Net Neutrality
What really confuses me about the net neutrality issue is when telco execs say things like this.
"Now what they would like to do is use my pipes free, but I ain't going to let them do that because we have spent this capital and we have to have a return on it. So there's going to have to be some mechanism for these people who use these pipes to pay for the portion they're using. Why should they be allowed to use my pipes?
The Internet can't be free in that sense, because we and the cable companies have made an investment and for a Google or Yahoo! (YHOO ) or Vonage or anybody to expect to use these pipes [for] free is nuts!"
AT&T is a tier-1 network (specifically, AS7018), which means that it connects freely (peers) with other tier-1 networks. Tier 2 networks peer with some networks, but also purchase transit with tier 1 networks, offering money in exchange for the larger network relaying packets to other destinations. Consumers (both individual and business) often purchase bandwidth from tier 3 networks, which are connected to other networks only with transit agreements. Hence, when a company like Yahoo or Google purchases an OC-192 or what-have-you from a second or third tier network (an ISP), part of the money they pay to that ISP is used to purchase transit with larger networks like AT&T.
SBLD Statistics
I wrote a quick script to analyze the logs generated by SBLD. You can pull them out of syslog, or (as I'm doing), have your log checker aggregate SBLD events for you. I'm making the statistics for my site available here, as a resource for others.
SBLD - The SSH Blacklist Daemon
If you run a server with SSHD exposed to the internet, chances are that server is being scanned for common username and password combinations. These often appear in the authorization log (/var/log/auth.log) as entries like:
cr:code
Jun 12 13:33:57 localhost sshd[18900]: Illegal user admin from 219.254.25.100
Jun 12 13:37:17 localhost sshd[18904]: Illegal user admin from 219.254.25.100
Jun 12 13:37:20 localhost sshd[18906]: Illegal user test from 219.254.25.100
Jun 12 13:37:22 localhost sshd[18908]: Illegal user guest from 219.254.25.100
</cr:code>
Extend that for several hundred lines, and you’ll have an idea of what one scan looks like.