Interesting Point of view - Russian police and RIPE accused of aiding RBN
http://www.eweekeurope.co.uk/news/russian-police-and-internet-registry-accused-of-aiding-cybercrime-2165 Some quotes from the article - Internet registry RIPE NCC turned a blind eye to cybercrime, and Russian police corruption helped the perpetrators get away with it, according to the UK Serious Organised Crime Agency [...] RIPE was being paid by RBN for that service, for its IP allocation, he said. Essentially what you have - and I make no apologies for saying this is - if you were going to interpret this very harshly RIPE as the IP allocation body was receiving criminal funds and therefore RIPE was involved in money laundering offences, said Auld. [...] All we could get there was a disruption, we weren't able to get a prosecution in Russia, admitted Auld. Our biggest concern is where did RBN go? Our information suggests that RBN is back in business but now pursuing a slightly different business model which is bad news. [...] Where you have got LIRs (Local Internet Registries) set up to run a criminal business- that is criminal actvity being taken by the regional internet registries themselves. So what we are trying to do is work with them to make internet governance a somewhat less permissive environment for criminals and make it more about protecting consumers and individuals, added Auld. RBN looked legitimate, says RIPE NCC In response to the comments that it could be accused of being involved in criminal activity, Paul Rendek, head of external relations and communications at RIPE NCC said that the organisation has very strict guidelines for dealing with LIRs. The RBN was accepted as an LIR based on our checklists, he said. Our checklists include the provision of proof that a prospective LIR has the necessary legal documentation, which proves that a business is bona fide. etc
Re: Interesting Point of view - Russian police and RIPE accused of aiding RBN
Since we're on the subject, here is where RBN went: inetnum: 91.202.60.0 - 91.202.63.255 netname: AKRINO-NET descr: Akrino Inc country: VG org: ORG-AI38-RIPE admin-c: IVM27-RIPE tech-c: IVM27-RIPE status: ASSIGNED PI mnt-by: RIPE-NCC-HM-PI-MNT mnt-by: MNT-AKRINO mnt-lower: RIPE-NCC-HM-PI-MNT mnt-routes: MNT-AKRINO mnt-domains: MNT-AKRINO source: RIPE # Filtered organisation:ORG-AI38-RIPE org-name:Akrino Inc org-type:OTHER address: Akrino Inc. address: P.O.Box 146 Trident Chambers address: Road Town, Tortola address: BVI e-mail: noc.akr...@gmail.com mnt-ref: MNT-AKRINO mnt-by: MNT-AKRINO source: RIPE # Filtered person: Igoren V Murzak address: Akrino Inc address: P.O.Box 146 Trident Chambers address: Road Town, Tortola address: BVI phone: +1 914 5952753 e-mail: noc.akr...@gmail.com nic-hdl: IVM27-RIPE mnt-by: MNT-AKRINO source: RIPE # Filtered % Information related to '91.202.60.0/22AS44571' route: 91.202.60.0/22 descr: AKRINO BLOCK origin: AS44571 mnt-by: MNT-AKRINO source: RIPE # Filtered On Sat, Oct 24, 2009 at 3:00 AM, Suresh Ramasubramanian ops.li...@gmail.com wrote: http://www.eweekeurope.co.uk/news/russian-police-and-internet-registry-accused-of-aiding-cybercrime-2165 Some quotes from the article - Internet registry RIPE NCC turned a blind eye to cybercrime, and Russian police corruption helped the perpetrators get away with it, according to the UK Serious Organised Crime Agency [...] RIPE was being paid by RBN for that service, for its IP allocation, he said. Essentially what you have - and I make no apologies for saying this is - if you were going to interpret this very harshly RIPE as the IP allocation body was receiving criminal funds and therefore RIPE was involved in money laundering offences, said Auld. [...] All we could get there was a disruption, we weren't able to get a prosecution in Russia, admitted Auld. Our biggest concern is where did RBN go? Our information suggests that RBN is back in business but now pursuing a slightly different business model which is bad news. [...] Where you have got LIRs (Local Internet Registries) set up to run a criminal business- that is criminal actvity being taken by the regional internet registries themselves. So what we are trying to do is work with them to make internet governance a somewhat less permissive environment for criminals and make it more about protecting consumers and individuals, added Auld. RBN looked legitimate, says RIPE NCC In response to the comments that it could be accused of being involved in criminal activity, Paul Rendek, head of external relations and communications at RIPE NCC said that the organisation has very strict guidelines for dealing with LIRs. The RBN was accepted as an LIR based on our checklists, he said. Our checklists include the provision of proof that a prospective LIR has the necessary legal documentation, which proves that a business is bona fide. etc -- Jeffrey Lyon, Leadership Team jeffrey.l...@blacklotus.net | http://www.blacklotus.net Black Lotus Communications of The IRC Company, Inc. Platinum sponsor of HostingCon 2010. Come to Austin, TX on July 19 - 21 to find out how to protect your booty.
Re: Interesting Point of view - Russian police and RIPE accused of aiding RBN
Accusing RIPE of complicity is in my opinion abusive. So when a RBN member buys a burger at MacDonald's, should we consider MacDo accepts money from RBN while helping them to run their business as they feed the criminal member?
Re: Interesting Point of view - Russian police and RIPE accused of aiding RBN
Indeed. If they bought fries and a drink that's two counts. Jeff On Sat, Oct 24, 2009 at 3:20 AM, Benjamin Billon bbillon...@splio.fr wrote: Accusing RIPE of complicity is in my opinion abusive. So when a RBN member buys a burger at MacDonald's, should we consider MacDo accepts money from RBN while helping them to run their business as they feed the criminal member? -- Jeffrey Lyon, Leadership Team jeffrey.l...@blacklotus.net | http://www.blacklotus.net Black Lotus Communications of The IRC Company, Inc. Platinum sponsor of HostingCon 2010. Come to Austin, TX on July 19 - 21 to find out how to protect your booty.
Re: Interesting Point of view - Russian police and RIPE accused of aiding RBN
That's what I thought. I still see the author's point =)
Re: Interesting Point of view - Russian police and RIPE accused of aiding RBN
I think the larger point is that ripe turned a blind eye to an internationally recognized criminal network. On Oct 24, 2009 2:01 AM, Suresh Ramasubramanian ops.li...@gmail.com wrote: http://www.eweekeurope.co.uk/news/russian-police-and-internet-registry-accused-of-aiding-cybercrime-2165 Some quotes from the article - Internet registry RIPE NCC turned a blind eye to cybercrime, and Russian police corruption helped the perpetrators get away with it, according to the UK Serious Organised Crime Agency [...] RIPE was being paid by RBN for that service, for its IP allocation, he said. Essentially what you have - and I make no apologies for saying this is - if you were going to interpret this very harshly RIPE as the IP allocation body was receiving criminal funds and therefore RIPE was involved in money laundering offences, said Auld. [...] All we could get there was a disruption, we weren't able to get a prosecution in Russia, admitted Auld. Our biggest concern is where did RBN go? Our information suggests that RBN is back in business but now pursuing a slightly different business model which is bad news. [...] Where you have got LIRs (Local Internet Registries) set up to run a criminal business- that is criminal actvity being taken by the regional internet registries themselves. So what we are trying to do is work with them to make internet governance a somewhat less permissive environment for criminals and make it more about protecting consumers and individuals, added Auld. RBN looked legitimate, says RIPE NCC In response to the comments that it could be accused of being involved in criminal activity, Paul Rendek, head of external relations and communications at RIPE NCC said that the organisation has very strict guidelines for dealing with LIRs. The RBN was accepted as an LIR based on our checklists, he said. Our checklists include the provision of proof that a prospective LIR has the necessary legal documentation, which proves that a business is bona fide. etc
RE: Interesting Point of view - Russian police and RIPE accused of aiding RBN
