Webzilla

Sun Mar 17 18:41:08 UTC 2019

It's quite conveniently to have all botnets C&C in several known ASNs. 
More pain if it will be spread through thousands regular residential 
customers, like when use fast(double)flux or peertopeer technologies ;) 
Joke.

Really, there were a lot of cases all upstreams had disconnected some 
ASN for that type of activity. So it really works.

16.03.19 22:51, Ronald F. Guilmette пише:
> [[ My apologies to thos eof you who may see this twice.  I have posted the
>     message below also to the RIPE Anti-Abuse Working Group mailing list,
>     so any of you who are on that list also will see this twice.  But I
>     believe that it is relevant here also. ]]
> 
> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
> 
> Perhaps some folks here might be interested to read these two reports,
> the first of which is a fresh news report published just a couple of
> days ago, and the other one is a far more detailed investigative report
> that was completed some time ago now.
> 
> https://www.buzzfeednews.com/article/kenbensinger/dossier-gubarev-russian-hackers-dnc
> 
> https://www.documentcloud.org/documents/5770258-Fti.html
> 
> Please share these links widely.
> 
> The detailed technical report makes it quite abundantly clear that
> Webzilla, and all of its various tentacles... many of which even I didn't
> know about until seeing this report... most probably qualifies as, and
> has qualified as a "bullet proof hosting" operation for some considerable
> time now.  As the report notes, the company has received over 400,000
> complaints or reports of bad behavior, and it is not clear to me, from
> reading the report, if anyone at the company even bothered to read any
> more than a small handful of those.
> 
> I have two comments about this.
> 
> First, I am inclined to wonder aloud why anyone is even still peering
> with any of the several ASNs mentioned in the report.  To me, the mere
> fact that any of these ASNs still have connectivity represents a clear
> and self-evident failure of "self policing" in and among the networks
> that comprise the Internet.
> 
> Second, its has already been a well know fact, both to me and to many
> others, for some years now, that Webzilla is by no means alone in the
> category commonly refered to as "bullet proof hosters".  This fact
> itself raises some obvious questions.
> 
> It is clear and apparent, not only from the report linked to above, but
> from the continuous and years-long existance of -many- "bullet proof
> hosters" on the Internet that there is no shortage of a market for the
> services of such hosting companies.  The demand for "bullet proof"
> services is clearly there, and it is not likely to go away any time
> soon.  In addition to the criminal element, there are also various
> mischevious governments, or their agents, that will always be more
> than happy to pay premium prices for no-questions-asked connectivity.
> 
> So the question naturally arises:  Other than de-peering by other networks,
> are there any other steps that can be taken to disincentivize networks
> from participating in this "bullet proof" market and/or to incentivize
> them to give a damn about their received network abuse complaints?
> 
> I have no answers for this question myself, but I felt that it was about
> time that someone at least posed the question.
> 
> The industry generally, and especially in the RIPE region, has a clear
> and evident problem that traditional "self policing" is not solving.
> Worse yet, it is not even discussed much, and that is allowing it to
> fester and worsen, over time.
> 
> It would be Good if there was some actual leadership on this issue, at
> least from -some- quarter.  So far I have not noticed any such worth
> mentioning.  And even looking out towards the future horizon, I don't
> see any arriving any time soon.
> 
> 
> Regards,
> rfg
> 