[100053] in North American Network Operators' Group
Re: How to Handle ISPs Who Turn a Blind Eye to Criminal Activity?
daemon@ATHENA.MIT.EDU (JP Velders)
Sun Oct 14 10:51:41 2007
Date: Sun, 14 Oct 2007 16:46:10 +0200 (CEST)
From: JP Velders <jpv@veldersjes.net>
To: Paul Ferguson <fergdawg@netzero.net>
cc: nanog@merit.edu
In-Reply-To: <20071012.142315.459.1@webmail03.vgs.untd.com>
Errors-To: owner-nanog@merit.edu
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
> Date: Fri, 12 Oct 2007 21:23:15 GMT
> From: Paul Ferguson <fergdawg@netzero.net>
> Subject: Re: How to Handle ISPs Who Turn a Blind Eye to Criminal Activity?
> [ ... ]
> Sometimes I think to myself that "...ISPs have Terms of Service and
> Acceptable Use Policies, so they have the scope and tools they need
> to boot a 'customer" who break the rules."
> But all too often, it would appear, the potential loss of revenue
> seems to win out over enforcing those policies.
This is something most CSIRTs/CERTs/Abuse/Security people run into. At
some point they will have an issue with an entity they're providing
service to that management will veto. In most cases having a good chat
with management about it, before they're sweet-talked too much by the
other side helps getting your point across, or - in business terms -
makes it managements responsability. I've seen various scenarios
played out like that, and others where the "license to disconnect" was
squarely backed by management.
> And as you say, if the ISP boots them, they just set up shop elsewhere.
Although I try to educate, this is a matter of life on the Internet.
> So, back to my original question: If you alert an ISP that "bad and
> possibly criminal" activity is taking place by one of their customer,
> and they do not take corrective action (even after a year), what do
> you do?
Well, depends on the level of information and your contacts in the
operational / security field. Being a member of an NREN CSIRT I can
either directly or indirectly participate in local, regional and
worldwide bodies where people "like us" come together. How that plays
out, or how you *want* that to play out, is something you cannot
predict. But sometimes other people will have advise about whom to
contact within Law Enforcement, other people will chime in, other
people have direct contact with clueful people etc.
But first and foremost; you try to protect my constituents.
(through technical, legal, procedural etc. means)
Kind regards,
JP Velders
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
iD8DBQFHEiu0IHoRBHmf0YQRAnI/AKCQ2ZXCrWqXhNRFPWyW7XLjzbrn/gCfaXYY
Ae24xpME0Q+hjU5tRRfie8g=
=5JJH
-----END PGP SIGNATURE-----