- Exactly when and where did RIR whois databases gain any legal status as an authoritive source of information, rather than just an internal tool for network operators? (as far as i see, the rirs are legally nothing more than a collective of network operators, not an authority in any way). - Exactly when and where did RIR whois entries, or rather the lack thereof prohibit any other use of those ranges (as in: blatantly announcing them, not having a registered AS number or someone elses AS number). - Exactly since when and where did IP addresses become property? (Ok, there are some court verdicts identifying them as "personal details" (although they identify a node on a network, not a person ;) - If they are indeed personal details, they are not allowed to be in public whois in the first place without the consent of the end-end-end user (privacy laws) And furthermore, if you want to stop spam on that shitty old SMTP protocol, i suggest you stop wasting time on blacklisting ips, and start working on a standard to issue all your "buddies" with a unique password so your mailserver accepts their mail and nobody elses. EVERY MODERN PROTOCOL (skype, msn) does it -that- way, and -that- works. for which it is required that: 1: a standard header is created thats discared on forwards "Password: " 2: mailinglists, online shops, etc, anyone who does not have your businesscard with a unique password on it, add a field for this. (keep in mind, each sender gets a unique password from the receiver, this can be stored in the address book along with the email address itself). - <FLAME> You "Spam fighters" have effectively KILLED smtp by: - blacklists - your anti open relay crap - motivating eyeball isps to block port 25 - graylisting makes it so damn slow nobody wants to use it anymore anyway all of this has resulted in: SMTP no longer being used on the actual workstations Therefore not operating in a p2p and real-time fashion and did you manage to stop spam? -> NO, you just managed to make it completely un workable and unreliable. did you manage to make people choose other protocols such as Skype and MSN: yes! (if email was still used in a p2p fashion people would not -need- instant messengers in the first place, as their wintendo computer would just talk smtp and store directly to the inbox) Imap, pop2, pop3 and all that other crap could have been skipped. </FLAME> -- Greetings, Sven Olaf Kamphuis, CB3ROB Ltd. & Co. KG ========================================================================= Address: Koloniestrasse 34 VAT Tax ID: DE267268209 D-13359 Registration: HRA 42834 B BERLIN Phone: +31/(0)87-8747479 Germany GSM: +49/(0)152-26410799 RIPE: CBSK1-RIPE e-Mail: sven@cb3rob.net ========================================================================= <penpen> C3P0, der elektrische Westerwelle ========================================================================= Confidential: Please be advised that the information contained in this email message, including all attached documents or files, is privileged and confidential and is intended only for the use of the individual or individuals addressed. Any other use, dissemination, distribution or copying of this communication is strictly prohibited. On Wed, 6 Oct 2010, Ronald F. Guilmette wrote:
In message <AANLkTi=rH=kXm6ksK1gkyfu=nh4oazW=c+66Meo5HL+H@mail.gmail.com>, Heath Jones <hj1980@gmail.com> wrote:
Certainly, fine folks at Reliance Globalcom Services, Inc. could tell us who is paying them to connect these hijacked blocks to their network, but I rather doubt that they are actually going to come clean and do that.
Ron, I haven't been following this anti-spam stuff much since it went political with ARIN but I do have a few quick questions (relating to US law and spam).
1) Is spamming from within the US criminal activity?
Sadly, it appears not.
In many cases it is however actionable. (And in other cases involving actual criminal activity, e.g. as prohibited by 18 USC 1030, `Fraud and related activity in connection with computers', it may, I think, be considered as an aggravating factor in determining punishments.)
What constitutes spam in that case?
Are you asking what I think? Or what the majority of netizens think? Or are you asking what U.S. courts think?
Those are three different answers.
2) If you could justify the incoming spam as a DOS, is that criminal activity? Could you justify it as a DOS?
Yes. No.
3) Is providing ARIN with bogus information just to get around their processes criminal activity?
In this case, nobody provided ARIN with *any* bogus information, ever. (So your question is utterly irrelevant to this particular case.)
4) Is obtaining disused IP space / AS allocations from assigned entity, and not updating ARIN criminal activity?
In this particular case, nobody appears to have ``obtained'' IP space from the various High Schools, Middle Schools, and Elementary schools involved, other than via deceit, trickery, and fraud. Were the various schools involved here ripped off? I would say yes. Does the fraud in this case rise to the level of being either criminal or actionable? I am not a lawyer, but my guess is that the answer is probably yes to both... *IF* anybody cared enough to persue it. I base that opinion stictly and only on the definition of the English language word `fraud' as given at www.merriam-webster.com.
As regards to updating ARIN, or the lack thereof, the _absence_ of such ``updating'', in this case... i.e. the absence of any notice to ARIN that these blocks were being glomed onto... is part of the overall pattern of fraud in this case which, as I have said, I believe to be potentially both criminal and actionable... if anybody cared enough to persue it.
But that's just my opinion, and I am not a lawyer.
5) Is advertising Prefixes or AS number assigned to another entity criminal activity?
If it constitutes criminal fraud which deprives some party of some property, or some right, or the full enjoyment of some property or some right, to which they are otherwise entitled, under law, then yes, although I am not a lawyer, my limited understanding of the law in these United States indicates to me that yes, most probably such activity may well be considered criminal, in at least some circumstances, perhaps including the ones being discussed in this thread.
6) If any of the above could be classed as criminal activity, are Reliance Globalcom (in this case) legally obligated to cut them off?,
The answer to that depends, I think, upon whether they are _knowing_ participants in the fraud. If they merely got duped... which is indeed what is suggested by that fact that somebody paid $4,000 to get a specific domain name so that they could then dupe _somebody_ (where that somebody who was to be duped, in this case was clearly _not_ ARIN)... then in that case, Reliance Globalcom is just another one of the victims, and not one of the perpetrators.
Hypothetically, if, once they have been duly informed that this particular fraud is ongoing, they do nothing, and continue announcing the routes even after allowing them a reasonable amount of time to properly investigate what is going on here, then at that point I think that yes, then they might in fact be criminally liable, civilly liable, or both.
or just help by switching on a packet capture
What would be the point of that??
I can already tell you what the blocks in question are most probably being used for, and have done so already, I think.
Regards, rfg