Re: Monitoring service that has a human component?

[Mark Milhollan]

On Wed, 5 Dec 2018, David H wrote:

>Hey all, was curious if anyone knows of a website monitoring service 
>that has the option to incorporate a human component into the decision 
>and escalation tree?  

Isn't this merely a matter of escalation, since either alerts someone 
and it is just a matter of who, when and how often?  The usual way of 
putting a human in the loop is for some events to create tickets to be 
triaged as staff has time, or all events get tickets but with some 
created in a lower priority queue w/o escalation and others in a high 
priority queue w/escalation.  As a service though, sorry, no I've not 
seen such.


/mark

Re: Should ISP block child pornography?

[cosmo]

There's a reason that the subreddit for hidden services has this as a title
.

https://www.reddit.com/r/onions

[image: image.png]


On Fri, Dec 7, 2018 at 11:54 AM Aaron1  wrote:

> Makes we want to cry, so sad
>
> Aaron
>
> On Dec 7, 2018, at 1:43 PM, cosmo  wrote:
>
> I've done a bit of work in this space, wont elaborate . but here are
> some thoughts :
>
> * many less-engaged or new pedophiles may indeed search such content in
> the clear, however 
> * the persistent abusers tend to form communities within TOR hidden
> services, making them difficult to find. Most are likely just consumers of
> the material, but many are producers (inc kidnappers)
> * some underground communities require that prospective members contribute
> new abuse imagery/videos in order to prove they are not law enforcement.
> Tragically this encourages abusers to abuse a family member
> * other communities have plenty of essays espousing the viewpoint that
> such behavior is quite natural, which does convince some to excuse their
> behavior. This content itself does have the ability to convert
> non-offenders to offenders, IMHO.
>- The following article discuss these communities and their underlying
> agendas. I'll warn you that you may need therapy after reading it .
>  *
> http://www.cracked.com/personal-experiences-1760-5-things-i-learned-infiltrating-deep-web-child-molesters.html
> * Some of the content is indeed quite traumatic - it's as bad as they say
> it is, and many people working in this space have long-term psychological
> problems
> * While many of these communities hide in TOR, making it difficult to find
> the perpetrators, many of the images there actually link to images hosted
> in public-facing image-hosting servers. This means that the abusers access
> it through 3 hops through the proxy network instead of 6, for hidden
> servers.
>
> This means that indeed, the majority of people accessing that content on
> your network may be doing so from hotlinks posted to a hidden server
> somewhere. You may see them primarily being accessed via known TOR exit
> nodes.
>
> My recommendations :
> * First, reach out to NCMEC for guidance on filtering/logging
> * Second, Ive done a teensy bit of work for these guys at Thorn (Ashton
> Kutchers nonprofit). They have an interesting program that attempts to
> recognize people searching for abuse imagery, and redirects them to
> material urging them to seek psychological help for their problem. :
> https://www.wearethorn.org/deterrence-prevent-child-sexual-abuse-imagery/
>
>
>
>
> On Fri, Dec 7, 2018 at 11:32 AM Lotia, Pratik M 
> wrote:
>
>> Very well explained, Max!
>>
>>
>> With Gratitude,
>> Pratik Lotia
>>
>> “Information is not knowledge.”
>>
>> On 12/7/18, 13:16, "NANOG on behalf of na...@jack.fr.eu.org" <
>> nanog-boun...@nanog.org on behalf of na...@jack.fr.eu.org> wrote:
>>
>> Well said
>>
>>
>> On 12/07/2018 07:48 PM, Max Tulyev wrote:
>> > Hi All,
>> >
>> > we are fighting with censorship in our country. So I have something
>> to say.
>> >
>> > First, censorship is not just "switch off this website and that
>> > webpage". No magic button exist. It is more complex, if you think
>> as for
>> > while system.
>> >
>> > Initially, networks was build without systems (hardware and
>> software)
>> > can block something.
>> >
>> > Yes, you may nullroute some IP with some site, but as the collateral
>> > damage you will block part of Cloudflare or Amazon, for example. So
>> you
>> > have to buy and install additional equipment and software to do it
>> a bit
>> > less painful. That's not so cheap, that should be planned, brought,
>> > installed, checked and personal should be learned. After that, your
>> > system will be capable to block some website for ~90% of your
>> customers
>> > will not proactively avoid blocking. And for *NONE* who will, as CP
>> > addicts, terrorists, blackmarkets, gambling, porn and others do.
>> >
>> > Yep. Now you network is capable to censor something. You just maid
>> the
>> > first step to the hell. What's next? Some people send you some
>> websites
>> > to ban. This list with CP, Spamhaus DROP, some court orders, some
>> > semi-legal copyright protectors orders, some "we just want to block
>> it"
>> > requests... And some list positions from time to time became
>> outdated,
>> > so you need to clean it from time to time. Do not even expect people
>> > sent you the block request will send you unblock request, of course.
>> > Then, we have >6000 ISPs in our country - it is not possible to
>> interact
>> > with all of them directly.
>> >
>> > So, you end up under a lot of papers, random interactions with
>> random
>> > people and outdated and desyncronized blocking list. It will not
>> work.
>> >
>> > Next, government realizes there should be one centralized blocking
>> list
>>   

Re: Should ISP block child pornography?

