On Thu, Jul 28, 2016 at 11:30:12PM +0000, Donn Lasher via NANOG wrote:
If we want to be accurate about it, Cloudflare doesn???t host the DDoS, they protect the website of seller of the product. We shouldn???t be de-peering Cloud Flare over sites they protect any more than we would de-peer GoDaddy over sites they host, some of which, no doubt, sell gray/black market/illegal items/services.
This strategy fails for two reasons. First, nobody gets a pass. Anybody providing services to abusers needs to cut them off, whether it's a registrar, a web host, an email provider, a DNS provider, or anything else. Nobody gets to shrug it off with "Well, but..." Second, nobody *can* get a pass, because the people behind these operations have long since learned to distribute their assets widely -- in an attempt to avoid exactly the actions in the first point. And you know what? It works. "We're just hosting their email", says X, and "We're just hosting their DNS", says Y, and "We're just hosting their web site", says Z, and none of them do anything, and nothing gets done. The only way to make action against them effective is to do it broadly, do it swiftly, and do it permanently. ---rsk