Re: [apops] Fwd: [ppml] Policy Proposal 2003-2: Network Abuse]

  • To: suresh at outblaze dot com (Suresh Ramasubramanian)
  • Subject: Re: [apops] Fwd: [ppml] Policy Proposal 2003-2: Network Abuse]
  • From: Bill Manning <bmanning@ISI.EDU>
  • Date: Wed, 5 Mar 2003 03:36:09 -0800 (PST)
  • Cc: apops at apops dot net
  • In-reply-to: < at frodo dot hserus dot net> from Suresh Ramasubramanian at "Mar 5, 3 06:19:16 am"
  • List-archive: <>
  • List-help: <>
  • List-id: Asia Pacific Operations Forum <>
  • List-post: <>
  • List-subscribe: <>,<>
  • List-unsubscribe: <>,<>
  • Sender:
    • % >a valid e-mail contact for network [NOC@] and abuse [Abuse@] contact.
      % >Make it standard.
      	and this will be more useful than the currently required 
      	postmaster and root accounts -how-?
      % >4. If an IP Range / Network or Dial-Up is found to have invalid
      % >contact information, address, phone #, e-mail address etc, Regional
      % >Internet Registries [APNIC, ARIN, LACNIC, and RIPE NCC] should try
      % >to contact then via e-mail first [which is already being done]. At
      % >that time if contact is not established via e-mail and returned
      % >Failure/Undeliverable, they should be contacted via phone or mail
      % >with the understanding that if they do not reply with in say 30 days
      % >their IP range will be terminated and no connections will be allowed
      % >in or out of their network until they comply to the terms of service.
      	couple of issues with this.
      	) many delegations predate RIR creation. there is -no-
      	  relationship with legecy address delegations and the RIRs
      	  so the RIRs removing the delegation will lead to undesireable
      	  results. summary, RIR terms of service don;t apply to all
      	) RIRs don;t route. ISPs do. "Terminated" IP ranges don't make
      	  sense here.
      % >5. All large networks and Dial-ups should have some type of security
      % >system or team that regulate the network to some level or extent.
      % >Whether it's a few people, a team of people or some type of software.
      % >Most do but not all.
      	define large.  and are the RIRs going to cover the costs 
      	for address delegates to set up such teams? And if there
      	are such teams/systems deployed, what are the liability
      % >6. All Network administrators responsible for reviewing network abuse
      % >reports sent about their end users, accused of malicious activity
      % >should be judge on the level of severity by the reported service used,
      % >not the number of access attempts to a network or end user. I say this
      % >because I have time and time again got replies back from networks
      % >stating, it was only one or two access attempts, we will warn them,
      % >regardless of what service they used to try to access, and then that
      % >same individual is right back at you. A Sub7 Trojan Horse is not a
      % >friendly thing, nor is it a mistake etc. I believe that the service
      % >greatly shows their intent, if your venerable it only takes one try
      % >regardless of service. If you break down someone's door on their home,
      % >it only takes once, the police don't tell the home owner, well he only
      % >broke your door down once, we will warn him, let us know if he breaks
      % >your door down again.
      	This argument presumes a fairly simplistic model of 
      	Internet infrastructure which, while it may be made to
      	fit 80% of commodity Internet service, is not workable
      	in its current form for significant portions of Internet
      	infrastructure.  There is also the presumption of a 
      	common legal structure that is presumed.  Last I checked
      	ISPs are not responsible for the applications their users
      % >7. There should be some type of database that all IPS's / Dial-Ups use
      % >and could reference to check new users real names to determine whether
      % >new subscribers have a past history of network abuse and hacking. This
      % >database could be managed and updated, all ISP would add new names of
      % >users that we're found to be guilty of or had had their account
      % >terminated due to network abuse complaints etc. The dial-up provider
      % >could at that time at least be alerted to a possible situation. This
      % >would also make it difficult for hackers to jump from ISP to ISP.
      	This one is so fraught with legal hairballs that it
      	is almost funny. If you are in the US, can you say
      	RICO... sure you can.  In europe, I think EC privacy
      	laws may impact any attempt to pull this off.  Asia/Africa
      	and South American countries have their own legal codes
      	as well.  
      % _______________________________________________
      % apops mailing list
      % apops at apops dot net
      Opinions expressed may not even be mine by the time you read them, and
      certainly don't reflect those of any other entity (legal or otherwise).