[Aaron1]

Makes we want to cry, so sad 

Aaron

> On Dec 7, 2018, at 1:43 PM, cosmo  wrote:
> 
> I've done a bit of work in this space, wont elaborate . but here are some 
> thoughts :
> 
> * many less-engaged or new pedophiles may indeed search such content in the 
> clear, however 
> * the persistent abusers tend to form communities within TOR hidden services, 
> making them difficult to find. Most are likely just consumers of the 
> material, but many are producers (inc kidnappers)
> * some underground communities require that prospective members contribute 
> new abuse imagery/videos in order to prove they are not law enforcement. 
> Tragically this encourages abusers to abuse a family member
> * other communities have plenty of essays espousing the viewpoint that such 
> behavior is quite natural, which does convince some to excuse their behavior. 
> This content itself does have the ability to convert non-offenders to 
> offenders, IMHO.
>- The following article discuss these communities and their underlying 
> agendas. I'll warn you that you may need therapy after reading it . 
>  * 
> http://www.cracked.com/personal-experiences-1760-5-things-i-learned-infiltrating-deep-web-child-molesters.html
> * Some of the content is indeed quite traumatic - it's as bad as they say it 
> is, and many people working in this space have long-term psychological 
> problems
> * While many of these communities hide in TOR, making it difficult to find 
> the perpetrators, many of the images there actually link to images hosted in 
> public-facing image-hosting servers. This means that the abusers access it 
> through 3 hops through the proxy network instead of 6, for hidden servers.
> 
> This means that indeed, the majority of people accessing that content on your 
> network may be doing so from hotlinks posted to a hidden server somewhere. 
> You may see them primarily being accessed via known TOR exit nodes.
> 
> My recommendations :
> * First, reach out to NCMEC for guidance on filtering/logging
> * Second, Ive done a teensy bit of work for these guys at Thorn (Ashton 
> Kutchers nonprofit). They have an interesting program that attempts to 
> recognize people searching for abuse imagery, and redirects them to material 
> urging them to seek psychological help for their problem. : 
> https://www.wearethorn.org/deterrence-prevent-child-sexual-abuse-imagery/
> 
> 
> 
> 
>> On Fri, Dec 7, 2018 at 11:32 AM Lotia, Pratik M  
>> wrote:
>> Very well explained, Max!
>> 
>> 
>> With Gratitude,
>> Pratik Lotia
>> 
>> “Information is not knowledge.”
>> 
>> On 12/7/18, 13:16, "NANOG on behalf of na...@jack.fr.eu.org" 
>>  wrote:
>> 
>> Well said
>> 
>> 
>> On 12/07/2018 07:48 PM, Max Tulyev wrote:
>> > Hi All,
>> > 
>> > we are fighting with censorship in our country. So I have something to 
>> say.
>> > 
>> > First, censorship is not just "switch off this website and that
>> > webpage". No magic button exist. It is more complex, if you think as 
>> for
>> > while system.
>> > 
>> > Initially, networks was build without systems (hardware and software)
>> > can block something.
>> > 
>> > Yes, you may nullroute some IP with some site, but as the collateral
>> > damage you will block part of Cloudflare or Amazon, for example. So you
>> > have to buy and install additional equipment and software to do it a 
>> bit
>> > less painful. That's not so cheap, that should be planned, brought,
>> > installed, checked and personal should be learned. After that, your
>> > system will be capable to block some website for ~90% of your customers
>> > will not proactively avoid blocking. And for *NONE* who will, as CP
>> > addicts, terrorists, blackmarkets, gambling, porn and others do.
>> > 
>> > Yep. Now you network is capable to censor something. You just maid the
>> > first step to the hell. What's next? Some people send you some websites
>> > to ban. This list with CP, Spamhaus DROP, some court orders, some
>> > semi-legal copyright protectors orders, some "we just want to block it"
>> > requests... And some list positions from time to time became outdated,
>> > so you need to clean it from time to time. Do not even expect people
>> > sent you the block request will send you unblock request, of course.
>> > Then, we have >6000 ISPs in our country - it is not possible to 
>> interact
>> > with all of them directly.
>> > 
>> > So, you end up under a lot of papers, random interactions with random
>> > people and outdated and desyncronized blocking list. It will not work.
>> > 
>> > Next, government realizes there should be one centralized blocking list
>> > and introduces it.
>> > 
>> > Ok. Now we have censored Internet. THE SWITCH IS ON.
>> > 
>> > In a very short time the number of organizations have permission to
>> > insert something in the list dramatically 

Re: Should ISP block child pornography?

[cosmo]

I've done a bit of work in this space, wont elaborate . but here are
some thoughts :

* many less-engaged or new pedophiles may indeed search such content in the
clear, however 
* the persistent abusers tend to form communities within TOR hidden
services, making them difficult to find. Most are likely just consumers of
the material, but many are producers (inc kidnappers)
* some underground communities require that prospective members contribute
new abuse imagery/videos in order to prove they are not law enforcement.
Tragically this encourages abusers to abuse a family member
* other communities have plenty of essays espousing the viewpoint that such
behavior is quite natural, which does convince some to excuse their
behavior. This content itself does have the ability to convert
non-offenders to offenders, IMHO.
   - The following article discuss these communities and their underlying
agendas. I'll warn you that you may need therapy after reading it .
 *
http://www.cracked.com/personal-experiences-1760-5-things-i-learned-infiltrating-deep-web-child-molesters.html
* Some of the content is indeed quite traumatic - it's as bad as they say
it is, and many people working in this space have long-term psychological
problems
* While many of these communities hide in TOR, making it difficult to find
the perpetrators, many of the images there actually link to images hosted
in public-facing image-hosting servers. This means that the abusers access
it through 3 hops through the proxy network instead of 6, for hidden
servers.

