This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/anti-abuse-wg@ripe.net/
[anti-abuse-wg] (no subject)
- Previous message (by thread): [anti-abuse-wg] (no subject)
- Next message (by thread): [anti-abuse-wg] (no subject)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Brian Nisbet
brian.nisbet at heanet.ie
Thu Aug 11 15:52:26 CEST 2016
Folks, I think this particular spur of the conversation has hit a usefulness dead-end. Let's bring it back to something more concrete and less ad hominem please. Brian Brian Nisbet, Network Operations Manager HEAnet Limited, Ireland's Education and Research Network 1st Floor, 5 George's Dock, IFSC, Dublin 1 Registered in Ireland, no 275301 tel: +35316609040 fax: +35316603666 web: http://www.heanet.ie/ On 11/08/2016 14:11, andre at ox.co.za wrote: > On Thu, 11 Aug 2016 05:15:50 -0700 > "Ronald F. Guilmette" <rfg at tristatelogic.com> wrote: >> andre at ox.co.za wrote: >>> 1. When we find crime, child porn, credit card scams, etc on >>> networks, we should immediately report it to the Police in the >>> jurisdiction where the data is. >> >> The above is delusional on so many levels I'm not sure even where to >> begin. >> > Your ad hominem statement makes whatever you say less trustworthy, I do > the same, so does Suresh, so I guess I can hardly point fingers, I have > also called people delusional, mental, nuts or bofh - it helps to > break the sheep down and makes wolves angry that they type silly > things :) > > Of course, I am not delusional, I may be wrong, I may be mistaken, mis-informed, > stupid or even ignorant but to tell me that I am delusional is obviously and patently untrue... > > This already detracts from anything valid that you may (or may not) say > later on in your reply... > >> In the first place, who exactly is this royal "we"? >> > We as in us the people, I believe that we already discussed that, as in > we, the people on this mailing list :) > > including the Queen, actually including all Queens, even Freddy > if they are in reading distance of this list :) > >> In the second place, what exactly is the "jurisdiction where the data >> is" for 82.221.130.101? Is that Belize? Is that Iceland? Is that >> Russia? Do you know? Does RIPE NCC know? If you are claiming that >> you know, then please do enlighten us... or at least me... as to >> exactly HOW you know the actual jurisdiction is in this case. >> > Well it could be anywhere right now - but it will be somewhere at that > point in time when someone needs to apply for a search warrant. > >> Thirdly, weren't you the same fellow who was just arguing a few >> messages back that "crime" only exists in relation to a specific >> jurisdiction anyway? maybe the *real* jurisdiction of 82.221.130.101 >> is the Principality of Sealand, where there are no laws prohibiting >> the buying and selling of other people's credit card numbers. So >> what "should" we do then? >> > legally? - nothing. If the society and people of whatever sovereign > country wants to do whatever they want - this is their business and not > mine. (I am not an American, maybe if I become an American I will have > to start kicking butt and taking names all over the planet, I guess > you will have to train me then... :) in Africa we like to believe in > the goodness of humanity, to truly appreciate that people are generally > evil pathetic selfish shitty little creatures is not in our concept of > Ubuntu - in fact until of late some of these words did not even exist in our > local cultures ) > > If it is truly heinous we can lobby your congress to send a drone? > > I am of course joking, but legally - nothing - Internet wise, you are > working up a proposed policy document about how crime should be > handled? > > But, definitely, there is a big difference between abuse, actual crime > and crime intelligence ?or not? > > do you agree/disagree with that? (trying to have/add/find some value > in a devolved thread...) > >> Finally, did you miss it when I posted, just not very long ago, the >> following link to a BBC story that describes in some detail that >> police are overwehelmed and that they can't even keep up with this >> the great and growing masses of cybercrime anymore? >> >> http://www.bbc.com/news/uk-36731694 >> > But we are CIVIL society and more interestingly, we are cross > border, cross cultural and cross social > > The law enforcement problem in the UK is not an International one > and still, like you yourself said, we (me/I/You/Us :) ) don't have the > power of a state > > In another thread you are discovering how there are questions of legal > identity about RIPE that "we" are not sure of ourselves :) > > >>> We must not, discuss this on a public list before the Police has at >>> the very least, had the opportunity to first ensure that they have >>> secured the data/servers/evidence that may be required to prosecute. >> Gee! And here I was starting to think that you were in favor of free >> speech on the Internet! I guess not. Sorry. My mistake. (You >> apparently want to tell me what I "must not" say. That's not my >> definition of free speech.) >> > > if someone is actively selling credit card, identity theft child porn, > etc. in an ideal world, I would like to see those criminals properly > investigated, prosecuted and sentenced > > Free Speech is a right that has to be in balance with it's > responsibility. > > You cannot claim that hate speech - is free speech - so free speech has > limits - in terms of the other rights of other people > > For example - little children have the right not to be abused by > pedophiles - and publishing child pornography - IS NOT FREE SPEECH > > similarly - not giving criminals a "heads up" or null routing their > traffic and/or obstructing the functionality of law enforcement, laws > of countries and the rule of law - is not "free speech" > > >> Also, I refer you again to this: >> >> http://www.bbc.com/news/uk-36731694 >> >> and I remind you again that you are living in a fantasy world. >> Speaking from direct personal experience, it doesn't matter how many >> months of lead time you give law enforcement. They simply DO NOT put >> down their doughnuts and rush out to image servers until *after* >> reports of serious cybercrimes appear in the media. >> > it depends on the priorities, resources and many other factors. > > And, "reminding me that I live in a fantasy world" simply dilutes > credibility as obviously I live in the same sewer as the rest of us. > >> These days, the only times when they are actually pro-active and >> actually ahead of the curve is in terrorism-related cases. >> > I refer you to this article: > > http://www.bbc.com/news/uk-36731694 > > They say all of it - they do not say that they are all over terrorism... > > See, I can do that also :) > >>> 2. If, after a reasonable amount of time, we receive no feedback (as >>> in back off, we are investigating this - or we are busy prosecuting >>> or whatever) then we should do what? >> >> See above. For a long while I did exactly what you think should be >> done. I tried to always inform law enforcement early and often, about >> all of the really bad crap I found. And I gave them a fair >> opportunity to tell me to keep quiet, because they had an ongoing >> investigation. So far, no matter what I've reported to them, and no >> matter how bad it was, they haven't even given me a courtesy call > > yeah, I feel your pain. I may be in the same boat as you, I guess it > is because I called some of them a bunch of incompetent troglodytes that > could not even investigate someone breaking into a paper bag... they > tend to kinda delete my emails and information even before reading it... > > I do not really blame them, I can be a pain in the ass sometimes :) > just from reading you a bit, I think you may be in the same boat > >> back. In short, they are worse than useless. They are a waste of my >> time. They don't care what I do or say or find, and I no longer care >> what they do or say or think or find. On those rare occasions when >> they actually do bust some cybercriminal, I applaud them, but usually >> the arrest only comes years after the criminals have already been >> well-known to be doing their crimes. (And as I learned recently, in >> Russia, at least, when a criminal of any kind gets busted, the >> authorities don't even release their names. So as a non-LE person, >> you can't even be sure that the Russians aren't just making the whole >> thing up for publicity reasons, you know, to make Putin look good, >> like the _alleged_ arrest of "fifty" cybercriminals that is _alleged_ >> to have taken place in Russia earlier this year. What a nice round >> number to release to the media!) >> > doing pretty press releases is always a bonus for budgets :) > >>> ...but you cannot simply find a random domain, note content on it >>> that seems as if there may possibly be criminal activity and/or >>> abuse. >> >> I can't? Oh. Sorry. Too late! I already did. Sorry. I didn't >> know that rule until now. :-) >> > Okay, well, now you know :) > >>> I cannot publish anything about this website or this content on there >>> as their is simply no due process, no proof of actual illegal >>> activity, no actual trial, guilt, verdict, etc. >> >> That's quite alright, YOU don't have to. I already did. >> > Oh, thanks for that then, I did not notice > (btw sarcasm is the lowest form of wit - i'll betcha I am lower than > you :) ) > >> See, *I* don't have the power of a state. I can't send people to >> jail. I can only bad-mouth them in public and hope that other people >> realize what criminals they are, and then stop trading packets with >> them. >> > yes, *sigh* if only now we had that credibility thing going for us... > btw - do you still run your blacklists? - links? info? > >> Because the penalities that I personally can impose are so limited and >> weak, I don't have to make a case against any party "beyond a >> reasonable doubt". If I make a case aganst a party where the >> "preponderance of the evidence" (i.e. 51%) says that they are guilty, >> then people who read what I write, and agree with my analysis may >> stop accepting packets from the crooks I identify. That is a >> reasonable outcome. >> >>> We should start filtering/editing/censoring content deciding to >>> 'null-route' entire IP ranges because of our content decisions? >> >> I do it every day, at least for my own server. It's called "spam >> filtering". (I don't like spam.) >>> seriously? >> Oh yes, seriously. >> > everyone claims to hate spam - yet in many decades it is a persistent > problem, I wonder why... > > Oh, yes, it is a BALLS thing. > > Twitter.com does not accept abuse complaints - so what do we do? > oh, I know, I know - we continue accepting all emails from twitter.com > in case our users get upset - bwahahahaha > > Does twitter.com ever feel any pain? heck no. unimaginable thing that. > >>> We can also maybe build a huge wall around our networks? Maybe we >>> should not route any traffic that we have not properly inspected? >> >> Works for me! Sounds like a perfect description of my firewall. >> > ROFL, I was joking - but you can also just pull out the > fiber/cable/antenna/dish :) > > Andre > >> >> Regards, >> rfg >> > >
- Previous message (by thread): [anti-abuse-wg] (no subject)
- Next message (by thread): [anti-abuse-wg] (no subject)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]