So considering they're widely regarded as a criminal network hosting the more dodgy/dangerous stuff on the net, surely we could 'protect' our customers by blocking the 91.202.60.0/22 range? Consider that can of worms opened :o) Paul -Original Message- From: Jeffrey Lyon [mailto:jeffrey.l...@blacklotus.net] Sent: 24 October 2009 08:18 To: Suresh Ramasubramanian Cc: nanog@nanog.org Subject: Re: Interesting Point of view - Russian police and RIPE accused of aiding RBN Since we're on the subject, here is where RBN went: inetnum: 91.202.60.0 - 91.202.63.255 netname: AKRINO-NET descr: Akrino Inc country: VG org: ORG-AI38-RIPE admin-c: IVM27-RIPE tech-c: IVM27-RIPE status: ASSIGNED PI mnt-by: RIPE-NCC-HM-PI-MNT mnt-by: MNT-AKRINO mnt-lower: RIPE-NCC-HM-PI-MNT mnt-routes: MNT-AKRINO mnt-domains: MNT-AKRINO source: RIPE # Filtered organisation:ORG-AI38-RIPE org-name:Akrino Inc org-type:OTHER address: Akrino Inc. address: P.O.Box 146 Trident Chambers address: Road Town, Tortola address: BVI e-mail: noc.akr...@gmail.com mnt-ref: MNT-AKRINO mnt-by: MNT-AKRINO source: RIPE # Filtered person: Igoren V Murzak address: Akrino Inc address: P.O.Box 146 Trident Chambers address: Road Town, Tortola address: BVI phone: +1 914 5952753 e-mail: noc.akr...@gmail.com nic-hdl: IVM27-RIPE mnt-by: MNT-AKRINO source: RIPE # Filtered % Information related to '91.202.60.0/22AS44571' route: 91.202.60.0/22 descr: AKRINO BLOCK origin: AS44571 mnt-by: MNT-AKRINO source: RIPE # Filtered On Sat, Oct 24, 2009 at 3:00 AM, Suresh Ramasubramanian ops.li...@gmail.com wrote: http://www.eweekeurope.co.uk/news/russian-police-and-internet-registry-a ccused-of-aiding-cybercrime-2165 Some quotes from the article - Internet registry RIPE NCC turned a blind eye to cybercrime, and Russian police corruption helped the perpetrators get away with it, according to the UK Serious Organised Crime Agency [...] RIPE was being paid by RBN for that service, for its IP allocation, he said. Essentially what you have - and I make no apologies for saying this is - if you were going to interpret this very harshly RIPE as the IP allocation body was receiving criminal funds and therefore RIPE was involved in money laundering offences, said Auld. [...] All we could get there was a disruption, we weren't able to get a prosecution in Russia, admitted Auld. Our biggest concern is where did RBN go? Our information suggests that RBN is back in business but now pursuing a slightly different business model which is bad news. [...] Where you have got LIRs (Local Internet Registries) set up to run a criminal business- that is criminal actvity being taken by the regional internet registries themselves. So what we are trying to do is work with them to make internet governance a somewhat less permissive environment for criminals and make it more about protecting consumers and individuals, added Auld. RBN looked legitimate, says RIPE NCC In response to the comments that it could be accused of being involved in criminal activity, Paul Rendek, head of external relations and communications at RIPE NCC said that the organisation has very strict guidelines for dealing with LIRs. The RBN was accepted as an LIR based on our checklists, he said. Our checklists include the provision of proof that a prospective LIR has the necessary legal documentation, which proves that a business is bona fide. etc -- Jeffrey Lyon, Leadership Team jeffrey.l...@blacklotus.net | http://www.blacklotus.net Black Lotus Communications of The IRC Company, Inc. Platinum sponsor of HostingCon 2010. Come to Austin, TX on July 19 - 21 to find out how to protect your booty. For more information about the Viatel Group, please visit www.viatel.com VTL (UK) Limited Registered in England and Wales Registered Address: Inbucon House, Wick Road, Egham, Surrey TW20 0HR Company Registration No: 04287100 VAT Registration Number: 781 4991 88 THIS MESSAGE IS INTENDED ONLY FOR THE USE OF THE INTENDED RECIPIENT TO WHICH IT IS ADDRESSED AND MAY CONTAIN INFORMATION THAT IS PRIVILEGED, CONFIDENTIAL AND EXEMPT FROM DISCLOSURE. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering the message to the intended recipient, you are notified that any dissemination, distribution or copying of this e-mail is prohibited, and you should delete this e-mail from your system. This message has been scanned for viruses and spam by Viatel MailControl - www.viatel.com
Re: Interesting Point of view - Russian police and RIPE accused of aiding RBN
On Oct 24, 2009, at 9:00 AM, Suresh Ramasubramanian wrote: http://www.eweekeurope.co.uk/news/russian-police-and-internet-registry-accused-of-aiding-cybercrime-2165 With more on that: http://www.ripe.net/news/rbn.html Press coverage this week portrayed the RIPE NCC as being involved with the criminal network provider Russian Business Network (RBN). Any connection with criminal activity, or with RBN itself, is completely unfounded. The press coverage arose from a speech given by the Serious Organised Crime Agency (SOCA) in the UK. SOCA has since contacted the RIPE NCC with an apology. The RIPE NCC will continue to work with SOCA and other bodies to ensure criminal investigations can be carried out in an efficient manner within established laws and guidelines. MarcoH
Re: ISP port blocking practice
-original message- Subject: Re: ISP port blocking practice From: Owen DeLong o...@delong.com Date: 24/10/2009 4:00 am Yes. Owen On Oct 23, 2009, at 2:19 PM, Lee Riemer wrote: Isn't blocking any port against the idea of Net Neutrality? Only if you take a legalistic view of it. Too much of the NN debate is about the futile search for an infallible legal argument with no corner cases. This is silly. Take an empirical, practical view instead. Obviously there is no objection to blocking spam going out; after all, the spam comes from machines that are no longer under the control of their owners, so the only free speech that is affected is that of the spammer, and hasn't that already been litigated? Free speech doesn't include the freedom to shout fire in a crowded theatre. Neither does it include the freedom to carry out a DDOS on the fire brigade control room. You aren't allowed to levy a toll on the roads and except your mates - roads are neutral. But that doesn't invalidate the speed limit or the obligation to drive on the left. Justin Shore wrote: Owen DeLong wrote: Blocking ports that the end user has not asked for is bad. I was going to ask for a clarification to make sure I read your statement correctly but then again it's short enough I really don't see any room to misinterpret it. Do you seriously think that a typical residential user has the required level of knowledge to call their SP and ask for them to block tcp/25, tcp udp/1433 and 1434, and a whole list of common open proxy ports? While they're at it they might ask the SP to block the CC ports for Bobax and Kraken. I'm sure all residential users know that they use ports 447 and 13789. If so then send me some of your users. You must be serving users around the MIT campus. Doing it and refusing to unblock is worse. How you you propose we pull a customer's dynamically-assigned IP out of a DHCP pool so we can treat it differently? Not all SPs use customer-facing AUTH. I can think of none that do for CATV though I'm sure someone will now point an oddball SP that I've never heard of before. Some ISPs have the even worse practice of blocking 587 and a few even go to the horrible length to block 465. I would call that a very bad practice. I haven't personally seen a mis-configured MTA listening on the MSP port so I don't think they can make he claim that the MSP port is a common security risk. I would call tcp/587 a very safe port to have traverse my network. I think those ISPs are either demonstrating willful ignorance or marketing malice. A few hotel gateways I have encountered are dumb enough to think they can block TCP/53 which is always fun. The hotel I stayed in 2 weeks ago that housed a GK class I took had just such a proxy. It screwed up DNS but even worse it completely hosed anything trying to tunnel over HTTP. OCS was dead in the water. My RPC-over-HTTP Outlook client couldn't work either. Fortunately they didn't mess with IPSec VPN or SSH. Either way it didn't matter much since the network was unusable (12 visible APs from room, all on overlapping 802.11b/g channels). The average throughput was .02Mbps. Lovely for you, but, not particularly helpful to your customers who may actually want to use some of those services. I take a hard line on this. I will not let the technical ignorance of the average residential user harm my other customers. There is absolutely no excuse for using Netbios or MS-SQL over the Internet outside of an encrypted tunnel. Any user smart enough to use a proxy is smart enough to pick a non-default port. Any residential user running a proxy server locally is in violation of our AUP anyway and will get warned and then terminated. My filtering helps 99.99% of my userbase. The .001% that find this basic security filter intolerable can speak with their wallets. They can find themselves another provider if they want to use those ports or pay for a business circuit where we filter very little on the assumption they as a business have the technical competence to handle basic security on their own. (The actual percentage of users that have raised concerns in the past 3 years is .0008%. I spoke with each of them and none decided to leave our service.) We've been down the road of no customer-facing ingress ACLs. We've fought the battles of getting large swaths of IPs blacklisted because of a few users' technical incompetence. We've had large portions of our network null-routed in large SPs. Then we got our act together and stopped acting like those ISPs who we all love to bitch about, that do not manage their customer traffic, and are poor netizens of this shared resource we call the Internet. Our problems have all but gone away. Our residential and business users no longer call in on a daily basis to report
Re: Interesting Point of view - Russian police and RIPE accused of aiding RBN
* a. harrowell: It ought to be superfluous to point out that the only effective action taken against RBN was by the Internet community in getting all their upstreams to null route them. As is blindingly obvious, SOCA would never have been granted a warrant by the Russians. Ugh, in reality, they needed a warrant from the Metropolitan Police (which could have been equally problematic).
