While it's good to see some community effort going toward slapping a lid on misbehaving sources, how about a little consistency in the bigger picture? Consider this sort of scenario: An ISP allows its infrastructure to emit spam and host compromised machines to harbor malware and facilitate crime and botnets. Its abuse mailbox is a black hole that is provably ignored. All reasonable efforts to get the problem fixed fail. Network operators band together and deroute the ISP's blocks, forcing them to either clean up their act or find something else to do with their time. Internet death penalty, simple enough. If this happened to some of the other major sources of crap that I'm thinking of, it would make the freaking NATIONAL NEWS. Where's the BACKBONE to go after the real high-volume sources, rather than continuing to kick sand in the face of some podunk little guy who can no longer defend himself? _H*
*Hobbit* wrote:
Where's the BACKBONE to go after the real high-volume sources, rather than continuing to kick sand in the face of some podunk little guy who can no longer defend himself?
_H*
He never could defend himself, but he still hosts these companies (though months and years later he's finally terminated some of them). I have talked to over a dozen people who report abuse who are utterly perplexed at the tone taken by Intercage. I've SEEN archived abuse complaints from DronesBL, DOZENS of them. These reports aren't for compromised machines, they're for C&C's that host THOUSANDS of compromised machines each. When Gadi, when William Pitcock, when Spamhaus, when I, and DOZENS of others who watch these people say there's a problem, you'd best believe there's a problem. Andrew
On Wed, 24 Sep 2008, *Hobbit* wrote:
While it's good to see some community effort going toward slapping a lid on misbehaving sources, how about a little consistency in the bigger picture?
Consider this sort of scenario: An ISP allows its infrastructure to emit spam and host compromised machines to harbor malware and facilitate crime and botnets. Its abuse mailbox is a black hole that is provably ignored. All reasonable efforts to get the problem fixed fail. Network operators band together and deroute the ISP's blocks, forcing them to either clean up their act or find something else to do with their time. Internet death penalty, simple enough.
If this happened to some of the other major sources of crap that I'm thinking of, it would make the freaking NATIONAL NEWS. Where's the BACKBONE to go after the real high-volume sources, rather than continuing to kick sand in the face of some podunk little guy who can no longer defend himself?
This was one of the big guys, it's not their fault they did all that mess from less IP space. It's like folks who say .biz, .info or .name are worse than .com. Obviously .com has more abuse but it is lost in the noise of the regular hugeness of its traffic.
_H*
On Wed, Sep 24, 2008 at 01:37:43PM +0000, *Hobbit* wrote: [snip]
If this happened to some of the other major sources of crap that I'm thinking of, it would make the freaking NATIONAL NEWS. Where's the BACKBONE to go after the real high-volume sources, rather than continuing to kick sand in the face of some podunk little guy who can no longer defend himself?
The spine to do it left with suits minding the store & managing to the tune of fickle investors. For the same reason just refusing deaggregates has become difficult: the bad guys shield themselves by sitting in the same prefix/ASNs with sites your paying customers wish to reach. The suits are interested in - avoiding PR hassles - low call rates into the support centers - lower customer-churn numbers for their investor calls Therefore anyone with time & energy to block badness where there is collateral damage rarely has the stamina or internal political capital to have the suits' spin machine on their side. More network companies that are privately held with actual technocrats at the helm might help bring a vision beyond commoditization and marketing. -- RSUC / GweepNet / Spunk / FnB / Usenix / SAGE
When there is no law to speak of all that is left is tribal justice. That doesn't make the problem the tribe, the real problem is the lawlessness. It would much rather prefer that we find a way to not let ISPs externalize their "costs" in taking money from bad people who do nothing but cause problems for the rest of us. j *Hobbit* wrote:
While it's good to see some community effort going toward slapping a lid on misbehaving sources, how about a little consistency in the bigger picture?
Consider this sort of scenario: An ISP allows its infrastructure to emit spam and host compromised machines to harbor malware and facilitate crime and botnets. Its abuse mailbox is a black hole that is provably ignored. All reasonable efforts to get the problem fixed fail. Network operators band together and deroute the ISP's blocks, forcing them to either clean up their act or find something else to do with their time. Internet death penalty, simple enough.
If this happened to some of the other major sources of crap that I'm thinking of, it would make the freaking NATIONAL NEWS. Where's the BACKBONE to go after the real high-volume sources, rather than continuing to kick sand in the face of some podunk little guy who can no longer defend himself?
_H*
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, Sep 24, 2008 at 7:24 PM, Randy Bush <randy@psg.com> wrote:
John Bambenek wrote:
When there is no law to speak of all that is left is tribal justice.
this way lies lynch mobs
shall we at least apply a vernier of civilization?
I think that _more_than_reasonable_ background research, historical record, etc. have met the qualifications of "civilized vernier". The outcry was, and is not, arbitrary. $.02, - - ferg -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.3 (Build 3017) wj8DBQFI2vdGq1pz9mNUZTMRAhIHAKC4RCmAZy0iC9rlWwIqxW2ClN5/dwCgjVFo 4EqEoVLhbpxEfgA3iMWCeZg= =Uy/7 -----END PGP SIGNATURE----- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawgster(at)gmail.com ferg's tech blog: http://fergdawg.blogspot.com/
On Wed, 2008-09-24 at 19:28 -0700, Paul Ferguson wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Wed, Sep 24, 2008 at 7:24 PM, Randy Bush <randy@psg.com> wrote:
John Bambenek wrote:
When there is no law to speak of all that is left is tribal justice.
this way lies lynch mobs
shall we at least apply a vernier of civilization?
I think that _more_than_reasonable_ background research, historical record, etc. have met the qualifications of "civilized vernier". The outcry was, and is not, arbitrary.
No, but forcing them offline now that they are taking a new approach to handling abuse is ridiculous. Intercage are reaching out to the anti-abuse community and yet some people on NANOG keep interfering with the cleanup process. How do you expect them to clean up their network and return to normal operations (with considerably less abuse) if it keeps being disconnected? The shit isn't even there anymore. These kids have moved it elsewhere. Intercage have learned their lesson, just leave them alone and let the people who have *real* problems (e.g. me, Andrew Kirch of AHBL, Spamhaus, Gadi, etc.) with Intercage deal with this. If anyone has any issue with Atrivo/Intercage that still needs rectification: please contact me or Andrew Kirch offlist and we will bring it to their attention. We have contact with these people, and they are listening and taking action to clean up their network. If not, then please stop with this thread. It's not helpful, and it's certaintly counter-productive. William
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, Sep 24, 2008 at 7:52 PM, William Pitcock <nenolod@systeminplace.net> wrote:
On Wed, 2008-09-24 at 19:28 -0700, Paul Ferguson wrote:
I think that _more_than_reasonable_ background research, historical record, etc. have met the qualifications of "civilized vernier". The outcry was, and is not, arbitrary.
