Dutch ISPs to collaborate and take responsibility for bottedclients
owen at delong.com
Mon Oct 5 22:55:02 UTC 2009
On Oct 5, 2009, at 11:23 AM, Barry Shein wrote:
> Perhaps someone has said this but a potential implementation problem
> in the US are anti-trust regulations. Sure, they may come around to
> seeing it your way since the intent is so good but then again "we all
> decided to get together and blacklist customers who..." is not a great
> elevator pitch to an attorney-general no matter how good the intent.
That's not what is being discussed from my understanding.
From my understanding, the intent is to share names of known
abusers and data necessary to help in tracking DDOS.
I don't believe that any ISP is expected to necessarily take any
particular action determined by the group with respect to the
list of names they are given.
I do think that it is reasonable to have an agreement among
an industry organization or collaboration which states that
ISPs which determine that abuse is being sourced from one of
their customers (either through their own processes or by
notification from another participant) should be expected to
take the necessary steps to mitigate that abuse from exiting
said ISPs autonomous system.
> Obviously there are ways around that (e.g., it's ok to do credit
> checks) but one has to be up-front and get approval.
and terms of service state that you will share certain information
with other operators regarding abuse complaints and (possibly)
abusive activities, you are free to share that information.
Having a coalition rule that says any member must refuse to
service any party on the list would be an anti-trust violation.
Having a list, alone, without any rules about how the list is used,
is not an anti-trust violation.
Just like agreeing ahead of time on the price of gas amongst
multiple competitors is an anti-trust violation, posting the price
of gas at your service stations is not. Modifying your price to
match the price across the street also is not.
> I'm just sayin':
> a) consult with legal counsel before doing anything in "collusion"
> with competitors.
> b) this is probably not for smaller ISPs until the legal way is
> cleared by those with plenty of money for lawyering and lobbying.
I'm not so sure that is true, but, they should seek good legal counsel
about whatever they plan to do regardless of size.
More information about the NANOG