[72445] in North American Network Operators' Group
Re: Spyware becomes increasingly malicious
daemon@ATHENA.MIT.EDU (Christopher Woodfield)
Mon Jul 12 14:23:40 2004
In-Reply-To: <BD184401.2808%dgolding@burtongroup.com>
Cc: Paul Vixie <vixie@vix.com>, <nanog@merit.edu>,
Michel Py <michel@arneill-py.sacramento.ca.us>
From: Christopher Woodfield <rekoil@semihuman.com>
Date: Mon, 12 Jul 2004 14:20:33 -0400
To: Daniel Golding <dgolding@burtongroup.com>
Errors-To: owner-nanog-outgoing@merit.edu
--Apple-Mail-2--319916569
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=US-ASCII; format=flowed
I think depeering is a bit over the top for this situation, but I
wouldn't blink at nullrouting the prefix in question at my cores... :)
I guess the big question is, is there anyone (other than those
profiting directly from CWS) that would complain if a provider were to
do such a thing...
-C
On Jul 12, 2004, at 1:34 PM, Daniel Golding wrote:
>
> On 7/12/04 12:33 PM, "Michel Py" <michel@arneill-py.sacramento.ca.us>
> wrote:
>
>>
>>> Paul Vixie wrote:
>>> or, to put it in terms you can all understand:
>>> "why does that provider's upstream still have bgp peers?"
>>
>> Maybe said upstream does not want to deal with TROs and legal issues?
>> CWS is not illegal as of today.
>
>
> CWS isn't illegal. On the other hand, there is no legal exposure from
> depeering providers who take on these customers. TRO's and such would
> only
> come into effect if the provider's peers failed to observe the
> contractually
> obligated notice period (30-60 days, normally).
>
> Some peering contracts specify that behaviors that endanger a network
> or its
> users allow for immediate disconnection. Its a bit of a stretch to
> invoke
> this for a spyware site.
>
> Depeering has been threatened as an anti-spam measure - it is
> reasonable
> effective. This hasn't been extended to spyware, as it doesn't get the
> same
> level of press.
>
> If you contact a provider who is hosting malware, and they refuse to
> remove
> it or disconnect the hoster, you could always try contacting their
> peers and
> cc:ing the offending provider. End-user networks (DSL, Cable,
> dial-up), are
> particularly sensitive to software that might harm their users.
>
>>
>>> if you give people the means to hurt you, and they do it,
>>> and you take no action except to continue giving them the
>>> means to hurt you, and they take no action except to keep
>>> hurting you, then one of the ways you can describe the
>>> situation is "it isn't scaling well."
>>
>> Could not agree more.
>>
>> Michel.
>>
>
> --
> Daniel Golding
> Network and Telecommunications Strategies
> Burton Group
>
>
--Apple-Mail-2--319916569
content-type: application/pgp-signature; x-mac-type=70674453;
name=PGP.sig
content-description: This is a digitally signed message part
content-disposition: inline; filename=PGP.sig
content-transfer-encoding: 7bit
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (Darwin)
iD8DBQFA8tZ3qP/YiunDNcERAjCvAKCce4xca0j1PUqJrCm0T2GqrHiVaQCfZsAP
wyvWNaEfjr4lkqfUlxWe5No=
=1jfc
-----END PGP SIGNATURE-----
--Apple-Mail-2--319916569--