No, but forcing them offline now that they are taking a new approach to handling abuse is ridiculous.
No -- I think that after 5 years of malicious activity, it was overdue. I'm sorry, but your efforts to get the last word here are in vain. Cheers, - - ferg p.s. And by the way, whether the badness has actually been purged from Atrivo/Intercage's IP address space remains to be seen -- previous similar claims have all been false. Time will tell -- may eyes are watching. -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.3 (Build 3017) wj8DBQFI2v5Oq1pz9mNUZTMRAhaHAJ46OFbpGDap70pAEHlzLwOCiJpRhgCfRgM1 4Riwi5G0vWvtZZWyYt9mgKw= =4BP6 -----END PGP SIGNATURE----- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawgster(at)gmail.com ferg's tech blog: http://fergdawg.blogspot.com/
On Wed, 2008-09-24 at 19:58 -0700, Paul Ferguson wrote:
On Wed, Sep 24, 2008 at 7:52 PM, William Pitcock <nenolod@systeminplace.net> wrote:
On Wed, 2008-09-24 at 19:28 -0700, Paul Ferguson wrote:
I think that _more_than_reasonable_ background research, historical record, etc. have met the qualifications of "civilized vernier". The outcry was, and is not, arbitrary.
No, but forcing them offline now that they are taking a new approach to handling abuse is ridiculous.
No -- I think that after 5 years of malicious activity, it was overdue.
I said _new_ approach. I agree that it was overdue, but they are being cooperative with the anti-abuse community, so I think it is appropriate to give them an opportunity to deliver on their promise. If they fail, then shut them off again.
I'm sorry, but your efforts to get the last word here are in vain.
Cheers,
- - ferg
p.s. And by the way, whether the badness has actually been purged from Atrivo/Intercage's IP address space remains to be seen -- previous similar claims have all been false. Time will tell -- may eyes are watching.
Esthost are nullrouted as of this morning. Even their administrative network is nullrouted. I think that is a good indication. As I said, if you have any still open issues, please let me know. I am talking to these people and they are listening. William
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, Sep 24, 2008 at 8:10 PM, William Pitcock <nenolod@systeminplace.net> wrote:
I said _new_ approach. I agree that it was overdue, but they are being cooperative with the anti-abuse community, so I think it is appropriate to give them an opportunity to deliver on their promise. If they fail, then shut them off again.
That sounds reasonable to me.
Esthost are nullrouted as of this morning. Even their administrative network is nullrouted.
That's only because after they tried to set up shop in NL, they were outed. As I said, many eyes are watching -- and not just Atrivo/Intercage either. Cheers, - - ferg -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.3 (Build 3017) wj8DBQFI2wIBq1pz9mNUZTMRAjtDAKCHaW9XvIUoxbKLXNK3MsvKpPAyLQCeIM4b io/ntq8rb6mcj6w+ZCvkGZQ= =0Xnm -----END PGP SIGNATURE----- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawgster(at)gmail.com ferg's tech blog: http://fergdawg.blogspot.com/
Ok, as this seems to have turned into a pissing match, can we slow this down a bit? 50+ emails a day for a week and nothing good of it? Yes yes we have purged the internet of evil. Instead of all the bickering and finger pointing, let's do something worthwhile like helping identify the root of the problem. So abuse@ wasn't monitored previously. It will be soon if you would give it a chance. They are working on it, so I saw we lighten up on the pitchfork gig. Everyone put down the torches and stop screaming witch. Let's give them some time to actually act on a lot of the information they are getting from anti-abuse, and anything usable they might have been able to filter out of this flood of a week on nanog. Perhaps we could revisit this in a month, not as a bash and finger point but more as a "hey here is one more thing you could do to help keep your network clean." -----Original Message----- From: Paul Ferguson [mailto:fergdawgster@gmail.com] Sent: Wednesday, September 24, 2008 9:14 PM To: William Pitcock Cc: nanog@nanog.org Subject: Re: the Intercage mess -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, Sep 24, 2008 at 8:10 PM, William Pitcock <nenolod@systeminplace.net> wrote:
I said _new_ approach. I agree that it was overdue, but they are being cooperative with the anti-abuse community, so I think it is appropriate to give them an opportunity to deliver on their promise. If they fail, then shut them off again.
That sounds reasonable to me.
Esthost are nullrouted as of this morning. Even their administrative network is nullrouted.
That's only because after they tried to set up shop in NL, they were outed. As I said, many eyes are watching -- and not just Atrivo/Intercage either. Cheers, - - ferg -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.3 (Build 3017) wj8DBQFI2wIBq1pz9mNUZTMRAjtDAKCHaW9XvIUoxbKLXNK3MsvKpPAyLQCeIM4b io/ntq8rb6mcj6w+ZCvkGZQ= =0Xnm -----END PGP SIGNATURE----- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawgster(at)gmail.com ferg's tech blog: http://fergdawg.blogspot.com/
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, Sep 24, 2008 at 8:24 PM, Blake Pfankuch <bpfankuch@cpgreeley.com> wrote:
Ok, as this seems to have turned into a pissing match, can we slow this down a bit? 50+ emails a day for a week and nothing good of it? Yes yes we have purged the internet of evil. Instead of all the bickering and finger pointing, let's do something worthwhile like helping identify the root of the problem. So abuse@ wasn't monitored previously. It will be soon if you would give it a chance. They are working on it, so I saw we lighten up on the pitchfork gig. Everyone put down the torches and stop screaming witch. Let's give them some time to actually act on a lot of the information they are getting from anti-abuse, and anything usable they might have been able to filter out of this flood of a week on nanog. Perhaps we could revisit this in a month, not as a bash and finger point but more as a "hey here is one more thing you could do to help keep your network clean."
