Jason's Site

I’m sure I’m not alone in hating Spam emails, but we get used to all these common emails for extensions of genitalia and performance enhancing drugs and we quietly discard them, because it doesn’t matter how hard we try, they’re still going to squeeze through occasionally. However, I do not give my email to companies, I, infact create COMPANYNAME@domain for all dealings, thus knowing where “Spam” emails come from. Unfortunately, my domain had spam before I owned it, so stopping some of it really is impossible.

What really ticks me off, is when and email comes to my real email address and is a “marketing email” from a company I have never given my email address to. I have dealt with the company, but only in cash and in person. However, the owner of this company is also a member of a club that I attend. This makes me think that he has taken my email from the confidential systems that are part of that club. I have asked politely that he removes me from his mailing list to no avail and today received yet another SPAM email from him.

At this point, I decided to take things a little further than a polite note asking to be removed, and have sent an email quoting The Privacy and Electronic Communications (EC Directive) Regulations 2003 (No. 2426) Section 22 to him. I have also quoted Data Protection Act 1998 (c. 29) Section 7 and Section 11, demanding that he removes me from his list, and informs me as to where he retrieved my details from. I’ll be honest, I’m a little fed up with this particular individual, and I’m not too fused about pissing him off a little. However, as he is running a business, and part of my grudge is personal, He and his company will remain anonymous on here.

My problem with this is I take Spam coming in quite seriously, I work hard with companies to reduce the amount of spam they receive, I help out various networks to identify where spam is coming from and where email lists are obtained, so for someone that I know to be doing it I find Very frustrating.

A few months ago, I asked an internet provider,Timico, with which I have a co-location server with if they would supply IPv6 on their network. They told me there were currently no plans to implement it. OK, fine, I’ll use another method, Tunnelling. This is fine, there was a way around the problem, and everything worked fine.

Today, however there was a BBC Article explaining that IPv4 was going to run out soon. well, this isn’t news to me, but reading further into the article, there was news. From the BBC Article: “Unless more ISPs and others start to adopt IPv6 those delays could start to hit general web browsing, fears Mr Davies.” Now. Mr. Davies is Trefor Davies, the Technical Director for Timico. Hold on a moment. Timico told me they had no plans for IPv6. so what’s he talking about?

I have done a small amount of digging, and on Trefor’s personal blog, on the 25th February (only a few weeks after I was told that there were no plans to implement) he said that IPv6 is almost running on the Timico core network. So, why is it not available to their customers, and why have they delayed it this much. I have been using IPv6 for some time now, long before my blog stream started. To start with it was Tunnelled and now I have Native at home, though I’m still Tunnelled at the office, mostly due to some firewall restrictions.

Anyway, My problem with this is that Trefor is quoted saying that people need to move to IPv6, well, they do, but why should he be saying this when the ISP that he is a director of, does not offer it to their customers. My Chosen ISP at home (AAISP) does offer IPv6, they also offer it tunnelled or native, and have done so for a very long time. I have emailed Trefor, and Hopefully he can let in some light about his comments and why he thinks he should be able to say what people should be using when he doesn’t offer what he says they should.

possible updates depending on Trefors response. :-)

I am no longer a “Subscriber” to the internet. I am instead a “Communications Provider” but, what does this mean?

Well, it means I provide some form of Communications to other people at no cost to them and with no contract. In my case I offer Open Public Wifi access for free. It has users using it, and all woks well. I have also made my ISP aware that I am a Communications Provider (infact, it was their idea). There are a number of reasons to do this, the biggest is just to prove how stupid laws can be. The New DEB pretty much makes you guilty of downloading before you’ve even thought about doing it but only as a “Subscriber” (which I now am not). Now, I haven’t downloaded music or video’s, etc for many years. and neither have I bought any. The thought of going to the shop to buy a disk with music on when I’ve not heard any of it and don’t know if I will like it is ludicrous. 5 years ago I downloaded music, if I liked it I went and bought it, if I didn’t like it I quietly discarded it, I don’t really see anything wrong with this. would you go and buy a car without test driving it? would you buy a house without viewing it? no, you wouldn’t. Anyway, I don’t agree with a “guilty until proven innocent” and I dislike being declared “Guilty” on an assumption. I have a network with 10 PC’s why do you think it’s me that’s downloading? could be any of the other people. It is for this reason that I have moved to be a Communications Provider.

