The flipside is, the various routing blocklists, email and other abuse blocklists work very well.... When corporations start trashing their ip resources (specially ipv4) then it becomes costly to ignore abuse as the resources they supply to "paying clients" is no longer usable for certain purposes. On Sat, 16 Mar 2019 17:37:15 -0700 "Fi Shing" <phishing@storey.xxx> wrote:
There is no incentive for a corporation to remove an abuser if the abuser is a paying customer.
There is also no incentive for RIR to create any sort of oversight, if that oversight requires investment.
Hence, the shit fight known as "the internet" that we have today.
-------- Original Message -------- Subject: [anti-abuse-wg] Webzilla From: "Ronald F. Guilmette" <rfg@tristatelogic.com> Date: Sun, March 17, 2019 7:15 am To: anti-abuse-wg@ripe.net
Perhaps some folks here might be interested to read these two report, the first of which is a fresh news report published just a couple of days ago, and the other one is a far more detailed investigative report that was completed some time ago now.
https://www.buzzfeednews.com/article/kenbensinger/dossier-gubarev-russian-ha...
https://www.documentcloud.org/documents/5770258-Fti.html
Please share these links widely.
The detailed technical report makes it quite abundantly clear that Webzilla, and all of its various tentacles... many of which even I didn't know about until seeing this report... most probably qualifies as, and has qualified as a "bullet proof hosting" operation for some considerable time now. As the report notes, the company has received over 400,000 complaints or reports of bad behavior, and it is not clear to me, from reading the report, if anyone at the company even bothered to read any more than a small handful of those.
I have two comments about this.
First, I am inclined to wonder aloud why anyone is even still peering with any of the several ASNs mentioned in the report. To me, the mere fact that any of these ASNs still have connectivity represents a clear and self-evident failure of "self policing" in and among the networks that comprise the Internet.
Second, its has already been a well know fact, both to me and to many others, for some years now, that Webzilla is by no means alone in the category commonly refered to as "bullet proof hosters". This fact itself raises some obvious questions.
It is clear and apparent, not only from the report linked to above, but from the continuous and years-long existance of -many- "bullet proof hosters" on the Internet that there is no shortage of a market for the services of such hosting companies. The demand for "bullet proof" services is clearly there, and it is not likely to go away any time soon. In addition to the criminal element, there are also various mischevious governments, or their agents, that will always be more that happy to pay premium prices for no-questions-asked connectivity.
So the question naturally arises: Other than de-peering by other networks, are there any other steps that can be taken to disincentivize networks from participating in this "bullet proof" market and/or to incentivize them to give a damn about their received network abuse complaints?
I have no answers for this question myself, but I felt that it was about time that someone at least posed the question.
The industry generally, and especially in the RIPE region, has a clear and evident problem that traditional "self policing" is not solving. Worse yet, it is not even discussed much, and that is allowing it to fester and worsen, over time.
It would be Good if there was some actual leadership on this issue, at least from -some- quarter. So far I have not noticed any such worth commenting about, and even looking out towards the future horizon, I don't see any arriving any time soon.
Regards, rfg