Paul Vixie wrote:
or, to put it in terms you can all understand:
"why does that provider's upstream still have bgp peers?"
Maybe said upstream does not want to deal with TROs and legal issues?
CWS is not illegal as of today.
if you give people the means to hurt you, and they do it,
and you take no action except to continue giving them the
means to hurt you, and they take no action except to keep
hurting you, then one of the ways you can describe the
situation is "it isn't scaling well."
Could not agree more.
Michel.
Paul Vixie wrote:
or, to put it in terms you can all understand:
"why does that provider's upstream still have bgp peers?"
Maybe said upstream does not want to deal with TROs and legal issues?
CWS is not illegal as of today.
CWS isn't illegal. On the other hand, there is no legal exposure from
depeering providers who take on these customers. TRO's and such would only
come into effect if the provider's peers failed to observe the contractually
obligated notice period (30-60 days, normally).
Some peering contracts specify that behaviors that endanger a network or its
users allow for immediate disconnection. Its a bit of a stretch to invoke
this for a spyware site.
Depeering has been threatened as an anti-spam measure - it is reasonable
effective. This hasn't been extended to spyware, as it doesn't get the same
level of press.
If you contact a provider who is hosting malware, and they refuse to remove
it or disconnect the hoster, you could always try contacting their peers and
particularly sensitive to software that might harm their users.
I think you could find a few experts that could argue that malware in
general, and CWS in specific, has no reached the point where it is entirely
reasonable to classify it as endangering the users of the network. Anyone
who has dealt with a variant of CWS for which a remover was not available
will tell you how much trouble it causes, rendering systems unusable until
you find the magic combination, reimage the system, or wait until someone
else figures out the variant. One wrong turn probing it can render a machine
unusable until it's reloaded.
In the meantime, let's at least blackhole all their IPs on our networks.
One way to reduce malware is to reduce the benefits of creating and
distributing it. Another way is to find the people benefiting and stringing
them up in the town square.
DS
I think depeering is a bit over the top for this situation, but I wouldn't blink at nullrouting the prefix in question at my cores... 
I guess the big question is, is there anyone (other than those profiting directly from CWS) that would complain if a provider were to do such a thing...
-C
If (your network == your organization) then maybe it's okay, otherwise I wouldn't consider it.
If your customers demand it then that's something different and as a provider you can choose to provide this sort of filtering for your customer.
It's the old: "I don't want some plumber deciding what can come down my pipe" argument.
-davidu
> I guess the big question is, is there anyone (other than those
> profiting directly from CWS) that would complain if a provider were to
> do such a thing...
...
It's the old: "I don't want some plumber deciding what can come down my
pipe" argument.
that analogy won't stretch to fit the situation of internet services. for
one thing, plumbers aren't the same as water companies. for another, the
water company is responsible for what i receive, but only the sewage
company is responsible for what i send. i think that at a minimum, we need
better analogies, or we need to learn how to talk about this subject without
using analogies.
i suppose that from the malfeasant's point of view, the current internet
economic and irresponsibility model is scaling just fine. people who want
to do bad things can keep on doing them, and profitting from them. people
who want to supply the services necessary for these bad things can keep
doing so, and keep profitting from them. people who would need to take
some kind of responsibility or action in order to prevent this activity
don't want to be seen taking any responsibility or action, supposedly out
of fear that they'll be held liable for everything they DIDN'T stop.
it strikes me that the case for revolution is largely a cost:benefit
analysis, and that we're headed for a timespace where some very radical
solutions are actually cheaper than the status quo. (i say this even
while considering the MAPS RBL as fundamentally in-band and non-radical
for its time.)