Re: Webzilla
On 2019-03-18 23:24, Ronald F. Guilmette wrote: In message , Eric Kuhnke wrote: Looking at the AS adjacencies for Webzilla, what would prevent them from disconnecting all of their US/Western Euro based peers and transits, and remaining online behind a mixed selection of the largest Russian ASes? I do not think that any amount of well-researched papers and appeals to ethical ISPs on the NANOG mailing list will bring down those relationships. In the early years of the 20th century, Vladimir Lenin, leader of the Bolshevik, revolution, famously quipped to his communist collegues that "The capitalists will sell us the rope to hang them with." His prescient words have endured even the fall of the empire he founded because they clarify a simple and fundamental truth -- in capitalist systems, short term greed often overrides both rationality and simple common sense. My hope is that it will not be so on this occasion, and that enligtened long-term self interest will prevail, at least among those companies that are peering with any of Webzilla's ASNs. Your speech is very reminiscent of this very Lenin, who climbed on an armored car and broadcasted speech to the "worker class" and told how bad are rich and how to restore justice. Only instead of rich people you have "those pesky Russians", and instead of the working class - "Western democracies". But let's not get into politics too deep. What prevents those who consider the activities of this hosting to be so harmful that they are worth blocking - to filter and add to the ACL lists of networks, where Webzilla AS is origin? Or make some easy to use lists, API, BGP feed, and those who decide to participate will null-route offenders, and you will see how many people will support you. If this list is compiled carefully, then I am sure it will interest many(including me). If it turns into a political tool or a tool for extortion ... then of course not. And generally speaking, all these speeches from an armored cars end with a witch hunt, and almost always entire nations or categories of people are appointed as witches, depending on the trends. Who will be next? Cloudflare? Their attempt to maintain neutrality annoys many. Amazon? They react very slowly to abuse. OVH? It seems they do not care about abuse at all. Or maybe it will go into fashion to make the guilty - legal arms sellers? Or internet-stores who sell alcohol? Just create a cause for a depeering, and a lot of people with their special views will demand a depeering at every opportunity. P.S. North Korea, as far as I know, is very limited in connectivity choice, and this does not prevent them from creating a bunch of problems. As Max Tulyev said, and they are good example, just sprayed through countless proxies.
Re: Webzilla
In message , Eric Kuhnke wrote: >Looking at the AS adjacencies for Webzilla, what would prevent them from >disconnecting all of their US/Western Euro based peers and transits, and >remaining online behind a mixed selection of the largest Russian ASes? I do >not think that any amount of well-researched papers and appeals to ethical >ISPs on the NANOG mailing list will bring down those relationships. Everything you say may be correct, but I personally would feel remiss if I failed to point out the facts of this case to an audience that has it within its power to do something about the issue. And the facts in this case could not be more plain. At best, it can only be said that Webzilla, and all of its various faces, simply doesn't care about the majority of us who just want to use the Internet in peace and security. (And that abundant lack of care seems to be the overriding message of the reports I have cited.) At worst, the company and its various nefarious customers present a clear and present danger, if not to Western democracies then perhaps just to anyone and anything that's connected to the Internet. And all of the companies peering with the various Webzilla companies have a choice -- to support Webzilla and the harmful activities of all of its customers, many of whom have proven themselves, time and again, to be outright dangerous to the rest of us, or alternatively, to take reasonable measures, and do what they can to save themselves, their customers, and people around the world from so easily, conveniently, and inexpensively being hacked, fiddled, hoodwinked and penetrated. So this is the question. Can Western companies really justify, to themselves, to their stockholders, and to their customers, their acts which make it easier than it has to be for the likes of Webzilla to have connectivity? Should these companies, whose profitability and mere existance rests on both the freedom and justice, such as they are, that is commonly available in Western liberal democracies... should these companies continue to support, even if only indirectly, those who would undermine that same freedom and justice on