A day after security experts celebrated the death of a network provider accused of hosting a large concentration of the world's cybercrime, California-based Intercage appeared to be among the living again. IP transit provider UnitedLayer agreed to provide upstream service to Intercage about 36 hours after its last transit …
Being fraught with potential for abuse by repressive governments and repressive corporations is an interesting take on the current system. This is one of those areas where no matter what system is in place a difficult to define fine line will exist. The converse - a set of government anointed entities - is very likely to be vastly worse. ICANN anyone? As soon as governance becomes officialised, it becomes subject to a set of destructive forces. Career managers who quickly turn the organisation's operational goals into self perpetuation rather than delivering good service. They become entities that are easily targeted by litigation, and become litigation averse, and so easily controlled by corporations with big legal budgets. They are also much more vulnerable to political pressure. When anointed by governments they can be disbanded by those same governments. If it turns out that a particular repressive regime is a right wing despot friendly to the interests of certain large western powers, guess whose operations somehow don't make it to the black lists? There need never be any explicit direction. Just a nod and a wink at the right time to a manager who knows where the power really lies.
Another danger in an official list system is that it would become difficult for most ISPs to not use it. Even if it were provably bad. It might even be mandated by many countries, either directly, or as a necessary mechanism to deflect local litigation. This would entrench a back door for draconian influence by large corporations and politics.
The current anarchic system works because it is not official, not in spite of. Of course the danger is that it can become subject to the personal whim of those in control. Then again, not being an official agency, there is no compulsion to use any given black list. There is an element of market forces here. If a list becomes clearly unstable, pursuing personal vendettas or the like, it will not take long for either, the list to fall out of use, or for second tier filtering of the lists to evolve. Official black lists would be much harder to ignore, even if demonstrably bad.
I'll still be blocking the idiots, and possibly their upstreams as well.
My clients like it that way.
Don't like it? Don't host malware. End of discussion.
Yet again, kangaroo court scenes dreamt up by the media
"Given the frequent inability of today's law enforcement in overcoming a rat's nest of extra-territorial and technical issues, this form of frontier justice is probably unavoidable."
For the last time, this is NOT mob rule, kangaroo courts or "frontier justice." Spamhaus forces nobody to use their DROP list, SBL, XBL, PBL or Zen. They're resources that allow network operators to exercise their RIGHT (it's still a right, right?) to drop traffic they do no want on their PRIVATE networks. Nothing more, nothing less. That it is seen as intimidating to network operators just goes to show just how trusted within security circles it has become.
We don't want regulators pissing about with the 'net. You've seen the mess they make of anything IT related that they have touched, ever. Do you really want that for the public 'net?
The rule is simple: Make a complete arse of your network and spew shit into other people's private resources, get blocked. That many of us use Spamhaus to do it is irrelevant. They are NOT, repeat NOT doing the blocking. We are, effectively saying we trust Spamhaus and old faithful Zen more than the likes of Intercage/Atrivo.
In short, get a sodding clue and stop demonising well-run resources for security professionals with this kind of irresponsible bullshit.
Our networks - our rules, live with it.
"The Internet" isn't a public network, it's an interconnected network of privately owned networks.
Intercage and any other enity on the Internet get to do business or have access to other people's netscape for as long as those other people are prepared to let them have access.
if this sounds familiar it's because private property laws work the same way.
Noone's holding a gun to any entiy's head and telling them they MUST block Intercage or Rackspace or the RBN or anything else. Using BLs is voluntary and they're only advisory systems.
The author seems to be under the impression that by refusing to do business with a known bad actor "we" are bad people and that by walling off Intercage and their providers from our networks, that "we" are hurting Intercage and UnitedLayer's (or PIE's) business and "we" must be forced to change that. That sounds perilously like a fundamental breach of rights of free association (or freedom to NOT associate).
Get real, fella: If they want to PAY me for access to my network, then they can have it via contract, otherwise they get access as long as they don't cause trouble. If they do, the welcome mat is no longer out and they can pound sand. This principle has been upheld in multiple court cases worldwide.
if Intercage don't like it then tough, they've been making money off of network abusers for years. If Intercages non-abusive clients don't like it they can always move to a provider who doesn't tolerate spam and spam support operations.
If UnitedLayer don't like it, they can always remove their known abusive clients...
If I ever get over to the UK, I'm buying Chronos a beer or ten :)
Lest we forget...
Intercage and their previous incarnation (Atrivo) were caught redhanded on several occasions indulging in network hijackings - in most cases finding still-allocated netspace belonging to dead companies and taking control of them by putting in forged update paperwork.
In the first such case I found in early 2003, Atrivo simply just started broadcasting routes for netspace belonging to a NZ insurance company who use the address ranges in question behind a firewall. They switched to the paperwork forgery model shortly afterwards.