[anti-abuse-wg] Enabling community self-help?

On Thu, Mar 29, 2012 at 2:23 PM, Shane Kerr <shane at time-travellers.org>wrote:

> Some people want someone to force ISP's to take responsibility for
> fixing abuse originating in their networks. The natural place for this
> enforcement appears to them to be the RIPE NCC (*).
>

The issue isn't forcing ISPs to fix abuse at all - lots of blocklists and
whatever else for that.

The issue is making sure that the bad guys are simply not able to get
themselves a /15 whenever they like simply because the paperwork
verification is close enough to nonexistent.

As for "picking on RIPE NCC", do please let me know if another RIR with an
LIR model AND a bunch of criminals who have got the idea of setting
themselves up as LIRs


Contrariwise, the RIPE NCC is unable to unwilling to change its role
> from a fundamentally administrative to one that involves setting
> network usage policies. This involves risks in terms of anti-trust
> regulators, need to carefully define the limits of control, and setting
>

This is an entirely strawman set of arguments.  Can you please explain to
me what part of SOCA's proposals about crosschecking ID / email address etc
triggers a single antitrust regulation?  Or a privacy regulation for that
matter?


> On the 3rd hand, some people in the RIPE community (including me)
> also feel that it is very, very difficult to define what the required
> actions would be in the case of reported abuse. This reporting
> mechanism itself might indeed be a source of abuse (rivalries between
> companies could be fought by each accusing the other of hosting
> criminal activity).
>

You might actually know if there's criiminal activity actually hosted
there?   As in some random guy asking "do you beat your wife" versus a lot
of people coming up and saying that there's often scenes like loud
arguments, screams, the sounds of blows / slaps etc being dealt, your wife
turning up in public crying and with a black eye etc?   ["generic you" of
course], followed by a quick check that simply says you're a bigamist and
so the marriage just wasn't valid, obtained under false pretences.

Yes the analogy is stupid.  Thank you in advance for pointing that out.

about it. So, you might see that ISP ShaNet has working e-mail for
> abuse, but nobody ever sees any action beyond automated response. Such
> reports could be useful for people who *can* investigate and do
> something, such as law enforcement or regulators.
>

Various blocklists and antispam forums / security lists do discuss that.
However the point here is entirely different.

Let us put it this way - provider X has lax security policies, hosts a
bunch of spammers and has a ton of blocklist listings.  But it also has
legitimate customers and does provide what it says it provides - colo
services.

Provider Y in Eastern Europe is a front for a botmaster, hosts nothing but
bot traffic and got itself an assigned-PA or PI /20 from RIPE NCC, after
telling RIPE NCC its going to host whatever .. say some guy's family dog's
homepage.

The point here is not crowdsourcing opinion about a CIDR.  The point is
getting hostmasters to see the difference between provider X and provider
Y, and see if they can't give X a /20 and deny Y his /20.

SOCA appears to have a workable and standards based, complaint with
european law, model there, as it happens.

--srs
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </ripe/mail/archives/anti-abuse-wg/attachments/20120329/e18279a3/attachment.html>