Not intentionally trying to be retarded, but I've received
an enormous number of private responses.
Many thanks.
It is odd, however, why folks felt the need to reply privately,
and although I'm glad you did reply, it is somewhat of a statement,
in and of itself, on the issues involved that things happen the way
they do. Maybe.
In any event, I did want to mention that some people involved in the
aforementioned "activities" may be getting their feelings hurt real
soon now due to "looking the other way" and pretending they didn't
know what was going on.
Not intentionally trying to be retarded, but I've received
an enormous number of private responses.
[...]
This question is part reality, part surreality.
Let me ask you this: What would you do when you have alerted
(via abuse@ contacts) a notable ISP in the U.S. (not a tier one,
and not just one of them) about KNOWN, VERIFIABLE, and RECURRING
criminal activity in their customer downstreams?
[...]
Hi Paul, as you know, there is a scheduled panel discussion related to
this topic at the ISP Security BoF. I encourage anyone who isn't going
to the peering BoF to participate. We could also use another person on
the panel. Anyone who feels particularly passionate or who would bring
a unique perspective to the panel I'd love to have you on stage or at
least willing to come up to the audience mic. Feel free to nominate
your friends and I'll solicit them privately without attribution by you
if you prefer and as appropriate.
I'd be especially interested in questions, comments or other suggestions
for me, the moderator, that might help steer the discussion to someplace
useful. I'd prefer to take those off-list please.
As things are today, ISPs' authority, responsibility, liability and technical difficulties differe considerably from country to country, and more over--are not regulated in many fashions (where this applies, can't regulate tech difficulty, can we?)
Further, as the swamp is so distorted and radiated, it is often difficult to accuse providers who try to cope.
Then we have providers who turn a blind eye to a level where they are black hat.
Then we have black hat providers which provide such services. As in criminal services.
The sad fact is, these are not just in Russia or China, but exist in the US and other western countries as well.
The time soon approaches when we need to clean house if we are to "clean the net". I suppose we may as well start with the lower-hanging fruit because the very idea of cleaning the net is propostrous.
There is no reason to gun for businesses, but if the businesses are in fact criminal (which is surprisingly easily defined, think RBN), and cause that much trouble, we can gun for them and feel good about it, too.
The time soon approaches when we need to clean house if we are to "clean
the net". I suppose we may as well start with the lower-hanging fruit
because the very idea of cleaning the net is propostrous.
There is no reason to gun for businesses, but if the businesses are in
fact criminal (which is surprisingly easily defined, think RBN), and
cause that much trouble, we can gun for them and feel good about it, too.
Advocating vigilantism is simply not a very wise position to take.
Taking the the power to determine what is and is not criminal onto
yourself is in fact illegal in most places.
I suppose you could always null-route them. Unfortunately, I suspect there's
enough ISPs in the world that meet your description that doing so for all of
them will push you significantly closer to the magical "240K routes melts your
router"..
The *big* question is, of course, whether there's enough of them for aggregation
to make a measurable difference...
