Looking at the AS adjacencies for Webzilla, what would prevent them from disconnecting all of their US/Western Euro based peers and transits, and remaining online behind a mixed selection of the largest Russian ASes? I do not think that any amount of well-researched papers and appeals to ethical ISPs on the NANOG mailing list will bring down those relationships.
The likelihood of the Russian domestic legal system implementing US/Western European court orders against bulletproof hosting companies is quite low. On Sat, Mar 16, 2019 at 1:53 PM Ronald F. Guilmette <r...@tristatelogic.com> wrote: > > [[ My apologies to thos eof you who may see this twice. I have posted the > message below also to the RIPE Anti-Abuse Working Group mailing list, > so any of you who are on that list also will see this twice. But I > believe that it is relevant here also. ]] > > ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ > > Perhaps some folks here might be interested to read these two reports, > the first of which is a fresh news report published just a couple of > days ago, and the other one is a far more detailed investigative report > that was completed some time ago now. > > > https://www.buzzfeednews.com/article/kenbensinger/dossier-gubarev-russian-hackers-dnc > > https://www.documentcloud.org/documents/5770258-Fti.html > > Please share these links widely. > > The detailed technical report makes it quite abundantly clear that > Webzilla, and all of its various tentacles... many of which even I didn't > know about until seeing this report... most probably qualifies as, and > has qualified as a "bullet proof hosting" operation for some considerable > time now. As the report notes, the company has received over 400,000 > complaints or reports of bad behavior, and it is not clear to me, from > reading the report, if anyone at the company even bothered to read any > more than a small handful of those. > > I have two comments about this. > > First, I am inclined to wonder aloud why anyone is even still peering > with any of the several ASNs mentioned in the report. To me, the mere > fact that any of these ASNs still have connectivity represents a clear > and self-evident failure of "self policing" in and among the networks > that comprise the Internet. > > Second, its has already been a well know fact, both to me and to many > others, for some years now, that Webzilla is by no means alone in the > category commonly refered to as "bullet proof hosters". This fact > itself raises some obvious questions. > > It is clear and apparent, not only from the report linked to above, but > from the continuous and years-long existance of -many- "bullet proof > hosters" on the Internet that there is no shortage of a market for the > services of such hosting companies. The demand for "bullet proof" > services is clearly there, and it is not likely to go away any time > soon. In addition to the criminal element, there are also various > mischevious governments, or their agents, that will always be more > than happy to pay premium prices for no-questions-asked connectivity. > > So the question naturally arises: Other than de-peering by other networks, > are there any other steps that can be taken to disincentivize networks > from participating in this "bullet proof" market and/or to incentivize > them to give a damn about their received network abuse complaints? > > I have no answers for this question myself, but I felt that it was about > time that someone at least posed the question. > > The industry generally, and especially in the RIPE region, has a clear > and evident problem that traditional "self policing" is not solving. > Worse yet, it is not even discussed much, and that is allowing it to > fester and worsen, over time. > > It would be Good if there was some actual leadership on this issue, at > least from -some- quarter. So far I have not noticed any such worth > mentioning. And even looking out towards the future horizon, I don't > see any arriving any time soon. > > > Regards, > rfg >