This means that indeed, the majority of people accessing that content on
your network may be doing so from hotlinks posted to a hidden server
somewhere. You may see them primarily being accessed via known TOR exit
nodes.

My recommendations :
* First, reach out to NCMEC for guidance on filtering/logging
* Second, Ive done a teensy bit of work for these guys at Thorn (Ashton
Kutchers nonprofit). They have an interesting program that attempts to
recognize people searching for abuse imagery, and redirects them to
material urging them to seek psychological help for their problem. :
https://www.wearethorn.org/deterrence-prevent-child-sexual-abuse-imagery/




On Fri, Dec 7, 2018 at 11:32 AM Lotia, Pratik M 
wrote:

> Very well explained, Max!
>
>
> With Gratitude,
> Pratik Lotia
>
> “Information is not knowledge.”
>
> On 12/7/18, 13:16, "NANOG on behalf of na...@jack.fr.eu.org" <
> nanog-boun...@nanog.org on behalf of na...@jack.fr.eu.org> wrote:
>
> Well said
>
>
> On 12/07/2018 07:48 PM, Max Tulyev wrote:
> > Hi All,
> >
> > we are fighting with censorship in our country. So I have something
> to say.
> >
> > First, censorship is not just "switch off this website and that
> > webpage". No magic button exist. It is more complex, if you think as
> for
> > while system.
> >
> > Initially, networks was build without systems (hardware and software)
> > can block something.
> >
> > Yes, you may nullroute some IP with some site, but as the collateral
> > damage you will block part of Cloudflare or Amazon, for example. So
> you
> > have to buy and install additional equipment and software to do it a
> bit
> > less painful. That's not so cheap, that should be planned, brought,
> > installed, checked and personal should be learned. After that, your
> > system will be capable to block some website for ~90% of your
> customers
> > will not proactively avoid blocking. And for *NONE* who will, as CP
> > addicts, terrorists, blackmarkets, gambling, porn and others do.
> >
> > Yep. Now you network is capable to censor something. You just maid
> the
> > first step to the hell. What's next? Some people send you some
> websites
> > to ban. This list with CP, Spamhaus DROP, some court orders, some
> > semi-legal copyright protectors orders, some "we just want to block
> it"
> > requests... And some list positions from time to time became
> outdated,
> > so you need to clean it from time to time. Do not even expect people
> > sent you the block request will send you unblock request, of course.
> > Then, we have >6000 ISPs in our country - it is not possible to
> interact
> > with all of them directly.
> >
> > So, you end up under a lot of papers, random interactions with random
> > people and outdated and desyncronized blocking list. It will not
> work.
> >
> > Next, government realizes there should be one centralized blocking
> list
> > and introduces it.
> >
> > Ok. Now we have censored Internet. THE SWITCH IS ON.
> >
> > In a very short time the number of organizations have permission to
> > insert something in the list dramatically increases. Corruption
> rises,
> > it becomes possible, and then becomes cheap to put your competitor's
> > website into the list for some time. And of course, primary target of
> > any 

Re: Should ISP block child pornography?

[Lotia, Pratik M]

Very well explained, Max!


With Gratitude,
Pratik Lotia
 
“Information is not knowledge.”

On 12/7/18, 13:16, "NANOG on behalf of na...@jack.fr.eu.org" 
 wrote:

Well said


On 12/07/2018 07:48 PM, Max Tulyev wrote:
> Hi All,
> 
> we are fighting with censorship in our country. So I have something to 
say.
> 
> First, censorship is not just "switch off this website and that
> webpage". No magic button exist. It is more complex, if you think as for
> while system.
> 
> Initially, networks was build without systems (hardware and software)
> can block something.
> 
> Yes, you may nullroute some IP with some site, but as the collateral
> damage you will block part of Cloudflare or Amazon, for example. So you
> have to buy and install additional equipment and software to do it a bit
> less painful. That's not so cheap, that should be planned, brought,
> installed, checked and personal should be learned. After that, your
> system will be capable to block some website for ~90% of your customers
> will not proactively avoid blocking. And for *NONE* who will, as CP
> addicts, terrorists, blackmarkets, gambling, porn and others do.
> 
> Yep. Now you network is capable to censor something. You just maid the
> first step to the hell. What's next? Some people send you some websites
> to ban. This list with CP, Spamhaus DROP, some court orders, some
> semi-legal copyright protectors orders, some "we just want to block it"
> requests... And some list positions from time to time became outdated,
> so you need to clean it from time to time. Do not even expect people
> sent you the block request will send you unblock request, of course.
> Then, we have >6000 ISPs in our country - it is not possible to interact
> with all of them directly.
> 
> So, you end up under a lot of papers, random interactions with random
> people and outdated and desyncronized blocking list. It will not work.
> 
> Next, government realizes there should be one centralized blocking list
> and introduces it.
> 
> Ok. Now we have censored Internet. THE SWITCH IS ON.
> 
> In a very short time the number of organizations have permission to
> insert something in the list dramatically increases. Corruption rises,
> it becomes possible, and then becomes cheap to put your competitor's
> website into the list for some time. And of course, primary target of
> any censorship is the elections...
> 
> What about CP and porn addicts, gamblers, killers, terrorists? Surprise,
> they are even more fine than at the beginning! Why? Because they learned
> VPN, TOR and have to use it! Investigators end up with TOR and VPN exit
> IP addresses from another countries instead of their home IPs.
> 
> Hey. It is a very very bad and very very danger game. Avoid it.
> Goal of that game is to SWITCH ON that system BY ANY REASON. CP, war,
> gambling - any reason that will work. After the system will be switched
> on - in several months you will forget the initial reason. And will
> awake in another world.
> 
> 07.12.18 08:06, Lotia, Pratik M пише:
>> Hello all, was curious to know the community’s opinion on whether an ISP
>> should block domains hosting CPE (child pornography exploitation)
>> content? Interpol has a ‘worst-of’ list which contains such domains and
>> it wants ISPs to block it.
>>
>> On one side we want the ISP to not do any kind of censorship or
>> inspection of customer traffic (customers are paying for pipes – not for
>> filtered pipes), on the other side morals/ethics come into play. Keep in
>> mind that if an ISP is blocking it would mean that it is also logging
>> the information (source IP) and law agencies might be wanting access to 
it.
>>
>>  
>>
>> Wondering if any operator is actively doing it or has ever considered
>> doing it?
>>
>>  
>>
>> Thanks.
>>
>>  
>>
>>  
>>
>> With Gratitude,
>>
>> * *
>>
>> *Pratik Lotia*  
>>
>>  
>>
>> “Information is not knowledge.”
>>
>> The contents of this e-mail message and
>> any attachments are intended solely for the
>> addressee(s) and may contain confidential
>> and/or legally privileged information. If you
>> are not the intended recipient of this message
>> or if this message has been addressed to you
>> in error, please immediately alert the sender
>> by reply e-mail and then delete this message
>> and any attachments. If you are not the
>> intended recipient, you are notified that
>> any use, dissemination, distribution, copying,
>> or storage of this message or any attachment
>> is strictly prohibited.



