http://www.aviary-mag.com/News/Command/command.html

Chain of Command

        Since November of 1998 I have learned a lot of things in relation
to the Internet, administrators, ettiquete, and more. The biggest lesson I
have learned is that I am far more tolerant than these high and mighty
egocentric admins of large networks. I apparently apply more common sense
and logic to a problem as well as give everyone a fair first chance. Yet I
receive none of that in return and I can't quite figure out why. Is it
because my web site has a few bad words on it? Questionable morals? Or
maybe that the web site has a bad "feel" to it? Or is it that other
administrators have lost the hand-me-down legend of net etiquette in
contacting other sites. 
        I am now learning that almost once a week (if not more often),
someone is complaining to my upstream provider about some content or some
user activity on my system. In the past it has been for "partial nudity",
"libel", and "portscanning" them among other things. Not once..  not a
SINGLE time have any of these people contacted me about any of these
problems. For some unknown reason, they have automatically deemed that I
will not help them or can not help them. But wait, it gets better. 
        Not only did they NOT contact the administrators of my system (by
mailing root@), they did not contact the designated Internic contact for
my domain either. Instead, they mailed my upstream provider with various
complaints, and didn't even carbon copy me in on the complaint. At what
point did any of these people determine that I could or would not help
them? Or do they not know of simple internet etiquette in matters like
this? I am hoping it is simply the latter.

        Many a year ago... oh, wait. That was only a couple years ago at
best. So a couple years ago, when an administrator had a complaint about
offending activity from one system directed toward their own, they
followed a certain unwritten procedure in dealing with it. The offending
behaviour could have been anything from hack attempts, to unwanted spam,
to anything else deemed undesirable. The previously unwritten rules that
were generally accepted went something like this. 

        1. mail the offending system with a polite letter explaining
           the problem. include logs or something more concrete than
           "because i said so".

           give the admin time to respond as they could be out of town,
           busy, or anything else.

           if they respond, resolve the problem accordingly.

        2. if the admin of the offending system doesn't respond, send
           a second piece of mail. they may not have received the first.

        3. if they STILL don't respond, use the 'whois' utility to find
           out who the designated contacts for the domain are. The output
           of this utility looks something like:

           Registrant:
           Offending Domain (OFFENDING-DOM)
              123 Offending St
              Anywhere, AZ 85022
              US

              Domain Name: OFFENDING.COM

              Administrative Contact, Technical Contact, Zone Cotnact:
                 Jericho, T  (TJ2573)  jericho@ARBITRARY.COM
                 602.321.1234 (FAX) private
              Billing Contact:
                 Jericho, T  (TJ2573)  jericho@ARBITRARY.COM
                 602.321.1234 (FAX) private

           This information provides you at least one (often two) points
           of contact in case you have problems. In some cases this may
           point back to the person you were previously trying to reach.
           Either way, send a quick note saying you are having difficulty
           reaching the administrator of the offending system, and include
           the mail you sent to them.

        4. If the Administrative, Technical, Zone, or Billing contact is
           not responsive or not willing to help, THEN you move on.
           When you did a 'whois', you should have noticed two other 
           fields that point you in the right direction.

              NS1.UPSTREAM.NET              103.108.100.100
              NS2.UPSTREAM.NET              103.108.100.101

           This shows you where the offending domain gets their Name
           Service. This is often a good indication of where they are
           getting their upstream service from. To verify that, you can
           also utilize a utility called 'traceroute' (on unix systems),
           or 'tracert' (on Win* systems).

           flatland ~$ traceroute host.offending.com
           traceroute to host.offending.com (128.11.253.197), 30 hops..
           1  plasma.dimcom.net (206.124.0.1)  1.514 ms  1.504 ms  2.036 ms
           2  157.130.160.121 (157.130.160.121)  2.809 ms  2.814 ms  3.177 ms
           [snip...]
           10  137.39.22.158 (137.39.22.158)  81.511 ms  72.287 ms  70.387 ms
           11  domain-gw.customer.ALTER.NET (157.130.224.94)  71.360 ms 69.397 ms  78.453 ms
           12  128.11.253.197 (128.11.253.197)  71.545 ms  131.132 ms 156.269 ms
           flatland ~$

           Between the Name Service records from 'whois', and the 11th
           hop shown on the 'traceroute', we can tell that "domain.net"
           provides service to "offending.com". 

        5. If mail to the administrator of the offending system
           (root@offending.com AND postmaster@offending.com) go unanswered,
           and mail to the technical/administrative contact also
           go unanswered, then mail the upstream provider. When you mail
           them, include mail previously sent to the other parties
           and a short note saying that you received no response. You
           should also carbon copy (cc:) all previous parties as a common
           courtesy. This shows that you have tried to resolve your
           problem with the offending party and are seeking assistance
           from a 'higher power'.


        While the preceeding steps may seem long and drawn out, they are
quite simple and logical. They give everyone a chance to help you in the
most practical order. Administrators of an offending domain will be in a
position to help you the most as they have full access to the machine and
logs needed to resolve an issue. 

        Before you begin to practice these steps, consider what you are
mailing about. One of the complaints leveled against my domain in the past
is for us having "partial nudity" on our site. Running through all of the
pages on site, there are only a handful of images that may come close to
'partial nudity', two of which are artistic images.  The others are
contained on mirrors of previously hacked web pages.  Either way, all of
these images fall under our "WARNING & DISCLAIMER"  (typed out exactly
like that) on our front page. That link warns users that some content on
our pages might not be suitable or may be somehow offensive. It further
says that if that is a problem, to move on and not view our site. 
        As much as an idea or image is offensive to you, the first
ammendment does exist. Sites that give warning such as mine are being
considerate of your feelings and going out of their way to shield your
eyes from material that may bother you. That is a sign of a courteous
administrator. The kind that is probably willing to help you should you
have any other problems. That in mind, do the courteous thing yourself
next time you have a problem. Give the administrator of the offending
domain a chance to help. Afterall, they may have three, twenty one, or
fourty eight THOUSAND users they are responsible for. 


Brian Martin Copyright 1999 Brian Martin -EOF