While it's good to see some community effort going toward slapping
a lid on misbehaving sources, how about a little consistency in
the bigger picture?
Consider this sort of scenario: An ISP allows its infrastructure
to emit spam and host compromised machines to harbor malware and
facilitate crime and botnets. Its abuse mailbox is a black hole
that is provably ignored. All reasonable efforts to get the problem
fixed fail. Network operators band together and deroute the ISP's
blocks, forcing them to either clean up their act or find something
else to do with their time. Internet death penalty, simple enough.
If this happened to some of the other major sources of crap that
I'm thinking of, it would make the freaking NATIONAL NEWS. Where's
the BACKBONE to go after the real high-volume sources, rather than
continuing to kick sand in the face of some podunk little guy who
can no longer defend himself?
Where's
the BACKBONE to go after the real high-volume sources, rather than
continuing to kick sand in the face of some podunk little guy who
can no longer defend himself?
_H*
He never could defend himself, but he still hosts these companies (though months and years later he's finally terminated some of them). I have talked to over a dozen people who report abuse who are utterly perplexed at the tone taken by Intercage. I've SEEN archived abuse complaints from DronesBL, DOZENS of them. These reports aren't for compromised machines, they're for C&C's that host THOUSANDS of compromised machines each. When Gadi, when William Pitcock, when Spamhaus, when I, and DOZENS of others who watch these people say there's a problem, you'd best believe there's a problem.
While it's good to see some community effort going toward slapping
a lid on misbehaving sources, how about a little consistency in
the bigger picture?
Consider this sort of scenario: An ISP allows its infrastructure
to emit spam and host compromised machines to harbor malware and
facilitate crime and botnets. Its abuse mailbox is a black hole
that is provably ignored. All reasonable efforts to get the problem
fixed fail. Network operators band together and deroute the ISP's
blocks, forcing them to either clean up their act or find something
else to do with their time. Internet death penalty, simple enough.
If this happened to some of the other major sources of crap that
I'm thinking of, it would make the freaking NATIONAL NEWS. Where's
the BACKBONE to go after the real high-volume sources, rather than
continuing to kick sand in the face of some podunk little guy who
can no longer defend himself?
This was one of the big guys, it's not their fault they did all that mess from less IP space.
It's like folks who say .biz, .info or .name are worse than .com. Obviously .com has more abuse but it is lost in the noise of the regular hugeness of its traffic.
If this happened to some of the other major sources of crap that
I'm thinking of, it would make the freaking NATIONAL NEWS. Where's
the BACKBONE to go after the real high-volume sources, rather than
continuing to kick sand in the face of some podunk little guy who
can no longer defend himself?
The spine to do it left with suits minding the store & managing to
the tune of fickle investors. For the same reason just refusing
deaggregates has become difficult: the bad guys shield themselves
by sitting in the same prefix/ASNs with sites your paying customers
wish to reach. The suits are interested in
- avoiding PR hassles
- low call rates into the support centers
- lower customer-churn numbers for their investor calls
Therefore anyone with time & energy to block badness where there
is collateral damage rarely has the stamina or internal political
capital to have the suits' spin machine on their side. More
network companies that are privately held with actual technocrats
at the helm might help bring a vision beyond commoditization and
marketing.
When there is no law to speak of all that is left is tribal justice. That doesn't make the problem the tribe, the real problem is the lawlessness.
It would much rather prefer that we find a way to not let ISPs externalize their "costs" in taking money from bad people who do nothing but cause problems for the rest of us.
I think that _more_than_reasonable_ background research, historical record,
etc. have met the qualifications of "civilized vernier". The outcry was,
and is not, arbitrary.
No, but forcing them offline now that they are taking a new approach to
handling abuse is ridiculous.
Intercage are reaching out to the anti-abuse community and yet some
people on NANOG keep interfering with the cleanup process. How do you
expect them to clean up their network and return to normal operations
(with considerably less abuse) if it keeps being disconnected?
The shit isn't even there anymore. These kids have moved it elsewhere.
Intercage have learned their lesson, just leave them alone and let the
people who have *real* problems (e.g. me, Andrew Kirch of AHBL,
Spamhaus, Gadi, etc.) with Intercage deal with this.
If anyone has any issue with Atrivo/Intercage that still needs
rectification: please contact me or Andrew Kirch offlist and we will
bring it to their attention. We have contact with these people, and they
are listening and taking action to clean up their network.
If not, then please stop with this thread. It's not helpful, and it's
certaintly counter-productive.
No -- I think that after 5 years of malicious activity, it was overdue.
I'm sorry, but your efforts to get the last word here are in vain.
Cheers,
- - ferg
p.s. And by the way, whether the badness has actually been purged from
Atrivo/Intercage's IP address space remains to be seen -- previous similar
claims have all been false. Time will tell -- may eyes are watching.
>> I think that _more_than_reasonable_ background research, historical
>> record, etc. have met the qualifications of "civilized vernier". The
>> outcry was, and is not, arbitrary.
>
> No, but forcing them offline now that they are taking a new approach to
> handling abuse is ridiculous.