I don’t intend on doing any downloading, and maybe I’m making myself automatically guilty by putting myself down as a Communications Provider, but they’re going to have to really prove that *I* was doing the downloading. Given I host public access wifi, good luck with that one. What I’m actually doing is sticking up my middle finger at Labour, and showing them why the law doesn’t work, and why they shouldn’t rush these things through just because there’s an election going on. There’s more important things to worry about.

I think what annoys me the most about this whole thing is the Music Industry, By which I mean the record labels, think they’re losing money, well the artists I saw complaining about people downloading had such shite music I wouldn’t even use it to wipe the dogs arse with. The artists that appears to agree that downloading music could be OK if you could some how monitor it, or limit it, and that it was “The way of the future” are the ones that have good music. The pattern, ah, that’s right, if you write good music people will pay you anyway, if you’re shit people wont. I’m betting everyone that downloaded the music of the complaining artist probably quickly discarded it straight after.

Anyway, back to the point, there are ways around the DEB, and I’m only mentioning one of them here. I’m not the only one doing this, and some ISP’s are advising people do. keep in-mind that an ISP isn’t going to want to send you letters telling you they’re going to disconnect your internet, this would be complete corporate suicide. I advise anyone that can to put themselves down as a Communications Provider, and show the government what’s wrong with their system. Note you can be a Communications Provider even if you just offer the internet to anyone in your own house that is not the “subscriber”, you don’t have to open a network up for public access.

Ok, so I’ve been slacking again. Actually, I’ve been busy. Recently our VOIP server was receiving a SIP registration attack. the source IP was one from Amazons EC2 Network. having blocked them on the firewall at my end-point, the attack continued to try and send data to my system. I followed protocol, and sent an Abuse report to Amazon EC2. The abuse report contained a graph of the on-going data, seen here:

It also contained a cut-down of the logs, showing which IP from their network was attacking our system and an explanation of what was happening. This was also CC’d to my ISP, I don’t normally CC them in on abuse reports, as when sending them for SSH attacks there’s alot of them, however, this isn’t the first time it’s happened from the Amazon network, and the data usage was incredibly large. and persisted even after blocking on the firewall. Fortunately for me, My ISP (Andrews and Arnold) give me a lot of control over my lines, including routing tables specific to IP’s that I have allocated and in this instance it took un-routing the subnet from my lines before the traffic stopped (though, according to someone at my ISP, the attack continued for some hours after un-routing the subnet).

Anyway, I received a response from Amazon today, they quoted the IP Address of my server that the attack was going to and had this to say:

Thank you for submitting your abuse report. There was no single customer using the source IP address(es) during the time you provided. This may be due to the fact that we do not own the IP address(es), the time or time zone you provided was incorrect, or there were multiple customers with instances running during the time and IP address(es) you specified. You may try re-submitting your report with a different time if you wish.

What that reads to me is “I didn’t actually look that closely to the logs and ignored most of the information that told me the time-zone in which your network is using, I also don’t know how to read logs, and assumed the IP address was a different one from what you had quoted” I have responded, telling them of their mistake. I have told them again which time-zone the logs are in, and I have told them again which IP Address they should be looking at in the logs. Today, the entire Amazon EC2 network has blocked access to my VOIP Server. What this means is that if there is anyone using Amazon EC2 legitimately for a VOIP server, they can not directly call our numbers.  I doubt this actually happens very often anyway but the least I expect from a company like Amazon when sending in an abuse report is that they actually give it to someone that has more than a single brain cell and doesn’t know what a computer is.

We’ll see what happens with this, but I’m not hopeful, and will never recommend Amazons EC2 service to anyone.

J