http://www.aviary-mag.com/News/Command/command.html Chain of Command Since November of 1998 I have learned a lot of things in relation to the Internet, administrators, ettiquete, and more. The biggest lesson I have learned is that I am far more tolerant than these high and mighty egocentric admins of large networks. I apparently apply more common sense and logic to a problem as well as give everyone a fair first chance. Yet I receive none of that in return and I can't quite figure out why. Is it because my web site has a few bad words on it? Questionable morals? Or maybe that the web site has a bad "feel" to it? Or is it that other administrators have lost the hand-me-down legend of net etiquette in contacting other sites. I am now learning that almost once a week (if not more often), someone is complaining to my upstream provider about some content or some user activity on my system. In the past it has been for "partial nudity", "libel", and "portscanning" them among other things. Not once.. not a SINGLE time have any of these people contacted me about any of these problems. For some unknown reason, they have automatically deemed that I will not help them or can not help them. But wait, it gets better. Not only did they NOT contact the administrators of my system (by mailing root@), they did not contact the designated Internic contact for my domain either. Instead, they mailed my upstream provider with various complaints, and didn't even carbon copy me in on the complaint. At what point did any of these people determine that I could or would not help them? Or do they not know of simple internet etiquette in matters like this? I am hoping it is simply the latter. Many a year ago... oh, wait. That was only a couple years ago at best. So a couple years ago, when an administrator had a complaint about offending activity from one system directed toward their own, they followed a certain unwritten procedure in dealing with it. The offending behaviour could have been anything from hack attempts, to unwanted spam, to anything else deemed undesirable. The previously unwritten rules that were generally accepted went something like this. 1. mail the offending system with a polite letter explaining the problem. include logs or something more concrete than "because i said so". give the admin time to respond as they could be out of town, busy, or anything else. if they respond, resolve the problem accordingly. 2. if the admin of the offending system doesn't respond, send a second piece of mail. they may not have received the first. 3. if they STILL don't respond, use the 'whois' utility to find out who the designated contacts for the domain are. The output of this utility looks something like: Registrant: Offending Domain (OFFENDING-DOM) 123 Offending St Anywhere, AZ 85022 US Domain Name: OFFENDING.COM Administrative Contact, Technical Contact, Zone Cotnact: Jericho, T (TJ2573) jericho@ARBITRARY.COM 602.321.1234 (FAX) private Billing Contact: Jericho, T (TJ2573) jericho@ARBITRARY.COM 602.321.1234 (FAX) private This information provides you at least one (often two) points of contact in case you have problems. In some cases this may point back to the person you were previously trying to reach. Either way, send a quick note saying you are having difficulty reaching the administrator of the offending system, and include the mail you sent to them. 4. If the Administrative, Technical, Zone, or Billing contact is not responsive or not willing to help, THEN you move on. When you did a 'whois', you should have noticed two other fields that point you in the right direction. NS1.UPSTREAM.NET 184.108.40.206 NS2.UPSTREAM.NET 220.127.116.11 This shows you where the offending domain gets their Name Service. This is often a good indication of where they are getting their upstream service from. To verify that, you can also utilize a utility called 'traceroute' (on unix systems), or 'tracert' (on Win* systems). flatland ~$ traceroute host.offending.com traceroute to host.offending.com (18.104.22.168), 30 hops.. 1 plasma.dimcom.net (22.214.171.124) 1.514 ms 1.504 ms 2.036 ms 2 126.96.36.199 (188.8.131.52) 2.809 ms 2.814 ms 3.177 ms [snip...] 10 184.108.40.206 (220.127.116.11) 81.511 ms 72.287 ms 70.387 ms 11 domain-gw.customer.ALTER.NET (18.104.22.168) 71.360 ms 69.397 ms 78.453 ms 12 22.214.171.124 (126.96.36.199) 71.545 ms 131.132 ms 156.269 ms flatland ~$ Between the Name Service records from 'whois', and the 11th hop shown on the 'traceroute', we can tell that "domain.net" provides service to "offending.com". 5. If mail to the administrator of the offending system (firstname.lastname@example.org AND email@example.com) go unanswered, and mail to the technical/administrative contact also go unanswered, then mail the upstream provider. When you mail them, include mail previously sent to the other parties and a short note saying that you received no response. You should also carbon copy (cc:) all previous parties as a common courtesy. This shows that you have tried to resolve your problem with the offending party and are seeking assistance from a 'higher power'. While the preceeding steps may seem long and drawn out, they are quite simple and logical. They give everyone a chance to help you in the most practical order. Administrators of an offending domain will be in a position to help you the most as they have full access to the machine and logs needed to resolve an issue. Before you begin to practice these steps, consider what you are mailing about. One of the complaints leveled against my domain in the past is for us having "partial nudity" on our site. Running through all of the pages on site, there are only a handful of images that may come close to 'partial nudity', two of which are artistic images. The others are contained on mirrors of previously hacked web pages. Either way, all of these images fall under our "WARNING & DISCLAIMER" (typed out exactly like that) on our front page. That link warns users that some content on our pages might not be suitable or may be somehow offensive. It further says that if that is a problem, to move on and not view our site. As much as an idea or image is offensive to you, the first ammendment does exist. Sites that give warning such as mine are being considerate of your feelings and going out of their way to shield your eyes from material that may bother you. That is a sign of a courteous administrator. The kind that is probably willing to help you should you have any other problems. That in mind, do the courteous thing yourself next time you have a problem. Give the administrator of the offending domain a chance to help. Afterall, they may have three, twenty one, or fourty eight THOUSAND users they are responsible for.
Brian Martin Copyright 1999 Brian Martin -EOF