nanog mailing list archives

Re: Nato warns of strike against cyber attackers


From: Owen DeLong <owen () delong com>
Date: Wed, 9 Jun 2010 13:56:40 -0700


On Jun 9, 2010, at 8:26 AM, Brielle Bruns wrote:

On 6/9/10 6:27 AM, Jorge Amodio wrote:
Going back then to a previous question, do we want more/any regulation ?

Laws and regulation exist because people can't behave civilly and be expected to respect the 
rights/boundries/property others.

CAN-SPAM exists because the e-mail marketing business refused to self regulate and respect the wishes of 
consumers/administrators

Which is good, because it certainly eliminated most of the SPAM. -- NOT!

FDCPA exists because the debt collectors couldn't resist the temptation to harass and intimidate consumers, and 
behave ethically.

And of course, it has caused them all to do so, now, right? -- NOT!



It's just a matter of time, and really unavoidable.  The thing is, these industries have no one to blame but 
themselves.  In all cases, these laws/regulation only came into affect AFTER situations got out of control.

Software has been out of control for a long time and I hope that the gov't will start by ruling the "not responsible 
for our negligence or the damage it causes" clauses of software licenses invalid. That would actually be a major 
positive step because it would allow consumers to sue software manufacturers for their defects and the damages they 
cause leading to a radical change in the nature of how software developers approach responsibility for quality in their 
products. Right now, most consumer operating systems are "unsafe at any speed".

Lately, the courts have been ruling that companies like LimeWire are responsible for their products being used for 
piracy/downloading because they knew what was going on, but were turning a blind eye.

This is a positive step, IMHO, but, now companies like Apple and Micr0$0ft need to be held to similar standards.

Why not apply the same standards to ISPs?  If it can be shown that you had knowledge of specific abuse coming from 
your network, but for whatever reason, opted to ignore it and turn a blind eye, then you are responsible.

I agree.

When I see abuse from my network or am made aware of it, I isolate and drop on my edge the IPs in question, then 
investigate and respond.  Most times, it takes me maybe 10-15 minutes to track down the user responsible, shut off 
their server or host, then terminate their stupid self.

Yep.

A little bit of effort goes a long way.  But, if you refuse to put in the effort (I'm looking at you, GoDaddy Abuse 
Desk), then of course the problems won't go away.

Agreed.

Owen



Current thread: