ISP Responsibilities [WAS: Re: Nato warns of strike against cyber attackers]
rsk at gsp.org
Wed Jun 9 10:09:34 UTC 2010
On Tue, Jun 08, 2010 at 11:14:10PM -0700, Paul Ferguson wrote:
> 1. Should ISPs be responsible for abuse from within their customer base?
Yes -- if they wish to be considered at least minimally professional.
The principle is "if it comes from your host/network on your watch, it's
your abuse". Given that many common forms of abuse are easily identified,
and in many cases, easily prevented with cursory due diligence upfront,
there's really no excuse for what we see on a regular basis. Abusers have
learned that they don't have to make the slightest effort at concealment
or subtlety; even the most egregious and obvious instances can operate
with impunity for extended periods of time. 
As I've often said, spam (to pick one form out of abuse) does not just
magically fall out of the sky. If I can see it arriving on one of my
networks, then surely someone else can see it leaving theirs...if only
they bother to look. And of course in many cases they need not even
do that, because others have already done it for them and generously
published the results or furnished them to the RFC2142-designated contact
address for abuse issues.
 One would think, for example, that many ISPs and web hosts would
have learned by now that when a new customer fills a /24 with nonsensically
named domains or with sequentially numbered domains that the spam will
start any minute now. But fresh evidence arrives every day suggesting
that this is still well beyond their capabilities.
More information about the NANOG