[190874] in North American Network Operators' Group
Re: Cloudflare, dirty networks and politricks
daemon@ATHENA.MIT.EDU (Hugo Slabbert)
Fri Jul 29 11:38:42 2016
X-Original-To: nanog@nanog.org
Date: Fri, 29 Jul 2016 08:38:38 -0700
From: Hugo Slabbert <hugo@slabnet.com>
To: "J. Oquendo" <joquendo@e-fensive.net>
In-Reply-To: <20160729125009.GA42429@e-fensive.net>
Cc: North American Network Operators' Group <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
--MfFXiAuoTsnnDAfZ
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Fri 2016-Jul-29 07:50:09 -0500, J. Oquendo <joquendo@e-fensive.net> wrot=
e:
>On Fri, 29 Jul 2016, Rich Kulawiec wrote:
>
>> On Thu, Jul 28, 2016 at 11:30:12PM +0000, Donn Lasher via NANOG wrote:
>> > If we want to be accurate about it, Cloudflare doesn???t host the DDoS,
>> > they protect the website of seller of the product. We shouldn???t be
>> > de-peering Cloud Flare over sites they protect any more than we would
>> > de-peer GoDaddy over sites they host, some of which, no doubt, sell
>> > gray/black market/illegal items/services.
>>
>> The only way to make action against them effective is to do it broadly,
>> do it swiftly, and do it permanently.
>>
>
>In my ramblings on "Why network operators love filth", I
>associate a landlord that knowingly allows his/her tenant
>to sell drugs. In America, your house is gone. This should
>be the case on the Internet as well. Keep sending out crap
>and ARIN should yank your IP space after everyone else
>has de-peered you.
>
>So let's get to these horrible analogies of "weapons" and
>whether or not CloudFlare is solely the gun manufacturer
>and is not responsible whether or not their ARCLOUD rifle
>was used to shoot up a school killing children.
>
>Analogy: Hotel Cloud is a pretty big hotel in the city.
>They have 5,000 rooms. When you walk by, their tenants
>are throwing rocks out of the windows, garbage, etc.
>People complain to the hotel management that does nothing
>about it. Hotel Cloud's response is: 'Well this is really
>not our problem, we only rent a room, what the occupant
>does...' --- And this makes sense to how many of you who'd
>respond: "Well I don't know about you but I want to walk
>around freely" Freely? At some point in time, you WILL
>walk by this hotel, or another that WILL become just like
>it. Why? Because there will be no one to say: "Hey this
>is wrong buck stops here..."
>
>I have seen these discussions on this list for so many
>years, and there are those that want to do good, but won't
>lift a finger out of fear of the herd/praetorian guard.
>Anyone saying it cannot be done, is a coward bowing to
>the dollar (euro/yen/whatever). The analogy above is spot
>on...
This may seem pedantic, but no it's not, at least not in the Cloudflare=20
situation. In the Hotel Cloudflare example, the miscreants don't hurl the=
=20
rocks and filth out of the hotels' windows. They set up a storefront/shop=
=20
in the hotel to sell rock- and filth-slinging for hire, with the actual=20
rock- and filth-flinging being done elsewhere.
That said:
I don't believe the hotel can turn a blind eye to rock- and filth-slinging=
=20
being peddled from their premises without consequence. If we caught=20
someone running a booter web storefront on our net, they'd be gone. And=20
the premises from which rock- and filth-slinging occurs (networks that=20
originate garbage traffic, especially those that permit source address=20
spoofing) also need to be held accountable.
Again: not disagreeing that we need to hold people accountable; just=20
clarifying the analogy for this case.
I've cut off service for customer gear that was spewing garbage where they=
=20
failed to do anything about it. We generally give an initial grace period=
=20
and assist the customer however we can in getting their stuff cleaned up=20
(or try to drop just the abusive traffic to start and leave the rest of=20
their feed). But if you keep getting repeatedly compromised, fail to=20
protect your stuff or clean it up, and keep spewing ever more varied=20
garbage, you've proven yourself incapable of running an Internet-facing=20
service and I'll quit trying to play whack-a-mole and just drop you.
