<div dir="ltr"><div dir="ltr">isn't i the case that 35415 peers with 174/3356/2914 directly and shouldn't you just be asking those folk: "Hey, err... are you getting these complaints? do you care about the harm?"</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Mon, Mar 18, 2019 at 12:37 AM Eric Kuhnke <<a href="mailto:eric.kuhnke@gmail.com">eric.kuhnke@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div>Looking at the AS adjacencies for Webzilla, what would prevent them from disconnecting all of their US/Western Euro based peers and transits, and remaining online behind a mixed selection of the largest Russian ASes? I do not think that any amount of well-researched papers and appeals to ethical ISPs on the NANOG mailing list will bring down those relationships.<br></div><div><br></div><div>The likelihood of the Russian domestic legal system implementing US/Western European court orders against bulletproof hosting companies is quite low.</div><div><br></div><div><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Sat, Mar 16, 2019 at 1:53 PM Ronald F. Guilmette <<a href="mailto:rfg@tristatelogic.com" target="_blank">rfg@tristatelogic.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><br>
[[ My apologies to thos eof you who may see this twice. I have posted the<br>
message below also to the RIPE Anti-Abuse Working Group mailing list,<br>
so any of you who are on that list also will see this twice. But I<br>
believe that it is relevant here also. ]]<br>
<br>
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++<br>
<br>
Perhaps some folks here might be interested to read these two reports,<br>
the first of which is a fresh news report published just a couple of<br>
days ago, and the other one is a far more detailed investigative report<br>
that was completed some time ago now.<br>
<br>
<a href="https://www.buzzfeednews.com/article/kenbensinger/dossier-gubarev-russian-hackers-dnc" rel="noreferrer" target="_blank">https://www.buzzfeednews.com/article/kenbensinger/dossier-gubarev-russian-hackers-dnc</a><br>
<br>
<a href="https://www.documentcloud.org/documents/5770258-Fti.html" rel="noreferrer" target="_blank">https://www.documentcloud.org/documents/5770258-Fti.html</a><br>
<br>
Please share these links widely.<br>
<br>
The detailed technical report makes it quite abundantly clear that<br>
Webzilla, and all of its various tentacles... many of which even I didn't<br>
know about until seeing this report... most probably qualifies as, and<br>
has qualified as a "bullet proof hosting" operation for some considerable<br>
time now. As the report notes, the company has received over 400,000<br>
complaints or reports of bad behavior, and it is not clear to me, from<br>
reading the report, if anyone at the company even bothered to read any<br>
more than a small handful of those.<br>
<br>
I have two comments about this.<br>
<br>
First, I am inclined to wonder aloud why anyone is even still peering<br>
with any of the several ASNs mentioned in the report. To me, the mere<br>
fact that any of these ASNs still have connectivity represents a clear<br>
and self-evident failure of "self policing" in and among the networks<br>
that comprise the Internet.<br>
<br>
Second, its has already been a well know fact, both to me and to many<br>
others, for some years now, that Webzilla is by no means alone in the<br>
category commonly refered to as "bullet proof hosters". This fact<br>
itself raises some obvious questions.<br>
<br>
It is clear and apparent, not only from the report linked to above, but<br>
from the continuous and years-long existance of -many- "bullet proof<br>
hosters" on the Internet that there is no shortage of a market for the<br>
services of such hosting companies. The demand for "bullet proof"<br>
services is clearly there, and it is not likely to go away any time<br>
soon. In addition to the criminal element, there are also various<br>
mischevious governments, or their agents, that will always be more<br>
than happy to pay premium prices for no-questions-asked connectivity.<br>
<br>
So the question naturally arises: Other than de-peering by other networks,<br>
are there any other steps that can be taken to disincentivize networks<br>
from participating in this "bullet proof" market and/or to incentivize<br>
them to give a damn about their received network abuse complaints?<br>
<br>
I have no answers for this question myself, but I felt that it was about<br>
time that someone at least posed the question.<br>
<br>
The industry generally, and especially in the RIPE region, has a clear<br>
and evident problem that traditional "self policing" is not solving.<br>
Worse yet, it is not even discussed much, and that is allowing it to<br>
fester and worsen, over time.<br>
<br>
It would be Good if there was some actual leadership on this issue, at<br>
least from -some- quarter. So far I have not noticed any such worth<br>
mentioning. And even looking out towards the future horizon, I don't<br>
see any arriving any time soon.<br>
<br>
<br>
Regards,<br>
rfg<br>
</blockquote></div>
</blockquote></div>