If you really think this was a simple matter of "...not monitoring abuse@ mailboxes..." then you are highly misinformed. Nothing personal. This will (hopefully) be my last post in this thread. Cheers, - - ferg -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.3 (Build 3017) wj8DBQFI2wXZq1pz9mNUZTMRAtfuAJ9rd6e8QxOE2cVDQpp7WUkiTnACvACeNAuN PU+E0C/8RPwNEG+JTN0rOWA= =bP4o -----END PGP SIGNATURE----- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawgster(at)gmail.com ferg's tech blog: http://fergdawg.blogspot.com/
: * ^Return-Path:.*nanog-bounces * ^Subject:.*Intercage $TRASH enough already randy
How about our Wed. night (Oct. 1)/your Thursday morning (Oct. 2) at 9? Would that work? Susan Martens AT&T Director Peering Planning 732-420-5095 smartens@att.com -----Original Message----- From: Randy Bush [mailto:randy@psg.com] Sent: Wednesday, September 24, 2008 11:37 PM To: Paul Ferguson Cc: nanog@nanog.org Subject: Re: the NANOG mess : * ^Return-Path:.*nanog-bounces * ^Subject:.*Intercage $TRASH enough already randy
Apologies to all -- I just fat-fingered an e-mail response. Susan Martens AT&T Director Peering Planning 732-420-5095 smartens@att.com -----Original Message----- From: MARTENS, SUSAN, ATTOPS Sent: Thursday, September 25, 2008 8:55 AM To: Randy Bush; Paul Ferguson Cc: nanog@nanog.org Subject: RE: the NANOG mess How about our Wed. night (Oct. 1)/your Thursday morning (Oct. 2) at 9? Would that work? Susan Martens AT&T Director Peering Planning 732-420-5095 smartens@att.com -----Original Message----- From: Randy Bush [mailto:randy@psg.com] Sent: Wednesday, September 24, 2008 11:37 PM To: Paul Ferguson Cc: nanog@nanog.org Subject: Re: the NANOG mess : * ^Return-Path:.*nanog-bounces * ^Subject:.*Intercage $TRASH enough already randy
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, Sep 24, 2008 at 8:10 PM, William Pitcock <nenolod@systeminplace.net> wrote:
Esthost are nullrouted as of this morning. Even their administrative network is nullrouted.
I think that is a good indication. As I said, if you have any still open issues, please let me know. I am talking to these people and they are listening.
Okay. Riddle me this: Why is Intercage hosting Cernel.net? cernel.net -A-> 69.50.176.227 AS | IP | AS Name 27595 | 69.50.176.227 | INTERCAGE - InterCage, Inc. I guess this was just a mistake, right? Oh, and of course, Cernel.net was registered with... wait for it... Estdoamins. And this was very recent. Go figure. - - ferg -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.3 (Build 3017) wj8DBQFI2xh+q1pz9mNUZTMRAqxeAJ407rL+740CN6kta9wqsxfH1JiK2QCgh7Lz iUtH/4wd60YrPGHeQW6JORk= =6a8a -----END PGP SIGNATURE----- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawgster(at)gmail.com ferg's tech blog: http://fergdawg.blogspot.com/
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, Sep 24, 2008 at 9:50 PM, Paul Ferguson <fergdawgster@gmail.com> wrote:
Why is Intercage hosting Cernel.net?
cernel.net -A-> 69.50.176.227
AS | IP | AS Name 27595 | 69.50.176.227 | INTERCAGE - InterCage, Inc.
I guess this was just a mistake, right?
Oh, and of course, Cernel.net was registered with... wait for it... Estdoamins.
And this was very recent.
Go figure.
A bit more: A glance at DNS relationships between Intercage, Cernel, and Rove Digital are apparent when digging around on DNS dependencies -- lookup cernel.net at the BFK DNSLogger: http://www.bfk.de/bfk_dnslogger.html ns2.protectdetails.com A 69.50.176.229 ns1.esthost.com A 69.50.176.229 ens1.esthost.com A 69.50.176.229 ns2.esthost.com A 69.50.176.229 ns2.cernel.net A 69.50.176.229 AS | IP | AS Name 27595 | 69.50.176.229 | INTERCAGE - InterCage, Inc. - - ferg -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.3 (Build 3017) wj8DBQFI2yRuq1pz9mNUZTMRAtubAJ9btg6xQbS335ZgrUazSvd09uDfgQCcCvxc ULZ9X4sFJDXWgbYVp06+bXY= =RJP8 -----END PGP SIGNATURE----- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawgster(at)gmail.com ferg's tech blog: http://fergdawg.blogspot.com/
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, Sep 24, 2008 at 10:41 PM, Paul Ferguson <fergdawgster@gmail.com> wrote:
Why is Intercage hosting Cernel.net?
cernel.net -A-> 69.50.176.227
AS | IP | AS Name 27595 | 69.50.176.227 | INTERCAGE - InterCage, Inc.
I guess this was just a mistake, right?
Oh, and of course, Cernel.net was registered with... wait for it... Estdoamins.
And this was very recent.
Go figure.
A bit more:
A glance at DNS relationships between Intercage, Cernel, and Rove Digital are apparent when digging around on DNS dependencies -- lookup cernel.net at the BFK DNSLogger:
http://www.bfk.de/bfk_dnslogger.html
ns2.protectdetails.com A 69.50.176.229 ns1.esthost.com A 69.50.176.229 ens1.esthost.com A 69.50.176.229 ns2.esthost.com A 69.50.176.229 ns2.cernel.net A 69.50.176.229
AS | IP | AS Name 27595 | 69.50.176.229 | INTERCAGE - InterCage, Inc.
Oops. I forgot to add: ns2.spb-traffic.com A 69.50.176.227 ns2.site-people.com A 69.50.176.227 ns2.estsecure.com A 69.50.176.227 rovedigital.com A 69.50.176.227 ns2.rovedigital.com A 69.50.176.227 ans2.rovedigital.com A 69.50.176.227 dev.rovedigital.com A 69.50.176.227 ns2.mega-all.com A 69.50.176.227 ns2.cernel.net A 69.50.176.227 alpha.cernel.net A 69.50.176.227 beta.cernel.net A 69.50.176.227 - - ferg -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.3 (Build 3017) wj8DBQFI2yV4q1pz9mNUZTMRArRhAJ43UyY2xSIAWrFsRorN3vIgFB+U2QCgqaRa gwPpHcQ5p1pwOAr7IBTs7xg= =gT6R -----END PGP SIGNATURE----- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawgster(at)gmail.com ferg's tech blog: http://fergdawg.blogspot.com/
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, Sep 24, 2008 at 10:45 PM, Paul Ferguson <fergdawgster@gmail.com> wrote:
Why is Intercage hosting Cernel.net?
cernel.net -A-> 69.50.176.227
AS | IP | AS Name 27595 | 69.50.176.227 | INTERCAGE - InterCage, Inc.
I guess this was just a mistake, right?
Oh, and of course, Cernel.net was registered with... wait for it... Estdoamins.
And this was very recent.
Go figure.
A bit more:
A glance at DNS relationships between Intercage, Cernel, and Rove Digital are apparent when digging around on DNS dependencies -- lookup cernel.net at the BFK DNSLogger:
http://www.bfk.de/bfk_dnslogger.html
ns2.protectdetails.com A 69.50.176.229 ns1.esthost.com A 69.50.176.229 ens1.esthost.com A 69.50.176.229 ns2.esthost.com A 69.50.176.229 ns2.cernel.net A 69.50.176.229
AS | IP | AS Name 27595 | 69.50.176.229 | INTERCAGE - InterCage, Inc.