which the companies themselves depend? And even setting aside THAT consequential question, are the long term best interests of these same Western companies best served by an Internet that is known to the public at large as a place primarily characterized by scamming, scheming, and skulduggery? And finally, is it a persuasive arguement to say that because there is crime in the world, and always has been, and likely always will be, that we, and each of us, should harbor and abet criminals simply because it is convenient for us to do so, and perhaps even profitable in the short run? You may think me naive, but I say that the answer each and all of these questions is a resounding "no". It shall not profit any of these companies who provide peering to Webzilla, even if they gain the whole world, if they lose their souls. Will there still be a thriving and growing market for moving bits when nobody in his or her right mind trusts the Internet anymore? Although I am cloaking my arguments, at least to some extent, in moral and ethical terms, I do understand that such considerations are not at all likely to be persuasive when it comes to the world of commerce. That's perfectly OK, because in this instance I believe that I am also arguing in favor of enlightened self-interest. Are any of the customers of any of the companies that provide peering to Webzilla and/or its various parts and pieces better off or worse off because of that peering? I believe that sober and informed reflection on this simple question will yield the Right Answer. In the early years of the 20th century, Vladimir Lenin, leader of the Bolshevik, revolution, famously quipped to his communist collegues that "The capitalists will sell us the rope to hang them with." His prescient words have endured even the fall of the empire he founded because they clarify a simple and fundamental truth -- in capitalist systems, short term greed often overrides both rationality and simple common sense. My hope is that it will not be so on this occasion, and that enligtened long-term self interest will prevail, at least among those companies that are peering with any of Webzilla's ASNs. I would be happy to see Webzilla be given no choice other than to beat a retreat, back to Russia, and to have the company seek connectivity there and only there. If the company wishes to continue either its support for, or its abject tolerance of the kind of nefarious activities documented in detail in the report I cited, then I say let them do that, let them connect only via Russia, and let the company's true allegiances be revealed for all to see. If, as now seems evident, the company wants to continue to flaunt the norms and traditions of the civilized portions of the Internet, then I don't see it as being in anyone else's best interests for Webzilla to co
Re: Webzilla
isn't i the case that 35415 peers with 174/3356/2914 directly and shouldn't you just be asking those folk: "Hey, err... are you getting these complaints? do you care about the harm?" On Mon, Mar 18, 2019 at 12:37 AM Eric Kuhnke wrote: > Looking at the AS adjacencies for Webzilla, what would prevent them from > disconnecting all of their US/Western Euro based peers and transits, and > remaining online behind a mixed selection of the largest Russian ASes? I do > not think that any amount of well-researched papers and appeals to ethical > ISPs on the NANOG mailing list will bring down those relationships. > > The likelihood of the Russian domestic legal system implementing > US/Western European court orders against bulletproof hosting companies is > quite low. > > > > On Sat, Mar 16, 2019 at 1:53 PM Ronald F. Guilmette > wrote: > >> >> [[ My apologies to thos eof you who may see this twice. I have posted the >>message below also to the RIPE Anti-Abuse Working Group mailing list, >>so any of you who are on that list also will see this twice. But I >>believe that it is relevant here also. ]] >> >> >> >> Perhaps some folks here might be interested to read these two reports, >> the first of which is a fresh news report published just a couple of >> days ago, and the other one is a far more detailed investigative report >> that was completed some time ago now. >> >> >> https://www.buzzfeednews.com/article/kenbensinger/dossier-gubarev-russian-hackers-dnc >> >> https://www.documentcloud.org/documents/5770258-Fti.html >> >> Please share these links widely. >> >> The detailed technical report makes it quite abundantly clear that >> Webzilla, and all of its various tentacles... many of which even I didn't >> know about until seeing this report... most probably qualifies as, and >> has qualified as a "bullet proof hosting" operation for some considerable >> time now. As the report notes, the company has received over 400,000 >> complaints or reports of bad behavior, and it is not clear to me, from >> reading the report, if anyone at the company even