On Fri, 27 Dec 1996, Chris A. Icide wrote:
There is a certain individual at a certain ISP in the .ro domain. I
So, my question to you folks is, would something like the intentional black holing of the source network for this user (he apparently sources all attacks from one swamp Class C address) be an appropriate incentive to the ISP to deal with the problem? If so, where would be a good place to announce such measures, their goal, evidence, etc?
If I were in your shoes I would write a press release explaining in layman's terms what you are doing. Then hire a Romanian translator to translate this and get the translation doublechecked by another Romanian speaker who has some technical background. Make sure the press release names the ISP clearly, i.e. MyISP Services of Lulu, Transylvania. Then fax this press release to every newspaper, radio and TV station that you can find in Romania. Try to include an inflammatory statement in the press release like "If Romanians will not police themselves then we will simply block them from the network". You can see how the press might misinterpret such a statement as meaning that Romania is about to be blocked from the entire Internet. This is good because it's what gets lots of press coverage and that's what will wake up this ISP and the other local ISP's to realize that they have to do something. Simply blocking the one ISP will accomplish nothing because the hacker will either switch ISP's or they will hack some other machine to use as the launchboard for their attacks. Michael Dillon - Internet & ISP Consulting Memra Software Inc. - Fax: +1-604-546-3049 http://www.memra.com - E-mail: michael@memra.com