North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Security Intelligence [Was: Re: Netblock reassigned from Chile to US ISP...]

  • From: Paul Ferguson
  • Date: Sat Dec 13 03:44:46 2008

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Not in the habit of responding to my e-mail, but...

On Sat, Dec 13, 2008 at 12:29 AM, Paul Ferguson <fergdawgster@xxxxxxxxx>
wrote:

>
> On Sat, Dec 13, 2008 at 12:22 AM, James Hess <mysidia@xxxxxxxxx> wrote:
>
>>
>> An in-depth strategy with hundreds or thousands of factors  examined
>> results in a smaller
>> (but still present) possibility of the filter/detector being fooled.
>>
>> IP-based methods can be combined with the other stronger analysis of
>> transaction details and other info that can be gathered about a
>> submitter  for detection of attempted abuse.
>>
>
> Personally, I don;t NANOG is the proper forum for this discussion.
>
> There are other forums, however, which do follow these issues -- some
> public, some private.
>
> If folks think that people are not "doing" massive correlation of
> criminal activity on the Internet, they would be mistaken.
>

The point I am trying to make here is that ISPs should much more engaged in
this entire process.

In the not-so-distant past, I have tried to engage the ISP community (via
NANOG, at NANOG meetings) to get involved in the fight against cyber crime,
with lackluster response -- unfortunately.

If this problem is ever going to get reduced to a manageable level, ISPs
must play a critical role -- one which they have not been willing
participants to this day. ISPs have been (one of) the missing links here.

Of course, there are very responsible ISPs out there who handle these issue
when they are brought to their attention, and they deserve kudos -- but
unfortunately, they are are in the minority.

This community should be asking itself why that is... and figuring out way
to deal with it responsibly.

$.02,

- - ferg

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.6.3 (Build 3017)

wj8DBQFJQ3Xpq1pz9mNUZTMRAuloAKDydG8eb0Le53iKzgLdVYzFi/LQ8ACfY9GA
5wqCM9bn9baQnBARNNRIb0Q=
=mzwy
-----END PGP SIGNATURE-----


-- 
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawgster(at)gmail.com
 ferg's tech blog: http://fergdawg.blogspot.com/