bothered to read any >> more than a small handful of those. >> >> I have two comments about this. >> >> First, I am inclined to wonder aloud why anyone is even still peering >> with any of the several ASNs mentioned in the report. To me, the mere >> fact that any of these ASNs still have connectivity represents a clear >> and self-evident failure of "self policing" in and among the networks >> that comprise the Internet. >> >> Second, its has already been a well know fact, both to me and to many >> others, for some years now, that Webzilla is by no means alone in the >> category commonly refered to as "bullet proof hosters". This fact >> itself raises some obvious questions. >> >> It is clear and apparent, not only from the report linked to above, but >> from the continuous and years-long existance of -many- "bullet proof >> hosters" on the Internet that there is no shortage of a market for the >> services of such hosting companies. The demand for "bullet proof" >> services is clearly there, and it is not likely to go away any time >> soon. In addition to the criminal element, there are also various >> mischevious governments, or their agents, that will always be more >> than happy to pay premium prices for no-questions-asked connectivity. >> >> So the question naturally arises: Other than de-peering by other >> networks, >> are there any other steps that can be taken to disincentivize networks >> from participating in this "bullet proof" market and/or to incentivize >> them to give a damn about their received network abuse complaints? >> >> I have no answers for this question myself, but I felt that it was about >> time that someone at least posed the question. >> >> The industry generally, and especially in the RIPE region, has a clear >> and evident problem that traditional "self policing" is not solving. >> Worse yet, it is not even discussed much, and that is allowing it to >> fester and worsen, over time. >> >> It would be Good if there was some actual leadership on this issue, at >> least from -some- quarter. So far I have not noticed any such worth >> mentioning. And even looking out towards the future horizon, I don't >> see any arriving any time soon. >> >> >> Regards, >> rfg >> >
Re: Webzilla
Looking at the AS adjacencies for Webzilla, what would prevent them from disconnecting all of their US/Western Euro based peers and transits, and remaining online behind a mixed selection of the largest Russian ASes? I do not think that any amount of well-researched papers and appeals to ethical ISPs on the NANOG mailing list will bring down those relationships. The likelihood of the Russian domestic legal system implementing US/Western European court orders against bulletproof hosting companies is quite low. On Sat, Mar 16, 2019 at 1:53 PM Ronald F. Guilmette wrote: > > [[ My apologies to thos eof you who may see this twice. I have posted the >message below also to the RIPE Anti-Abuse Working Group mailing list, >so any of you who are on that list also will see this twice. But I >believe that it is relevant here also. ]] > > > > Perhaps some folks here might be interested to read these two reports, > the first of which is a fresh news report published just a couple of > days ago, and the other one is a far more detailed investigative report > that was completed some time ago now. > > > https://www.buzzfeednews.com/article/kenbensinger/dossier-gubarev-russian-hackers-dnc > > https://www.documentcloud.org/documents/5770258-Fti.html > > Please share these links widely. > > The detailed technical report makes it quite abundantly clear that > Webzilla, and all of its various tentacles... many of which even I didn't > know about until seeing this report... most probably qualifies as, and > has qualified as a "bullet proof hosting" operation for some considerable > time now. As the report notes, the company has received over 400,000 > complaints or reports of bad behavior, and it is not clear to me, from > reading the report, if anyone at the company even bothered to read any > more than a small handful of those. > > I have two comments about this. > > First, I am inclined to wonder aloud why anyone is even still peering > with any of the several ASNs mentioned in the report. To me, the mere > fact that any of these ASNs still have connectivity represents a clear > and self-evident failure of "self policing" in and among the networks > that comprise the Internet. > > Second, its has already been a well know fact, both to me and to many > others, for some years now, that Webzilla is by no means alone in the > category commonly refered to as "bullet proof hosters". This fact > itself raises some obvious questions. > > It is clear and apparent, not only from the report linked to above, but > from the continuous and years-long existance of -many- "bullet proof > hosters" on the Internet that there is no shortage of a market for the > services of such hosting companies. The demand for "bullet proof" > services is clearly there, and it is not likely to go away any time > soon. In addition to the criminal element, there are also various > mischevious governments, or their agents, that will always be more > than happy to pay premium prices for no-questions-asked connectivity. > > So the question naturally arises: Other than de-peering by other networks, > are there any other steps that can be taken to disincentivize networks > from participating in this "bullet proof" market and/or to incentivize > them to give a damn about their received network abuse complaints? > > I have no answers for this question myself, but I felt that it was about > time that someone at least posed the question. > > The industry generally, and especially in the RIPE region, has a clear > and evident problem that traditional "self policing" is not solving. > Worse yet, it is not even discussed much, and that is allowing it to > fester and worsen, over time. > > It would be Good if there was some actual leadership on this issue, at > least from -some- quarter. So far I have not noticed any such worth > mentioning. And even looking out towards the future horizon, I don't > see any arriving any time soon. > > > Regards, > rfg >
Re: Webzilla
It's quite conveniently to have all botnets C&C in several known ASNs. More pain if it will be spread through thousands regular residential customers, like when use fast(double)flux or peertopeer technologies ;) Joke. Really, there were a lot of cases all upstreams had disconnected some ASN for that type of activity. So it really works. 16.03.19 22:51, Ronald F. Guilmette пише: [[ My apologies to thos eof you who may see this twice. I have posted the message below also to the RIPE Anti-Abuse Working Group mailing list, so any of you who are on that list also will see this twice. But I believe that it is relevant here also. ]] Perhaps some folks here might be interested to read these two reports, the first of which is a fresh news report published just a couple of days ago, and the other one is a far more detailed investigative report that was completed some time ago now. https://www.buzzfeednews.com/article/kenbensinger/dossier-gubarev-russian-hackers-dnc https://www.documentcloud.org/documents/5770258-Fti.html Please share these links widely. The detailed technical report makes it quite abundantly clear that Webzilla, and all of its various tentacles... many of which even I didn't know about until seeing this report... most probably qualifies as, and has qualified as a "bullet proof hosting" operation for some considerable time now. As the report notes, the company has received over 400,000 complaints or reports of bad behavior, and it is not clear to me, from reading the report, if anyone at the company even bothered to read any more than a small handful of those. I have two comments about this. First, I am inclined to wonder aloud why anyone is even still peering with any of the several ASNs mentioned in the report. To me, the mere fact that any of these ASNs still have connectivity represents a clear and self-evident failure of "self policing" in and among the networks that comprise the Internet. Second, its has already been a well know fact, both to me and to many others, for some years now, that Webzilla is by no means alone in the category commonly refered to as "bullet proof hosters". This fact itself raises some obvious questions. It is clear and apparent, not only from the report linked to above, but from the continuous and years-long existance of -many- "bullet proof hosters" on the Internet that there is no shortage of a market for the services of such hosting companies. The demand for "bullet proof" services is clearly there, and it is not likely to go away any time soon. In addition to the criminal element, there are also various mischevious governments, or their agents, that will always be more than happy to pay premium prices for no-questions-asked connectivity. So the question naturally arises: Other than de-peering by other networks, are there any other steps that can be taken to disincentivize networks from participating in this "bullet proof" market and/or to incentivize them to give a damn about their received network abuse complaints? I have no answers for this question myself, but I felt that it was about time that someone at least posed the question. The industry generally, and especially in the RIPE region, has a clear and evident problem that traditional "self policing" is not solving. Worse yet, it is not even discussed much, and that is allowing it to fester and worsen, over time. It would be Good if there was some actual leadership on this issue, at least from -some- quarter. So far I have not noticed any such worth mentioning. And even looking out towards the future horizon, I don't see any arriving any time soon. Regards, rfg