[anti-abuse-wg] Enabling community self-help?
Shane Kerr shane at time-travellers.org
Fri Apr 6 08:53:00 CEST 2012
Suresh, On Friday, 2012-04-06 09:07:05 +0530, Suresh Ramasubramanian <ops.lists at gmail.com> wrote: > On Thu, Apr 5, 2012 at 7:57 PM, Shane Kerr > <shane at time-travellers.org> wrote: > > > It might be a failure of imagination on my part, but I think that > > attempting to prevent "bad guys" from getting addresses involves > > extra work to prove somehow that they companies not criminal. I > > don't see a lot of call by LIRs to increase the amount of paperwork > > and delay when dealing with the RIPE NCC. :) > > Did you calculate just how much expense your colleagues in another > department (security or spam filtering or whatever) face because you > can't collectively be bothered to do some paperwork, and/or RIPE NCC > can't be bothered to streamline and automate their processes? Just so we're clear - I don't represent an LIR, and never have. I don't vote on the RIPE NCC budget or the RIPE NCC board. I agree that there are externalized costs in handling network abuse. That's the very reason the spam problem exists!!! However companies are by and large short-sighted and selfish - even more than human beings, since companies have neither friends nor families. Externalized costs ("somebody else has to pay for my expenses, increasing my profits") are good from their point of view. RIPE allows not a level playing field, but one just balanced enough to allow necessary cooperation. This is true of any forum used for collaboration within a particular industry. (Vodafone and T-Mobile may be competitors, but their customers need to be able to call each other.) I neither defend nor attack the views of people regarding how much control is needed for stopping abuse, but I do recognize that these views exist. If you want any agenda pushed forward, I believe you need to recognize that other people have other positions and try to come up with solutions that work for them too. > > Does ROKSO cover any issue, or just spam? Certainly there is nothing > > preventing anyone who can afford a VPS from setting up some > > reputation site, but if it was RIPE NCC-hosted it might have a > > different level of gravitas. > > It covers groups or people that have a long history of spam and > termination from at least three service providers for violation of > their policies. So from your point of view, there already exists a reasonable reputation service that covers both networks and their operators. I guess ROKSO provides some sort of networking blacklisting automation, right? (Or perhaps even whitelisting?) Is there a reason not to use that for filtering and not worry whether the RIPE NCC or any other LIR has allocated any particular addresses? > But the word "spam" - and so the category of people listed in ROKSO - > covers everything from unsolicited marketing of mail order junk > (borderline fraud at worst), to criminals involved in credit card > theft and child pornography. I guess I was wondering if it covered literally any nefarious activities, so that it could be used as a general reputation service. If I am getting DoS'd or penetration tested from an ISP who doesn't do anything about it, I'd want that sort of thing tracked too. > As for "reputation" wrt spam - I would take spamhaus' word for this > over the word of any organization or community that is "not the > document police". You see, if you are not the document police and > then go around publishing something about a netblock's reputation > being bad or fishy .. well then, you have published that based on very > little actual fact available to you. So why would I or anybody else > value it for more than the paper (or sectors on a hard disk) it is > written on? I actually think you *should* take a 3rd-party reputation service's opinion more seriously. Realistically the RIPE NCC will *always* have a conflict of interest - they want to serve the wider community but their direct members are the LIRs. (OTOH 3rd-party reputation is not a cure-all if not set up properly, as the recent collapse of the Certificate Authority (CA) system has shown us.) My goal of putting some sort of forum associated with the RIPE allocation information was to get this 3rd-party information as close as possible to the "authoritative" information about network addresses without triggering any conflict of interests. I never claimed it was a completely baked idea, certainly. :-P -- Shane