On Oct 12, 2007, at 7:18 AM, Paul Ferguson wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
This question is part reality, part surreality.
Let me ask you this: What would you do when you have alerted (via abuse@ contacts) a notable ISP in the U.S. (not a tier one, and not just one of them) about KNOWN, VERIFIABLE, and RECURRING criminal activity in their customer downstreams?
And the downstream(s) do not respond? And the criminal activity continues?
The most obvious answer is: Gather evidence, contact law enforcement.
Right?
I just wanted to reach out the NANOG on this and see what you thought... How would you handle it?
- - ferg
We did exactly that with a similar incident and the local FBI Cyber Crimes folks told us that they couldn't help us because they were entirely dedicated to potential terrorist activities. So, I would say "contact local authorities and play it up as a terrorist act" if you want any help at all. Regards, Mike