E-MAIL CONFIDENTIALITY NOTICE: 
The contents of this e-mail message 

Re: Should ISP block child pornography?

[Lotia, Pratik M]

>>What is “ROKSO's DROP list” ?

ROKSO:
The Register of Known Spam Operations database is a depository of information 
and evidence on known persistent spam operations, assembled to assist service 
providers with customer vetting and the Infosec industry with Actor Attribution.

Spamhaus (https://www.spamhaus.org) provides a 'DROP' list which is a list of 
domains which are hijacked or leased by professional spam operations. As per 
them this is Not a list of just 'suspicious' domains - they are 100% sure that 
these are bad domains and one should not peer with them or have a route to them.


With Gratitude,
 
Pratik Lotia 
 
“Information is not knowledge.”

On 12/7/18, 11:47, "NANOG on behalf of Aaron1"  wrote:

What is “ROKSO's DROP list” ?

Aaron

> On Dec 7, 2018, at 8:57 AM, John Von Essen  wrote:
> 
> ROKSO's DROP list



E-MAIL CONFIDENTIALITY NOTICE: 
The contents of this e-mail message and any attachments are intended solely for 
the addressee(s) and may contain confidential and/or legally privileged 
information. If you are not the intended recipient of this message or if this 
message has been addressed to you in error, please immediately alert the sender 
by reply e-mail and then delete this message and any attachments. If you are 
not the intended recipient, you are notified that any use, dissemination, 
distribution, copying, or storage of this message or any attachment is strictly 
prohibited.

Re: Should ISP block child pornography?

[Lotia, Pratik M]

>> The only issue with blocking domains of CPE is I imagine those domains 
>> change all the time as they get shutdown, if you block the IP

>> (from domain lookup) its likely that IP maybe be legitimate in the future.

The list would be updated daily/weekly. The ACLs would have to be updated 
accordingly – this can be automated. This way no stale entries are present.

With Gratitude,


Pratik Lotia

From: NANOG  on behalf of John Von Essen 

Date: Friday, December 7, 2018 at 08:59
To: "nanog@nanog.org" 
Subject: Re: Should ISP block child pornography?


I block stuff all the time (like ROKSO's DROP list). The only issue with 
blocking domains of CPE is I imagine those domains change all the time as they 
get shutdown, if you block the IP (from domain lookup) its likely that IP maybe 
be legitimate in the future.

It should be stopped it at the DNS level, but even that has workarounds. I 
would think CPE is a violation of terms of "most" registrars.

-John
On 12/7/18 1:06 AM, Lotia, Pratik M wrote:
Hello all, was curious to know the community’s opinion on whether an ISP should 
block domains hosting CPE (child pornography exploitation) content? Interpol 
has a ‘worst-of’ list which contains such domains and it wants ISPs to block it.
On one side we want the ISP to not do any kind of censorship or inspection of 
customer traffic (customers are paying for pipes – not for filtered pipes), on 
the other side morals/ethics come into play. Keep in mind that if an ISP is 
blocking it would mean that it is also logging the information (source IP) and 
law agencies might be wanting access to it.

Wondering if any operator is actively doing it or has ever considered doing it?

Thanks.


With Gratitude,

Pratik Lotia

“Information is not knowledge.”
The contents of this e-mail message and
any attachments are intended solely for the
addressee(s) and may contain confidential
and/or legally privileged information. If you
are not the intended recipient of this message
or if this message has been addressed to you
in error, please immediately alert the sender
by reply e-mail and then delete this message
and any attachments. If you are not the
intended recipient, you are notified that
any use, dissemination, distribution, copying,
or storage of this message or any attachment
is strictly prohibited.
E-MAIL CONFIDENTIALITY NOTICE: 
The contents of this e-mail message and any attachments are intended solely for 
the addressee(s) and may contain confidential and/or legally privileged 
information. If you are not the intended recipient of this message or if this 
message has been addressed to you in error, please immediately alert the sender 
by reply e-mail and then delete this message and any attachments. If you are 
not the intended recipient, you are notified that any use, dissemination, 
distribution, copying, or storage of this message or any attachment is strictly 
prohibited.

