One hundred-and-fifty years ago, most countries had a postal service that enabled citizens to send and receive five or six messages every day. If you wanted to have afternoon tea with a friend, you could place the request into an envelope, drop the envelope into a mailbox by 10am, and have confirmation in time to dress for the occasion.
Today, we do the same with a variety of synchronous (phone, video) or asynchronous (text, email, etc.) technologies. The outcome has changed little – though, it is more likely to be coffee instead of tea.
With the vastly increased complexity of our new communication technologies – exacerbated by our loss of community oversight to private interests with only profit and corporate benefits in mind – there has been an equal increase in the number of access points for the transmitted information. And where there is such access, someone will seek to use it to personal advantage. “Community oversight” is now considered too naive a concept, so we have rules. As each rule is circumvented a new book of rules is required. The volumes of rules now requires armies of people in each country – bureaucrats and lawyers – to adversarially determine which “t” needs to be crossed and at what profit to whom.
We still know that we need some way to communicate with friends and family regarding the afternoon tea, so, holding our nose, we still use the services of the private, for-profit organizations to perform the human necessity of maintaining contact.
The unfortunate result is that humanity has created a virtually autonomous monster called “the internet”. And we really have no idea how to moderate the monster’s negative effects.
In fact, unknown to all but a tiny number of users of the internet, there are dedicated people working mostly as unpaid volunteers who struggle to deal with this monster. One such group is the European “RIPE”, described in Wikipedia: “RIPE is not a legal entity and has no formal membership. This means that anybody who is interested in the work of RIPE can participate through mailing lists and by attending meetings.”
Here is a fascinating peek into that mysterious world:
Posted by anti-abuse-wg ; on behalf of; Ronald F. G******* :
Perhaps some folks here might be interested to read these two reports, the first of which is a fresh news report published just a couple of days ago, and the other one is a far more detailed investigative report that was completed some time ago now.
Dossier Gubarev – Russian hackers
Please share these links widely.
The detailed technical report makes it quite abundantly clear that Webzilla, and all of its various tentacles… many of which even I didn’t know about until seeing this report… most probably qualifies as, and has qualified as a “bullet proof hosting” operation for some considerable time now. As the report notes, the company has received over 400,000 complaints or reports of bad behavior, and it is not clear to me, from reading the report, if anyone at the company even bothered to read any more than a small handful of those.
I have two comments about this.
First, I am inclined to wonder aloud why anyone is even still peering with any of the several ASNs mentioned in the report. To me, the mere fact that any of these ASNs still have connectivity represents a clear and self-evident failure of “self policing” in and among the networks that comprise the Internet.
Second, its has already been a well know fact, both to me and to many others, for some years now, that Webzilla is by no means alone in the category commonly referred to as “bullet proof hosters”. This fact itself raises some obvious questions.
It is clear and apparent, not only from the report linked to above, but from the continuous and years-long existence of -many- “bullet proof hosters” on the Internet that there is no shortage of a market for the services of such hosting companies. The demand for “bullet proof”
services is clearly there, and it is not likely to go away any time soon. In addition to the criminal element, there are also various mischevious governments, or their agents, that will always be more that happy to pay premium prices for no-questions-asked connectivity.
So the question naturally arises: Other than de-peering by other networks, are there any other steps that can be taken to disincentivize networks from participating in this “bullet proof” market and/or to incentivize them to give a damn about their received network abuse complaints?
I have no answers for this question myself, but I felt that it was about time that someone at least posed the question.
The industry generally, and especially in the RIPE region, has a clear and evident problem that traditional “self policing” is not solving.
Worse yet, it is not even discussed much, and that is allowing it to fester and worsen, over time.
It would be Good if there was some actual leadership on this issue, at least from -some- quarter. So far I have not noticed any such worth commenting about, and even looking out towards the future horizon, I don’t see any arriving any time soon.