[some elided]
I guess my effort to evoke commentary on NANOG failed.
My next question to the peanut gallery is: What do you
suggest we should do on other hosting IP blocks are are continuing
to host criminal activity, even in the face of abuse reports, etc.?
Seriously -- I think this is an issue which needs to be addressed
here. ISPs cannot continue to sweep this issue under the proverbial
carpet.
Is this an issue that network operations folk don't really care
about?
- - ferg
If somebody's paying you $n/megabyte for transit/connectivity, what's your
incentive to make them clean up their act and get rid of their P2P filesharing
traffic, spam traffic, and so on?
Serious question, that - how many long-haul providers would be in serious
trouble if all the spam and filesharing suddenly stopped and only legitimate
traffic travelled through their pipes?
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1http://cidr-report.org/cgi-bin/as-report?as=AS27595&v=4&view=2.0
My only concern here is that by the publicity this issue continues
to receive, these activities will just move else where, like
scurrying cockroaches (like what happened with AS40989).[some elided]
I guess my effort to evoke commentary on NANOG failed.
My next question to the peanut gallery is: What do you
suggest we should do on other hosting IP blocks are are continuing
to host criminal activity, even in the face of abuse reports, etc.?Seriously -- I think this is an issue which needs to be addressed
here. ISPs cannot continue to sweep this issue under the proverbial
carpet.Is this an issue that network operations folk don't really care
about?
NANOG is on vacation. Wait one more day. 
define "legitimate"
--bill
Traffic in accordance with their AUP.
As mentioned in private email, I think where there is *evidence* of
*criminal* activity, show this to a judge, get the judge to order ARIN
to revoke the ASN/netblock, the traffic then becomes bogon and can/
should be filtered.
If there can be a legal procedure established for this it may even
be able to be done quickly in specific instances.
Of course a parallel procedure would be necessary for each bit of the
ROW..
- -w
- --
William Waites <ww@styx.org>
http://www.irl.styx.org/ +49 30 8894 9942
CD70 0498 8AE4 36EA 1CD7 281C 427A 3F36 2130 E9F5
Oh come on, how quickly would that migrate to enforcing copyright
infringement? Or if you're especially evil, used by larger companies
to bully smaller companies out of precious IPv4 space?
I reckon having your IPv4 space revoked for more than a few hours would
upset most if not all small players.
Please find an alternative method of tidying up the trash and don't
stir that nest of hornets.
Adrian
As mentioned in private email, I think where there is *evidence* of
*criminal* activity, show this to a judge, get the judge to order ARIN
to revoke the ASN/netblock, the traffic then becomes bogon and can/
should be filtered.
Proving criminal activity is for law enforcement. Maintaining our networks against DDoS and our customers against being massively compromised, now that's something else.
If a layer had become _that_bad_ I don't want them communicating with me, and if I am their peer, I don't want to peer with them. It's an individual choice by each provider, and we can lok at them in any light we like.
Oh come on, how quickly would that migrate to enforcing copyright
Copyright is a legal issue which does not trouble our networks, so if you get a legal paper asking you to do so, it's a whole other business. Don't muddy the water.
The issue is complicated enough as it is: do we want such dirty providers to massively compromise the Internet, our customers, or through us? Different answers from different people.
If law enforcement was capable of doing the job, we wouldn't have had to discuss this.
Oh come on, how quickly would that migrate to enforcing copyright
infringement? Or if you're especially evil, used by larger companies
to bully smaller companies out of precious IPv4 space?
With appropriate controls. For example that the entity in question exists
entirely or substantially for illegal purposes. Illegal does not mean "in
violation of an agreement", rather "against the law". And such an action
should not be possible for a private person to bring.
Please find an alternative method of tidying up the trash and don't
stir that nest of hornets.
Workeable suggestions? So far I've seen,
* organized shunning
* BGP blacklists
Cheers,
- -w
- --
William Waites <ww@styx.org>
http://www.irl.styx.org/ +49 30 8894 9942
CD70 0498 8AE4 36EA 1CD7 281C 427A 3F36 2130 E9F5
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1Oh come on, how quickly would that migrate to enforcing copyright
infringement? Or if you're especially evil, used by larger companies
to bully smaller companies out of precious IPv4 space?With appropriate controls. For example that the entity in question exists
entirely or substantially for illegal purposes. Illegal does not mean "in
violation of an agreement", rather "against the law". And such an action
should not be possible for a private person to bring.Please find an alternative method of tidying up the trash and don't
stir that nest of hornets.Workeable suggestions? So far I've seen,
* organized shunning
* BGP blacklists
I can see the "don't be the Internet's firewall" bunch jumping up and out of their seats, spilling their coffees. How dare you destroy so many keyboards?
I didn't mean to imply that either of those was actually
workeable 
- -w
- --
William Waites <ww@styx.org>
http://www.irl.styx.org/ +49 30 8894 9942
CD70 0498 8AE4 36EA 1CD7 281C 427A 3F36 2130 E9F5
What is your price for cocaine?
No, seriously.. If, as some estimates have it, 80% of the traffic is P2P, and
as other estimates have it, 90% of that is copyright-infringing, then if that
traffic disappears, anybody who was selling transit for that traffic is
going to take a *big* revenue hit.
