[anti-abuse-wg] Enabling community self-help?

Fri Mar 30 15:30:39 CEST 2012

On Fri, Mar 30, 2012 at 12:27:01PM +0200, chrish at consol.net wrote:
> [...]
> and again btw, regarding one of the irrelevant parts of this thread: a botnet is not a criminal registering a /20, installing 2^12 boxes with a bot-trojan on it. it's a bunch of independent windows-boxes connecting to some services used as c&c channel (who don't know anything about all this). so persons taking the botnet-angst seriously, actually really have to desperately want to take action against windows... sbdy registering a /20, installing "bot-clients" on his boxes - that's called "cloud" i believe. and i don't think it is correct to assume they are all illegal. like i don't think cars should be illegal just because some of them kill people...
> and while we're at it: looking at guns - posession of a gun is illegal. i don't think it's a good idea trying to make ips illegal...

>From what I understood, the discussion was about networks controlled
by criminals, not about networks abused by criminals.

For instance, one of such networks _was_ RBN, as described in:
http://en.wikipedia.org/wiki/Russian_Business_Network
Before being shut down and going to the general press and in Wikipedia,
RBN was extremely well known to the antiabuse community.

At the present time, there are dozens of similar networks, entirely
controlled by criminals and used exclusively for criminal activity,
as for instance determined by the impossibility to locate any
legitimate service in them, the network operators simulating fake
terminations while moving the criminals from one range to another, etc.

Such networks always remain rather obscure and not known outside the
anti-abuse community, until some law enforcements agency or possibly
Microsoft or other actors take it down and start issuing press releases
at full throttle.  Then everybody says "Aaaah! Good! Well done!".

But, unfortunately, this happens only in a small fraction of cases.  The 
remaining cases.. well, they are the problem under discussion.  We see 
it right here in this thread: people working in the field know very well 
what these networks are, but they are not believed, discussions expand
to entirely non-related issues, and in any case nothing can be done on 
the RIR side ever because it's not in the RIR mandate.

And I found it absolutely disheartening that a person that was putting
work and energy on this problem in the RIPE area - where this problem
is bigger than in the other regions - was removed from the co-chair 
position of this working group, without even discussing it in the list.
Since then, my impression is that the problem of large allocations
to criminals is being swept under the carpet, with no hope for any 
solution in the short or medium term.

furio