On Wed, Dec 06, 2017 at 04:26:00PM -0500, Rich Kulawiec wrote:
On Wed, Dec 06, 2017 at 12:29:30PM -0500, Gordon Ewasiuk via NANOG wrote:
and an online form where you can report EC2 abusers: https://aws.amazon.com/forms/report-abuse
1. Used it (and the abuse@ address). Either (a) no response and/or (b) boilerplate response. No responses indicating that reports were read and understood by a human. No responses indicating any action taken, whether reactive or proactive. No apparent change in observed attacks/abuse.
2. Y'know, if I can see attacks/abuse arriving at networks/systems that I run, then surely they can see it leaving networks/systems that they run. The same data is available to them as is available to me, and I have absolutely no trouble noticing it. Why don't they see it and do something about it even before I (or anybody else) has the chance to report it? Better yet, why not study the large-scale patterns over time and proactively address it? (In fairness, the SMTP rate-limit described inter alia is exactly the sort of thing that would be part of this, and it's good that they're doing that.)
---rsk
For the largest players, I can see no economic advantage in being a good network neighbor, and plenty of cost (salaries, equipment) to do so. Until that situation is reversed, even the most conscientious network engineer will have great difficulty to get management to go along with being a good guy. I liken it to dumping toxic waste. Clearly it was a better deal for a company to just dump its toxic waste instead of pay for proper dispoal, until large government fines forced a change in the practice. The solution is to somehow make bad behaviour expensive. - Brian