Oops. I forgot to add:
ns2.spb-traffic.com A 69.50.176.227 ns2.site-people.com A 69.50.176.227 ns2.estsecure.com A 69.50.176.227 rovedigital.com A 69.50.176.227 ns2.rovedigital.com A 69.50.176.227 ans2.rovedigital.com A 69.50.176.227 dev.rovedigital.com A 69.50.176.227 ns2.mega-all.com A 69.50.176.227 ns2.cernel.net A 69.50.176.227 alpha.cernel.net A 69.50.176.227 beta.cernel.net A 69.50.176.227
Just in case anyone needs a refresher on Rove Digital: http://voices.washingtonpost.com/securityfix/2008/09/estdomains_a_sordid_hi story_an.html - - ferg -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.3 (Build 3017) wj8DBQFI2zOrq1pz9mNUZTMRAmjeAKDrsXVJuhk1Um8/92cjg51xDUrXOACeJlC0 7rhjnPNtWrPNPEFR+vG4i+k= =SMP+ -----END PGP SIGNATURE----- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawgster(at)gmail.com ferg's tech blog: http://fergdawg.blogspot.com/
On Wed, 2008-09-24 at 21:50 -0700, Paul Ferguson wrote:
On Wed, Sep 24, 2008 at 8:10 PM, William Pitcock <nenolod@systeminplace.net> wrote:
Esthost are nullrouted as of this morning. Even their administrative network is nullrouted.
I think that is a good indication. As I said, if you have any still open issues, please let me know. I am talking to these people and they are listening.
Okay. Riddle me this:
Why is Intercage hosting Cernel.net?
cernel.net -A-> 69.50.176.227
AS | IP | AS Name 27595 | 69.50.176.227 | INTERCAGE - InterCage, Inc.
Except that they are not: it is offline. --- 69.50.176.227 ping statistics ----- 15 packets transmitted, 0 received, 100% packet loss, time 14008ms nenolod@petrie:~$ wget http://69.50.176.227/ 2008-09-25 00:56:54-- http://69.50.176.227/ Connecting to 69.50.176.227:80... failed: Connection timed out. Retrying. --2008-09-25 01:00:04-- (try: 2) http://69.50.176.227/ Connecting to 69.50.176.227:80... failed: Connection timed out. Retrying. --2008-09-25 01:03:15-- (try: 3) http://69.50.176.227/ Connecting to 69.50.176.227:80... ^C 69.50.176.0/24 is nullrouted by Intercage itself and the equipment is powered off. Thanks for playing, but next time you might want to point out something that is actually online. It will certaintly make your argument be more fact-based. Or maybe my problem is that I have a "fact-based world view". William
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, Sep 24, 2008 at 11:04 PM, William Pitcock <nenolod@systeminplace.net> wrote:
Thanks for playing, but next time you might want to point out something that is actually online. It will certaintly make your argument be more fact-based.
Or maybe my problem is that I have a "fact-based world view".
No, than you for playing. When the DNS dependencies are removed, we can all play Kum Ba Yah. Don't toss me an excuse and expect mileage. Fix it. Then we can all play nice. Cheers! - - ferg -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.3 (Build 3017) wj8DBQFI2ytOq1pz9mNUZTMRAiqYAKDbKSez0EH6mPLxALhPlt8m7K+zSgCggCxF NjcGfvQ78hurxx2tEgBGhNQ= =fxML -----END PGP SIGNATURE----- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawgster(at)gmail.com ferg's tech blog: http://fergdawg.blogspot.com/
On Wed, Sep 24, 2008 at 10:10:42PM -0500, William Pitcock wrote:
I said _new_ approach. I agree that it was overdue, but they are being cooperative with the anti-abuse community, so I think it is appropriate to give them an opportunity to deliver on their promise.
We did that. In 2003. And the abuse continued, and got worse. We did that. In 2004. And the abuse continued, and got worse. We did that. In 2005. And the abuse continued, and got worse. And so on. I suggest at least making a perfunctory effort to acquaint yourself with the long, sordid history of Atrivo/Intercage, and its numerous prior (and utterly specious) claims of "cooperation" and "reform" before commenting further. ---Rsk
Rich Kulawiec wrote:
On Wed, Sep 24, 2008 at 10:10:42PM -0500, William Pitcock wrote:
I said _new_ approach. I agree that it was overdue, but they are being cooperative with the anti-abuse community, so I think it is appropriate to give them an opportunity to deliver on their promise.
We did that. In 2003. And the abuse continued, and got worse.
We did that. In 2004. And the abuse continued, and got worse.
We did that. In 2005. And the abuse continued, and got worse.
And so on.
I suggest at least making a perfunctory effort to acquaint yourself with the long, sordid history of Atrivo/Intercage, and its numerous prior (and utterly specious) claims of "cooperation" and "reform" before commenting further.
What was the deal about doing the same thing over and over and over and over, each time expecting the outcome to be different?
I get the feeling, to a certain extent, that there is a certain kind of mob mentality such that since we *can* do it, and they are a little guy, that we should shut them down no matter what. So despite what seems their now honest attempts to clean up, some are bent on still shutting them down (to make an example out of them?). Not that it's not unreasonable 'punishment' for all years of abuse that was inflicted on Internet users, but if this is who "we" are, then I'm a little disappointed. Frank -----Original Message----- From: Paul Ferguson [mailto:fergdawgster@gmail.com] Sent: Wednesday, September 24, 2008 9:59 PM To: William Pitcock Cc: nanog@nanog.org Subject: Re: the Intercage mess -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, Sep 24, 2008 at 7:52 PM, William Pitcock <nenolod@systeminplace.net> wrote:
On Wed, 2008-09-24 at 19:28 -0700, Paul Ferguson wrote:
I think that _more_than_reasonable_ background research, historical record, etc. have met the qualifications of "civilized vernier". The outcry was, and is not, arbitrary.
No, but forcing them offline now that they are taking a new approach to handling abuse is ridiculous.
No -- I think that after 5 years of malicious activity, it was overdue. I'm sorry, but your efforts to get the last word here are in vain. Cheers, - - ferg p.s. And by the way, whether the badness has actually been purged from Atrivo/Intercage's IP address space remains to be seen -- previous similar claims have all been false. Time will tell -- may eyes are watching. -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.3 (Build 3017) wj8DBQFI2v5Oq1pz9mNUZTMRAhaHAJ46OFbpGDap70pAEHlzLwOCiJpRhgCfRgM1 4Riwi5G0vWvtZZWyYt9mgKw= =4BP6 -----END PGP SIGNATURE----- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawgster(at)gmail.com ferg's tech blog: http://fergdawg.blogspot.com/
William Pitcock wrote:
On Wed, 2008-09-24 at 19:28 -0700, Paul Ferguson wrote:
On Wed, Sep 24, 2008 at 7:24 PM, Randy Bush <randy@psg.com> wrote:
John Bambenek wrote:
When there is no law to speak of all that is left is tribal justice.
this way lies lynch mobs
shall we at least apply a vernier of civilization I think that _more_than_reasonable_ background research, historical record, etc. have met the qualifications of "civilized vernier". The outcry was, and is not, arbitrary.
