Chat Network Ban: Lessons in defective communication

Posted on September 24, 1999 
Filed Under CNET, Julian

By Julian Matthews

Sept 24, 1999, Kuala Lumpur — On August 16, when Malaysians Internet users were conditionally banned from accessing the Undernet, a popular chat network, the news was greeted with little surprise.

Malaysians chatters were notorious for being regularly banned or in chat parlance, k-lined, from other networks including DALnet and EFnet.

The bans were typically imposed for abuses to the acceptable use policies of these networks – usually for attempts to disrupt or eliminate conversation or harass other chatters or for deliberate attacks to bring down chat servers.

Last week, local Internet Service Provider Jaring claimed it had identified the source of the abuse as coming from a single group of users from a local university.

The hackers apparently broke into and compromised 38 local servers, and up to 30 foreign servers, and used them as launchpads for the chat abuses and network attacks.

Jaring has since informed the server owners to secure their networks and waved the big stick by suspending 14 subscribers’ accounts and warning 160 others.

But even as the perpetrators are brought to book, the incident has pushed several issues to the fore.

Why was the abuse allowed to go on for so long and no action taken even though both local ISPs , Jaring and TMnet, indicated they were aware of it?

When the ban was first imposed, the claimed it had attempted for over two years to negotiate in good faith with the two ISPs with no positive results to curb the abuse.

In its defence, Jaring’s owner Mimos Berhad maintains it had not been contacted by the prior to the ban.

“Our investigation indicated that neither the Jaring Abuse Team nor MyCERT (the Internet security watchdog) ever received such complaints from Undernet administrators until August 16,” said Mimos vice president Dr Mohamed Awang-Lah.

Dr Mohamed said every complainant automatically receives a ticket number for tracking purposes and the Undernet was unable to furnish ticket numbers or copies of previous complaints as proof.

“Irrespective of the past miscommunication, however, we took its recent complaint very seriously and opened direct communication channels between us and the Undernet administrators,” he said.

Daily logs supplied by since Aug 22 provided vital clues for Jaring to follow up on uncovering the source of the abuses.

The speed with which Jaring responded to the’s call for immediate abuse management – and the subsequent lifting of the ban against its users – sharply contrasted with TMnet’s lethargic reaction.

According to a timeline provided by the, two TMnet staff had separately responded to the ban only after the initial 72-hour deadline to respond had expired on Aug 19.

Both replies, however, were misdirected and the was uncertain whether the senders were genuine.

Abdul Majid Abdullah, acting chief operating officer and general manager for Internet services for Telekom Multimedia, the division of Telekom Malaysia Berhad which oversees TMnet, admitted that two of his staff made attempts to contact the Undernet administrators.

“In their zeal to respond quickly to for the sake of TMnet users, the questions of being the authority to speak on TMnet’s behalf might have been overlooked,” he said.

Abdul Majid was hard put to explain why the proper ‘authority’ of TMnet was so slow to react to the ban officially or provide a direct contact person for abuse complaints that the Undernet required.

Instead of abiding by the’s insistence to put in place a far more reactive abuse management policy, the two TMnet staff had alternatively suggested the ISP host a local Undernet server to monitor the abuse.

But the volunteer-run was not enthused by the proposal. “Owning and running an IRC server really has nothing to do with the ability of a service provider to monitor the behavior of their customers or take action against the trouble-makers. The Undernet does not consider linking a server as a form of abuse management,” said the North American Abuse Coordinator for the, only known as Angel Moss.

Moss said the administrators promptly rejected the ISP’s offer given its history of abuse and also because the Undernet’s routing committee had determined it did not meet the minimum requirements for bandwidth nor machine resources.

Surprisingly, Moss revealed that TMnet had applied to host a link six times before and was rejected each time for similar reasons as well as “incomplete applications and insufficient information”.

TMnet’s inability to communicate effectively was beginning to show. Why was it so difficult for the ISP to submit a proper proposal to have the ban lifted?

TMnet is the larger of the two ISPs with over 350,000 subscribers, compared to Jaring’s estimated 200,000, and is backed and owned by the deep-pocketed leading telco in the country, Telekom Malaysia.

Moss said the lack of prompt correspondence had severely hampered any chance the ISP had of having its ban lifted.

What irked the was that it was TMnet users rather than Jaring users that comprised the bulk of the abuse against its servers.

“Our compiled logs for automatic global bans between January and August 15 this year was 11.8Mb for TMnet users versus 2.6Mb for Jaring users,” said Moss.

When the ISP failed to adequately respond to the’s seemingly reasonable demands, the Undernet administrators unanimously voted 20 to none, with three abstentions, to slap a permanent ban on TMnet users from its network effective Sept 5.

On whether the door on TMnet users was now completely slammed shut, Moss said it was a moot point.

