Policies affecting the Internet as a whole - Hitting where it hurts

Alan_Hannan8 · December 27, 1996, 8:49pm

Did you contact a law enforcement agency? Did we comply with
their wishes?

It seems that you are asking for vigilantism, not cooperation.

-alan

]
] On Fri, 27 Dec 1996, David Schwartz wrote:
]
] > I think a list of sites that refuse to deal with troublemakers
] > (with details) would be extremely useful. If people want to use it to
] > blackhole traffic, that would be their decision.
]
] Ok. I nominate UUNet to be the first on the list. (No, this isn't a UUNet
] flame, read on.)
]
] Recently one of their customers decided the incoming directory on our FTP
] server would be a good place to start a warez site. We mailed help@uu.net
] and noc@uu.net. Our mail included the src IP address and the times that
] the uploading of the warez occurred. They were fairly quick to respond
] with UUNet's policy on these matters. Basically they will only take action
] when told to do so by a law-enforcement agency.
]
] Ok, fine. I understand that they have to protect their interests and that
] there are legal implications to all of this. I tend to agree that this
] position is the safest one to take.
]
] This raises important issues, though. What do we expect providers to do?
] Do we expect them to take action based on email received from
] unknown people? It seems from some of the other posts on this topic that
] we do expect that.
]
] Getting back to the post that started this thread, the culprit appears to
] be from Romania. Since we've all read _The Cuckoo's Egg_, we know that
] getting anything done about international cracking is very difficult (or
] has this changed?). So it is a catch-22. I think very few people on this
] list have the time/resources to pursue prosecution for attacks, unless the
] attacks are extremely damaging (ie you can prove to the authorities that
] it cost you a LOT of money). Yet, just letting this stuff slide by is not
] only frustrating, it does nothing to solve the problem.
]
] I think if you are getting attacked from a specific IP or block of IPs,
] you have every right to filter those packets. I question the prudence of a
] 'blacklist', though.
]
] Just some random thoughts...
]
] -BD
]

Bradley_Dunn · December 27, 1996, 8:48pm

Please point out the place in my post where I advocate vigilantism.

Thank you.

-BD

Bandy_Rush1 · December 27, 1996, 8:59pm

It seems that you are asking for vigilantism, not cooperation.

Indeed. We don't neen no steenkin' legal system, we can just hang 'em
right here.

Maybe this whole thread could be moved to inet-excess or somewhere?
I'm just a poor Ops geek trying to move packets reliably, and that's
hard enough.

randy

Brett_L_Hawn · December 27, 1996, 9:04pm

No offense intended here but this smacks of a pathetic cop out. When
supplied with various logs, supplements, and statements it doesn't take much
effort or thought to start doing some checking of your own logs. The fact
that you won't even go so far as to do that tells me that UU.net is too
?busy? doing other things than to follow up on their own problem users.
No-one said you had to do anything more than at least send the user a notice
informing them that their activities were illegal and could result in
termination of their account and/or legal procedings. More often than not,
this won't stop the warezpup from trying to be even more secretive but
you've made your point, you've documented the fact, and you've helped
another ISP in lowering their resultant problems. Later on, if you find the
same user continuing along their less-than-legal path, you have
documentation to back you up when you cancel them.

Kim_Culhan · December 27, 1996, 9:39pm

Alan-

What sort of law enforcement agency would contact uunet ?

How about my local township police department ?

kim

Barry_Shein1 · December 27, 1996, 10:06pm

It seems that you are asking for vigilantism, not cooperation.

Unfortunately there's truth to this comment.

Too often when an issue like this is discussed we are all mesmerized
by an image of getting a real bad guy.

Unfortunately, as many who actually deal with this stuff know, people
lie shamelessly and inflate complaints for various reasons, other
times they just don't provide enough information to verify what they
claim, yet may get threatening and nasty if you don't just believe
every single word they say and go kill this person they feel has
wronged them, on their wish.

I'd say around half of the complaints I see range from "there's
nothing wrong with that behavior, what's your point?", to "there's
absolutely no evidence what you describe happened, but I can't help
but notice the two of you have been exchanging obscenities in
alt.politics.no.i.am.right, could that possibly have something to do
with your accusation?"

So, investigation and process are important considerations.

The other problem, in any system of governance, is what is a proper
sanction? In the physical world even murderers can do their time and
eventually get out. Maybe you don't agree with that but just as one
extreme example.

Perhaps put better, in the outside world if you're caught, say,
running a stop sign or some similar infraction you get a ticket which
might cost you $100 and some increase in insurance etc. Get enough,
and you lose your license and so on, don't do it again and it fades
away after a few years. One gets the feeling that at our current level
of sophistication in internet governance no matter what the infraction
we'd either ignore it or crush the person's car, mostly depending on
which action was more convenient at the moment.

Put simply: Governance is hard.