Le 22/11/2010 13:17, Florian Weimer a écrit :
* julien tayon:
Europa (RIPE region) seems to be the region with the most infected big ISP (which is not correlated with volume)...
You have to be a bit careful about the underlying measurement methodology. In some European countries, most Internet access offered to consumers reassigns a new IP address once a day. (There are two reasons for this: static IP addresses to differentiate business products, and the drop in P2P traffic after IP address reassignment. The latter is probably not very relevant today.) Such daily IP address reassignments can easily account for one or two orders of magnitude of errors, depending on the observation period.
That's the reason why I love this discussion, I am a troll on internet because I always ask questions that tickles me, here people understand my questions, and help me broaden my views. Great, I love being smarter every days, so thank you ! So mostly your point is measurement are biased because dynamic IPs are more used in Europa thus triggering multiple false positive. And you are right for my experience in french ISP is they almost all use 24 hours long dhcp lease. But I ignore all of foreign ISP (china, india, US). This report dont give a clue on this one. So you have a point. What if mesure were not made by IP but by volume of spams emitted per group of IPs belonging to an ISP (let's say by AS) ? Wouldn't it be an interesting figure to have ? «Lazy ISP» would be as obvious as a duck sitting in my shoe.
My question is : does RIPE have a responsability in this topic by not enforcing the «we shall not give you new IP» rules when ISP failed to handle their abuse ?
Disregarding feasibility etc., this would only be a short-term measure because IP addresses will no longer be scarce ressource a year or two, so the RIRs will lose any leverage they might currently have.
the alternative to the RIPE (and all its counterpart) action, is LEA taking over the control of internet policy for the greater good.. Am I the only one uneasy with «cyber» crime ? A crime is a crime whatever the media is used. The only difference is internet makes it easier to target a a victim from another country, therefore making legal pursuits tougher. Furthermore countries such as US (because of war crimes), Europe (in ordeer to keep their financial paradise) refuse to accept any international legislation, except in the case of IP (intellectual properties). So it is like RIPE is under a set of rules that are buggies : - cyber-crimes should be fought (you shall take actions) ; - no one has agreed on a common set of definition of crimes & actions to be taken ; - RIPE & internet organisations have the legitimity through contracts signed with LIR/RIR to act but dont have the legality to act for anything else than what lies in the contract ; - there is no common definition of actors trusted for reporting/gathering crimes (private information should not be delivered to whoever claim he is a victim, and people should not be accused without proof) ; - there seems to be a confusion on the role of abuse / crime reporting & handling; So RIPE & al are in a pretty uncomfortable position I guess, because it is not their job to substitute themselves to the governments, while being held responsible for the good state of internet legal cooperation mechanisms. -- Amicalement, Julien Tayon / digital craftman / http://libroscope.org