[100021] in North American Network Operators' Group
Re: How to Handle ISPs Who Turn a Blind Eye to Criminal Activity?
daemon@ATHENA.MIT.EDU (Mike Lewinski)
Fri Oct 12 17:48:18 2007
Date: Fri, 12 Oct 2007 15:45:47 -0600
From: Mike Lewinski <mike@rockynet.com>
To: nanog@merit.edu
In-Reply-To: <20071012.142315.459.1@webmail03.vgs.untd.com>
Errors-To: owner-nanog@merit.edu
Paul Ferguson wrote:
> So, back to my original question: If you alert an ISP that "bad and
> possibly criminal" activity is taking place by one of their customer,
> and they do not take corrective action (even after a year), what do
> you do?
In at least one case, where I knew the offender had been booted off his
last provider, I actually stalled disconnecting him for three months
while I tried getting help from law enforcement. I felt we had a better
chance of getting him permanently removed from the Internet by keeping
him around long enough to get court orders to investigate his most
likely illegal actions that were generating abuse reports. I started out
with the feds, went on to the state and finally the local sheriff before
giving up and just cutting him off for lack of any other hope.
But a year is too long. If it were impacting my network, I'd probably
drop their routes (or blackhole the offending hosts anyway).