Why don't larger ISPs follow through on this? Simply deny RIAA any access...
And what IPs precisely are you planning to deny? So far its all idle
threats, we have no idea where they plan to launch their scans or hacking
attempts from, or even if they have any clue how to hack anything. I
highly doubt they'll be attaching riaa.com to it either.
I suppose if you want symbolism, you can host -l riaa.com and wack their
wcom webserver and other stuff at att, but I'd harly call that
productive.
Is someone mainitaining a server I can get an eBGP feed from that will
blackhole all RIAA IPs? If not, how do you propose to block the RIAA?
Ralph Doncaster
principal, IStop.com
If you read the URL originally referenced, they intend to blackhole riaa.com
itself, and then run a honeynet gnutella network. Anything that pokes their
Gnutella and then does anything else on their net that looks suspicious will
get blackholed.
Just imagine it - lots and lots of ISPs running honeynet Gnutellas, and if
you poke around in it you get blackholed. That would make the RIAA's day. 
Start now, do whatever it takes.
Amongst the paperwork passed to congress, RIAA must have indicated where
it's hackers would work from. Why not start there?
NANOG should not sit on this.
Trust me, if RIAA tried to function without email and internet access for a
day or two I think they would get the message.
<Nigel>
Ok, start listing IPs...
If you have them (and can confirm them of course :P), I'm certain a dozen
people on this list would put up a bgp feed before you can say
"blackhole". Heck I'm certain people would have something to do if you
even knew the provider that was planning on giving them service for such
activities.
Until then, it's all a bunch of speculation, and my money is still on
"idle threats and hype".
The blocking of any an all directly RIAA sites, feeds, etc, would
produce an economic reaction. Cut off their sales websites, their
basic connectivity (how much money do you think it would cost them
to go back to snail mail today?), their [few] subscription sites.
Let the money do the work.
Yours,
J.A. Terranson
sysadmin@mfn.org
* SPEAKING STRICTLY IN A PERSONAL CAPACITY * at this time anyway.
We'll see if we can't change that. Tomorrow. Goddamn right!
What they plan to do sounds incredibly illegal. Now if we could arrange
for their top management to spend the next few years fighting criminal
charges, that might keep them out of everybody's hair 
Miles
Start now, do whatever it takes.
Amongst the paperwork passed to congress, RIAA must have indicated where
it's hackers would work from. Why not start there?NANOG should not sit on this.
Trust me, if RIAA tried to function without email and internet access for a
day or two I think they would get the message.
Surprisingly enough, they didn't seem to care too much that their website
was offline fora few days. You never can tell though.
However, this type of action might not be necessary at all.
Some of the users on this list think RIAA's recent actions are nothing more
than empty threats.
Why doesn't NANOG make a few of its own?
A "polite" letter from a NANOG representative should do the trick.
However, this type of action might not be necessary at all.
Some of the users on this list think RIAA's recent actions are nothing more
than empty threats.
Why doesn't NANOG make a few of its own?
Well, it seems pretty certain that RIAA is doing DOS attacks on the
file sharing systems (by trying to flood them with fake files
masquerading as real MP3's).
I would assume that these are not idle threats.
Regards
Marshall Eubanks
The RIAA's annual budget is roughly $18 million. That pays for lawyers
and other stuff which goes into writing "polite" letters. To raise that
much money Merit would need to charge about $12,000 per person per NANOG
meeting. People complain the current $300 registration fee is too much.
NANOG is not a lobbying organization. There are other several
organizations (and mailing lists) you may want to consider instead, such
as the Electronic Frontier Foundation http://www.eff.org/ You can also
write your elected representatives for the price of a postage stamp. Some
congress critters even accept e-mail now.
To be perfectly honest, I could care less about any letters. It might be a
good idea to follow in the footsteps of
Informationwave and just take action.