No, but forcing them offline now that they are taking a new approach to handling abuse is ridiculous.
Intercage are reaching out to the anti-abuse community and yet some people on NANOG keep interfering with the cleanup process. How do you expect them to clean up their network and return to normal operations (with considerably less abuse) if it keeps being disconnected?
The shit isn't even there anymore. These kids have moved it elsewhere. Intercage have learned their lesson, just leave them alone and let the people who have *real* problems (e.g. me, Andrew Kirch of AHBL, Spamhaus, Gadi, etc.) with Intercage deal with this.
They _claim_ they have learned their lesson and cleaned up their act. However, that does not erase the _years_ that they knew what was going on and happily took miscreants' money for polluting the commons. The police and courts are impotent, so it falls to the victims to take action. I hate lynch mobs as much as the next guy, but the law _does_ allow people to defend themselves and protect themselves from future harm by proven bad actors. They could be lying; we have no proof they're not, so given their track record, we must assume they are. What's to stop them from next week going back to the folks they've disconnected and taking their money again, again abusing the community. Even if they're not lying, application of the Death Penalty, as obviously justified in this case, is the _only_ way to discourage others from doing the same thing by instilling the fear of the same consequences. S
nenolod@systeminplace.net (William Pitcock) writes:
... forcing them offline now that they are taking a new approach to handling abuse is ridiculous. ...
renaming, renumbering, and rehoming the darkest parts of their empire is not a new approach to handling abuse, it's the most common thing that gray networks do when faced with disconnection, because it's the thing that looks most like protective colouration for them and it's the thing that looks most like plausible deniability for their (new?) providers. so, now begins the search for the line that mustn't be crossed. if they have N spamming customer or M "captured" machines running C&C and they disconnect such customers after P warnings or Q days, then will the community still rise up in arms and if so will that still be enough negativity to cause their (new?) provider to lose connectivity? if not, then what about P-1 or Q+1 or M*2 or N/2? discovering the process by which N, M, P, and Q are discovered, will be even uglier than everything we've seen on this topic to date. i advise those interested in the truth about a network's long term reputation to get their information from friends and professionals in the security business, or even google, but not nanog. or just refuse to suspend disbelief, and ask why someone's apparently new approach to handling abuse, the "turning over a new leaf", happened so many years into the game. what was their obvious intent, if not monetizing the uncertainty and inertia of the networks whose connectivity they depend on? -- Paul Vixie
On 9/25/08, Paul Vixie <vixie@isc.org> wrote:
so, now begins the search for the line that mustn't be crossed. if they have N spamming customer or M "captured" machines running C&C and they disconnect such customers after P warnings or Q days, then will the community still rise up in arms and if so will that still be enough negativity to cause their (new?) provider to lose connectivity? if not, then what about P-1 or Q+1 or M*2 or N/2?
discovering the process by which N, M, P, and Q are discovered, will be even uglier than everything we've seen on this topic to date.
I work the at the abuse department of one of the big ISPs, and I have to note that finding effective values for those four varables is sticky business from the abuse preventers' side too. We get tens of thousands of abuse complaints every single day. Even filtering out the frequent-flyer abuse miscomplainers (certain ISPs seem to have no outbound filtering -- to cope with the very large number of times when their customers seem to confuse "Report Spam" with "Move to Trash", for instance), there's still a butt-load of data to be analysed and acted on, and only a finite number of monkeys with typewriters to churn through it. At best, it's a trans-global game of whack-a-mole, suspending orgs and consumers who have never heard the word "firewall", or at least have never learned router ACL config. Add to this the potential legal and/or press minefield of being accused of wiretapping, traffic-shaping, and other nefarious deeds, and we have to tread very gently indeed around certain abuse detection and prevention issues. In short, it's a big hairy beast, and it's even scarier if you take a closer-than-normal look. Paul (not an official spokesperson, nor a policy-maker, of any ISP or similar company)
No, but forcing them offline now that they are taking a new approach to handling abuse is ridiculous.
Intercage are reaching out to the anti-abuse community and yet some people on NANOG keep interfering with the cleanup process. How do you expect them to clean up their network and return to normal operations (with considerably less abuse) if it keeps being disconnected?
The shit isn't even there anymore. These kids have moved it elsewhere. Intercage have learned their lesson, just leave them alone and let the people who have *real* problems (e.g. me, Andrew Kirch of AHBL, Spamhaus, Gadi, etc.) with Intercage deal with this.
If anyone has any issue with Atrivo/Intercage that still needs rectification: please contact me or Andrew Kirch offlist and we will bring it to their attention. We have contact with these people, and they are listening and taking action to clean up their network.
If not, then please stop with this thread. It's not helpful, and it's certaintly counter-productive.
William
William, This above email is a bit off. It sounds a bit like you feel that Nanog is your (Gadi/you/Andrew/Spamhaus) stick to force Intercage to fall in line. Not that they have been whacked with the stick you want the rest of us to leave them along so YOU can deal with it. But it is NOT your place to deal with it any more than it is mine. It is a community issue dealt with by the community and if the community (I.E. those who have killed intercage's connectivity) choose to keep it that way as opposed to taking the chance that this company, with a LONG history, will continue to spew unwanted traffic, well... That's not your call. It is not your place to tell someone else how to run their network and it is not your place to deal with the intercage issue on behalf of anyone else. James
Randy Bush wrote:
John Bambenek wrote:
When there is no law to speak of all that is left is tribal justice.
this way lies lynch mobs
shall we at least apply a vernier of civilization?
randy
While I appreciate the points both you and John are attempting to make, as someone who is engaged in tribal government, and peripheral to the tribal legal community (I ran the TribalLaw list for years), I suggest there are rhetorical alternatives. You may be amused that in Ex Parte Crow Dog, the USSC found in 1883 that it had no jurisdiction over the tribal court which tried, convicted, and sentenced Crow Dog for the killing of Spotted Tail. The sentence for that homicide (a political one in the context of factionalism during the onset of the Brule Sioux captivity) imposed by the tribal court was not death by hanging (payment was made to the tiospaye (kin) of the former, treaty signing principal chief). The following year Congress enacted the Major Crimes Act so that "an eye for an eye" would be the law in Indian Country. Note, not only did this extend Judeo-Christian reciprocity to offenses between tribal members, it also guaranteed death to any Indians who punished a "treaty signer" for providing the legal excuse for private and non-member expropriation of collectively held land. More modernly, tribal courts seem to be better at substance abuse sentencing, based on outcomes, than non-tribal courts. I know some tribal jurists who'd be tickled pink to be asked to talk to a room of network people on tribal legal institutions and issues at Minneapolis. I've been following this because of the trust anchor problem discussed elsewhere for address and AS allocation, and the NS and A record manifestation of some exploits that require sets of addresses, though not necessarily colocated within one or few address allocations or routed to one or few ASs, again, discussed elsewhere. Cheers, Eric
On Sep 24, 2008, at 7:24 PM, Randy Bush wrote:
this way lies lynch mobs shall we at least apply a vernier of civilization?
