to some organizational DoS carried out by NWLink!

How can they dare blaming the victim? And how can they dare putting all the consequences (that is, disconnection) onto the victim as well? Is this legal? Is this good practice? And: Does it help stop the DDoS towards SDF? Okay, the target host(s) is/are down, but the packets might rush to the dangling patch cable end anyway, crossing NWLink's infrastructure...

All in all: Thanks to the DDoS people attacking a nice and free public service! :( (Not that I am some DDoS fan of any kind, but aren't there much more promising targets out there, both in terms of popularity, evilness and challenging huge trunks? Or did some script kiddies just got their shell accounts revoked, and now they felt like stomping their virtual feet? I hope you have learnt to deal better with your frustration by the age of 12...)

And big thanks to NWLink for dealing with a customer's problem in a great and professional way by supporting a DDos through fully shutting down services!

--
"Where do you wanna go today / Somewhere you could never take me"
-- Chumbawamba

Why don't the police think of this?

[pyramid termite]

Clearly, if they started arresting the victims of crime, crime would instantly stop as all the victims would be in jail and safe from the criminals out roaming the streets. It's just another example of how the online world is showing society new and innovative ways to solve serious problems.

why oh why

[womby]

at long last an ISP starts to take ddos sources seriously and then they throw the baby out with the bath water.

if my link was being used to host a ddos attack I would hope I could get notified of the problem and some assistance in fixing it.

to clean up the net we have to educate the users not move them somewhere else, though not for one second am I sugesting that these perticular admins needed educating but they did need notifying.

--required "I remember when"

years ago I was network admin in the UK for a company our exchange server was managed by the US office (the whole globes exchange services where US managed)

I realised that our server was an open relay and notified my director in the US and was told that it didnt matter because nobody would scan us why would anybody scan an advertising agency.

a quick install of snort on another box and a week later I had proof that we were being scaned.

still no action

a couple of weeks later our ISP sent us an official letter in telling us to fix the relay or be booted.

they could have booted us at any time but they did the right thing and warned us first.

the relay was fixed.

SDF was moving

[Fencepost]

The interesting thing about this is that SDF was down on Thursday for a scheduled move to a new location (still on NWLink, but a better facility) and simply never came back up. First it was delayed due to instability in NWLink's internal network, then apparently by just being disconnected.

Personally I find the timing suspicious - the move was originally scheduled for earlier in the week, then was delayed at NWLink's request, then when it actually happened "Oh, we're disconnecting you." Did they decide some time ago to get rid of those pesky SDF people and just try to make it look like an SDF problem instead of a NWLink disconnect?

Northwest Link

[chuckw]

I used to have a dial-up account with Northwest Link circa 1998. They are quite possibly the rudest, most disorganized people I have ever worked with. They double billed me for the first three months of my service, and then they proceeded to bill me for 3 months of service after I cancelled my account.

I cancelled my account in mid 1999 because I got DSL. I received confirmation of this. Four months later I received a collection agency notice saying that I had not been paying my bill (on an account that I had cancelled). I responded with plenty of evidence that I had cancelled the account. The mailed response ignored any of my evidence and re-iterated the original claim. I finally called the NWLINK offices and talked to the NWLINK collections guy. I don't recall his name, but the collections guy sounded like the most crochety old man I had ever heard. I stated my case and his response was, "Pay your damn bill! We don't run a charity here!!!". It was as if he hadn't even heard a word I said, or as my father likes to say, "we were having two spearate conversations". I got the feeling that he thought I was some punk kid trying to scam NWLINK out of a few months of service.

I will never again do business with them. To those who have asked me about Internet Service Providers over the last 4 years, I have advised that they not do business with NWLINK either. I doubt I've made any impact on their bottom line, however I can assure you that the $75.00 they got out of me cost them at least ten customers. I mean really, all they had to do was treat me with a little respect regardless of who was right and who was wrong...

Solution: attack all of NWLink's other customers

[bee]

Think we could drive NWLink out of business by simply attacking all their customers, one by one?

After all, if they drop customers just because they're being attacked..