Re: RE: Interesting Point of view - Russian police and RIPE accused of aiding RBN
We already filter this network but the move is largely symbolic. This needs to be done by eyeball networks, not just hosting networks. In filtering 91.202.60.0/22 we primarily keep our reverse proxies from serving up their content and keep them from offering proxies on our network. Its pretty rare that we will filter any network as a whole but in this case the need is pretty blatent. Jeff On Oct 24, 2009 4:25 AM, Martin, Paul paul.mar...@viatel.com wrote: So considering they're widely regarded as a criminal network hosting the more dodgy/dangerous stuff on the net, surely we could 'protect' our customers by blocking the 91.202.60.0/22 range? Consider that can of worms opened :o) Paul -Original Message- From: Jeffrey Lyon [mailto: jeffrey.l...@blacklotus.net] Sent: 24 Octobe... For more information about the Viatel Group, please visit www.viatel.com VTL (UK) Limited Registered in England and Wales Registered Address: Inbucon House, Wick Road, Egham, Surrey TW20 0HR Company Registration No: 04287100 VAT Registration Number: 781 4991 88 THIS MESSAGE IS INTENDED ONLY FOR THE USE OF THE INTENDED RECIPIENT TO WHICH IT IS ADDRESSED AND MAY CONTAIN INFORMATION THAT IS PRIVILEGED, CONFIDENTIAL AND EXEMPT FROM DISCLOSURE. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering the message to the intended recipient, you are notified that any dissemination, distribution or copying of this e-mail is prohibited, and you should delete this e-mail from your system. This message has been scanned for viruses and spam by Viatel MailControl - www.viatel.com
Re: ISP port blocking practice
Isn't blocking any port against the idea of Net Neutrality? Yes. Owen No. The idea of net neutrality, in this context, is for service providers to avoid making arbitrary decisions about the services that a customer will be allowed. Blocking 25, or 137-139, etc., are common steps taken to promote the security of the network. This is not an arbitrary decision (and I am defining it this way; I will not play semantics about arbitrary. Read along and figure out what I mean.) For 25, SMTP has proven to be a protocol that has adapted poorly to modern life, and a variety of issues have conspired that make it undesirable to allow random home PC's to use 25. Reasonable alternatives exist, such as using 587, or the ISP's mail server. A customer isn't being disallowed the use of SMTP to send mail (which WOULD be a problem). A customer may use any number of other mail servers to send mail. Not a serious issue, and not arbitrary... it's generally considered a good, or even best current, practice. Blocking VoIP from your network to Vonage, because you want your customers to buy your own VoIP service? That's a very clear problem. There's no justifiable reason that any viable broadband service provider would have for blocking VoIP. Yet there could be a reason to forbid VoIP; I can, for example, imagine some of the rural WISP setups where the loads caused on the infrastructure interfere with providing service. Similarly, it'd be ridiculous to expect an 802.11b based rural WISP to be able to support HD Netflix streaming, or dialup ISP's to be able to support fast downloading of movies. These are not arbitrary restrictions, but rather technological ones. When you buy a 56k dialup, you should expect you won't get infinite speed. When you buy WISP access on a shared 802.11b setup, you should expect that you're sharing that theoretical max 11Mbps with other subs. It gets murkier when you get into situations such as where your cableco has sold you a 15Mbps Internet connection, but proceeds to traffic engineer your activities down to a slower speed. There are real questions that should be addressed; for example, if you are paying extra for a premium service (as in when the default speed is 7Mbps and you've upgraded), should a customer expect that they will actually get substantially more capacity? How does the reliance on overcommit affect things? The ideal is to sell a high speed connection to someone who uses none of it, of course... but if you're selling lots of capacity, and betting that only a little will be used at a time, and you've guessed wrong, the big question is, is that tolerable, or is net neutrality going to force you to provide what you've sold? So, now, back to blocking... many service providers block 80, on the basis that they don't want customers running servers. This could very well be a net neutrality issue. It's probably not a security issue. It's a decision being made at a business level, in order to promote the purchase of business class services. It's an arbitrary decision about what a customer will be allowed to do. There's lots of interesting stuff to think about. Net neutrality isn't going to mean that we kill BCP38 and port 25 filtering. It is about service providers arbitrarily interfering with the service that they're providing. Customers should be given, to the maximum extent reasonably possible, Internet connectivity suitable for general purpose use. Where service providers start infringing on that, that's what should be addressed by network neutrality. ... JG -- Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net We call it the 'one bite at the apple' rule. Give me one chance [and] then I won't contact you again. - Direct Marketing Ass'n position on e-mail spam(CNN) With 24 million small businesses in the US alone, that's way too many apples.
Re: Interesting Point of view - Russian police and RIPE accused of aiding RBN
On Sat, Oct 24, 2009 at 2:48 PM, Marco Hogewoning mar...@marcoh.net wrote: On Oct 24, 2009, at 9:00 AM, Suresh Ramasubramanian wrote: \ http://www.eweekeurope.co.uk/news/russian-police-and-internet-registry-accused-of-aiding-cybercrime-2165 With more on that: http://www.ripe.net/news/rbn.html I am glad this ugly situation has been resolved - and I do wish the resolution gets better coverage than this. suresh
DMCA takedowns of networks
http://www.huffingtonpost.com/2009/10/23/chamber-of-commerce-stron_n_332087.html Hurricane Electric obeyed the Chamber's letter and shut down the spoof site. But in the process, they shut down hundreds of other sites maintained by May First / People Link, the Yes Men's direct provider (Hurricane Electric is its upstream provider). What's going on? Since when are we required to take down an entire customer's net for one of their subscriber's so-called infringement? Heck, it takes years to agree around here to take down a peering to an obviously criminal enterprise network My first inclination would be to return the request (rejected), saying it was sent to the wrong provider.
Re: DMCA takedowns of networks
BS to say the least...first the US Chamber of Commerce is not a government organization. And even if there were what right does anyone have to tread on Freedom of Speech?!? Was there a court order? I'd really be interested in know what strong arm tactic they used with HE. William Allen Simpson wrote: http://www.huffingtonpost.com/2009/10/23/chamber-of-commerce-stron_n_332087.html Hurricane Electric obeyed the Chamber's letter and shut down the spoof site. But in the process, they shut down hundreds of other sites maintained by May First / People Link, the Yes Men's direct provider (Hurricane Electric is its upstream provider). What's going on? Since when are we required to take down an entire customer's net for one of their subscriber's so-called infringement? Heck, it takes years to agree around here to take down a peering to an obviously criminal enterprise network My first inclination would be to return the request (rejected), saying it was sent to the wrong provider.
Re: DMCA takedowns of networks
Outside of child pornography there is no content that I would ever consider censoring without a court order nor would I ever purchase transit from a company that engages in this type of behavior. Jeff On Oct 24, 2009 9:01 AM, William Allen Simpson william.allen.simp...@gmail.com wrote: http://www.huffingtonpost.com/2009/10/23/chamber-of-commerce-stron_n_332087.html Hurricane Electric obeyed the Chamber's letter and shut down the spoof site. But in the process, they shut down hundreds of other sites maintained by May First / People Link, the Yes Men's direct provider (Hurricane Electric is its upstream provider). What's going on? Since when are we required to take down an entire customer's net for one of their subscriber's so-called infringement? Heck, it takes years to agree around here to take down a peering to an obviously criminal enterprise network My first inclination would be to return the request (rejected), saying it was sent to the wrong provider.
