[anti-abuse-wg] Enabling community self-help?
Suresh Ramasubramanian ops.lists at gmail.com
Thu Mar 29 12:27:07 CEST 2012
On Thu, Mar 29, 2012 at 2:23 PM, Shane Kerr <shane at time-travellers.org>wrote: > Some people want someone to force ISP's to take responsibility for > fixing abuse originating in their networks. The natural place for this > enforcement appears to them to be the RIPE NCC (*). > The issue isn't forcing ISPs to fix abuse at all - lots of blocklists and whatever else for that. The issue is making sure that the bad guys are simply not able to get themselves a /15 whenever they like simply because the paperwork verification is close enough to nonexistent. As for "picking on RIPE NCC", do please let me know if another RIR with an LIR model AND a bunch of criminals who have got the idea of setting themselves up as LIRs Contrariwise, the RIPE NCC is unable to unwilling to change its role > from a fundamentally administrative to one that involves setting > network usage policies. This involves risks in terms of anti-trust > regulators, need to carefully define the limits of control, and setting > This is an entirely strawman set of arguments. Can you please explain to me what part of SOCA's proposals about crosschecking ID / email address etc triggers a single antitrust regulation? Or a privacy regulation for that matter? > On the 3rd hand, some people in the RIPE community (including me) > also feel that it is very, very difficult to define what the required > actions would be in the case of reported abuse. This reporting > mechanism itself might indeed be a source of abuse (rivalries between > companies could be fought by each accusing the other of hosting > criminal activity). > You might actually know if there's criiminal activity actually hosted there? As in some random guy asking "do you beat your wife" versus a lot of people coming up and saying that there's often scenes like loud arguments, screams, the sounds of blows / slaps etc being dealt, your wife turning up in public crying and with a black eye etc? ["generic you" of course], followed by a quick check that simply says you're a bigamist and so the marriage just wasn't valid, obtained under false pretences. Yes the analogy is stupid. Thank you in advance for pointing that out. about it. So, you might see that ISP ShaNet has working e-mail for > abuse, but nobody ever sees any action beyond automated response. Such > reports could be useful for people who *can* investigate and do > something, such as law enforcement or regulators. > Various blocklists and antispam forums / security lists do discuss that. However the point here is entirely different. Let us put it this way - provider X has lax security policies, hosts a bunch of spammers and has a ton of blocklist listings. But it also has legitimate customers and does provide what it says it provides - colo services. Provider Y in Eastern Europe is a front for a botmaster, hosts nothing but bot traffic and got itself an assigned-PA or PI /20 from RIPE NCC, after telling RIPE NCC its going to host whatever .. say some guy's family dog's homepage. The point here is not crowdsourcing opinion about a CIDR. The point is getting hostmasters to see the difference between provider X and provider Y, and see if they can't give X a /20 and deny Y his /20. SOCA appears to have a workable and standards based, complaint with european law, model there, as it happens. --srs -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://www.ripe.net/ripe/mail/archives/anti-abuse-wg/attachments/20120329/e18279a3/attachment.html>