North American Network Operators Group
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: BGP list of phishing sites?

  • From: Iljitsch van Beijnum
  • Date: Mon Jun 28 18:26:58 2004 
On 28-jun-04, at 18:47, Paul Vixie wrote:


the root cause of network abuse is humans and human behaviour, not
hardware or software or corporations or corporate behaviour.  if most
people weren't sheep-like, they would pay some attention to the results
of their actions and inactions.
It's easy to blame the user, and usually they deserve it, even if they're innocent this time they're guilty of something else. But if software is created in such a way that regular users manage to screw up consistently, maybe the software can be improved rather than the user chastised?

actions like buying something from a
spammer or clicking the "unsubscribe me" button in spam mail,
The problem is that a few in a thousand that do this ruin things for the rest. In anything involving humans it's useless to expect the right thing to happen 100% of the time.

or running microsoft outlook.

Can't argue with you there.
inactions like leaving their cable/DSL pee cee up 24x7 and never wondering why the activity light on their modem flickers constantly.
:-) My cable modem activity light starts blinking as soon as there is a link and never stops. A /20 can generate a significant amount of ARP traffic during the best of times...

if you want people to notice the results of their actions and inactions, then they have to be brought into the equation.
Ah, you are a BOFH follower. Unfortunately, rudeness rarely results in enlightenment.

Still, anti-spam blacklists are pretty much universally applied inside
SMTP implementations these days. So if 3828747.dhcp.bigcable.com is
blacklisted because it sources spam, people subscribing to the
blacklist will no longer receive spam from that host, but the host is
still capable of interacting with the net in general and the blacklist
users in particular over a host of other protocols.



i'm trying to figure out why you think it's in your best interest to

limit the impact of your defensive activities, or to limit the impact
of

sheep-like behaviour on the sheep-like humans who own these infected

hosts.



That's not what I'm worried about. If people do the wrong thing, by all
means let them suffer the consequences so they may think twice about
doing it again. What worries me is the potential for hurting innocent
bystanders, or even active subversion of these mechanisms. I mean, what
better way to DoS someone than have them put on a blacklist?




i think "decide for themselves" is the right meme.



Good!




but where we differ is on the questions of ownership and

responsibility. every network has to take responsibility for the

traffic is spews, and cannot just say "take it up with my customer"

since they're getting paid to make the spew possible. and every
network

has to be able to say "this shall not pass!" concerning traffic that

does not match their "AUP", and the only recourse their customers can

have is to sign up with a different network.



I think the one true way is to be found somewhere between the extremes
of controlling every little thing a customer does and not doing
anything. But the real issue is that this is even necessary. The
biggest problem we have with IP is that it doesn't provide for a way
for a receiver to avoid having to receiving unwanted packets. It would
be extremely useful if we could fix that.