Re: DMCA takedowns of networks
On Oct 24, 2009, at 9:28 AM, Jeffrey Lyon wrote: Outside of child pornography there is no content that I would ever consider censoring without a court order nor would I ever purchase transit from a company that engages in this type of behavior. A DMCA takedown order has the force of law. This does not mean you should take down an entire network with unrelated sites. Given He's history, I'm guessing it was a mistake. Not buying services from any network that has made a mistake would quickly leave you with exactly zero options for transit. -- TTFN, patrick On Oct 24, 2009 9:01 AM, William Allen Simpson william.allen.simp...@gmail.com wrote: http://www.huffingtonpost.com/2009/10/23/chamber-of-commerce-stron_n_332087.html Hurricane Electric obeyed the Chamber's letter and shut down the spoof site. But in the process, they shut down hundreds of other sites maintained by May First / People Link, the Yes Men's direct provider (Hurricane Electric is its upstream provider). What's going on? Since when are we required to take down an entire customer's net for one of their subscriber's so-called infringement? Heck, it takes years to agree around here to take down a peering to an obviously criminal enterprise network My first inclination would be to return the request (rejected), saying it was sent to the wrong provider.
Re: Slashdotted - Peering Disputes Migrate To IPv6
On Oct 23, 2009, at 10:56 PM, Scott Howard wrote: http://tech.slashdot.org/story/09/10/23/1715235/Peering-Disputes-Migrate-To-IPv6 I wouldn't bother with the comments unless you really need to know how the analogy between IP peering and two gay guys ends up... (hey, it's Slashdot, what did you expect?) When I read that, I thought about the GPF, Guy I winning the Newly Peered Game, and ... well, it went downhill from there. -- TTFN, patrick
Re: Interesting Point of view - Russian police and RIPE accused of aiding RBN
On 24.10 03:05, Paul Bosworth wrote: I think the larger point is that ripe turned a blind eye to an internationally recognized criminal network. That may be a point but not a convincing one. Imagine the outcry on this list if ARIN were to deny some organisation address space or ASNs just because they are internationally recognised criminals. Wouldn't we demand a little more due process? Especially since the alternatives are not as easy as walking to the next fastfood joint. The RIPE NCC operates in a region where whole sovereign states call each other criminals or worse on a daily basis. The only tenable position for each RIR is to strictly apply the policies developed in its bottom-up self-regulatory process. Doing anything else would require intervention via a proper legal process, e.g. a *judge* with appropriate jurisdiction telling the RIR that its actions are unlawful. Frustration is a bad advisor when trying to stop crime, unrelenting application of due process is the only way ... frustrating as it may be. Daniel Karrenberg Chief Scientist RIPE NCC Speaking only for himself as is customary here. PS: This is old news, compare http://www.h-online.com/security/news/item/Security-expert-calls-for-IP-address-ranges-of-criminal-providers-to-be-sent-direct-to-the-police-737905.html And see the press release that Marco pointed out. Daniel
RE: DMCA takedowns of networks
HE certainly was right in shutting down that site. It had copyright infringement. That they took down other sites is reprehensible unless they lacked the technical capability to do otherwise. (The question then arises, should they be in business if that is the case?) I am a strong advocate of free speech and have a track record for both supporting and exercising it. But the dissenters must be responsible. Copying a site - copyright infringement - is never free speech, it is illegal activity. I really don't even care if there is a legal copyright notice is its morally wrong and it puts the dissenter in a category that is probably worse than the other party. That someone would do that tells me that they are not responsible in dissent and their message is horse crap. It is flashy lacking in thought and content. Why would I consider them a valid source of information? I think the present administration is illegally there and should be removed speedily by impeachment. But I would never steal copyright material to dissent. I have never used his picture because I am not aware of a free use picture. Ralph Brandt www.triond.com/users/Ralph+Brandt -Original Message- From: Patrick W. Gilmore [mailto:patr...@ianai.net] Sent: Saturday, October 24, 2009 9:36 AM To: North American Network Operators Group Subject: Re: DMCA takedowns of networks On Oct 24, 2009, at 9:28 AM, Jeffrey Lyon wrote: Outside of child pornography there is no content that I would ever consider censoring without a court order nor would I ever purchase transit from a company that engages in this type of behavior. A DMCA takedown order has the force of law. This does not mean you should take down an entire network with unrelated sites. Given He's history, I'm guessing it was a mistake. Not buying services from any network that has made a mistake would quickly leave you with exactly zero options for transit. -- TTFN, patrick On Oct 24, 2009 9:01 AM, William Allen Simpson william.allen.simp...@gmail.com wrote: http://www.huffingtonpost.com/2009/10/23/chamber-of-commerce-stron_n_332 087.html Hurricane Electric obeyed the Chamber's letter and shut down the spoof site. But in the process, they shut down hundreds of other sites maintained by May First / People Link, the Yes Men's direct provider (Hurricane Electric is its upstream provider). What's going on? Since when are we required to take down an entire customer's net for one of their subscriber's so-called infringement? Heck, it takes years to agree around here to take down a peering to an obviously criminal enterprise network My first inclination would be to return the request (rejected), saying it was sent to the wrong provider. __ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email __
Re: DMCA takedowns of networks
On Sat, Oct 24, 2009 at 09:36:05AM -0400, Patrick W. Gilmore wrote: On Oct 24, 2009, at 9:28 AM, Jeffrey Lyon wrote: Outside of child pornography there is no content that I would ever consider censoring without a court order nor would I ever purchase transit from a company that engages in this type of behavior. A DMCA takedown order has the force of law. The DMCA defines a process by which copyright violations can be handled. One of the options in that process is to send a counter-notice to the takedown notice. http://chillingeffects.org/dmca512/faq.cgi#QID130 http://chillingeffects.org/dmca512/faq.cgi#QID132 To quote: In order to ensure that copyright owners do not wrongly insist on the removal of materials that actually do not infringe their copyrights, the safe harbor provisions require service providers to notify the subscribers if their materials have been removed and to provide them with an opportunity to send a written notice to the service provider stating that the material has been wrongly removed. [512(g)] If a subscriber provides a proper counter-notice claiming that the material does not infringe copyrights, the service provider must then promptly notify the claiming party of the individual's objection. [512(g)(2)] If the copyright owner does not bring a lawsuit in district court within 14 days, the service provider is then required to restore the material to its location on its network. [512(g)(2)(C)] This seems like a very obvious case of parody/fair use, so the proper response would be for the victim to send a counter-notice and then wait for the complainer to settle the issue in court. No doubt the lawsuit would never come, because they don't stand a chance in hell of actually winning, but sending letters is cheap and surprisingly effective against the uninformed. The reason you don't typically see these kinds of issues with providers blocking large amounts of content by taking out whole IPs of their downstreams is that it is cheap and easy to become your own service provider for the purposes of DMCA. If you are hosting any content yourself, you should really go to http://www.copyright.gov/onlinesp/ and file for a designated agent. -- Richard A Steenbergen r...@e-gerbil.net http://www.e-gerbil.net/ras GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)
Re: DMCA takedowns of networks
On Sat, Oct 24, 2009 at 8:00 AM, William Allen Simpson What's going on? Since when are we required to take down an entire customer's net for one of their subscriber's so-called infringement? Since people are afraid. Organizations may send DMCA letters, whether they are valid or not; the recipient may disconnect what the sender wants, and is unlikely to consider whether they really must do it or not. It's easier to do what the bully wants than be a guinea pig and have some risk of being sued,or other unforseen consequences. Note that the 512(a) safe harbor of the DMCA does not include a requirement of removing material when notified; only the 512(c) safe harbor includes that requirement, and it's for providers that actually store the material. - http://www.chillingeffects.org/dmca512/faq.cgi#QID472 US Title 17, Chapter 5, Sec 512, (c) http://www.copyright.gov/title17/92chap5.html#512 (c) Information Residing on Systems or Networks at Direction of Users. ersus (a) Transitory Digital Network Communications. ... A service provider shall not be liable for monetary relief, or, except as provided in subsection (j), for injunctive or other equitable relief, for infringement of copyright by reason of the provider's transmitting, routing, or providing connections for, It's a bit hard (impossible) to expeditiously remove material that your equipment isn't storing,but that a downstream network is storing. The DMCA doesn't say anything about severing connectivity to computers on a network. That's just what the wronged party wants, the collateral damage doesn't effect them. -- -J
Re: DMCA takedowns of networks
On Sat, Oct 24, 2009 at 11:06:29AM -0400, Patrick W. Gilmore wrote: On Oct 24, 2009, at 10:53 AM, Richard A Steenbergen wrote: On Sat, Oct 24, 2009 at 09:36:05AM -0400, Patrick W. Gilmore wrote: On Oct 24, 2009, at 9:28 AM, Jeffrey Lyon wrote: Outside of child pornography there is no content that I would ever consider censoring without a court order nor would I ever purchase transit from a company that engages in this type of behavior. A DMCA takedown order has the force of law. It most certainly does not. The DMCA defines a process by which copyright violations can be handled. One of the options in that process is to send a counter-notice to the takedown notice. Laws frequently have multiple options for compliance. Doesn't mean you don't have to follow the law. But you should understand the law. The DMCA does NOT require that any provider, anywhere, ever, take down material because they were notified that the material is infringing on a copyright holder's rights. What the DMCA does say is that if a provider receives such a notification, and promptly takes down the material, then the ISP is immune from being held liable for the infringement. Many providers routinely take down material when they receive a DMCA take-down notice. But if they do so out of the belief that they are required to do so, they are confused. They are not required to do so. They can choose to take it down in exchange for getting the benefit of immunity from being sued (many, probably most, providers make this choice). Or they can choose to leave it up, which leaves them vulnerable to a lawsuit by the copyright holder. (In such a lawsuit, they copyright holder would have to prove that infringement occurred and that the provider is liable for it.) (I'm not commenting on the merits of HE's actions here. Just on that the DMCA actually says. It's certainly a good practice for providers that don't want to spend time evaluating copyright claims and defending copyright infringement suits (which, I think, is most providers) to take advantage of the DMCAs safe-harbor provisions. I'm not disputing that.) -- Brett