Randy, I would agree if anything less had ever been effective. If you have a better idea, please explain to the rest of us. -- Jo Rhett Net Consonance : consonant endings by net philanthropy, open source and other randomness
Note that, at least in the spacecraft world, a vernier is an attitude adjustment rocket engine. I am not sure if NANOG is set up to do an attitude adjustment on civilization... Regards Marshall On Sep 25, 2008, at 1:48 AM, Jo Rhett wrote:
On Sep 24, 2008, at 7:24 PM, Randy Bush wrote:
this way lies lynch mobs shall we at least apply a vernier of civilization?
Randy, I would agree if anything less had ever been effective.
If you have a better idea, please explain to the rest of us.
-- Jo Rhett Net Consonance : consonant endings by net philanthropy, open source and other randomness
Dear Randy; On Sep 25, 2008, at 10:59 AM, Randy Bush wrote:
I am not sure if NANOG is set up to do an attitude adjustment on civilization...
it keeps trying.
thunderbleep scorned verneer, so i tried ier and it worked.
Yes, I knew this was a typo, but I figured a little levity couldn't hurt this depressing thread. Hope all is well. Regards Marshall
randy
Marshall Eubanks wrote:
Dear Randy; On Sep 25, 2008, at 10:59 AM, Randy Bush wrote:
I am not sure if NANOG is set up to do an attitude adjustment on civilization...
it keeps trying.
thunderbleep scorned verneer, so i tried ier and it worked.
Yes, I knew this was a typo, but I figured a little levity couldn't hurt this depressing thread.
The thread is more about plating a turd.
Am I the only one who read that as intending to be "Veneer", a thin covering to make it look like, even if the subsurface reality is the raw randomness of particle board? I would note that; while it seems like the OP wanted to say that we were to make the process of running outlaws out of town (which is the equivalent of what we're doing here) at least a bit civilized; in the context outside of decoration, a veneer means "superficial or deceptively attractive appearance", IE: for looks only, not changing the inherent character of the thing it's meant to cover up. I guess, it we want better PR, a veneer of judges, bailiffs, and lawyers can't hurt us. We should still let our well clad lawmen unload with all barrels on the louts that have been terrorizing the neighborhood.
-----Original Message----- From: Marshall Eubanks [mailto:tme@multicasttech.com] Sent: Thursday, September 25, 2008 5:28 AM To: Jo Rhett Cc: Nanog list Subject: Re: a vernier of civilization...
Note that, at least in the spacecraft world, a vernier is an attitude adjustment rocket engine.
I am not sure if NANOG is set up to do an attitude adjustment on civilization...
Regards Marshall
On Sep 25, 2008, at 1:48 AM, Jo Rhett wrote:
On Sep 24, 2008, at 7:24 PM, Randy Bush wrote:
this way lies lynch mobs shall we at least apply a vernier of civilization?
Randy, I would agree if anything less had ever been effective.
If you have a better idea, please explain to the rest of us.
-- Jo Rhett Net Consonance : consonant endings by net philanthropy, open source and other randomness
On Wed, Sep 24, 2008 at 10:48 PM, Jo Rhett <jrhett@netconsonance.com> wrote:
On Sep 24, 2008, at 7:24 PM, Randy Bush wrote:
this way lies lynch mobs shall we at least apply a vernier of civilization?
Randy, I would agree if anything less had ever been effective.
If you have a better idea, please explain to the rest of us.
"we are a nation of laws, not men"
On Thu, Sep 25, 2008 at 11:24:17AM +0900, Randy Bush wrote:
John Bambenek wrote:
When there is no law to speak of all that is left is tribal justice.
this way lies lynch mobs
Maybe mobs, but not (Charles) Lynch mobs. No one wants to deprive anyone of life or limb.
shall we at least apply a veneer of civilization?
I think the current state of the art in civilized, peaceful, extralegal negotiation of reasonable behaviour expected of businessmen and their peers is a form of social ostracism given its name in 1880 when the Irish Land League bade everyone in Mayo county, Ireland not to engage economically or otherwise with Captain Charles Boycott...a land owner who had set his rent very high, and was evicting anyone who deigned to complain of it (fully within his legal authority, but outside the realms of what the people saw as reasonable). If anyone can think of better, we'll have to call it "Intercaging". -- Ash bugud-gul durbatuluk agh burzum-ishi krimpatul. Why settle for the lesser evil? https://secure.isc.org/store/t-shirt/ -- David W. Hankins "If you don't do it right the first time, Software Engineer you'll just have to do it again." Internet Systems Consortium, Inc. -- Jack T. Hankins
David W. Hankins wrote:
I think the current state of the art in civilized, peaceful, extralegal negotiation of reasonable behaviour expected of businessmen and their peers is a form of social ostracism given its name in 1880 when the Irish Land League bade everyone in Mayo county, Ireland not to engage economically or otherwise with Captain Charles Boycott...a land owner who had set his rent very high, and was evicting anyone who deigned to complain of it (fully within his legal authority, but outside the realms of what the people saw as reasonable).
If anyone can think of better, we'll have to call it "Intercaging".
Since the usefulness of this thread to NANOG is becoming less and less as the thread wears on, where would the NANOG community suggest that it be moved to? What are the good SP operational security mailing lists? What groups or forums would one find threads like this? The NANOG ISP security BOF group? I would like to do a much better job of keeping up on things of this nature. I already spend a great deal of time on it but I know that I'm missing a plethora of other security issues. What group would be interested in knowing that whois.estdomains.com (83.171.76.99) is now being hosted by as31353 via as8997 (didn't we have a small problem with 8997 the other day?)? I'd love to find the good lists and forums for this type of discussion, preferably with a SP slant. Perhaps that info will help move the discussion to more appropriate places. Thanks Justin
On Thu, 25 Sep 2008 11:39:44 CDT, Justin Shore said:
group would be interested in knowing that whois.estdomains.com (83.171.76.99) is now being hosted by as31353 via as8997 (didn't we have
Well, that didn't take long.
On Thu, Sep 25, 2008 at 12:53 PM, <Valdis.Kletnieks@vt.edu> wrote:
On Thu, 25 Sep 2008 11:39:44 CDT, Justin Shore said:
group would be interested in knowing that whois.estdomains.com (83.171.76.99) is now being hosted by as31353 via as8997 (didn't we have
Well, that didn't take long.
so then ,the 8997 issues of last weekend WERE a test of capabilities?? :(
On Thu, 25 Sep 2008, Justin Shore wrote:
David W. Hankins wrote:
I think the current state of the art in civilized, peaceful, extralegal negotiation of reasonable behaviour expected of businessmen and their peers is a form of social ostracism given its name in 1880 when the Irish Land League bade everyone in Mayo county, Ireland not to engage economically or otherwise with Captain Charles Boycott...a land owner who had set his rent very high, and was evicting anyone who deigned to complain of it (fully within his legal authority, but outside the realms of what the people saw as reasonable).
If anyone can think of better, we'll have to call it "Intercaging".
Since the usefulness of this thread to NANOG is becoming less and less as the thread wears on, where would the NANOG community suggest that it be moved to? What are the good SP operational security mailing lists? What groups or forums would one find threads like this? The NANOG ISP security BOF group? I would like to do a much better job of keeping up on things of this nature. I already spend a great deal of time on it but I know that I'm missing a plethora of other security issues. What group would be interested in knowing that whois.estdomains.com (83.171.76.99) is now being hosted by as31353 via as8997 (didn't we have a small problem with 8997 the other day?)? I'd love to find the good lists and forums for this type of discussion, preferably with a SP slant. Perhaps that info will help move the discussion to more appropriate places.
Thanks Justin
For the duration of this thread and others like it, I have to step back and wonder why is it when operational issues that some don't like to talk about come up, why they're often shifted to some form of offtopic status: "Well it doesn't do me any good therefore we should move it off the list!" This is and was relevant to issues such as botnets which (drum roll) affect network operations to even Denial of Service attacks which I can recall the urge to move to offtopic land going back to pre Y2K. What are the terms? Status Quo Bias, Selective Recall, Groupthink, False Consensus, Herding Instinct. Randy makes a good point as do others involved in the operations decisions but the decision should be based on realistic input from everyone, not just those who conform to someone's specific liking. I'm no judge and jury to implicity cut off someone's connectivity nor is anyone else and this entire situation is akin to a lynching like the verbiage or not. While I agree that rogue providers and hosts need to be dealt with, the issue needs to be addressed by everyone in order to show there was accuracy and fairness not just the "good old boy" networked approach. Not solely using the Groupthink approach. Perhaps this would have been better dealt with if there was a mechanism in place to have all vote together or perhaps a committee need be created where these issues can be resolved diplomatically and efficiently which stays far and clear of the Not In My Back Yard attitude. Business deals are business deals like them or not. If you made a strategic decision based on what you thought was appropriate at the time, how would YOU like it if someone came to YOUR backyard protesting "Oh no you don't!". "A man's judgement cannot be better than the information on which he has based it" Arthur Sulzberger Perhaps whatever company decided whatever decision they made based on the best information available to them at the time. Is it fair for you to cut off their arm without getting their end of the view before cutting off their arm. Then complaining its not in your best interest to hear their case. I hope for someone's sake you're never a juror for them. I'd always had this impression that NANOG was the de-facto place where experts would get together to make strategic decisions, set forth best practices, provide in-depth information on policies, etc., with regards to Internet operations. It's beginning to look like the description of the intelligence agencies skewing matters to their own likings in order to go to war. In order to justify their own agendas. Whether or not the agenda has meat and substance is not even being weighed I see nothing more than confirmation bias, selective recall, and the list goes on, but nowhere do I see anything other than a witchhunt right now. Place yourself in a situation like this and ask what would you like to have some body of (so called) experts do. Would you enjoy it if others ran around trying to hush any naysayer that didn't conform to your views. Would it be fair, would it truly be diplomatic. Maybe some need to take a good look at this and create a solution for future potential problems. Perhaps a rotating board of decision makers who would unbiasedly take a good look at a situation and offer a variety of solutions in which those solutions would need to be voted in (for lack of better terms) by a vast majority without that vast majority whining: "Oh shut up if you're not going to see things my way!" then siding with friends and colleagues or peers out of pressure. My unwanted two cents for the year. -- =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ J. Oquendo SGFA, SGFE, CNDA, CHFI, OSCP "A good district attorney can indict a ham sandwich if he wants to ... The accusations harm as much as the convictions ... they're obviously harmful or it wouldn't be news.." - John Carter wget -qO - www.infiltrated.net/sig|perl http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x3AC173DB
NANOG makes a fine archive of discoverable material in a court case intending to show collusion to drive folks out of business. One presumes that each ISP here has some form of AUP and rules on self-preservation roughly along the lines of "if there is material impact to my network or my customers, I can do whatever it takes to mitigate the traffic/intrusion". One does not need to collaberate with others before enforcing your own AUP. --bill
bmanning@vacation.karoshi.com wrote:
NANOG makes a fine archive of discoverable material in a court case intending to show collusion to drive folks out of business.
One presumes that each ISP here has some form of AUP and rules on self-preservation roughly along the lines of "if there is material impact to my network or my customers, I can do whatever it takes to mitigate the traffic/intrusion". One does not need to collaberate with others before enforcing your own AUP.
Surely. However, it makes little sense to close your gate to keep the stray dogs out of your yard, if they can just come in via your neighbour's gate and climb over the fences. And having to post armed guards on the fences (because there are too many places to climb over) is no substitute for trustworthy neighbours who keep their own yards in order, plus its good neighbourliness, if you have had to shut your gate, to warn your neighbours they might need to keep an eye on theirs.
However, it makes little sense to close your gate to keep the stray dogs out of your yard, if they can just come in via your neighbour's gate and climb over the fences.
It makes a lot of sense. Having closed your gate, and discovered a stray dog in your back yard, you can call the animal control people and they stand a good chance of catching that stray dog. However, if you tell all your neighbors to close their gates, the stray is still out there, animal control won't know where to find it, plus you and your neighbors now have to bear the perpetual cost of always keeping your gates closed. There are still many American towns where people don't even have fences around their yards. The difference is that by closing your gate (filtering announcements) you just shift the problem onto somebody else. But if you call the animal control (police) with evidence of wrongdoing, there is a chance to clean up the mess. And finally, history shows that closing your own gates and letting the bad guys run loose, never solves problems, just allows them to escalate. --Michael Dillon
michael.dillon@bt.com wrote:
However, it makes little sense to close your gate to keep the stray dogs out of your yard, if they can just come in via your neighbour's gate and climb over the fences.
It makes a lot of sense. Having closed your gate, and discovered a stray dog in your back yard, you can call the animal control people and they stand a good chance of catching that stray dog.
