Security Intelligence [Was: Re: Netblock reassigned from Chile to US ISP...]

Paul Ferguson fergdawgster at
Sat Dec 13 08:44:32 UTC 2008

Hash: SHA1

Not in the habit of responding to my e-mail, but...

On Sat, Dec 13, 2008 at 12:29 AM, Paul Ferguson <fergdawgster at>

> On Sat, Dec 13, 2008 at 12:22 AM, James Hess <mysidia at> wrote:
>> An in-depth strategy with hundreds or thousands of factors  examined
>> results in a smaller
>> (but still present) possibility of the filter/detector being fooled.
>> IP-based methods can be combined with the other stronger analysis of
>> transaction details and other info that can be gathered about a
>> submitter  for detection of attempted abuse.
> Personally, I don;t NANOG is the proper forum for this discussion.
> There are other forums, however, which do follow these issues -- some
> public, some private.
> If folks think that people are not "doing" massive correlation of
> criminal activity on the Internet, they would be mistaken.

The point I am trying to make here is that ISPs should much more engaged in
this entire process.

In the not-so-distant past, I have tried to engage the ISP community (via
NANOG, at NANOG meetings) to get involved in the fight against cyber crime,
with lackluster response -- unfortunately.

If this problem is ever going to get reduced to a manageable level, ISPs
must play a critical role -- one which they have not been willing
participants to this day. ISPs have been (one of) the missing links here.

Of course, there are very responsible ISPs out there who handle these issue
when they are brought to their attention, and they deserve kudos -- but
unfortunately, they are are in the minority.

This community should be asking itself why that is... and figuring out way
to deal with it responsibly.


- - ferg

Version: PGP Desktop 9.6.3 (Build 3017)


"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 ferg's tech blog:

More information about the NANOG mailing list