Re: Should ISP block child pornography?

[nanog]

Well said


On 12/07/2018 07:48 PM, Max Tulyev wrote:
> Hi All,
> 
> we are fighting with censorship in our country. So I have something to say.
> 
> First, censorship is not just "switch off this website and that
> webpage". No magic button exist. It is more complex, if you think as for
> while system.
> 
> Initially, networks was build without systems (hardware and software)
> can block something.
> 
> Yes, you may nullroute some IP with some site, but as the collateral
> damage you will block part of Cloudflare or Amazon, for example. So you
> have to buy and install additional equipment and software to do it a bit
> less painful. That's not so cheap, that should be planned, brought,
> installed, checked and personal should be learned. After that, your
> system will be capable to block some website for ~90% of your customers
> will not proactively avoid blocking. And for *NONE* who will, as CP
> addicts, terrorists, blackmarkets, gambling, porn and others do.
> 
> Yep. Now you network is capable to censor something. You just maid the
> first step to the hell. What's next? Some people send you some websites
> to ban. This list with CP, Spamhaus DROP, some court orders, some
> semi-legal copyright protectors orders, some "we just want to block it"
> requests... And some list positions from time to time became outdated,
> so you need to clean it from time to time. Do not even expect people
> sent you the block request will send you unblock request, of course.
> Then, we have >6000 ISPs in our country - it is not possible to interact
> with all of them directly.
> 
> So, you end up under a lot of papers, random interactions with random
> people and outdated and desyncronized blocking list. It will not work.
> 
> Next, government realizes there should be one centralized blocking list
> and introduces it.
> 
> Ok. Now we have censored Internet. THE SWITCH IS ON.
> 
> In a very short time the number of organizations have permission to
> insert something in the list dramatically increases. Corruption rises,
> it becomes possible, and then becomes cheap to put your competitor's
> website into the list for some time. And of course, primary target of
> any censorship is the elections...
> 
> What about CP and porn addicts, gamblers, killers, terrorists? Surprise,
> they are even more fine than at the beginning! Why? Because they learned
> VPN, TOR and have to use it! Investigators end up with TOR and VPN exit
> IP addresses from another countries instead of their home IPs.
> 
> Hey. It is a very very bad and very very danger game. Avoid it.
> Goal of that game is to SWITCH ON that system BY ANY REASON. CP, war,
> gambling - any reason that will work. After the system will be switched
> on - in several months you will forget the initial reason. And will
> awake in another world.
> 
> 07.12.18 08:06, Lotia, Pratik M пише:
>> Hello all, was curious to know the community’s opinion on whether an ISP
>> should block domains hosting CPE (child pornography exploitation)
>> content? Interpol has a ‘worst-of’ list which contains such domains and
>> it wants ISPs to block it.
>>
>> On one side we want the ISP to not do any kind of censorship or
>> inspection of customer traffic (customers are paying for pipes – not for
>> filtered pipes), on the other side morals/ethics come into play. Keep in
>> mind that if an ISP is blocking it would mean that it is also logging
>> the information (source IP) and law agencies might be wanting access to it.
>>
>>  
>>
>> Wondering if any operator is actively doing it or has ever considered
>> doing it?
>>
>>  
>>
>> Thanks.
>>
>>  
>>
>>  
>>
>> With Gratitude,
>>
>> * *
>>
>> *Pratik Lotia*  
>>
>>  
>>
>> “Information is not knowledge.”
>>
>> The contents of this e-mail message and
>> any attachments are intended solely for the
>> addressee(s) and may contain confidential
>> and/or legally privileged information. If you
>> are not the intended recipient of this message
>> or if this message has been addressed to you
>> in error, please immediately alert the sender
>> by reply e-mail and then delete this message
>> and any attachments. If you are not the
>> intended recipient, you are notified that
>> any use, dissemination, distribution, copying,
>> or storage of this message or any attachment
>> is strictly prohibited.

Re: Should ISP block child pornography?

[Max Tulyev]

Hi All,

we are fighting with censorship in our country. So I have something to say.

First, censorship is not just "switch off this website and that
webpage". No magic button exist. It is more complex, if you think as for
while system.

Initially, networks was build without systems (hardware and software)
can block something.

Yes, you may nullroute some IP with some site, but as the collateral
damage you will block part of Cloudflare or Amazon, for example. So you
have to buy and install additional equipment and software to do it a bit
less painful. That's not so cheap, that should be planned, brought,
installed, checked and personal should be learned. After that, your
system will be capable to block some website for ~90% of your customers
will not proactively avoid blocking. And for *NONE* who will, as CP
addicts, terrorists, blackmarkets, gambling, porn and others do.

Yep. Now you network is capable to censor something. You just maid the
first step to the hell. What's next? Some people send you some websites
to ban. This list with CP, Spamhaus DROP, some court orders, some
semi-legal copyright protectors orders, some "we just want to block it"
requests... And some list positions from time to time became outdated,
so you need to clean it from time to time. Do not even expect people
sent you the block request will send you unblock request, of course.
Then, we have >6000 ISPs in our country - it is not possible to interact
with all of them directly.

So, you end up under a lot of papers, random interactions with random
people and outdated and desyncronized blocking list. It will not work.

Next, government realizes there should be one centralized blocking list
and introduces it.

Ok. Now we have censored Internet. THE SWITCH IS ON.

In a very short time the number of organizations have permission to
insert something in the list dramatically increases. Corruption rises,
it becomes possible, and then becomes cheap to put your competitor's
website into the list for some time. And of course, primary target of
any censorship is the elections...

