obvious intent (Re: the Intercage mess)

Paul Vixie vixie at isc.org
Thu Sep 25 00:47:32 CDT 2008

nenolod at systeminplace.net (William Pitcock) writes:

> ... forcing them offline now that they are taking a new approach to
> handling abuse is ridiculous. ...

renaming, renumbering, and rehoming the darkest parts of their empire is
not a new approach to handling abuse, it's the most common thing that gray
networks do when faced with disconnection, because it's the thing that
looks most like protective colouration for them and it's the thing that
looks most like plausible deniability for their (new?) providers.

so, now begins the search for the line that mustn't be crossed.  if they
have N spamming customer or M "captured" machines running C&C and they
disconnect such customers after P warnings or Q days, then will the
community still rise up in arms and if so will that still be enough
negativity to cause their (new?) provider to lose connectivity?  if not,
then what about P-1 or Q+1 or M*2 or N/2?

discovering the process by which N, M, P, and Q are discovered, will be
even uglier than everything we've seen on this topic to date.  i advise
those interested in the truth about a network's long term reputation to get
their information from friends and professionals in the security business,
or even google, but not nanog.

or just refuse to suspend disbelief, and ask why someone's apparently new
approach to handling abuse, the "turning over a new leaf", happened so many
years into the game.  what was their obvious intent, if not monetizing the
uncertainty and inertia of the networks whose connectivity they depend on?
Paul Vixie

More information about the NANOG mailing list