And yes:
BCP38: we haz it.
We're not at the scale of the big boys, but we try to do our part to run a=
=20
clean shop.
>...with the only difference being a hotel is physical,
>and on the Interwebs, out of sight out of mind.=20
>This is until one of your relatives' sites gets taken offline by
>some bored moron via DDoS, and there go their sales, there
>goes their business. THEN and only THEN will some of the
>naysayers say: "Shit we could have stopped it."
>
>Do you need law enforcement to be moral? "I can see
>that person is getting pulverized by some drunken idiot
>better not intervene because well... I want to walk
>freely..." That beating can come full circle, where
>beating can be DDoS, a sophisticated attack, malware.
>
>I am so tempted to start a shaming site for networks
>including all of the big boys with detailed records
>showing how abuse was contacted, no one did nothing,
>and oh by the way... "Are you sure you want to host
>or transit with this company? Last I checked via
>logs, they were a filthy network that catered to
>peds, RBN folk, etc" Maybe when some of you guys
>(that sit around twiddling fingers) see your companies
>all over the place, maybe then you'll think about doing
>the right thing.
>
>
>--=20
>=3D+=3D+=3D+=3D+=3D+=3D+=3D+=3D+=3D+=3D+=3D+=3D+=3D+=3D+=3D+=3D+=3D+=3D+=
=3D+=3D+=3D+=3D+=3D+=3D+=3D+=3D+=3D+=3D+=3D+=3D+
>J. Oquendo
>SGFA, SGFE, C|EH, CNDA, CHFI, OSCP, CPT, RWSP, GREM
>
>"Where ignorance is our master, there is no possibility of
>real peace" - Dalai Lama
>
>0B23 595C F07C 6092 8AEB 074B FC83 7AF5 9D8A 4463
>https://pgp.mit.edu/pks/lookup?op=3Dget&search=3D0xFC837AF59D8A4463
--=20
Hugo Slabbert | email, xmpp/jabber: hugo@slabnet.com
pgp key: B178313E | also on Signal
--MfFXiAuoTsnnDAfZ
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iQIcBAEBCgAGBQJXm3h+AAoJEFsnhBAb2KmARx8P/3NxpVxJJYqAgXf/lG0munjO
W5BVlbpDdM6fwyDqfXxkCH9y86NSwMoSwIF4R/DZ0KWQXemvhlqsulIM3eE9BYkU
jpYkJ5vodDhPESBioI2cMm7ACDfryj9VdFUQN52uxmLmQaAyjMl+7cdEvTOzp6wr
pM8RgbSh5zopMiN+CodZKY8H1qkp7bFXedKGVjp9LfaYLF9750lNSVmIewM9BYNN
6DaS7JmRbCg9MXyiphD2dpl/kruDZslxt1r4ZBiLawTSXZJRkSDW0tKJf1jzuXrw
ClNtqAm/KhOuIMp5YuITI86FntBWAkKGYNKnCoP9OQALGHwvyO3w33O5QEQbAKkw
D1MP0F00YouuhyL7k3qP0czRBc/Q8dDjgt/wZotfj4aSJe2IseugujxJb71cO7Bt
nnU1zNHWSKi2orMjI6H3j+jVAmkBsYoHV16YXP9WopMbF3aoF8/n29XzcPie06Yq
UYhBDvDzLYyRy5Hgp4Yw/mGZhqcN9l9FrYhLP76OL2Ajkc07Dp64Hgm+FhjhLwsB
AFaXRpwFZuZ3cgXVUTYWYi6cogNUgSZMVxITqEVFU7CR4ziIIaTRF9wet5lBxIMW
uh1fEYwjWTDcSsOu1CR1R4DKpFLoJCpJjSspqIRtB6dg8uC+qWWzCTEE8r26ft/b
quEbSvG4F8EA06EtPRKB
=odly
-----END PGP SIGNATURE-----
--MfFXiAuoTsnnDAfZ--