“There was no firm commitment from TMnet on how it planned to tackle the abuse by its users. If TMnet had really wanted to discuss this situation and reach a resolution one would think they would have gotten on the ball and provided administrative contacts who could have handled it,” said Moss.

On the homefront, it seemed TMnet had also begun to draw fire from its own subscribers. A parallel indictment of the TMnet’s shoddy service was developing in the local media and newsgroups on the Internet.

A flurry of complaints were popping up including the inability to gain access, line drops while online, late delivery of email, sending of email to wrong addresses, inability to change passwords and continued billing after termination of accounts.

Irate subscribers were disappointed at being given the run-around by support staff and the non-response to abuse and other complaints.

One user complained in local technology publication Computimes that he had stopped keeping logs of frequent attempts to scan his PC, mostly via TMnet accounts, because reports of the abuse to the ISP went unheeded.

“If the ISPs here are arrogant, it’s due to their enjoyment of a near monopoly. Until ISPs are made to work for business and provide excellent service to retain it, I do not think there will be much improvement in the current state of affairs,” said the user.

Malaysia has only the two ISPs, both with strong ties to government, while a third ISP is expected to commence service only in the last quarter.

Abdul Majid told CNET Asia that TMnet recognized its problems and was taking steps to address them.

“We take all complaints and comments from the customers positively and as a guideline for our future multimedia services. As an immediate measure, we have increased the number of support personnel on duty at any one time to ensure more calls are entertained,” he said.

Abdul Majid said that the shortage of authentication servers compared to rise in growth of subscribers were the main reason for poor access in the northern region in the states of Kedah, Perak and Penang.

“We have added two extra authentication servers which we believe for the moment will overcome the problem and for connectivity we are in the process of installing more POPs (points of presence), which will be parallel to our marketing plans,” he said.

TMnet currently has three T3 lines to the US comprising a total bandwidth of 135Mbps with another T3 line to be completed by the end of the year. “Additionally, there will be more regional peering that will be in place soon,” said Abdul Majid.

Despite the assurances, sources close to the ISP have indicated that TMnet’s problems stem from poor internal decision-making.

“We were getting customers faster than we could upgrade the infrastructure. Although the growth was anticipated, the people holding the purse strings were not willing to make the decisions,” said the source.

The source said that managerial bickering and political infighting was also preventing the right technical decisions from being made at the expense of the ISP’s longterm development.

The source cited the example of a recent purchase of a batch of 56Kbps modems from Bay Networks, a business unit of Nortel Networks, worth US$4 million worth, which will be deployed nationwide to relief congestion.

The model 5399 series Bay Networks product is no longer being developed or supported by its manufacturers, and it was chosen anyway despite the fact other technically superior products were on the market.

“Management disagreed with the expressed product choice of its technical staff, so ‘obsolete’ equipment will be deployed and will eventually lead to more problems in the network,” he said.

Such tales do not bode well for an ISP that touts itself as the largest in Southeast Asia and whose management team is playing a central role in developing the network infrastructure and global linkages for Malaysia’s Multimedia Super Corridor project.

The ban on Malaysian users was perhaps targetted to force local ISPs to root out abusers of the Internet chat service.

But ironically, and more importantly, it may have uncovered the fact that the abusers were not the only ones who needed lessons in effective communication.

Published in CNET Asia, Sept 24,1999
Related stories: chat ban

Chronology Of Events

Aug 16
IRC network blocks all Malaysian users from accessing its 41-server global network after prior warning to administrators of TMnet and Jaring of 72-hour conditional ban. Jaring responds same day.

Aug 17
Jaring sends proposal to for abuse management.

Aug 19
TMnet issues notice to users that it is unable to resolve problem with Undernet chat access and suggests that users use alternative IRC networks.

Aug 20
Malaysian domain branded as “the most abusive” in the world by’s North American abuse coordinator.

Aug 21
Ban on Jaring users lifted.

Aug 23 receives appeal from TMnet to lift ban and its offer to host local server. Earlier email from TMnet staff was misdirected and proof of senders was not properly ascertained.

Aug 26 rejects offer from TMnet to host local server as it did not meet minimum requirements.

Aug 31
Jaring issues warning to online users that it will scan them to curb the high volume of chat abuse.

Sept 5
Undernet permanently bans TMnet users from its network after a unanimous 20 to none vote, with three abstentions.

Sept 7
TMnet issues stern warning to its 350,000 subscribers against attacking foreign chat networks, threatening “drastic measures” against perpetrators.

Sept 16
From daily logs supplied by Undernet, Jaring identifies a group of hackers from a local university, responsible for attacks and abuse on the Undernet network. It suspends 14 accounts and issues 160 email warnings. TMnet claims it is still attempting to resolve issue.


Comments are closed.