Re: How to Handle ISPs Who Turn a Blind Eye to Criminal Activity?

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Not intentionally trying to be retarded, but I've received
an enormous number of private responses.

Many thanks.

It is odd, however, why folks felt the need to reply
privately,
and although I'm glad you did reply, it is somewhat of a
statement,
in and of itself, on the issues involved that things happen
the way
they do. Maybe.

In any event, I did want to mention that some people
involved in the
aforementioned "activities" may be getting their
feelings hurt real
soon now due to "looking the other way" and
pretending they didn't
know what was going on.

Or maybe not.

It should be pretty fun to to see what happens.

Thanks for everyone who responded.

Cheers!

- - ferg


- -- "Paul Ferguson" <fergdawgnetzero.net> wrote:


This question is part reality, part surreality.

Let me ask you this: What would you do when you have
alerted
(via abuse contacts) a notable ISP in the U.S. (not a tier
one,
and not just one of them) about KNOWN, VERIFIABLE, and
RECURRING
criminal activity in their customer downstreams? 

And the downstream(s) do not respond? And the criminal
activity
continues?

The most obvious answer is: Gather evidence, contact law
enforcement.

Right?

I just wanted to reach out the NANOG on this and see what
you
thought... How would you handle it?

- - ferg

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.6.3 (Build 3017)

wj8DBQFHDymoq1pz9mNUZTMRAi9JAKChOP+omJT+B08zY6/apubGPIV9ZQCg
sr3F
1BcKzW2DrEte2Q/KS4I5de4=
=RxGD
-----END PGP SIGNATURE-----



--
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawg(at)netzero.net
 ferg's tech blog: http://fergdawg.blogspo
t.com/

On Fri, 12 Oct 2007 08:00:46 GMT
"Paul Ferguson" <fergdawgnetzero.net> wrote:

> Not intentionally trying to be retarded, but I've
received
> an enormous number of private responses.
[...]
> This question is part reality, part surreality.
> 
> Let me ask you this: What would you do when you have
alerted
> (via abuse contacts) a notable ISP in the U.S. (not
a tier one,
> and not just one of them) about KNOWN, VERIFIABLE, and
RECURRING
> criminal activity in their customer downstreams? 
[...]

Hi Paul, as you know, there is a scheduled panel discussion
related to
this topic at the ISP Security BoF.  I encourage anyone who
isn't going
to the peering BoF to participate.  We could also use
another person on
the panel.  Anyone who feels particularly passionate or who
would bring
a unique perspective to the panel I'd love to have you on
stage or at
least willing to come up to the audience mic.  Feel free to
nominate
your friends and I'll solicit them privately without
attribution by you
if you prefer and as appropriate.  

I'd be especially interested in questions, comments or other
suggestions
for me, the moderator, that might help steer the discussion
to someplace
useful.  I'd prefer to take those off-list please.

Some additional BoF details here:

  <http:
//www.nanog.org/mtg-0710/kristoff.html>

John

I am happy to hear about the panel.

Back to the subject at hand...

As things are today, ISPs' authority, responsibility,
liability and 
technical difficulties differe considerably from country to
country, and 
more over--are not regulated in many fashions (where this
applies, can't 
regulate tech difficulty, can we?)

Further, as the swamp is so distorted and radiated, it is
often difficult 
to accuse providers who try to cope.

Then we have providers who turn a blind eye to a level where
they are 
black hat.

Then we have black hat providers which provide such
services. As in 
criminal services.

The sad fact is, these are not just in Russia or China, but
exist in the 
US and other western countries as well.

The time soon approaches when we need to clean house if we
are to "clean 
the net". I suppose we may as well start with the
lower-hanging fruit 
because the very idea of cleaning the net is propostrous.

There is no reason to gun for businesses, but if the
businesses are in 
fact criminal (which is surprisingly easily defined, think
RBN), and cause 
that much trouble, we can gun for them and feel good about
it, too.

 	Gadi.


On Fri, 12 Oct 2007, John Kristoff wrote:

>
> On Fri, 12 Oct 2007 08:00:46 GMT
> "Paul Ferguson" <fergdawgnetzero.net> wrote:
>
>> Not intentionally trying to be retarded, but I've
received
>> an enormous number of private responses.
> [...]
>> This question is part reality, part surreality.
>>
>> Let me ask you this: What would you do when you
have alerted
>> (via abuse contacts) a notable ISP in the U.S. (not
a tier one,
>> and not just one of them) about KNOWN, VERIFIABLE,
and RECURRING
>> criminal activity in their customer downstreams?
> [...]
>
> Hi Paul, as you know, there is a scheduled panel
discussion related to
> this topic at the ISP Security BoF.  I encourage anyone
who isn't going
> to the peering BoF to participate.  We could also use
another person on
> the panel.  Anyone who feels particularly passionate or
who would bring
> a unique perspective to the panel I'd love to have you
on stage or at
> least willing to come up to the audience mic.  Feel
free to nominate
> your friends and I'll solicit them privately without
attribution by you
> if you prefer and as appropriate.  
>
> I'd be especially interested in questions, comments or
other suggestions
> for me, the moderator, that might help steer the
discussion to someplace
> useful.  I'd prefer to take those off-list please.
>
> Some additional BoF details here:
>
>  <http:
//www.nanog.org/mtg-0710/kristoff.html>
>
> John
>

Gadi,

Gadi Evron wrote:

> The time soon approaches when we need to clean house if
we are to "clean
> the net". I suppose we may as well start with the
lower-hanging fruit
> because the very idea of cleaning the net is
propostrous.
> 
> There is no reason to gun for businesses, but if the
businesses are in
> fact criminal (which is surprisingly easily defined,
think RBN), and
> cause that much trouble, we can gun for them and feel
good about it, too.

Advocating vigilantism is simply not a very wise position to
take.

Taking the the power to determine what is and is not
criminal onto
yourself is in fact illegal in most places.

On Fri, 12 Oct 2007, Joel Jaeggli wrote:
> Gadi,
>
> Gadi Evron wrote:
>
>> The time soon approaches when we need to clean
house if we are to "clean
>> the net". I suppose we may as well start with
the lower-hanging fruit
>> because the very idea of cleaning the net is
propostrous.
>>
>> There is no reason to gun for businesses, but if
the businesses are in
>> fact criminal (which is surprisingly easily
defined, think RBN), and
>> cause that much trouble, we can gun for them and
feel good about it, too.
>
> Advocating vigilantism is simply not a very wise
position to take.
>
> Taking the the power to determine what is and is not
criminal onto
> yourself is in fact illegal in most places.
>

I quite agree!

On Fri, 12 Oct 2007 08:00:46 -0000, Paul Ferguson said:

> Let me ask you this: What would you do when you have
alerted
> (via abuse contacts) a notable ISP in the U.S. (not
a tier one,
> and not just one of them) about KNOWN, VERIFIABLE, and
RECURRING
> criminal activity in their customer downstreams?

I suppose you could always null-route them.  Unfortunately,
I suspect there's
enough ISPs in the world that meet your description that
doing so for all of
them will push you significantly closer to the magical
"240K routes melts your
router"..

The *big* question is, of course, whether there's enough of
them for aggregation
to make a measurable difference...