<CLARKE>
Start here:
avleen@apple:avleen : host -t MX riaa.org
riaa.org mail is handled (pri=50) by mail3.riaa.com
riaa.org mail is handled (pri=10) by list.sparklist.com
riaa.org mail is handled (pri=10) by mail.riaa.com
riaa.org mail is handled (pri=25) by mail2.riaa.com
## On 2002-08-22 08:04 +0100 Avleen Vig typed:
Start here:
avleen@apple:avleen : host -t MX riaa.org
riaa.org mail is handled (pri=50) by mail3.riaa.com
riaa.org mail is handled (pri=10) by list.sparklist.com
riaa.org mail is handled (pri=10) by mail.riaa.com
riaa.org mail is handled (pri=25) by mail2.riaa.com
Not quite
(1021)> whois -h whois.networksolutions.com riia.org
Registrant:
Royal Institute of International Affairs (RIIA-DOM)
Chatham House, 10 St James Square
London, SW1Y 4YE
ENGLAND
Domain Name: RIIA.ORG
OOPS - my typo sorry! (standing in the corner with egg on my face
## On 2002-08-22 11:10 +0300 Rafi Sadowsky typed:
Avleen Vig <lists-nanog@silverwraith.com> writes:
> Ok, start listing IPs...
> If you have them (and can confirm them of course :P), I'm certain a dozen
> people on this list would put up a bgp feed before you can say
> "blackhole". Heck I'm certain people would have something to do if you
> even knew the provider that was planning on giving them service for such
> activities.Start here:
avleen@apple:avleen : host -t MX riaa.org
riaa.org mail is handled (pri=50) by mail3.riaa.com
riaa.org mail is handled (pri=10) by list.sparklist.com
riaa.org mail is handled (pri=10) by mail.riaa.com
riaa.org mail is handled (pri=25) by mail2.riaa.com
And continue to here:
[sgifford@sghome sgifford]$ whois RECORDIN50-191@whois.arin.net
[whois.arin.net]
RECORDING INDUSTRY ASSOC OF AMERICA (NETBLK-RECORDIN50-191)
1330 CONNECTICUT AVENUE NW SUITE 300
WASHINGTON, DC 20036
US
Netname: RECORDIN50-191
Netblock: 12.150.191.0 - 12.150.191.255
Coordinator:
EGAS, JACK (JE332-ARIN) jegas@riaa.com
(2027750101) -
Record last updated on 11-Aug-2001.
Database last updated on 21-Aug-2002 20:01:34 EDT.
The ARIN Registration Services Host contains ONLY Internet
Network Information: Networks, ASN's, and related POC's.
Please use the whois server at rs.internic.net for DOMAIN related
Information and whois.nic.mil for NIPRNET Information.
-----ScottG.
However, this type of action might not be necessary at all.
Some of the users on this list think RIAA's recent actions are nothing more
than empty threats.
Why doesn't NANOG make a few of its own?A "polite" letter from a NANOG representative should do the trick.
Just to state the obvious, no one is authorized to represent NANOG in this fashion, not even folks here at Merit. NANOG isn't a decision making organization. NANOG isn't something that can take actions (other than holding a few meetings each year and managing this e-mail list).
Individuals and organizations that participate in NANOG can take actions, but not in NANOG's name. I'm no lawyer, but I suspect that lawyers should be consulted before taking individual or coordinated action of the sort being suggested against another organization.
Of course IPSs do take action against individuals or organizations all of the time, but they need to do that based on policies and procedures that take into account their obligations to their customers as well as their obligations under the law.
As an end user I really don't want my ISP to make decisions about who is allowed to communicate with me or who I am allowed to communicate with except when those decisions are based on policies designed to protect me or others from serious problems (DDOS attacks and the like), even then I want those policies to be written and available so I can review them, and I want them to be applied fairly.
As an ISP I really don't want my upstream ISPs to make decisions about who is allowed to communicate with my network or who my network is allowed to communicate with except under the conditions outlined in my agreements with those ISPs. This is important to me if I am in turn going to be able to meet my obligations to my own end users.
So, I really don't want the RIAA to tell me or my upstreams who I can't communicate with, but neither do I want my upstreams to tell me that I can't communicate with the RIAA or the labels if I (or really my customers) want to do so.
-Jeff Ogden
Merit Network
While I agree with Sean that NANOG is not the place to lobby, I would
also
state that the coordination of a BGP blockade against RIAA's harmful
policies is an internet traffic management issue requiring coordination
among providers to solve.
Owen
Sean Donelan wrote: