Re: [anti-abuse-wg] Webzilla
In message <6f358385-b1c7-0805-47f0-50e926cbe...@tana.it>, you wrote: >On Sat 16/Mar/2019 21:15:22 +0100 Ronald F. Guilmette wrote: > >> First, I am inclined to wonder aloud why anyone is even still peering >> with any of the several ASNs mentioned in the report. To me, the mere >> fact that any of these ASNs still have connectivity represents a clear >> and self-evident failure of "self policing" in and among the networks >> that comprise the Internet. > > >RIRs cannot themselves enact block lists such as Spamhaus DROP. However, those >ASNs could well make their way to such lists. Why don't they? I only wish that I knew. Regards, rfg
Re: [anti-abuse-wg] Webzilla
On Sat 16/Mar/2019 21:15:22 +0100 Ronald F. Guilmette wrote: > First, I am inclined to wonder aloud why anyone is even still peering > with any of the several ASNs mentioned in the report. To me, the mere > fact that any of these ASNs still have connectivity represents a clear > and self-evident failure of "self policing" in and among the networks > that comprise the Internet. RIRs cannot themselves enact block lists such as Spamhaus DROP. However, those ASNs could well make their way to such lists. Why don't they? Best Ale --
Re: [anti-abuse-wg] Webzilla
The flipside is, the various routing blocklists, email and other abuse blocklists work very well When corporations start trashing their ip resources (specially ipv4) then it becomes costly to ignore abuse as the resources they supply to "paying clients" is no longer usable for certain purposes. On Sat, 16 Mar 2019 17:37:15 -0700 "Fi Shing" wrote: > There is no incentive for a corporation to remove an abuser if the > abuser is a paying customer. > > There is also no incentive for RIR to create any sort of oversight, > if that oversight requires investment. > > Hence, the shit fight known as "the internet" that we have today. > > > ---- Original Message > Subject: [anti-abuse-wg] Webzilla > From: "Ronald F. Guilmette" > Date: Sun, March 17, 2019 7:15 am > To: anti-abuse-wg@ripe.net > > > Perhaps some folks here might be interested to read these two report, > the first of which is a fresh news report published just a couple of > days ago, and the other one is a far more detailed investigative > report that was completed some time ago now. > > https://www.buzzfeednews.com/article/kenbensinger/dossier-gubarev-russian-hackers-dnc > > https://www.documentcloud.org/documents/5770258-Fti.html > > Please share these links widely. > > The detailed technical report makes it quite abundantly clear that > Webzilla, and all of its various tentacles... many of which even I > didn't know about until seeing this report... most probably qualifies > as, and has qualified as a "bullet proof hosting" operation for some > considerable time now. As the report notes, the company has received > over 400,000 complaints or reports of bad behavior, and it is not > clear to me, from reading the report, if anyone at the company even > bothered to read any more than a small handful of those. > > I have two comments about this. > > First, I am inclined to wonder aloud why anyone is even still peering > with any of the several ASNs mentioned in the report. To me, the mere > fact that any of these ASNs still have connectivity represents a clear > and self-evident failure of "self policing" in and among the networks > that comprise the Internet. > > Second, its has already been a well know fact, both to me and to many > others, for some years now, that Webzilla is by no means alone in the > category commonly refered to as "bullet proof hosters". This fact > itself raises some obvious questions. > > It is clear and apparent, not only from the report linked to above, > but from the continuous and years-long existance of -many- "bullet > proof hosters" on the Internet that there is no shortage of a market > for the services of such hosting companies. The demand for "bullet > proof" services is clearly there, and it is not likely to go away any > time soon. In addition to the criminal element, there are also various > mischevious governments, or their agents, that will always be more > that happy to pay premium prices for no-questions-asked connectivity. > > So the question naturally arises: Other than de-peering by other > networks, are there any other steps that can be taken to > disincentivize networks from participating in this "bullet proof" > market and/or to incentivize them to give a damn about their received > network abuse complaints? > > I have no answers for this question myself, but I felt that it was > about time that someone at least posed the question. > > The industry generally, and especially in the RIPE region, has a clear > and evident problem that traditional "self policing" is not solving. > Worse yet, it is not even discussed much, and that is allowing it to > fester and worsen, over time. > > It would be Good if there was some actual leadership on this issue, at > least from -some- quarter. So far I have not noticed any such worth > commenting about, and even looking out towards the future horizon, I > don't see any arriving any time soon. > > > Regards, > rfg > >
Re: [anti-abuse-wg] Webzilla
There is no incentive for a corporation to remove an abuser if the abuser is a paying customer.There is also no incentive for RIR to create any sort of oversight, if that oversight requires investment.Hence, the shit fight known as "the internet" that we have today. Original Message Subject: [anti-abuse-wg] Webzilla From: "Ronald F. Guilmette" <r...@tristatelogic.com> Date: Sun, March 17, 2019 7:15 am To: anti-abuse-wg@ripe.net Perhaps some folks here might be interested to read these two report, the first of which is a fresh news report published just a couple of days ago, and the other one is a far more detailed investigative report that was completed some time ago now. https://www.buzzfeednews.com/article/kenbensinger/dossier-gubarev-russian-hackers-dnc https://www.documentcloud.org/documents/5770258-Fti.html Please share these links widely. The detailed technical report makes it quite abundantly clear that Webzilla, and all of its various tentacles... many of which even I didn't know about until seeing this report... most probably qualifies as, and has qualified as a "bullet proof hosting" operation for some considerable time now. As the report notes, the company has received over 400,000 complaints or reports of bad behavior, and it is not clear to me, from reading the report, if anyone at the company even bothered to read any more than a small handful of those. I have two comments about this. First, I am inclined to wonder aloud why anyone is even still peering with any of the several ASNs mentioned in the report. To me, the mere fact that any of these ASNs still have connectivity represents a clear and self-evident failure of "self policing" in and among the networks that comprise the Internet. Second, its has already been a well know fact, both to me and to many others, for some years now, that Webzilla is by no means alone in the category commonly refered to as "bullet proof hosters". This fact itself raises some obvious questions. It is clear and apparent, not only from the report linked to above, but from the continuous and years-long existance of -many- "bullet proof hosters" on the Internet that there is no shortage of a market for the services of such hosting companies. The demand for "bullet proof" services is clearly there, and it is not likely to go away any time soon. In addition to the criminal element, there are also various mischevious governments, or their agents, that will always be more that happy to pay premium prices for no-questions-asked connectivity. So the question naturally arises: Other than de-peering by other networks, are there any other steps that can be taken to disincentivize networks from participating in this "bullet proof" market and/or to incentivize them to give a damn about their received network abuse complaints? I have no answers for this question myself, but I felt that it was about time that someone at least posed the question. The industry generally, and especially in the RIPE region, has a clear and evident problem that traditional "self policing" is not solving. Worse yet, it is not even discussed much, and that is allowing it to fester and worsen, over time. It would be Good if there was some actual leadership on this issue, at least from -some- quarter. So far I have not noticed any such worth commenting about, and even looking out towards the future horizon, I don't see any arriving any time soon. Regards, rfg
[anti-abuse-wg] Webzilla
Perhaps some folks here might be interested to read these two report, the first of which is a fresh news report published just a couple of days ago, and the other one is a far more detailed investigative report that was completed some time ago now. https://www.buzzfeednews.com/article/kenbensinger/dossier-gubarev-russian-hackers-dnc https://www.documentcloud.org/documents/5770258-Fti.html Please share these links widely. The detailed technical report makes it quite abundantly clear that Webzilla, and all of its various tentacles... many of which even I didn't know about until seeing this report... most probably qualifies as, and has qualified as a "bullet proof hosting" operation for some considerable time now. As the report notes, the company has received over 400,000 complaints or reports of bad behavior, and it is not clear to me, from reading the report, if anyone at the company even bothered to read any more than a small handful of those. I have two comments about this. First, I am inclined to wonder aloud why anyone is even still peering with any of the several ASNs mentioned in the report. To me, the mere fact that any of these ASNs still have connectivity represents a clear and self-evident failure of "self policing" in and among the networks that comprise the Internet. Second, its has already been a well know fact, both to me and to many others, for some years now, that Webzilla is by no means alone in the category commonly refered to as "bullet proof hosters". This fact itself raises some obvious questions. It is clear and apparent, not only from the report linked to above, but from the continuous and years-long existance of -many- "bullet proof hosters" on the Internet that there is no shortage of a market for the services of such hosting companies. The demand for "bullet proof" services is clearly there, and it is not likely to go away any time soon. In addition to the criminal element, there are also various mischevious governments, or their agents, that will always be more that happy to pay premium prices for no-questions-asked connectivity. So the question naturally arises: Other than de-peering by other networks, are there any other steps that can be taken to disincentivize networks from participating in this "bullet proof" market and/or to incentivize them to give a damn about their received network abuse complaints? I have no answers for this question myself, but I felt that it was about time that someone at least posed the question. The industry generally, and especially in the RIPE region, has a clear and evident problem that traditional "self policing" is not solving. Worse yet, it is not even discussed much, and that is allowing it to fester and worsen, over time. It would be Good if there was some actual leadership on this issue, at least from -some- quarter. So far I have not noticed any such worth commenting about, and even looking out towards the future horizon, I don't see any arriving any time soon. Regards, rfg
