Webzilla
Max Tulyev
maxtul at netassist.ua
Sun Mar 17 18:41:08 UTC 2019
It's quite conveniently to have all botnets C&C in several known ASNs.
More pain if it will be spread through thousands regular residential
customers, like when use fast(double)flux or peertopeer technologies ;)
Joke.
Really, there were a lot of cases all upstreams had disconnected some
ASN for that type of activity. So it really works.
16.03.19 22:51, Ronald F. Guilmette пише:
> [[ My apologies to thos eof you who may see this twice. I have posted the
> message below also to the RIPE Anti-Abuse Working Group mailing list,
> so any of you who are on that list also will see this twice. But I
> believe that it is relevant here also. ]]
>
> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
>
> Perhaps some folks here might be interested to read these two reports,
> the first of which is a fresh news report published just a couple of
> days ago, and the other one is a far more detailed investigative report
> that was completed some time ago now.
>
> https://www.buzzfeednews.com/article/kenbensinger/dossier-gubarev-russian-hackers-dnc
>
> https://www.documentcloud.org/documents/5770258-Fti.html
>
> Please share these links widely.
>
> The detailed technical report makes it quite abundantly clear that
> Webzilla, and all of its various tentacles... many of which even I didn't
> know about until seeing this report... most probably qualifies as, and
> has qualified as a "bullet proof hosting" operation for some considerable
> time now. As the report notes, the company has received over 400,000
> complaints or reports of bad behavior, and it is not clear to me, from
> reading the report, if anyone at the company even bothered to read any
> more than a small handful of those.
>
> I have two comments about this.
>
> First, I am inclined to wonder aloud why anyone is even still peering
> with any of the several ASNs mentioned in the report. To me, the mere
> fact that any of these ASNs still have connectivity represents a clear
> and self-evident failure of "self policing" in and among the networks
> that comprise the Internet.
>
> Second, its has already been a well know fact, both to me and to many
> others, for some years now, that Webzilla is by no means alone in the
> category commonly refered to as "bullet proof hosters". This fact
> itself raises some obvious questions.
>
> It is clear and apparent, not only from the report linked to above, but
> from the continuous and years-long existance of -many- "bullet proof
> hosters" on the Internet that there is no shortage of a market for the
> services of such hosting companies. The demand for "bullet proof"
> services is clearly there, and it is not likely to go away any time
> soon. In addition to the criminal element, there are also various
> mischevious governments, or their agents, that will always be more
> than happy to pay premium prices for no-questions-asked connectivity.
>
> So the question naturally arises: Other than de-peering by other networks,
> are there any other steps that can be taken to disincentivize networks
> from participating in this "bullet proof" market and/or to incentivize
> them to give a damn about their received network abuse complaints?
>
> I have no answers for this question myself, but I felt that it was about
> time that someone at least posed the question.
>
> The industry generally, and especially in the RIPE region, has a clear
> and evident problem that traditional "self policing" is not solving.
> Worse yet, it is not even discussed much, and that is allowing it to
> fester and worsen, over time.
>
> It would be Good if there was some actual leadership on this issue, at
> least from -some- quarter. So far I have not noticed any such worth
> mentioning. And even looking out towards the future horizon, I don't
> see any arriving any time soon.
>
>
> Regards,
> rfg
>
More information about the NANOG
mailing list