On Fri, 27 Dec 1996, David Schwartz wrote:
I think a list of sites that refuse to deal with troublemakers (with details) would be extremely useful. If people want to use it to blackhole traffic, that would be their decision.
Ok. I nominate UUNet to be the first on the list. (No, this isn't a UUNet flame, read on.) Recently one of their customers decided the incoming directory on our FTP server would be a good place to start a warez site. We mailed help@uu.net and noc@uu.net. Our mail included the src IP address and the times that the uploading of the warez occurred. They were fairly quick to respond with UUNet's policy on these matters. Basically they will only take action when told to do so by a law-enforcement agency. Ok, fine. I understand that they have to protect their interests and that there are legal implications to all of this. I tend to agree that this position is the safest one to take. This raises important issues, though. What do we expect providers to do? Do we expect them to take action based on email received from unknown people? It seems from some of the other posts on this topic that we do expect that. Getting back to the post that started this thread, the culprit appears to be from Romania. Since we've all read _The Cuckoo's Egg_, we know that getting anything done about international cracking is very difficult (or has this changed?). So it is a catch-22. I think very few people on this list have the time/resources to pursue prosecution for attacks, unless the attacks are extremely damaging (ie you can prove to the authorities that it cost you a LOT of money). Yet, just letting this stuff slide by is not only frustrating, it does nothing to solve the problem. I think if you are getting attacked from a specific IP or block of IPs, you have every right to filter those packets. I question the prudence of a 'blacklist', though. Just some random thoughts... -BD