And similarly, if you're selling transit to somebody who's then (eventually)
reselling a pipe to Atrivio/Intercage or the RBN, turning that somebody off
because they won't turn off the bad guys is going to make a dent in the
bottom line.
I think it's very disingenuous to pretend that there have been *no* providers
that haven't said to themselves "We're selling to scum, but it pays the bills,
and we'd be in bankruptcy court otherwise..."
The fact that bad guys don't seem to have *any* trouble getting connectivity
once they finally *do* get kicked off a provider is proof enough that:
a) There exist providers that are willing to take money from scum.
b) We won't get rid of the scum until we admit (a) is true.
I mostly agree with you -- but I get very worried about who defines
"scum". Consider the following cases, which I will assert are not very
far-fetched:
(a) China labels Falun Gong as "scum" and demands that international
ISPs not carry it if they want to do business in China
(b) Russia labels critics of Putin and Medvedev as "scum" and demands
that international ISPs bar their traffic if they want to do business
in Russia
(c) Saudi Arabia denounces Internet pornographers as "scum" and demands
that ISPs bar their traffic if they want their countries to be able to
purchase oil
(c) France and Germany label EBay as "scum" for not barring sales of
Nazi memorabilia and demands that international ISPs not carry it if
they want to do business in the EU
(d) The RIAA and MPAA label file-sharers as "scum" and deny combined
TV/ISP companies (cable ISPs, Verizon FIOS, etc.) access to any
*broadcast* content if the ISP side doesn't crack down on file-sharing.
These are slightly far-fetched, but only slightly. I have a nice
real-world example that I need to verify is public first, but it's
directly on this point.
--Steve Bellovin, http://www.cs.columbia.edu/~smb
Steven M. Bellovin wrote:
a) There exist providers that are willing to take money from scum.
b) We won't get rid of the scum until we admit (a) is true.I mostly agree with you -- but I get very worried about who defines
"scum".
Who defines "scum" when you get the email announcing a solution to your most urgent sexual problems?
Who defines "scum" when the guy shows up at your office with a lot of the world's finest wrist watches for sale at unbelievably low prices?
Who defines "scum" when you get the pallet of toner nobody remembers ordering?
Who defines "scum" when the seedy character you never met before shows up to take your daughter out?
For the sake of discussion, I was calling "scum" "any entity that your
morals say you shouldn't accept money from, but your accountant says
you should"....
What that makes your accountant... is another discussion entirely 
However, I *do* agree with the problem of "scum with politico-economic
leverage"....
fergdawg@netzero.net ("Paul Ferguson") writes:
My next question to the peanut gallery is: What do you suggest we should
do on other hosting IP blocks are are continuing to host criminal
activity, even in the face of abuse reports, etc.?
depending on what you mean by "we", the immortal words of many MAPS
lawsuits spring to mind here: "illegal conspiracy" and "prospective
economic advantage." simply put, if a bunch of like-minded folks want to
get together and decide that a given ISP is behaving badly and all decide
to deny peering and transit to that ISP, then you should all first divorce
your husband or wife after putting all joint assets in his or her name.
Seriously -- I think this is an issue which needs to be addressed
here. ISPs cannot continue to sweep this issue under the proverbial
carpet.Is this an issue that network operations folk don't really care about?
the great unsolved problem in every network is "other people's networks".
whether that's networks who won't peer with you, or networks who drop your
customers' packets either because of shaping or overcommit, or networks who
sell service to people you hate and then run a crappy abuse desk, it's all
one thing: OPN: Other People's Networks. OPN's are an unmanageable risk to
all of us. netops people generally sweep OPNs under the rug, yes.
Any discussion on this or any other public list about joint action could be
portrayed as conspiracy. As Paul said, set your financial and carreer
affairs in order before doing so.
Better for each company's netops to quietly blacklist IPs/netblocks/ASNs as
they each see fit. If the traffic coming/going to there is truly garbage,
then customers won't complain. If there are valid concerns, then operators
can work with their customers individiually.
Frank
Paul Vixie said on 9/1/08 "OPN's are an unmanageable risk to
all of us. Netops people generally sweep OPNs under the rug, yes."
I agree completely, but how do we begin to address this problem?
Words are not enough, we need some action and that action, whatever it may
be will make the public network a better place for all of us.
Divorcing my wife after 6 hours in the car with a newborn and a 4
day visit with my in-laws has a very real appeal to it. Hmmm...
most sincerely, Richard Golodner
Paul Ferguson wrote:
My next question to the peanut gallery is: What do you
suggest we should do on other hosting IP blocks are are continuing
to host criminal activity, even in the face of abuse reports, etc.?Seriously -- I think this is an issue which needs to be addressed
here. ISPs cannot continue to sweep this issue under the proverbial
carpet.Is this an issue that network operations folk don't really care
about?
IMHO policy should only be dictated by the edge, never upstream of that point. Now whether the edge is defined as the edge provider or the actual end-user is up for debate. I don't want my upstreams to make a decision what my SP and thus my customers can get to. My customers can't contact my upstream and argue for listing or delisting a given IP like they can with me. They can't speak with their dollars to my upstream like that can with me, their edge provider. Then again should I as the edge provider filter for my customers? Value-add service or a bonus service? It depends on your point of view.
Justin