Re: ISP port blocking practice
On Oct 23, 2009, at 10:54 PM, Owen DeLong wrote: On Oct 23, 2009, at 3:43 PM, Justin Shore wrote: Dan White wrote: On 23/10/09 17:58 -0400, James R. Cutler wrote: Blocking the well known port 25 does not block sending of mail. Or the message content. It does block incoming SMTP traffic on that well known port. Then the customer should have bought a class of service that permits servers. Then you shouldn't be marketing what the customer bought as Internet Access. We disagree. But is this really the place to discuss what MARKETING people should be doing? :) Blocking port 25 is not, IMHO, a violation of Network Neutrality. I explained why in a very long, probably boring, post. Your definition of Network neutrality may differ. Which is fine, but doesn't make mine wrong. As for how it is marketed, well, I'm not even going to try to argue that. -- TTFN, patrick
Re: ISP port blocking practice
Chris Boyd wrote: Once it's set up correctly we've found customers really like it since their email just works in most places. Earlier this week I had an experience at a San Jose[1] Public Library, where they blocked ports 995, 587, 465, and 119. None of my mail services (or usenet service) worked, except for the news server I use that runs on port 443 (heh) and my webmail backup. Using gmail/webmail I sent an email to the tech admin, and they opened up those ports the next day. This is the first time I've had problems with using these ports - in other cases it does just work as expected. I was rather stunned to run into this at a public library. Usually librarians are major defenders of free speech and fight vigorously against censoring, blocking, and filtering of any type on library computers and networks. My guess is that none of the librarians *knew* that the IT department had setup these blocks. I'll have a chat with them the next time I drop in. jc [1] San Jose is the 3rd largest city in California, 10th largest city in the US and the center of Silicon Valley - I had expected a higher level of IT clue than I found.
Re: DMCA takedowns of networks
On Oct 24, 2009, at 11:20 AM, Brett Frankenberger wrote: On Sat, Oct 24, 2009 at 11:06:29AM -0400, Patrick W. Gilmore wrote: On Oct 24, 2009, at 10:53 AM, Richard A Steenbergen wrote: On Sat, Oct 24, 2009 at 09:36:05AM -0400, Patrick W. Gilmore wrote: On Oct 24, 2009, at 9:28 AM, Jeffrey Lyon wrote: Outside of child pornography there is no content that I would ever consider censoring without a court order nor would I ever purchase transit from a company that engages in this type of behavior. A DMCA takedown order has the force of law. It most certainly does not. It most certainly does. The DMCA defines a process by which copyright violations can be handled. One of the options in that process is to send a counter-notice to the takedown notice. Laws frequently have multiple options for compliance. Doesn't mean you don't have to follow the law. But you should understand the law. That's a matter of opinion. :) The DMCA does NOT require that any provider, anywhere, ever, take down material because they were notified that the material is infringing on a copyright holder's rights. Who said it does? I most certainly did not. If you think I did, try reading again. What the DMCA does say is that if a provider receives such a notification, and promptly takes down the material, then the ISP is immune from being held liable for the infringement. Many providers routinely take down material when they receive a DMCA take-down notice. But if they do so out of the belief that they are required to do so, they are confused. They are not required to do so. They can choose to take it down in exchange for getting the benefit of immunity from being sued (many, probably most, providers make this choice). Or they can choose to leave it up, which leaves them vulnerable to a lawsuit by the copyright holder. (In such a lawsuit, they copyright holder would have to prove that infringement occurred and that the provider is liable for it.) See, we agree. So what was the problem again? =) And if anyone wants to get upset at a provider for doing what is best for their business, perhaps by saying they are 'giving in to a bully' or other silliness, then they should be ignored. Sometimes it's worth the $$ on lawyers so you can get more customers because people believe you will stand up for them. Sometimes it is not. But a for-profit business is, well, for-profit. And even if you make the wrong business decision, it's still YOUR decision. You risk your business either way you decide, and things are rarely cut-and- dried. People from the outside without all the information telling you you what to do are being silly. Like I always say: Your Network, Your Decision. Anyone care to argue otherwise? -- TTFN, patrick P.S. still doesn't mean HE should have taken down non-infringing sites.
Re: ISP port blocking practice
On Oct 24, 2009, at 3:17 AM, Joe Greco wrote: Isn't blocking any port against the idea of Net Neutrality? Yes. Owen No. The idea of net neutrality, in this context, is for service providers to avoid making arbitrary decisions about the services that a customer will be allowed. Right. Blocking 25, or 137-139, etc., are common steps taken to promote the security of the network. This is not an arbitrary decision (and I am defining it this way; I will not play semantics about arbitrary. Read along and figure out what I mean.) For 25, SMTP has proven to be a protocol that has adapted poorly to modern life, and a variety of issues have conspired that make it undesirable to allow random home PC's to use 25. Reasonable alternatives exist, such as using 587, or the ISP's mail server. A customer isn't being disallowed the use of SMTP to send mail (which WOULD be a problem). A customer may use any number of other mail servers to send mail. Not a serious issue, and not arbitrary... it's generally considered a good, or even best current, practice. A common practice of breaking the network for your customers does not make the network any less broken and does not make the action network neutral The SMTP protocol has adapted just fine. Certain operators of SMTP servers, on the other hand, are a different issue. I don't take exception if you want to block those SMTP servers. I do take exception if you block the protocol entirely. 587 is the exact same protocol as 25, just with different host configuration policies. As such, I would hold up 587 as an example to prove my point. Blocking VoIP from your network to Vonage, because you want your customers to buy your own VoIP service? That's a very clear problem. There's no justifiable reason that any viable broadband service provider would have for blocking VoIP. Yet there could be a reason to forbid VoIP; I can, for example, imagine some of the rural WISP setups where the loads caused on the infrastructure interfere with providing service. Some providers block outbound 25 to other email service providers because they want your outgoing email to go only through their own unauthenticated, unsecure mail servers. (I have had at least one former ISP refuse to unblock port 25 or 587 for me to a host that was running TLS and SMTPAUTH while they insisted that I use their port 25 server which did not listen on port 587 and would not accept TLS or SMTPAUTH). Similarly, it'd be ridiculous to expect an 802.11b based rural WISP to be able to support HD Netflix streaming, or dialup ISP's to be able to support fast downloading of movies. These are not arbitrary restrictions, but rather technological ones. When you buy a 56k dialup, you should expect you won't get infinite speed. When you buy WISP access on a shared 802.11b setup, you should expect that you're sharing that theoretical max 11Mbps with other subs. Right... Those are not arbitrary, they are valid. Blocking all access to port 25 is, on the other hand, arbitrary. There's lots of interesting stuff to think about. Net neutrality isn't going to mean that we kill BCP38 and port 25 filtering. It is about service providers arbitrarily interfering with the service that they're providing. Customers should be given, to the maximum extent reasonably possible, Internet connectivity suitable for general purpose use. Where service providers start infringing on that, that's what should be addressed by network neutrality. BCP-38 is good. SMTP blocking is not in BCP-38. Not allowing a user to send forged packets is a perfectly legitimate action. Not allowing a user to send or receive valid packets properly formatted, carrying legitimate traffic for purposes which are not a violation of the providers AUP, on the other hand, is not good. Owen
Re: DMCA takedowns of networks
Patrick, My comment was geared toward freedom of content and should not be interpreted to mean that network abuse will be permitted. We're very conservative about how we handle DMCA requests. If we receive one it better be valid and if there is any doubt we will challenge the sender vice punish our customer. Most DMCA we receive are completely bogus. Jeff On Sat, Oct 24, 2009 at 9:39 AM, Patrick W. Gilmore patr...@ianai.net wrote: On Oct 24, 2009, at 9:36 AM, Patrick W. Gilmore wrote: On Oct 24, 2009, at 9:28 AM, Jeffrey Lyon wrote: Outside of child pornography there is no content that I would ever consider censoring without a court order nor would I ever purchase transit from a company that engages in this type of behavior. P.S. Good to know you would keep spammers, DDoS'ers, hackers, etc. connected, even in the face of evidence provided by other ISPs, ... nor would I ever purchase transit from a company that engages in this type of behavior. -- TTFN, patrick A DMCA takedown order has the force of law. This does not mean you should take down an entire network with unrelated sites. Given He's history, I'm guessing it was a mistake. Not buying services from any network that has made a mistake would quickly leave you with exactly zero options for transit. -- TTFN, patrick On Oct 24, 2009 9:01 AM, William Allen Simpson william.allen.simp...@gmail.com wrote: http://www.huffingtonpost.com/2009/10/23/chamber-of-commerce-stron_n_332087.html Hurricane Electric obeyed the Chamber's letter and shut down the spoof site. But in the process, they shut down hundreds of other sites maintained by May First / People Link, the Yes Men's direct provider (Hurricane Electric is its upstream provider). What's going on? Since when are we required to take down an entire customer's net for one of their subscriber's so-called infringement? Heck, it takes years to agree around here to take down a peering to an obviously criminal enterprise network My first inclination would be to return the request (rejected), saying it was sent to the wrong provider. -- Jeffrey Lyon, Leadership Team jeffrey.l...@blacklotus.net | http://www.blacklotus.net Black Lotus Communications of The IRC Company, Inc. Platinum sponsor of HostingCon 2010. Come to Austin, TX on July 19 - 21 to find out how to protect your booty.
Re: Interesting Point of view - Russian police and RIPE accused of aiding RBN
The decision to filter networks should remain with the collective network operators. Everyone, even criminals, has a right to distribute content but it's up to each operator to decide if that content will be allowed to transit their network. Personally, if an entire /22 does not have a single legitimate resource on it in the case of 91.202.60.0/22 *and* is widely suspected of being owned/operated by a criminal enterprise then filtering makes sense. Historically it takes a few pioneers to present a case for filtering specific networks before larger networks will begin to see the light. Jeff On Sat, Oct 24, 2009 at 9:59 AM, Daniel Karrenberg daniel.karrenb...@ripe.net wrote: On 24.10 03:05, Paul Bosworth wrote: I think the larger point is that ripe turned a blind eye to an internationally recognized criminal network. That may be a point but not a convincing one. Imagine the outcry on this list if ARIN were to deny some organisation address space or ASNs just because they are internationally recognised criminals. Wouldn't we demand a little more due process? Especially since the alternatives are not as easy as walking to the next fastfood joint. The RIPE NCC operates in a region where whole sovereign states call each other criminals or worse on a daily basis. The only tenable position for each RIR is to strictly apply the policies developed in its bottom-up self-regulatory process. Doing anything else would require intervention via a proper legal process, e.g. a *judge* with appropriate jurisdiction telling the RIR that its actions are unlawful. Frustration is a bad advisor when trying to stop crime, unrelenting application of due process is the only way ... frustrating as it may be. Daniel Karrenberg Chief Scientist RIPE NCC Speaking only for himself as is customary here. PS: This is old news, compare http://www.h-online.com/security/news/item/Security-expert-calls-for-IP-address-ranges-of-criminal-providers-to-be-sent-direct-to-the-police-737905.html And see the press release that Marco pointed out. Daniel -- Jeffrey Lyon, Leadership Team jeffrey.l...@blacklotus.net | http://www.blacklotus.net Black Lotus Communications of The IRC Company, Inc. Platinum sponsor of HostingCon 2010. Come to Austin, TX on July 19 - 21 to find out how to protect your booty.
Re: DMCA takedowns of networks
On Oct 24, 2009, at 10:53 AM, Richard A Steenbergen wrote: On Sat, Oct 24, 2009 at 09:36:05AM -0400, Patrick W. Gilmore wrote: On Oct 24, 2009, at 9:28 AM, Jeffrey Lyon wrote: Outside of child pornography there is no content that I would ever consider censoring without a court order nor would I ever purchase transit from a company that engages in this type of behavior. A DMCA takedown order has the force of law. The DMCA defines a process by which copyright violations can be handled. One of the options in that process is to send a counter-notice to the takedown notice. Laws frequently have multiple options for compliance. Doesn't mean you don't have to follow the law. A DMCA takedown notice isn't law, Patrick, and does not have the force of law claimed above. It is merely a claim by a third party as to some particular infringement. A service provider CAN take certain steps listed in the DMCA and gain absolute protection under the law against almost any sort of copyright liability regarding the incident. This does not, however, make it correct or perhaps even legal for a service provider to take that action in all cases. There are plenty of examples of DMCA notices having been sent for the sole purpose of getting something someone doesn't like shut down, even where the party issuing the notice obviously does not own the copyright in question. There are a variety of techniques to deal with this... This seems like a very obvious case of parody/fair use, Possibly, but I do not blame a provider to not being willing to make that distinction. Yes, but it's troubling that a nontrivial provider of transit would make such a mistake. This is like Cogent, who, at one point, received a DMCA (or possibly just abuse complaint) about content being posted through a server of a client's, and who proceeded to try to null-route that Usenet news server's address. Of course, they picked a hostname out of the headers of the message in question, and null-routed that. To no effect, since the users accessed servers through SLB. Duh. And since Usenet is a flood fill system, blocking the injecting host isn't sufficient anyways, since the article is instantly available at every other Usenet site, including the other local servers. Double duh. And since the subscriber's account had already been closed and cancels had been issued earlier in the day, the content wasn't even on the server anymore. Three duhs and Cogent's out... The annoying part was that Cogent decided at 2 *AM* in the morning that this was a problem, and insisted on an answer within an hour. I allocated a whole lot more time than that for reading several tiers of management and sales the riot act. Not that it had any operational impact whatsoever, but when a service provider starts implementing arbitrary kneejerk fixes upon receipt of a complaint, that's a bad thing, and that seems like what may have happened here, too. To be clear: I agree that a provider might not want to make a distinction between a legitimate DMCA takedown and something that's not, but it is reasonable to limit oneself to the things required by the DMCA. Null-routing a virtual web server's IP and interfering with the operation of other services is probably overreaching, at least as a first step. so the proper response would be for the victim to send a counter-notice and then wait for the complainer to settle the issue in court. See previous comment. The website owner, however, has that option. Let's just agree that there were multiple avenues open to lots of people here, that HE should not have taken down more than the site in question (if, in fact, that is what happened), and that the DCMA has silly parts. Doesn't mean you should wait for a court order though. That is, of course, completely correct. ... JG -- Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net We call it the 'one bite at the apple' rule. Give me one chance [and] then I won't contact you again. - Direct Marketing Ass'n position on e-mail spam(CNN) With 24 million small businesses in the US alone, that's way too many apples.
