Hi, On Wed, Mar 09, 2011 at 06:43:43PM +0530, Suresh Ramasubramanian wrote:
If it was just spammers with large netblocks, great. There is no shortage of PI / PA netblocks which are used to host, for example, malware c&c.
While what you say is more than probably correct, it is strange that spammers seem to prefer the RIPE region, and working through some LIRs in eastern europe, to acquiring large netblocks from any other RIR region in the world.
Without any scientific proof, my guess would be that the RIPE region happens to be right in the middle of "there's a high number of very different companies with wildly different legal systems and legal enforcement capabilities" and "the infrastructure in the region is good and cheap enough to make it worthwile". ARIN has the easy side regarding legal system - almost all of it is "the US and Canada", so it's somewhat easier to verify documents, and to actually figure out what activity *is* legal or not. Something which might be legal in NL can be frowned-upon in DE and punishable with years of jail in RU - or vice versa. Afrinic and Lacnic have historically just lacked the infrastructure to setup a set of well-connected malware servers "quickly and inexpensively". I'm not sure about APNIC, though - I'd expect similar issues there. Gert Doering -- NetMaster -- did you enable IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (89) 32356-444 USt-IdNr.: DE813185279