Post #333,460
9/30/10 5:35:03 PM
|
Speaking of Nagios
I've personally blocked quite a few hosts that have poorly configured nagios systems that have sent notifications just as fast as the computer(s) can send them. To be sure, we tend to do so for a short length of time, but they fit the definition mooted above and were completely responsible for denying the use of the service by others because they've attempted to mail us several hundred times a minute.
Are we supposed to not do this, despite the fact that I'm sure the subscriber(s) in question probably became very relieved when their phone stopped ringing every couple of seconds?
|
Post #333,464
9/30/10 5:58:53 PM
|
Preventing use of the service by others is covered in ToS
It's a DOS attack. Intentional or not, I don't hear anyone opposed to blocking that.
--
Drew
|
Post #333,473
9/30/10 7:05:49 PM
|
We are not using the ...
direct to SMS delivery.
We use the SMTP gateway, which is a "natural" throttle.
|
Post #333,489
9/30/10 10:33:56 PM
|
Yes, that is the part of the infrastructure that I run
and it amounted to a DoS attack on it when a Canadian uni had a badly configured set of Nagios boxes run wild last week. Sure, it's a natural throttle, but when the mail server is throttling it, it's throttling everybody else using it as well.
|
Post #333,531
10/1/10 10:43:23 AM
|
I'm sorry... I should have said...
*MY* outbound mail server for our nagios system (it delivers it locally to the machine's SMTP Agent) does not do batch mode. It also does *not* send out 150 messages, using 150 connections at the same time to the same MX records. Its purposely setup to do them all serially.
Sure, I sometimes get a few hundred messages in 15 minutes. But every single one of them is sent ... singly and one at a time to the same MX record.
Now, if my nagios server needs to send out messages to a few AT&T recipients, a few Verizon recipients, a few T-Mobile recipients and a few Rogers recipients all at once, there will be multiple mail drops happening at the same time to each MX, but serially for those MX records.
I guess, I thought through this a bit more than others, as I am the recipient of some Denial of Service attacks... I didn't want to be a perp.
Many people don't test and just assume things are good.
I also, once I have an incident... I turn off notifications... until the event is past.
I guess I'm not the norm.
|
Post #333,472
9/30/10 6:58:09 PM
|
We only send to those that are supposed to...
And they are definitely responsible for the systems they are notified for.
We use the SMTP gateways to not overwhelm the services. (10digitnum@vtext.com... etc... 1234567890@rogers.com) and we deliver singly, not in batch mode.
Verizon delivers in mere seconds. AT&T delays up to 30 minutes. T-Mobile doesn't delay more than a minute. Rogers is also near instantaneous.
Dunno. But this is not that tough.
|
Post #333,478
9/30/10 9:42:35 PM
|
Possible SES?
That's "Shit's Easy Syndrome". You obviously know way more about it than I do, but Box does do this for a living. Easy for you doesn't necessarily mean easy for him, and I don't like making promises on other people's efforts.
However ... I still say if you can prioritize it, and they can, that that's all you need to do. Automated messages always get last priority, problem solved.
Here's my assumption, by the way: Once the hardware and software is in place to do this at all (including the gateway Box mentions), I assume that the incremental cost of each message approaches zero until you reach saturation of some part of the system and have to increase capacity. Is that a valid assumption?
--
Drew
|
Post #333,487
9/30/10 10:00:55 PM
|
headcount doesnt approach zero
Any opinions expressed by me are mine alone, posted from my home computer, on my own time as a free American and do not reflect the opinions of any person or company that I have had professional relations with in the past 55 years. meep
|
Post #333,492
9/30/10 10:37:35 PM
|
Actually, prioritizing automated messages last
would be a terrible idea. Automated messages make up the majority of all legitimate messages we handle... and they are generally considered very important by the customers that use them. We get to hear about it sometimes when they're delayed by ten minutes; some very major Canadian inet services use us to notify their employees of problems.
|
Post #333,490
9/30/10 10:34:47 PM
|
Heh
Rogers is the smtp gateway that I actually admin.
|
Post #333,533
10/1/10 10:46:50 AM
|
Look at the post where I explained...
|
Post #333,625
10/3/10 2:33:52 PM
|
Just did read that
and no, you're not the norm. Well, semi norm? I guess most people have it set up alright, but the ones that don't end up causing us huge problems, so we really get to notice those ones.
|