>
No -- I think that after 5 years of malicious activity, it was overdue.
I said _new_ approach. I agree that it was overdue, but they are being
cooperative with the anti-abuse community, so I think it is appropriate
to give them an opportunity to deliver on their promise. If they fail,
then shut them off again.
I'm sorry, but your efforts to get the last word here are in vain.
Cheers,
- - ferg
p.s. And by the way, whether the badness has actually been purged from
Atrivo/Intercage's IP address space remains to be seen -- previous similar
claims have all been false. Time will tell -- may eyes are watching.
Esthost are nullrouted as of this morning. Even their administrative
network is nullrouted.
I think that is a good indication. As I said, if you have any still open
issues, please let me know. I am talking to these people and they are
listening.
I said _new_ approach. I agree that it was overdue, but they are being
cooperative with the anti-abuse community, so I think it is appropriate
to give them an opportunity to deliver on their promise. If they fail,
then shut them off again.
That sounds reasonable to me.
Esthost are nullrouted as of this morning. Even their administrative
network is nullrouted.
That's only because after they tried to set up shop in NL, they were outed.
As I said, many eyes are watching -- and not just Atrivo/Intercage either.
Ok, as this seems to have turned into a pissing match, can we slow this down a bit? 50+ emails a day for a week and nothing good of it? Yes yes we have purged the internet of evil. Instead of all the bickering and finger pointing, let's do something worthwhile like helping identify the root of the problem. So abuse@ wasn't monitored previously. It will be soon if you would give it a chance. They are working on it, so I saw we lighten up on the pitchfork gig. Everyone put down the torches and stop screaming witch. Let's give them some time to actually act on a lot of the information they are getting from anti-abuse, and anything usable they might have been able to filter out of this flood of a week on nanog. Perhaps we could revisit this in a month, not as a bash and finger point but more as a "hey here is one more thing you could do to help keep your network clean."
When there is no law to speak of all that is left is tribal justice.
this way lies lynch mobs
shall we at least apply a vernier of civilization
I think that _more_than_reasonable_ background research, historical record, etc. have met the qualifications of "civilized vernier". The outcry was, and is not, arbitrary.
No, but forcing them offline now that they are taking a new approach to
handling abuse is ridiculous.
Intercage are reaching out to the anti-abuse community and yet some people on NANOG keep interfering with the cleanup process. How do you expect them to clean up their network and return to normal operations (with considerably less abuse) if it keeps being disconnected?
The shit isn't even there anymore. These kids have moved it elsewhere. Intercage have learned their lesson, just leave them alone and let the people who have *real* problems (e.g. me, Andrew Kirch of AHBL, Spamhaus, Gadi, etc.) with Intercage deal with this.
They _claim_ they have learned their lesson and cleaned up their act. However, that does not erase the _years_ that they knew what was going on and happily took miscreants' money for polluting the commons. The police and courts are impotent, so it falls to the victims to take action. I hate lynch mobs as much as the next guy, but the law _does_ allow people to defend themselves and protect themselves from future harm by proven bad actors.
They could be lying; we have no proof they're not, so given their track record, we must assume they are. What's to stop them from next week going back to the folks they've disconnected and taking their money again, again abusing the community.
Even if they're not lying, application of the Death Penalty, as obviously justified in this case, is the _only_ way to discourage others from doing the same thing by instilling the fear of the same consequences.
When there is no law to speak of all that is left is tribal justice.
this way lies lynch mobs
shall we at least apply a vernier of civilization?
randy
While I appreciate the points both you and John are attempting to make, as someone who is engaged in tribal government, and peripheral to the tribal legal community (I ran the TribalLaw list for years), I suggest there are rhetorical alternatives.
You may be amused that in Ex Parte Crow Dog, the USSC found in 1883 that it had no jurisdiction over the tribal court which tried, convicted, and sentenced Crow Dog for the killing of Spotted Tail. The sentence for that homicide (a political one in the context of factionalism during the onset of the Brule Sioux captivity) imposed by the tribal court was not death by hanging (payment was made to the tiospaye (kin) of the former, treaty signing principal chief). The following year Congress enacted the Major Crimes Act so that "an eye for an eye" would be the law in Indian Country. Note, not only did this extend Judeo-Christian reciprocity to offenses between tribal members, it also guaranteed death to any Indians who punished a "treaty signer" for providing the legal excuse for private and non-member expropriation of collectively held land.
More modernly, tribal courts seem to be better at substance abuse sentencing, based on outcomes, than non-tribal courts. I know some tribal jurists who'd be tickled pink to be asked to talk to a room of network people on tribal legal institutions and issues at Minneapolis.
I've been following this because of the trust anchor problem discussed elsewhere for address and AS allocation, and the NS and A record manifestation of some exploits that require sets of addresses, though not necessarily colocated within one or few address allocations or routed to one or few ASs, again, discussed elsewhere.
A glance at DNS relationships between Intercage, Cernel, and Rove Digital
are apparent when digging around on DNS dependencies -- lookup cernel.net
at the BFK DNSLogger: