RE: RBL-type BGP service for known rogue networks?

["Richard A. Steenbergen" <ras () e-gerbil net>]

On Sun, 9 Jul 2000, Hal Murray wrote:

> I think all the examples I know about involve network abuse, or at
> least activities that will be considered as network abuse by many
> sensible people.  Maybe the common theme is cost-shifting.  I'm
> including support costs as well as up-front traffic/server costs.
>
> The obvious example is an ISP who wants to take spammers as customers,
> or host web servers for spammers.  The next example is an ISP with a
> good looking anti-spam section in their AUP but they take a long time
> to enforce it.  How long should it take to disconnect a flagrant
> spammer?  ...
>
> How about ISPs that tolerate crackers or smurfers?  What about ISPs
> that are just slow or incompetent at backtracking abusive traffic with
> forged headers or setting up filters to drop forged headers from their
> customers?
 
I suspect there isn't anyone on this list who has told someone (or at
least thought about telling someone) "you're too stupid to use the
internet, go away". Stupid people generally don't like being told they are
stupid, and as much as we may not like it, they continue to use the
internet anyways. There is no IQ test given to those who get internet
connections, no licensing, no qualification exam, so we'll pretty much
have to accept that stupid people will find their way into our lives, then
proceed to setup open mail relays, networks with open directed broadcasts,
and RedHat Linux machines. These people may later go on to realize the
errors of their ways, but as long as experienced people keep dieing and
new people keep getting born, people will make mistakes.

Auditing and security your servers and mail relays, having people trained
in tracing spoofed packet streams or catching the crackers, having
equipment capable of DOING it (if this is even possible), and having
sufficient numbers of people necessary to handle the tasks (ever tried
responding to the number of spam complaints a fair sized ISP gets, and
seperating the false claims from the real ones? Its not fun), is NOT a
cheap or easy proposition.

So the question is, how do we want to get "other networks" to provide the
things? Educate them? Motivate them? Threaten them? Sue them? Ignore them?
What do we consider to be an acceptable level of time where we try to be
nice, before we decide that they're not going to respond without being
not-nice? Who makes this decision?

The only way it will be sufficiently "under control" for some people's
tastes will be government regulation forcing people to meet a certain
level of standards in these things. Thats obviously not what we want. But
let me ask this... how many of us who complain about other people's
networks and lack of response when we need help, actually run perfect
networks outselves? Can you honestly say you have every mail relay in your
network accounted for and secured? Can you honestly say you have every one
of your customers RFC2267 filtered so they can't attack others? Can you
honestly say you have training and policies in place for the expiditious
tracing of spoofed packets across your network? Can you honestly say you
look into every spam and abuse complain you receive, correctly seperate
the real incidents from the paranoia, and handle all issues in a timely
fashion? I suspect if your network is of any real size, the answer is NO.
So why don't we all take a little bit of time to go work on these things
in our own networks now, then encourage our customers to do the same.

Just a thought. :P

-- 
Richard A Steenbergen <ras () e-gerbil net>   http://www.e-gerbil.net/humble
PGP Key ID: 0x138EA177  (67 29 D7 BC E8 18 3E DA  B2 46 B3 D8 14 36 FE B6)