Re: How to Handle ISPs Who Turn a Blind Eye to Criminal Activity?
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Not intentionally trying to be retarded, but I've received an enormous number of private responses. Many thanks. It is odd, however, why folks felt the need to reply privately, and although I'm glad you did reply, it is somewhat of a statement, in and of itself, on the issues involved that things happen the way they do. Maybe. In any event, I did want to mention that some people involved in the aforementioned "activities" may be getting their feelings hurt real soon now due to "looking the other way" and pretending they didn't know what was going on. Or maybe not. It should be pretty fun to to see what happens. Thanks for everyone who responded. Cheers! - - ferg - -- "Paul Ferguson" <fergdawg@netzero.net> wrote: This question is part reality, part surreality. Let me ask you this: What would you do when you have alerted (via abuse@ contacts) a notable ISP in the U.S. (not a tier one, and not just one of them) about KNOWN, VERIFIABLE, and RECURRING criminal activity in their customer downstreams? And the downstream(s) do not respond? And the criminal activity continues? The most obvious answer is: Gather evidence, contact law enforcement. Right? I just wanted to reach out the NANOG on this and see what you thought... How would you handle it? - - ferg -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.3 (Build 3017) wj8DBQFHDymoq1pz9mNUZTMRAi9JAKChOP+omJT+B08zY6/apubGPIV9ZQCgsr3F 1BcKzW2DrEte2Q/KS4I5de4= =RxGD -----END PGP SIGNATURE----- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg(at)netzero.net ferg's tech blog: http://fergdawg.blogspot.com/
On Fri, 12 Oct 2007 08:00:46 GMT "Paul Ferguson" <fergdawg@netzero.net> wrote:
Not intentionally trying to be retarded, but I've received an enormous number of private responses. [...] This question is part reality, part surreality.
Let me ask you this: What would you do when you have alerted (via abuse@ contacts) a notable ISP in the U.S. (not a tier one, and not just one of them) about KNOWN, VERIFIABLE, and RECURRING criminal activity in their customer downstreams? [...]
Hi Paul, as you know, there is a scheduled panel discussion related to this topic at the ISP Security BoF. I encourage anyone who isn't going to the peering BoF to participate. We could also use another person on the panel. Anyone who feels particularly passionate or who would bring a unique perspective to the panel I'd love to have you on stage or at least willing to come up to the audience mic. Feel free to nominate your friends and I'll solicit them privately without attribution by you if you prefer and as appropriate. :-) I'd be especially interested in questions, comments or other suggestions for me, the moderator, that might help steer the discussion to someplace useful. I'd prefer to take those off-list please. Some additional BoF details here: <http://www.nanog.org/mtg-0710/kristoff.html> John
I am happy to hear about the panel. Back to the subject at hand... As things are today, ISPs' authority, responsibility, liability and technical difficulties differe considerably from country to country, and more over--are not regulated in many fashions (where this applies, can't regulate tech difficulty, can we?) Further, as the swamp is so distorted and radiated, it is often difficult to accuse providers who try to cope. Then we have providers who turn a blind eye to a level where they are black hat. Then we have black hat providers which provide such services. As in criminal services. The sad fact is, these are not just in Russia or China, but exist in the US and other western countries as well. The time soon approaches when we need to clean house if we are to "clean the net". I suppose we may as well start with the lower-hanging fruit because the very idea of cleaning the net is propostrous. There is no reason to gun for businesses, but if the businesses are in fact criminal (which is surprisingly easily defined, think RBN), and cause that much trouble, we can gun for them and feel good about it, too. Gadi. On Fri, 12 Oct 2007, John Kristoff wrote:
On Fri, 12 Oct 2007 08:00:46 GMT "Paul Ferguson" <fergdawg@netzero.net> wrote:
Not intentionally trying to be retarded, but I've received an enormous number of private responses. [...] This question is part reality, part surreality.
Let me ask you this: What would you do when you have alerted (via abuse@ contacts) a notable ISP in the U.S. (not a tier one, and not just one of them) about KNOWN, VERIFIABLE, and RECURRING criminal activity in their customer downstreams? [...]
Hi Paul, as you know, there is a scheduled panel discussion related to this topic at the ISP Security BoF. I encourage anyone who isn't going to the peering BoF to participate. We could also use another person on the panel. Anyone who feels particularly passionate or who would bring a unique perspective to the panel I'd love to have you on stage or at least willing to come up to the audience mic. Feel free to nominate your friends and I'll solicit them privately without attribution by you if you prefer and as appropriate. :-)
I'd be especially interested in questions, comments or other suggestions for me, the moderator, that might help steer the discussion to someplace useful. I'd prefer to take those off-list please.
Some additional BoF details here:
<http://www.nanog.org/mtg-0710/kristoff.html>
John
Gadi, Gadi Evron wrote:
The time soon approaches when we need to clean house if we are to "clean the net". I suppose we may as well start with the lower-hanging fruit because the very idea of cleaning the net is propostrous.
There is no reason to gun for businesses, but if the businesses are in fact criminal (which is surprisingly easily defined, think RBN), and cause that much trouble, we can gun for them and feel good about it, too.
Advocating vigilantism is simply not a very wise position to take. Taking the the power to determine what is and is not criminal onto yourself is in fact illegal in most places.
On Fri, 12 Oct 2007, Joel Jaeggli wrote:
Gadi,
Gadi Evron wrote:
The time soon approaches when we need to clean house if we are to "clean the net". I suppose we may as well start with the lower-hanging fruit because the very idea of cleaning the net is propostrous.
There is no reason to gun for businesses, but if the businesses are in fact criminal (which is surprisingly easily defined, think RBN), and cause that much trouble, we can gun for them and feel good about it, too.
Advocating vigilantism is simply not a very wise position to take.
Taking the the power to determine what is and is not criminal onto yourself is in fact illegal in most places.
I quite agree!
On Fri, 12 Oct 2007 08:00:46 -0000, Paul Ferguson said:
Let me ask you this: What would you do when you have alerted (via abuse@ contacts) a notable ISP in the U.S. (not a tier one, and not just one of them) about KNOWN, VERIFIABLE, and RECURRING criminal activity in their customer downstreams?
I suppose you could always null-route them. Unfortunately, I suspect there's enough ISPs in the world that meet your description that doing so for all of them will push you significantly closer to the magical "240K routes melts your router".. The *big* question is, of course, whether there's enough of them for aggregation to make a measurable difference... :)
participants (5)
-
Gadi Evron
-
Joel Jaeggli
-
John Kristoff
-
Paul Ferguson
-
Valdis.Kletnieks@vt.edu