RE: Spyware becomes increasingly malicious
Paul Vixie wrote: or, to put it in terms you can all understand: "why does that provider's upstream still have bgp peers?"
Maybe said upstream does not want to deal with TROs and legal issues? CWS is not illegal as of today.
if you give people the means to hurt you, and they do it, and you take no action except to continue giving them the means to hurt you, and they take no action except to keep hurting you, then one of the ways you can describe the situation is "it isn't scaling well."
Could not agree more. Michel.
On 7/12/04 12:33 PM, "Michel Py" <michel@arneill-py.sacramento.ca.us> wrote:
Paul Vixie wrote: or, to put it in terms you can all understand: "why does that provider's upstream still have bgp peers?"
Maybe said upstream does not want to deal with TROs and legal issues? CWS is not illegal as of today.
CWS isn't illegal. On the other hand, there is no legal exposure from depeering providers who take on these customers. TRO's and such would only come into effect if the provider's peers failed to observe the contractually obligated notice period (30-60 days, normally). Some peering contracts specify that behaviors that endanger a network or its users allow for immediate disconnection. Its a bit of a stretch to invoke this for a spyware site. Depeering has been threatened as an anti-spam measure - it is reasonable effective. This hasn't been extended to spyware, as it doesn't get the same level of press. If you contact a provider who is hosting malware, and they refuse to remove it or disconnect the hoster, you could always try contacting their peers and cc:ing the offending provider. End-user networks (DSL, Cable, dial-up), are particularly sensitive to software that might harm their users.
if you give people the means to hurt you, and they do it, and you take no action except to continue giving them the means to hurt you, and they take no action except to keep hurting you, then one of the ways you can describe the situation is "it isn't scaling well."
Could not agree more.
Michel.
-- Daniel Golding Network and Telecommunications Strategies Burton Group
On 7/12/04 12:33 PM, "Michel Py" <michel@arneill-py.sacramento.ca.us> wrote:
Some peering contracts specify that behaviors that endanger a network or its users allow for immediate disconnection. Its a bit of a stretch to invoke this for a spyware site.
I think you could find a few experts that could argue that malware in general, and CWS in specific, has no reached the point where it is entirely reasonable to classify it as endangering the users of the network. Anyone who has dealt with a variant of CWS for which a remover was not available will tell you how much trouble it causes, rendering systems unusable until you find the magic combination, reimage the system, or wait until someone else figures out the variant. One wrong turn probing it can render a machine unusable until it's reloaded. In the meantime, let's at least blackhole all their IPs on our networks. One way to reduce malware is to reduce the benefits of creating and distributing it. Another way is to find the people benefiting and stringing them up in the town square. DS
I think depeering is a bit over the top for this situation, but I wouldn't blink at nullrouting the prefix in question at my cores... :) I guess the big question is, is there anyone (other than those profiting directly from CWS) that would complain if a provider were to do such a thing... -C On Jul 12, 2004, at 1:34 PM, Daniel Golding wrote:
On 7/12/04 12:33 PM, "Michel Py" <michel@arneill-py.sacramento.ca.us> wrote:
Paul Vixie wrote: or, to put it in terms you can all understand: "why does that provider's upstream still have bgp peers?"
Maybe said upstream does not want to deal with TROs and legal issues? CWS is not illegal as of today.
CWS isn't illegal. On the other hand, there is no legal exposure from depeering providers who take on these customers. TRO's and such would only come into effect if the provider's peers failed to observe the contractually obligated notice period (30-60 days, normally).
Some peering contracts specify that behaviors that endanger a network or its users allow for immediate disconnection. Its a bit of a stretch to invoke this for a spyware site.
Depeering has been threatened as an anti-spam measure - it is reasonable effective. This hasn't been extended to spyware, as it doesn't get the same level of press.
If you contact a provider who is hosting malware, and they refuse to remove it or disconnect the hoster, you could always try contacting their peers and cc:ing the offending provider. End-user networks (DSL, Cable, dial-up), are particularly sensitive to software that might harm their users.
if you give people the means to hurt you, and they do it, and you take no action except to continue giving them the means to hurt you, and they take no action except to keep hurting you, then one of the ways you can describe the situation is "it isn't scaling well."
Could not agree more.
Michel.
-- Daniel Golding Network and Telecommunications Strategies Burton Group
On Jul 12, 2004, at 11:20 AM, Christopher Woodfield wrote:
I think depeering is a bit over the top for this situation, but I wouldn't blink at nullrouting the prefix in question at my cores... :)
I guess the big question is, is there anyone (other than those profiting directly from CWS) that would complain if a provider were to do such a thing...
If (your network == your organization) then maybe it's okay, otherwise I wouldn't consider it. If your customers demand it then that's something different and as a provider you can choose to provide this sort of filtering for your customer. It's the old: "I don't want some plumber deciding what can come down my pipe" argument. -davidu
I guess the big question is, is there anyone (other than those profiting directly from CWS) that would complain if a provider were to do such a thing... ... It's the old: "I don't want some plumber deciding what can come down my pipe" argument.
that analogy won't stretch to fit the situation of internet services. for one thing, plumbers aren't the same as water companies. for another, the water company is responsible for what i receive, but only the sewage company is responsible for what i send. i think that at a minimum, we need better analogies, or we need to learn how to talk about this subject without using analogies. i suppose that from the malfeasant's point of view, the current internet economic and irresponsibility model is scaling just fine. people who want to do bad things can keep on doing them, and profitting from them. people who want to supply the services necessary for these bad things can keep doing so, and keep profitting from them. people who would need to take some kind of responsibility or action in order to prevent this activity don't want to be seen taking any responsibility or action, supposedly out of fear that they'll be held liable for everything they DIDN'T stop. it strikes me that the case for revolution is largely a cost:benefit analysis, and that we're headed for a timespace where some very radical solutions are actually cheaper than the status quo. (i say this even while considering the MAPS RBL as fundamentally in-band and non-radical for its time.) -- Paul Vixie
participants (6)
-
Christopher Woodfield -
Daniel Golding -
David A.Ulevitch -
David Schwartz -
Michel Py -
Paul Vixie