On Oct 12, 2007, at 7:18 AM, Paul Ferguson wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
This question is part reality, part surreality.
Let me ask you this: What would you do when you have alerted
(via abuse@ contacts) a notable ISP in the U.S. (not a tier one,
and not just one of them) about KNOWN, VERIFIABLE, and RECURRING
criminal activity in their customer downstreams?
And the downstream(s) do not respond? And the criminal activity
continues?
The most obvious answer is: Gather evidence, contact law
enforcement.
Right?
I just wanted to reach out the NANOG on this and see what you
thought... How would you handle it?
- - ferg
We did exactly that with a similar incident and the local FBI Cyber
Crimes folks told us that they couldn't help us because they were
entirely dedicated to potential terrorist activities. So, I would
say "contact local authorities and play it up as a terrorist act" if
you want any help at all.
Regards,
Mike