Re: DMCA takedowns of networks
On Oct 24, 2009, at 2:24 PM, Jeffrey Lyon wrote: My comment was geared toward freedom of content and should not be interpreted to mean that network abuse will be permitted. We're very conservative about how we handle DMCA requests. If we receive one it better be valid and if there is any doubt we will challenge the sender vice punish our customer. Most DMCA we receive are completely bogus. Like most discussions on NANOG, this was the result of a miscommunication. You said you would never censor anything other than CP without a court order. What you meant is that you could follow DCMA if it is not bogus even without a court order, and you would stop abuse, and you would in general act like many other reasonable providers. I'm going to assume that means you would also buy transit from such providers. Wow, it seems like we completely agree. Glad to have cleared that up. Try not to be so absolute next time. -- TTFN, patrick On Sat, Oct 24, 2009 at 9:39 AM, Patrick W. Gilmore patr...@ianai.net wrote: On Oct 24, 2009, at 9:36 AM, Patrick W. Gilmore wrote: On Oct 24, 2009, at 9:28 AM, Jeffrey Lyon wrote: Outside of child pornography there is no content that I would ever consider censoring without a court order nor would I ever purchase transit from a company that engages in this type of behavior. P.S. Good to know you would keep spammers, DDoS'ers, hackers, etc. connected, even in the face of evidence provided by other ISPs, ... nor would I ever purchase transit from a company that engages in this type of behavior. -- TTFN, patrick A DMCA takedown order has the force of law. This does not mean you should take down an entire network with unrelated sites. Given He's history, I'm guessing it was a mistake. Not buying services from any network that has made a mistake would quickly leave you with exactly zero options for transit. -- TTFN, patrick On Oct 24, 2009 9:01 AM, William Allen Simpson william.allen.simp...@gmail.com wrote: http://www.huffingtonpost.com/2009/10/23/chamber-of-commerce-stron_n_332087.html Hurricane Electric obeyed the Chamber's letter and shut down the spoof site. But in the process, they shut down hundreds of other sites maintained by May First / People Link, the Yes Men's direct provider (Hurricane Electric is its upstream provider). What's going on? Since when are we required to take down an entire customer's net for one of their subscriber's so-called infringement? Heck, it takes years to agree around here to take down a peering to an obviously criminal enterprise network My first inclination would be to return the request (rejected), saying it was sent to the wrong provider. -- Jeffrey Lyon, Leadership Team jeffrey.l...@blacklotus.net | http://www.blacklotus.net Black Lotus Communications of The IRC Company, Inc. Platinum sponsor of HostingCon 2010. Come to Austin, TX on July 19 - 21 to find out how to protect your booty.
Re: DMCA takedowns of networks
On Oct 24, 2009, at 2:28 PM, Joe Greco wrote: Laws frequently have multiple options for compliance. Doesn't mean you don't have to follow the law. A DMCA takedown notice isn't law, Patrick, and does not have the force of law claimed above. You say potato, I say whatever. In the field of law, the word force has two main meanings: unlawful violence and lawful compulsion. They are lawfully compelling you to take down the content, or explain why you should not. This is no different from many legal notices. If you ignore the notice, you risk legal ramifications, including the loss of Safe Harbor defense. This pice of paper has the force of the US gov't behind it. What would you call the force of law? Feel free to believe otherwise. IANAL (or even an ISP :), so maybe I'm wrong. But I'm not going to think poorly of any provider who thinks otherwise. This seems like a very obvious case of parody/fair use, Possibly, but I do not blame a provider to not being willing to make that distinction. Yes, but it's troubling that a nontrivial provider of transit would make such a mistake. This is like Cogent, who, at one point, received a DMCA (or possibly just abuse complaint) about content being posted through a server of a client's, and who proceeded to try to null-route that Usenet news server's address. [snip - bunch of stuff about Cogent] It is almost certainly not like anything. I'm guessing that you have no clue what actually happened. People are making assumptions from third-party accounts using 5th hand info. Generalization is bad, generalization on such flimsy info is silly. Maybe they typo'ed a filter list. Maybe some newbie over-reacted. Maybe the customer did not pay their bill. WE HAVE NO IDEA WHY THIS HAPPENED. To be clear: I agree that a provider might not want to make a distinction between a legitimate DMCA takedown and something that's not, but it is reasonable to limit oneself to the things required by the DMCA. Null-routing a virtual web server's IP and interfering with the operation of other services is probably overreaching, at least as a first step. I have stated over over that it is not right for HE to take down non- infringing sites - _if_ that is what happened. So why are we having this discussion? Doesn't mean you should wait for a court order though. That is, of course, completely correct. Glad we agree. -- TTFN, patrick
Re: ISP port blocking practice
On Oct 24, 2009, at 3:17 AM, Joe Greco wrote: Isn't blocking any port against the idea of Net Neutrality? Yes. Owen No. The idea of net neutrality, in this context, is for service providers to avoid making arbitrary decisions about the services that a customer will be allowed. Right. Blocking 25, or 137-139, etc., are common steps taken to promote the security of the network. This is not an arbitrary decision (and I am defining it this way; I will not play semantics about arbitrary. Read along and figure out what I mean.) For 25, SMTP has proven to be a protocol that has adapted poorly to modern life, and a variety of issues have conspired that make it undesirable to allow random home PC's to use 25. Reasonable alternatives exist, such as using 587, or the ISP's mail server. A customer isn't being disallowed the use of SMTP to send mail (which WOULD be a problem). A customer may use any number of other mail servers to send mail. Not a serious issue, and not arbitrary... it's generally considered a good, or even best current, practice. A common practice of breaking the network for your customers does not make the network any less broken and does not make the action network neutral The SMTP protocol has adapted just fine. Certain operators of SMTP servers, on the other hand, are a different issue. I don't take exception if you want to block those SMTP servers. I do take exception if you block the protocol entirely. 587 is the exact same protocol as 25, just with different host configuration policies. As such, I would hold up 587 as an example to prove my point. Except it doesn't. 587 is submission done right; whereas 25 is transit. 587 and 25 are conceptually completely different, even if they use a common underlying protocol. That's why 587 not only does not prove your point, but it actually allows me to show that it isn't SMTP being interfered with, but rather just the uncontrolled submission of e-mail to remote machines. Does network neutrality mean that dialup operators will have to allow PPP users to connect without a login and password? Blocking VoIP from your network to Vonage, because you want your customers to buy your own VoIP service? That's a very clear problem. There's no justifiable reason that any viable broadband service provider would have for blocking VoIP. Yet there could be a reason to forbid VoIP; I can, for example, imagine some of the rural WISP setups where the loads caused on the infrastructure interfere with providing service. Some providers block outbound 25 to other email service providers because they want your outgoing email to go only through their own unauthenticated, unsecure mail servers. (I have had at least one former ISP refuse to unblock port 25 or 587 for me to a host that was running TLS and SMTPAUTH while they insisted that I use their port 25 server which did not listen on port 587 and would not accept TLS or SMTPAUTH). Blocking 25 isn't a problem. Blocking 587 is. Requiring all e-mail to go through their servers is also a problem. That's because there is a good reason for the 25 blocking, one that you can trivially work around on 587. Blocking 587 is overreaching, and is dictating that you must use their servers. That is not neutral. Similarly, it'd be ridiculous to expect an 802.11b based rural WISP to be able to support HD Netflix streaming, or dialup ISP's to be able to support fast downloading of movies. These are not arbitrary restrictions, but rather technological ones. When you buy a 56k dialup, you should expect you won't get infinite speed. When you buy WISP access on a shared 802.11b setup, you should expect that you're sharing that theoretical max 11Mbps with other subs. Right... Those are not arbitrary, they are valid. Blocking all access to port 25 is, on the other hand, arbitrary. It's not, because there is an obvious ongoing problem with infected end-user machines sending spam, and no particular reason that an end- user machine needs to be able to send e-mail to random remote sites. A huge amount of good is accomplished for the 'net as a whole when a service provider blocks 25. They're not preventing you from sending e-mail, they're just requiring that it be sent in a manner that complies with current community standards. And there are standards, and you can submit via 587 to alternative e-mail services of your choice. It is not entirely ideal, but it is laughable to construe 25 blocking as making it impossible (or even hard) to send e-mail, given that it most certainly isn't. There's lots of interesting stuff to think about. Net neutrality isn't going to mean that we kill BCP38 and port 25 filtering. It is about service providers arbitrarily interfering with the service that they're providing. Customers should be given, to the maximum extent reasonably possible, Internet connectivity suitable
Re: DMCA takedowns of networks
On Oct 24, 2009, at 2:28 PM, Joe Greco wrote: Laws frequently have multiple options for compliance. Doesn't mean you don't have to follow the law. A DMCA takedown notice isn't law, Patrick, and does not have the force of law claimed above. You say potato, I say whatever. In the field of law, the word force has two main meanings: unlawful violence and lawful compulsion. They are lawfully compelling you to take down the content, or explain why you should not. I think you need to read the DMCA. You may feel free to point out where it says service provider must do X. Because I suspect you will find out that it _really_ says, in order to retain safe harbor protection, service provider must do X. The latter is not lawfully compelling me to do anything. This is no different from many legal notices. If you ignore the notice, you risk legal ramifications, including the loss of Safe Harbor defense. This pice of paper has the force of the US gov't behind it. What would you call the force of law? Feel free to believe otherwise. IANAL (or even an ISP :), so maybe I'm wrong. But I'm not going to think poorly of any provider who thinks otherwise. I believe what the lawyers tell me. They tell me that we may lose safe harbor if we do not comply with a takedown notice. That's about all. This seems like a very obvious case of parody/fair use, Possibly, but I do not blame a provider to not being willing to make that distinction. Yes, but it's troubling that a nontrivial provider of transit would make such a mistake. This is like Cogent, who, at one point, received a DMCA (or possibly just abuse complaint) about content being posted through a server of a client's, and who proceeded to try to null-route that Usenet news server's address. [snip - bunch of stuff about Cogent] It is almost certainly not like anything. I'm guessing that you have no clue what actually happened. People are making assumptions from third-party accounts using 5th hand info. Generalization is bad, generalization on such flimsy info is silly. Maybe they typo'ed a filter list. Maybe some newbie over-reacted. Maybe the customer did not pay their bill. WE HAVE NO IDEA WHY THIS HAPPENED. Of course not. But there are at least some of us who have been through all of this; we can fill in the blanks and make some reasonable conclusions. To be clear: I agree that a provider might not want to make a distinction between a legitimate DMCA takedown and something that's not, but it is reasonable to limit oneself to the things required by the DMCA. Null-routing a virtual web server's IP and interfering with the operation of other services is probably overreaching, at least as a first step. I have stated over over that it is not right for HE to take down non- infringing sites - _if_ that is what happened. So why are we having this discussion? Because it appears that HE took down non-infringing sites? Excuse me for stating the obvious. :-) ... JG -- Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net We call it the 'one bite at the apple' rule. Give me one chance [and] then I won't contact you again. - Direct Marketing Ass'n position on e-mail spam(CNN) With 24 million small businesses in the US alone, that's way too many apples.
