Webzilla

Christopher Morrow morrowc.lists at gmail.com
Mon Mar 18 08:50:12 UTC 2019


isn't i the case that 35415 peers with 174/3356/2914 directly and shouldn't
you just be asking those folk: "Hey, err... are you getting these
complaints? do you care about the harm?"

On Mon, Mar 18, 2019 at 12:37 AM Eric Kuhnke <eric.kuhnke at gmail.com> wrote:

> Looking at the AS adjacencies for Webzilla, what would prevent them from
> disconnecting all of their US/Western Euro based peers and transits, and
> remaining online behind a mixed selection of the largest Russian ASes? I do
> not think that any amount of well-researched papers and appeals to ethical
> ISPs on the NANOG mailing list will bring down those relationships.
>
> The likelihood of the Russian domestic legal system implementing
> US/Western European court orders against bulletproof hosting companies is
> quite low.
>
>
>
> On Sat, Mar 16, 2019 at 1:53 PM Ronald F. Guilmette <rfg at tristatelogic.com>
> wrote:
>
>>
>> [[ My apologies to thos eof you who may see this twice.  I have posted the
>>    message below also to the RIPE Anti-Abuse Working Group mailing list,
>>    so any of you who are on that list also will see this twice.  But I
>>    believe that it is relevant here also. ]]
>>
>> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
>>
>> Perhaps some folks here might be interested to read these two reports,
>> the first of which is a fresh news report published just a couple of
>> days ago, and the other one is a far more detailed investigative report
>> that was completed some time ago now.
>>
>>
>> https://www.buzzfeednews.com/article/kenbensinger/dossier-gubarev-russian-hackers-dnc
>>
>> https://www.documentcloud.org/documents/5770258-Fti.html
>>
>> Please share these links widely.
>>
>> The detailed technical report makes it quite abundantly clear that
>> Webzilla, and all of its various tentacles... many of which even I didn't
>> know about until seeing this report... most probably qualifies as, and
>> has qualified as a "bullet proof hosting" operation for some considerable
>> time now.  As the report notes, the company has received over 400,000
>> complaints or reports of bad behavior, and it is not clear to me, from
>> reading the report, if anyone at the company even bothered to read any
>> more than a small handful of those.
>>
>> I have two comments about this.
>>
>> First, I am inclined to wonder aloud why anyone is even still peering
>> with any of the several ASNs mentioned in the report.  To me, the mere
>> fact that any of these ASNs still have connectivity represents a clear
>> and self-evident failure of "self policing" in and among the networks
>> that comprise the Internet.
>>
>> Second, its has already been a well know fact, both to me and to many
>> others, for some years now, that Webzilla is by no means alone in the
>> category commonly refered to as "bullet proof hosters".  This fact
>> itself raises some obvious questions.
>>
>> It is clear and apparent, not only from the report linked to above, but
>> from the continuous and years-long existance of -many- "bullet proof
>> hosters" on the Internet that there is no shortage of a market for the
>> services of such hosting companies.  The demand for "bullet proof"
>> services is clearly there, and it is not likely to go away any time
>> soon.  In addition to the criminal element, there are also various
>> mischevious governments, or their agents, that will always be more
>> than happy to pay premium prices for no-questions-asked connectivity.
>>
>> So the question naturally arises:  Other than de-peering by other
>> networks,
>> are there any other steps that can be taken to disincentivize networks
>> from participating in this "bullet proof" market and/or to incentivize
>> them to give a damn about their received network abuse complaints?
>>
>> I have no answers for this question myself, but I felt that it was about
>> time that someone at least posed the question.
>>
>> The industry generally, and especially in the RIPE region, has a clear
>> and evident problem that traditional "self policing" is not solving.
>> Worse yet, it is not even discussed much, and that is allowing it to
>> fester and worsen, over time.
>>
>> It would be Good if there was some actual leadership on this issue, at
>> least from -some- quarter.  So far I have not noticed any such worth
>> mentioning.  And even looking out towards the future horizon, I don't
>> see any arriving any time soon.
>>
>>
>> Regards,
>> rfg
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20190318/45ffddf1/attachment.html>


More information about the NANOG mailing list