What about CP and porn addicts, gamblers, killers, terrorists? Surprise,
they are even more fine than at the beginning! Why? Because they learned
VPN, TOR and have to use it! Investigators end up with TOR and VPN exit
IP addresses from another countries instead of their home IPs.

Hey. It is a very very bad and very very danger game. Avoid it.
Goal of that game is to SWITCH ON that system BY ANY REASON. CP, war,
gambling - any reason that will work. After the system will be switched
on - in several months you will forget the initial reason. And will
awake in another world.

07.12.18 08:06, Lotia, Pratik M пише:
> Hello all, was curious to know the community’s opinion on whether an ISP
> should block domains hosting CPE (child pornography exploitation)
> content? Interpol has a ‘worst-of’ list which contains such domains and
> it wants ISPs to block it.
> 
> On one side we want the ISP to not do any kind of censorship or
> inspection of customer traffic (customers are paying for pipes – not for
> filtered pipes), on the other side morals/ethics come into play. Keep in
> mind that if an ISP is blocking it would mean that it is also logging
> the information (source IP) and law agencies might be wanting access to it.
> 
>  
> 
> Wondering if any operator is actively doing it or has ever considered
> doing it?
> 
>  
> 
> Thanks.
> 
>  
> 
>  
> 
> With Gratitude,
> 
> * *
> 
> *Pratik Lotia*  
> 
>  
> 
> “Information is not knowledge.”
> 
> The contents of this e-mail message and
> any attachments are intended solely for the
> addressee(s) and may contain confidential
> and/or legally privileged information. If you
> are not the intended recipient of this message
> or if this message has been addressed to you
> in error, please immediately alert the sender
> by reply e-mail and then delete this message
> and any attachments. If you are not the
> intended recipient, you are notified that
> any use, dissemination, distribution, copying,
> or storage of this message or any attachment
> is strictly prohibited.

Weekly Routing Table Report

[Routing Analysis Role Account]

This is an automated weekly mailing describing the state of the Internet
Routing Table as seen from APNIC's router in Japan.

The posting is sent to APOPS, NANOG, AfNOG, SANOG, PacNOG, SAFNOG
TZNOG, MENOG, BJNOG, SDNOG, CMNOG, LACNOG and the RIPE Routing WG.

Daily listings are sent to bgp-st...@lists.apnic.net

For historical data, please see http://thyme.rand.apnic.net.

If you have any comments please contact Philip Smith .

Routing Table Report   04:00 +10GMT Sat 08 Dec, 2018

Report Website: http://thyme.rand.apnic.net
Detailed Analysis:  http://thyme.rand.apnic.net/current/

Analysis Summary


BGP routing table entries examined:  728472
Prefixes after maximum aggregation (per Origin AS):  280445
Deaggregation factor:  2.60
Unique aggregates announced (without unneeded subnets):  350812
Total ASes present in the Internet Routing Table: 62662
Prefixes per ASN: 11.63
Origin-only ASes present in the Internet Routing Table:   54096
Origin ASes announcing only one prefix:   23510
Transit ASes present in the Internet Routing Table:8566
Transit-only ASes present in the Internet Routing Table:254
Average AS path length visible in the Internet Routing Table:   4.0
Max AS path length visible:  40
Max AS path prepend of ASN ( 22394)  37
Prefixes from unregistered ASNs in the Routing Table:35
Number of instances of unregistered ASNs:35
Number of 32-bit ASNs allocated by the RIRs:  25157
Number of 32-bit ASNs visible in the Routing Table:   20374
Prefixes from 32-bit ASNs in the Routing Table:   87547
Number of bogon 32-bit ASNs visible in the Routing Table:17
Special use prefixes present in the Routing Table:1
Prefixes being announced from unallocated address space:263
Number of addresses announced to Internet:   2837329313
Equivalent to 169 /8s, 30 /16s and 53 /24s
Percentage of available address space announced:   76.6
Percentage of allocated address space announced:   76.6
Percentage of available address space allocated:  100.0
Percentage of address space in use by end-sites:   99.1
Total number of prefixes smaller than registry allocations:  242825

APNIC Region Analysis Summary
-

Prefixes being announced by APNIC Region ASes:   199092
Total APNIC prefixes after maximum aggregation:   56746
APNIC Deaggregation factor:3.51
Prefixes being announced from the APNIC address blocks:  196299
Unique aggregates announced from the APNIC address blocks:80768
APNIC Region origin ASes present in the Internet Routing Table:9281
APNIC Prefixes per ASN:   21.15
APNIC Region origin ASes announcing only one prefix:   2609
APNIC Region transit ASes present in the Internet Routing Table:   1383
Average APNIC Region AS path length visible:4.0
Max APNIC Region AS path length visible: 29
Number of APNIC region 32-bit ASNs visible in the Routing Table:   4278
Number of APNIC addresses announced to Internet:  768663936
Equivalent to 45 /8s, 208 /16s and 225 /24s
APNIC AS Blocks4608-4864, 7467-7722, 9216-10239, 17408-18431
(pre-ERX allocations)  23552-24575, 37888-38911, 45056-46079, 55296-56319,
   58368-59391, 63488-64098, 64297-64395, 131072-139577
APNIC Address Blocks 1/8,  14/8,  27/8,  36/8,  39/8,  42/8,  43/8,
49/8,  58/8,  59/8,  60/8,  61/8, 101/8, 103/8,
   106/8, 110/8, 111/8, 112/8, 113/8, 114/8, 115/8,
   116/8, 117/8, 118/8, 119/8, 120/8, 121/8, 122/8,
   123/8, 124/8, 125/8, 126/8, 133/8, 150/8, 153/8,
   163/8, 171/8, 175/8, 180/8, 182/8, 183/8, 202/8,
   203/8, 210/8, 211/8, 218/8, 219/8, 220/8, 221/8,
   222/8, 223/8,

ARIN Region Analysis Summary


Prefixes being announced by ARIN Region ASes:215940
Total ARIN prefixes after maximum aggregation:   102700
ARIN Deaggregation factor: 2.10
Prefixes being announced from the ARIN address blocks:   215304
Unique aggregates announced from the ARIN address blocks:103246
ARIN Region origin ASes present in the Internet Routing Table:18310
ARIN Prefixes per ASN:11.76
ARIN 

Re: Should ISP block child pornography?