Re: DMCA takedowns of networks
I've excerpted, and posted anonymously, a few quotes from this thread on the ISOC-NY website. I hope that this is acceptable - if not, let me know off list. http://www.isoc-ny.org/?p=996 -- --- Joly MacFie 917 442 8665 Skype:punkcast WWWhatsup NYC - http://wwwhatsup.com http://pinstand.com - http://punkcast.com ---
RE: ISP port blocking practice
Free speech doesn't include the freedom to shout fire in a crowded theatre. It most certainly does! There is absolutely nothing to prevent one from shouting FIRE in a crowded theatre. In fact, any attempt to legislate a prohibition against such behaviour would, in all civilized countries and legal systems, constitute unlawful prior restraint. You are confusing (as are all the myriad idiots who keep repeating this fictitious statement) prior restraint with positive law. Nothing prevents you from shouting FIRE in a crowded theatre (or anywhere else for that matter). However the proof of the FACT that you shouted FIRE, and the proof of the FACT that this caused panic and injury, and proof of the FACT that the act of shouting FIRE caused pandemonium and injury will lead to a conviction for the offense of RECKLESS ENDANGERMENT or other offences against positive law. It is not the shouting of FIRE in a crowded theatre that is unlawful, it is the reckless act and the reckless disregard for the consequences of that act which is criminal. In fact, if one were to shout FIRE in a crowded theatre and everyone simply ignored it, no offense would have been committed at all! Please keep your facts straight and do not abridge and summarize to the point of absolute absurdity! Neither does it include the freedom to carry out a DDOS on the fire brigade control room. This, of course, falls in the same category. You are totally free to DDoS the fire brigade control room. It is not illegal nor can such action be prohibited by positive law. It is however entirely possible that the consequence of such behaviour is perilous to property, life and limb; and that as a consequence the act itself becomes reckless endangerment ONLY AFTER IT HAS BEEN COMMITTED. There is not, and cannot be, any lawful prior restraint in this case either. You aren't allowed to levy a toll on the roads and except your mates - roads are neutral. Of course you can, and governments do it all the time. But that doesn't invalidate the speed limit or the obligation to drive on the left. Once again, you are confusing prior restraint with the consequence of doing an action. The Act itself cannot be prohibited. Their may be consequences assigned to having proven that an act was done, but the doing of the act is not and cannot be prohibited. Of course, both the United States and the UK have become Fascist states, and as such it is reasonable to expect that they will behave like Fascists. -- () ascii ribbon campaign against html e-mail /\ www.asciiribbon.org
Re: Advice about Qwest, Cogent, and Equinix facilities
On Mon, Oct 19, 2009 at 10:32 AM, Jeffrey Negro jne...@billtrust.com wrote: My company is planning on implementing a new strategy for our web application deployment. [...] I would welcome any advice or experiences other nanog members may have with regards to these providers, as well as any suggestions about other providers that may fit the bill. Two words: carrier neutral. With a carrier neutral facility like Equinix you'll have a greater wealth of data services available to you from a wide range of carriers at on-net prices. And alternatives available when one of those services doesn't pan out quite what the salesman claimed. With a particular carrier's facility such as Verizon, Qwest, Level3 or Cogent, you're more limited. Other carriers occasionally vend some services there but the variety is generally very limited and they tend to be much more expensive than the incumbent. And God help you when you want to leave... The DNC moved out of the Verizon Business data center in Ashburn VA in 2006 and tried to buy a Verizon Business line at another data center in order to keep the IP addresses. Verizon Business refused to move the IP address blocks to a VB line outside of the data center. With a carrier neutral facility, the carriers have no vested interest in keeping you in that particular data center. Regards, Bill Herrin -- William D. Herrin her...@dirtside.com b...@herrin.us 3005 Crane Dr. .. Web: http://bill.herrin.us/ Falls Church, VA 22042-3004
Re: ISP port blocking practice
Blocking port 25 is not, IMHO, a violation of Network Neutrality. I explained why in a very long, probably boring, post. Your definition of Network neutrality may differ. Which is fine, but doesn't make mine wrong. -- TTFN, patrick I agree with this. I would think that from an administrator/engineers perspective, it's more of being proactive to help protect the network, the end-user and help keep SLA's (keep from getting listed on RBL because of a non-patched or virused pc, not wasting network resources due to SPAM, trying to keep your own house clean, etc) more than it is an attack on Net Neutrality. But on the other hand, the end-user, customer, or whoever is having a port blocked, might wonder about the services they are buying and if it's time to jump ship to another provider if they aren't willing to work with the customer. I think that most providers are willing to work with the customer if ports such as SMTP need to be unblocked for whatever reason. If they aren't, then i would suggest finding another provider. Clue
Re: Advice about Qwest, Cogent, and Equinix facilities
Completely agreed; in many situations even if one of those carrier locked data centers allow another carrier in, they may severely limit the portfolio of services that are allowed to be offered by them. For example, one of the vendors listed below only allows lit crossconnects from 3rd party carriers and only from a demarc that they specify, generally not within the same data center that you're housed. It means that any type of circuit that you drop into there is effectively type 2. It's ugly. -Dave William Herrin wrote: On Mon, Oct 19, 2009 at 10:32 AM, Jeffrey Negro jne...@billtrust.com wrote: My company is planning on implementing a new strategy for our web application deployment. [...] I would welcome any advice or experiences other nanog members may have with regards to these providers, as well as any suggestions about other providers that may fit the bill. Two words: carrier neutral. With a carrier neutral facility like Equinix you'll have a greater wealth of data services available to you from a wide range of carriers at on-net prices. And alternatives available when one of those services doesn't pan out quite what the salesman claimed. With a particular carrier's facility such as Verizon, Qwest, Level3 or Cogent, you're more limited. Other carriers occasionally vend some services there but the variety is generally very limited and they tend to be much more expensive than the incumbent. And God help you when you want to leave... The DNC moved out of the Verizon Business data center in Ashburn VA in 2006 and tried to buy a Verizon Business line at another data center in order to keep the IP addresses. Verizon Business refused to move the IP address blocks to a VB line outside of the data center. With a carrier neutral facility, the carriers have no vested interest in keeping you in that particular data center. Regards, Bill Herrin
Nanog Mentioned in TED Video: Jonathan Zittrain
Remember when youtube went down? Mr. Zittrain briefly mentions nanog during his TED talk in July 2009. http://www.ted.com/talks/jonathan_zittrain_the_web_is_a_random_act_of_kindness.html Enjoy.
Re: Nanog Mentioned in TED Video: Jonathan Zittrain
On Oct 24, 2009, at 9:55 PM, Israel Lopez-LISTS wrote: Remember when youtube went down? Mr. Zittrain briefly mentions nanog during his TED talk in July 2009. http://www.ted.com/talks/jonathan_zittrain_the_web_is_a_random_act_of_kindness.html Been discussed. He's obviously wrong about some things. No one does anything without getting paid. But he is kinda right in some ways too. -- TTFN, patrick