On 9/12/08, Steve Gibbard <scg@gibbard.org> wrote:
It's probably correct that any individual player in this industry not under other regulatory restrictions can refuse to do business with somebody they don't like, sometimes. For the industry as a whole to make a group decision to not do business with somebody who may be a competitor seems more legally risky. Engaging in that sort of thing without getting some good legal advice first would certainly make me nervous.
the perception of collusion is interesting, I don't necessarily think it's happening here, but ianal (as patrick would say). What is happening here is that instead of a bunch of random 'hey something wierd is going on with that host over yonder' or 'wow that network has a lot of bad stuff on it today' someone succinctly put down in an open and public place the list of things that is going on and references to how bad it may actually be. So, instead of (for one example) GBLX-abuse getting onsey/twosy 'crazy guy' tickets/emails they have a chance to now correlate their internal info against abuse@ and other things and take some action. I don't know that that's the case with GBLX in this case, but I know at previous places of employment having lots of odd ranty emails never really helped. Having succint collections of info about a problem would make it simpler to address with management/bean-counters/lawyers and propose reasonable action(s) against the offendors.
Since this appears to be somebody who is contracting with lots of US
well, at least 2, only one 'large'... other smaller folks may have been: 1) too busy fighting their own fires to worry about someone paying ontime and (possibly) addressing abuse@ issues in a 'timely' fashion. (from the abuse@ queue it's not necessarily easy to tell that badip1 shifted to newip2 when you sent the complaint to the downstream, especially if you are already overwelmed with other fires) 2) too interested in the bills getting paid 3) unaware for a variety of reasons who their new customer really is/was
now; think later," phase. Should what they're doing be a law enforcement issue, rather than a "they've got cooties" issue?
with this particular network I've wondered this same thing for 4+ years. They were most obviously doing very bad things for a long period of time, at no time was there an reasonable LEA action taken that was evident form the outside. It's possible that with the forest of issues LEA is dealing with on the Intertubes they just aren't putting 1+1+2 together often enough and realizing there is a fairly clear pattern of criminal activity eminating from the same general place. For instance, I've corrected many folks on many occasions who've said: "Oh that badness is coming from the Ukraine... see the whois' info here:" organisation: ORG-UL25-RIPE org-name: UkrTeleGroup Ltd. org-type: LIR address: UkrTeleGroup Ltd. Mechnikova 58/5 65029 Odessa Ukraine Really? why does it traceroute to SFO then and die there on a host?? Why is it routed to a leaf AS in the US with a presence only in a single facility (200 Paul)?? I know of only a few folks who've put all of the pieces together in a reasonable package, and I don't think they can hand it all over (especially since it's not much good 2-3 weeks after the package is gathered due to the shifting sands of tubage) to LEA without it falling into the 'agent of LEA' part of evidence gathering :( Plus, LEA has to put priority on this sort of thing, and with so much going on I get the feeling focus is hard to accomplish... (I'd love to be proven wrong of course..) -Chris