[Seth Mattinen]

On 12/7/18 9:46 AM, Aaron1 wrote:

What is “ROKSO's DROP list” ?



https://www.spamhaus.org/drop/

Re: Should ISP block child pornography?

[Aaron1]

What is “ROKSO's DROP list” ?

Aaron

> On Dec 7, 2018, at 8:57 AM, John Von Essen  wrote:
> 
> ROKSO's DROP list

Re: DirecTV Now Geolocation Contact

[Mike Hammett]

Did you get any resolution to this? I have a customer that has had their /21 
since April of 2008. DirecTV Now is claiming the location is incorrect. 

I have gone through what few links there are on the old Cluepon site. 

https://web.archive.org/web/20130122055317/http://nanog.cluepon.net/index.php/GeoIP
 




- 
Mike Hammett 
Intelligent Computing Solutions 
http://www.ics-il.com 

Midwest-IX 
http://www.midwest-ix.com 

- Original Message -

From: "Dan White"  
To: nanog@nanog.org 
Sent: Tuesday, August 21, 2018 9:13:51 AM 
Subject: DirecTV Now Geolocation Contact 

Are there any DirecTV Now contacts on-list? We are having geolocation 
trouble with a well established ip range. 

-- 
Dan White 
BTC Broadband 
Network Admin Lead 
Ph 918.366.0248 (direct) main: (918)366-8000 
Fax 918.366.6610 email: dwh...@mybtc.com 
http://www.btcbroadband.com 

Re: Where you think the market/network will be heading

[Matt Harris]

On Fri, Dec 7, 2018 at 9:33 AM lobna gouda  wrote:

> Hello Networks,
>
> Might sound unprofessional, but seriously Wanted to get your views about
> upcoming technlogies or market.  Things like  virtualization, cloud
> services , automation and SDN models and its use cases have actually done
> some shift, no much  gap between ISP and DC tech. For example things like
> SDWAN, EVPN, SR...etc will end classical MPLS this is if you do not want to
> perform your own scripted PCEP and will be used in ISP, enterprise and DC
>
> If you would like to provide a good career advise for someone willing  to
> change, is working in designing  datacenter (learning storage,
> Virtulaztion, cloud services, LB...etc) or working in a mid-size company
> that is looking  for its own solutions type of this and you will utilize
> your own skills differently and honestly you do not know what you would
> expect or learn
>
> What would you choose and have anyone went through this route before? what
> is your experience/advise?
>

I think the network is moving more towards virtualized and whitebox
platforms.  Slowly but surely.  If you look at how Juniper's virtual
platforms - the vSRX and vMX (and I'd imagine vQFX though I haven't played
with this myself) work, and at how they built the MX204 router hardware and
software stack, I think that speaks to where things will be going over the
next decade.  Cisco's on board to at least some degree as well with the
Nexus 1000v NX-OS platform.  All of this coupled with the rise of the cloud
- and not just AWS and Azure, but private in-house clouds and smaller
public cloud providers running OpenStack or other products which integrate
nearly with these virtualized platforms.
Beyond the software and virtualized side, there's the hardware side and
going beyond how Juniper built the MX204, you have a growing trend among
large organizations to run white box hardware solutions which I suspect
will eventually trickle down as well.  There'll be plenty of fun toys to
play with well into the future!  ;)

Where you think the market/network will be heading

[lobna gouda]

Hello Networks,

Might sound unprofessional, but seriously Wanted to get your views about 
upcoming technlogies or market.  Things like  virtualization, cloud services , 
automation and SDN models and its use cases have actually done some shift, no 
much  gap between ISP and DC tech. For example things like SDWAN, EVPN, 
SR...etc will end classical MPLS this is if you do not want to perform your own 
scripted PCEP and will be used in ISP, enterprise and DC

If you would like to provide a good career advise for someone willing  to 
change, is working in designing  datacenter (learning storage, Virtulaztion, 
cloud services, LB...etc) or working in a mid-size company that is looking  for 
its own solutions type of this and you will utilize your own skills differently 
and honestly you do not know what you would expect or learn

What would you choose and have anyone went through this route before? what is 
your experience/advise?

Re: Should ISP block child pornography?

[John Von Essen]

I block stuff all the time (like ROKSO's DROP list). The only issue with 
blocking domains of CPE is I imagine those domains change all the time 
as they get shutdown, if you block the IP (from domain lookup) its 
likely that IP maybe be legitimate in the future.


It should be stopped it at the DNS level, but even that has workarounds. 
I would think CPE is a violation of terms of "most" registrars.


-John

On 12/7/18 1:06 AM, Lotia, Pratik M wrote:


Hello all, was curious to know the community’s opinion on whether an 
ISP should block domains hosting CPE (child pornography exploitation) 
content? Interpol has a ‘worst-of’ list which contains such domains 
and it wants ISPs to block it.