Like most NANAE ...eerrr...NANOG metaphors this one is broken. We are not talking about stray dogs, were are talking about bad behaviour. If I keep them from dealing that stuff in my parking lot I do several things, in approximate priority order: My clean customers don't have to suffer any effects of the bad guys being on my lot. The bad guys learn it is not a good place to try to deal. The Law knows one place they don't have to worry about.
Let me offer a what might be a better story Joe owns a store where he buys widgets wholesale and sells them retail. A bunch of widget companies get together and pressure the rest of the widget companies not to sell to Joe. Joe finds a lawyer and sues them all for anti-trust violations. Years go by. The companies finally settle for a few bucks with Joe without admitting guilt. The lawyers get rich.
Laurence F. Sheldon, Jr. wrote:
michael.dillon@bt.com wrote:
However, it makes little sense to close your gate to keep the stray dogs out of your yard, if they can just come in via your neighbour's gate and climb over the fences.
It makes a lot of sense. Having closed your gate, and discovered a stray dog in your back yard, you can call the animal control people and they stand a good chance of catching that stray dog.
Like most NANAE ...eerrr...NANOG metaphors this one is broken.
Well, the first draft had "junkies" rather than dogs, but I decided that would cause issues in itself. Cats might be a better analogy though, you can train a dog to know better....
We are not talking about stray dogs, were are talking about bad behaviour.
Indeed so. unlike a stray dog, one that gets into your yard doesn't just crap there, but all over the neighbourhood, leaving clear trails that lead back to you.
If I keep them from dealing that stuff in my parking lot I do several things, in approximate priority order:
My clean customers don't have to suffer any effects of the bad guys being on my lot.
surely, but they still get dog crap on their boots
The bad guys learn it is not a good place to try to deal.
They don't care. as long as they can get into your community *somewhere* that is good enough, it doesn't matter to them where.
The Law knows one place they don't have to worry about.
true, but the discussion wasn't regarding *not* keeping your yard clean, but was regarding warning your neighbours so *they* can keep their yard clean - and that there is a self-benefit (in that some of the dirt in your yard comes from any dogs allowed into theirs) that would make it reasonable to do so (and not unfair victimization of stray dogs) and any suggestion that the Law would trust, just because you booted out *one* set of dogs, that your yard would forever more remain clean, confuses me. Perhaps you could explain further?
michael.dillon@bt.com wrote:
However, it makes little sense to close your gate to keep the stray dogs out of your yard, if they can just come in via your neighbour's gate and climb over the fences.
It makes a lot of sense. Having closed your gate, and discovered a stray dog in your back yard, you can call the animal control people and they stand a good chance of catching that stray dog.
sounds good. who do you propose would fit the "role" of dogcatcher in this case, and why haven't they caught the stray yet after 5 years?
sounds good. who do you propose would fit the "role" of dogcatcher in this case, and why haven't they caught the stray yet after 5 years?
The police fill the dogcatcher role here, and they have indeed caught and prosecuted the stray on the rare occasions when ISPs have contacted the police and provided clear evidence in a form that the police could use. There have also been cases where people have used other laws. For instance, if a spammer breaks a signed AUP and you disconnect him, then you can go to court and recover whatever penalties are in the contract. Of course if you are looking for a hero to catch the criminal mastermind behind all of the world's ills, in order to stop all crime once and for all, then you will be disappointed. --Michael Dillon
On Thu, 25 Sep 2008, bmanning@vacation.karoshi.com wrote:
NANOG makes a fine archive of discoverable material in a court case intending to show collusion to drive folks out of business.
One presumes that each ISP here has some form of AUP and rules on self-preservation roughly along the lines of "if there is material impact to my network or my customers, I can do whatever it takes to mitigate the traffic/intrusion". One does not need to collaberate with others before enforcing your own AUP.
--bill
If we were to stick to the rules: It should also, and very notably, define what sanctions will be applied if a user breaks the AUP. Compliance with this policy should, as usual, be measured by regular audits. However, AUP's aren't a definitive mandatory or regulatory control they're CYA (Cover Your Ass) based and have been known to be put in place solely for that purpose. It IS your own backyard, but what about the contractual agreements that can potentially be broken when "oops I didn't know I was nullrouting that business because it passes through that AS" occurs. Are you willing to simply say "it's a matter of my opinion/judgement regardless if people like it or not". What happens to that potential agreement. I'm not siding with anyone here, I despise spammers, malware sites as much as anyone else, but I think this process of "pull the plug" needs to be reviewed fairly and accurately. Else how would you like it if my attitude veered towards "Well gee, AS32042332498732 never audited their network, now look at this filth, gee might as well block them too" Since many would like to justify their argument based on the "It's my party and I'll cry if I want to" theme, then imagine the potential damage if everyone took this attitude. How many networks would break? Who here votes to cut off some major AS's? Everybody's Internet, Rackspace maybe? I can give a list of some major organizations as can others that flagrantly allow things to go on. I see no mention of throwing these businesses into Salems Lot 2008. -- =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ J. Oquendo SGFA, SGFE, CNDA, CHFI, OSCP "A good district attorney can indict a ham sandwich if he wants to ... The accusations harm as much as the convictions ... they're obviously harmful or it wouldn't be news.." - John Carter wget -qO - www.infiltrated.net/sig|perl http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x3AC173DB
On Thu, 25 Sep 2008 12:06:51 CDT, "J. Oquendo" said:
backyard protesting "Oh no you don't!". "A man's judgement cannot be better than the information on which he has based it" Arthur Sulzberger
Of course, *all* providers execute some form of due diligence before accepting a new customer, such as Googling for them to see if the customer has a long history either good or bad, right? Of course, there's a discount carpet dealer in the area, has a big sign out front "We will not be knowingly undersold". Nice wording, that...
participants (31)
-
Aaron Glenn
-
Andrew D Kirch
-
Blake Pfankuch
-
bmanning@vacation.karoshi.com
-
Christopher Morrow
-
Dave Howe
-
David W. Hankins
-
Eric Brunner-Williams
-
Frank Bulk
-
Gadi Evron
-
hobbit@avian.org
-
J. Oquendo
-
James Ashton
-
Jo Rhett
-
Joe Provo
-
John Bambenek
-
Justin Shore
-
Laurence F. Sheldon, Jr.
-
Marshall Eubanks
-
MARTENS, SUSAN, ATTOPS
-
michael.dillon@bt.com
-
Paul Bennett
-
Paul Ferguson
-
Paul Vixie
-
Randy Bush
-
Rich Kulawiec
-
Roy
-
Stephen Sprunk
-
Tomas L. Byrnes
-
Valdis.Kletnieks@vt.edu
-
William Pitcock