[anti-abuse-wg] Enabling community self-help?
furio ercolessi furio+as at spin.it
Fri Mar 30 15:30:39 CEST 2012
On Fri, Mar 30, 2012 at 12:27:01PM +0200, chrish at consol.net wrote: > [...] > and again btw, regarding one of the irrelevant parts of this thread: a botnet is not a criminal registering a /20, installing 2^12 boxes with a bot-trojan on it. it's a bunch of independent windows-boxes connecting to some services used as c&c channel (who don't know anything about all this). so persons taking the botnet-angst seriously, actually really have to desperately want to take action against windows... sbdy registering a /20, installing "bot-clients" on his boxes - that's called "cloud" i believe. and i don't think it is correct to assume they are all illegal. like i don't think cars should be illegal just because some of them kill people... > and while we're at it: looking at guns - posession of a gun is illegal. i don't think it's a good idea trying to make ips illegal... >From what I understood, the discussion was about networks controlled by criminals, not about networks abused by criminals. For instance, one of such networks _was_ RBN, as described in: http://en.wikipedia.org/wiki/Russian_Business_Network Before being shut down and going to the general press and in Wikipedia, RBN was extremely well known to the antiabuse community. At the present time, there are dozens of similar networks, entirely controlled by criminals and used exclusively for criminal activity, as for instance determined by the impossibility to locate any legitimate service in them, the network operators simulating fake terminations while moving the criminals from one range to another, etc. Such networks always remain rather obscure and not known outside the anti-abuse community, until some law enforcements agency or possibly Microsoft or other actors take it down and start issuing press releases at full throttle. Then everybody says "Aaaah! Good! Well done!". But, unfortunately, this happens only in a small fraction of cases. The remaining cases.. well, they are the problem under discussion. We see it right here in this thread: people working in the field know very well what these networks are, but they are not believed, discussions expand to entirely non-related issues, and in any case nothing can be done on the RIR side ever because it's not in the RIR mandate. And I found it absolutely disheartening that a person that was putting work and energy on this problem in the RIPE area - where this problem is bigger than in the other regions - was removed from the co-chair position of this working group, without even discussing it in the list. Since then, my impression is that the problem of large allocations to criminals is being swept under the carpet, with no hope for any solution in the short or medium term. furio