On one side we want the ISP to not do any kind of censorship or 
inspection of customer traffic (customers are paying for pipes – not 
for filtered pipes), on the other side morals/ethics come into play. 
Keep in mind that if an ISP is blocking it would mean that it is also 
logging the information (source IP) and law agencies might be wanting 
access to it.


Wondering if any operator is actively doing it or has ever considered 
doing it?


Thanks.

With Gratitude,

**

*Pratik Lotia*

“Information is not knowledge.”

The contents of this e-mail message and
any attachments are intended solely for the
addressee(s) and may contain confidential
and/or legally privileged information. If you
are not the intended recipient of this message
or if this message has been addressed to you
in error, please immediately alert the sender
by reply e-mail and then delete this message
and any attachments. If you are not the
intended recipient, you are notified that
any use, dissemination, distribution, copying,
or storage of this message or any attachment
is strictly prohibited. 

Re: Should ISP block child pornography?

[Alejandro Acosta]

Agree


El 7/12/18 a las 06:14, Owen DeLong escribió:
> How is it that Interpol isn’t taking over/shutting down these domains
> in the DNS at the registry/registrar level?
>
> The GAC pushed hard for the provisions that allow them to do so and
> there’s a pretty clear (and quick) process for it.
>
> Owen
>
>
>> On Dec 6, 2018, at 22:06 , Lotia, Pratik M > > wrote:
>>
>> Hello all, was curious to know the community’s opinion on whether an
>> ISP should block domains hosting CPE (child pornography exploitation)
>> content? Interpol has a ‘worst-of’ list which contains such domains
>> and it wants ISPs to block it.
>> On one side we want the ISP to not do any kind of censorship or
>> inspection of customer traffic (customers are paying for pipes – not
>> for filtered pipes), on the other side morals/ethics come into play.
>> Keep in mind that if an ISP is blocking it would mean that it is also
>> logging the information (source IP) and law agencies might be wanting
>> access to it.
>>  
>> Wondering if any operator is actively doing it or has ever considered
>> doing it?
>>  
>> Thanks.
>>  
>>  
>> With Gratitude,
>> * *
>> *Pratik Lotia*  
>>  
>> “Information is not knowledge.”
>> The contents of this e-mail message and 
>> any attachments are intended solely for the 
>> addressee(s) and may contain confidential 
>> and/or legally privileged information. If you
>> are not the intended recipient of this message
>> or if this message has been addressed to you 
>> in error, please immediately alert the sender
>> by reply e-mail and then delete this message 
>> and any attachments. If you are not the 
>> intended recipient, you are notified that 
>> any use, dissemination, distribution, copying,
>> or storage of this message or any attachment 
>> is strictly prohibited.
>

Re: L3 Network topology in YANG

[Yannis Mitsos]

Hi Rob,

On 13:53 Wed 05 Dec , Rob Shakir wrote:

Hi Yannis,

I know that there are some folks using pyangbind with models that correspond to
topology including rfc8346, similarly, some folks are using goyang+ygot (where


Would be nice to contact them, if possible, and exchange some experiences.

Regards,

y.


using Go) for dealing with their topology models in YANG. I'm not clear how far
these operations are along, but I've handled feature requests related to these
models in both.

Cheers,
r.


On Mon, 19 Nov 2018 at 09:44 Yannis Mitsos  wrote:

   All,

   I was wondering if there is any network operator who exposes
   (dynamically?) its topology in YANG based on RFC8346 [1]. I understand
   that for commercial operators and purposes, may not be of any
   substantial value.
   We are assessing some available tools[2],[3],[4] on how to achieve this
   but we would like to know if there is any success story out there.

   Regards,

   Yannis

   [1] https://tools.ietf.org/html/rfc8346
   [2] https://github.com/robshakir/pyangbind
   [3] https://github.com/YangModels/yang.git
   [4] https://developer.cisco.com/site/ydk






smime.p7s
Description: S/MIME cryptographic signature

Re: Should ISP block child pornography?

[Owen DeLong]

How is it that Interpol isn’t taking over/shutting down these domains in the 
DNS at the registry/registrar level?

The GAC pushed hard for the provisions that allow them to do so and there’s a 
pretty clear (and quick) process for it.

Owen


> On Dec 6, 2018, at 22:06 , Lotia, Pratik M  wrote:
> 
> Hello all, was curious to know the community’s opinion on whether an ISP 
> should block domains hosting CPE (child pornography exploitation) content? 
> Interpol has a ‘worst-of’ list which contains such domains and it wants ISPs 
> to block it.
> On one side we want the ISP to not do any kind of censorship or inspection of 
> customer traffic (customers are paying for pipes – not for filtered pipes), 
> on the other side morals/ethics come into play. Keep in mind that if an ISP 
> is blocking it would mean that it is also logging the information (source IP) 
> and law agencies might be wanting access to it.
>  
> Wondering if any operator is actively doing it or has ever considered doing 
> it?
>  
> Thanks.
>  
>  
> With Gratitude,
>  
> Pratik Lotia  
>  
> “Information is not knowledge.”
> The contents of this e-mail message and 
> any attachments are intended solely for the 
> addressee(s) and may contain confidential 
> and/or legally privileged information. If you
> are not the intended recipient of this message
> or if this message has been addressed to you 
> in error, please immediately alert the sender
> by reply e-mail and then delete this message 
> and any attachments. If you are not the 
> intended recipient, you are notified that 
> any use, dissemination, distribution, copying,
> or storage of this message or any attachment 
> is strictly prohibited.