Re: [cobalt-users] Hijacking of Cache Servers

[Kris Dahl <kris@xxxxxxxxxxxxx>]

> Actually I could afford a PIX and/or pay $200 per hour for support.  I just
> don't see the point in spending $200 bux an hour for support.  In most cases
> in the past when I have shelled out the per hour or per minute fees on
> support issues it has been to talk to some flunky that doesn't sound like he
> knows how to operate a telephone.  One example was with a problem with an
> Ascend Max...I run 17 of them so I know them pretty well inside and
> out...but had one that just refused to accept ISDN calls...Called their
> support line after hours which was a 900 number at something between 2 and 5
> bux a minute..can't remember the exact details..and the guy on the other end
> could just say..boy that's strange...sheesh.

Yeah... that was what I figured.  You sound like you are running a serious
enough operation, to where the issue isn't weather to pay for support or buy
new hardware, but that you'd like to get the problem resolved.  It is also
something that CacheRaq owners need to be aware of, so thanks for bringing
it up on the list.

I still think it may be a good idea to get PIX--I'm trying to get clients of
mine to take firewalling seriously and invest in something like the PIX,
etc.  Even with a good firewall installed, there is still a lot of ways to
get into and mess up stuff on your network--just seems prudent.

> I also HATE companies that sell you a product with one support structure in
> place...and then change it and try and gouge you for money on support
> issues.  And $200 bux per hour is just flat out ridiculous.

If I was still at ATC and you bought your gear from us, we'd have taken care
of this issue for you.  It may have been for a charge, but it wouldn't have
cost much.  Part of maintaining the equipment, I guess.  We may very well
have done it for no-charge, depending on the scope of the original
installation, amount of work required to make the change, etc.
 
> That's like me selling a customer a dialup account and then when they call
> to ask how to set up their computer telling them after the fact that I'm
> going to charge them $200 bux an hour to help them out.

Yeah, but that is kinda comparing apples to oranges.  This is a caching
device, and it works pretty well as that.  Locking down the security is a
configuration thing that is optional and the responsibility of the end-user
(or the systems engineer who sets it all up).  To use your analogy, it would
be like ordering a dial-up account, getting it all set up and running, and
then contact your ISP asking them how to secure your computer.  I guarantee
if the ISP offers that sort of services (some do), they charge for them.
And the scale is a little different--amortize a dial up cost for year, say
$250/yr.  On that scale, it'd be like the ISP charging less than $10/hour
for security services.  So as far as the TCO, $200/hr isn't really that
much, I guess is what I'm saying.

I am surprised that there isn't a way to lock that stuff down from the GUI,
but I guess it never occured to anyone that a cache would get hihjacked.

Possible reason why they did it: to try to gain more 'hits' on porn banners,
etc.  You can make it look like the same user is coming from multiple IPs.
WHo knows.

-k