There is a certain individual at a certain ISP in the .ro domain. I
have yet to determine if this user is the owner of said ISP or if they
are but a user. As it may be, this person has been responsible for
many hacking attempts, including the destruction of several UNIX
systems (rm -rf* after gaining root) in other ISP's. The person is
also suspected to have been an initiator of Severl damaging SYN
attacks, although the only solid proof is of the UNIX hacking.
Anyway, to get to the point, I along with several others have been in
contact with the ISP, which is aware of the individual's activity and
refuses to deal with those activities since "there are no laws affecting
his use of our system in this manner, and we have no recourse." So,
my question to you folks is, would something like the intentional black
holing of the source network for this user (he apparently sources all
attacks from one swamp Class C address) be an appropriate incentive
to the ISP to deal with the problem? If so, where would be a good place
to announce such measures, their goal, evidence, etc? I can see how
such a thing could easily get out of hand if it's not taken seriously.
Chris A. Icide
If I were in your shoes I would write a press release explaining in
layman's terms what you are doing. Then hire a Romanian translator to
translate this and get the translation doublechecked by another
Romanian speaker who has some technical background. Make sure the press
release names the ISP clearly, i.e. MyISP Services of Lulu, Transylvania.
Then fax this press release to every newspaper, radio and TV station that
you can find in Romania. Try to include an inflammatory statement in the
press release like "If Romanians will not police themselves then we
will simply block them from the network". You can see how the press might
misinterpret such a statement as meaning that Romania is about to be
blocked from the entire Internet. This is good because it's what gets
lots of press coverage and that's what will wake up this ISP and the
other local ISP's to realize that they have to do something.
Simply blocking the one ISP will accomplish nothing because the hacker
will either switch ISP's or they will hack some other machine to use as
the launchboard for their attacks.
Michael Dillon - Internet & ISP Consulting
Memra Software Inc. - Fax: +1-604-546-3049
http://www.memra.com - E-mail: email@example.com