OECD report on SPAM
Hello, http://www.oecd.org/officialdocuments/displaydocumentpdf/?cote=dsti/doc%282010%295&doclanguage=en In short, in this long report, abuse handling is pinpointed as essential in cutting off spam & crimes (there are no cyber crimes, only crimes imho). Sounds like trivial to me, but who knows ? I guess some pressure is directed from OECD to RIR for an «improved» abuse handling :) This may be the LEA pressure we heard of on this list sooner and the reason it came back to life after years of sleeping. :P Since there is a bimodal distribution with very few ISP (50) accounting for 30% of spam and they suggest to target legitimate ISP. Europa (RIPE region) seems to be the region with the most infected big ISP (which is not correlated with volume)... * making the asumption that these 50 ISP have a poor abuse handling ; * remembering that RIPE IP handling is linked to the respect of the procedure and the quality (contractually) ; * observing that RIPE region is one of the most infected ; My question is : does RIPE have a responsability in this topic by not enforcing the «we shall not give you new IP» rules when ISP failed to handle their abuse ? sed quis custodiet ipsos custodes?
It's not within RIPE NCC's remit afaik Mr. Michele Neylon Blacknight http://Blacknight.tel Via iPhone so excuse typos and brevity On 22 Nov 2010, at 11:22, "julien tayon" <jul@julbox.net> wrote:
Hello,
http://www.oecd.org/officialdocuments/displaydocumentpdf/?cote=dsti/doc%282010%295&doclanguage=en
In short, in this long report, abuse handling is pinpointed as essential in cutting off spam & crimes (there are no cyber crimes, only crimes imho). Sounds like trivial to me, but who knows ?
I guess some pressure is directed from OECD to RIR for an «improved» abuse handling :) This may be the LEA pressure we heard of on this list sooner and the reason it came back to life after years of sleeping. :P
Since there is a bimodal distribution with very few ISP (50) accounting for 30% of spam and they suggest to target legitimate ISP.
Europa (RIPE region) seems to be the region with the most infected big ISP (which is not correlated with volume)...
* making the asumption that these 50 ISP have a poor abuse handling ; * remembering that RIPE IP handling is linked to the respect of the procedure and the quality (contractually) ; * observing that RIPE region is one of the most infected ; My question is : does RIPE have a responsability in this topic by not enforcing the «we shall not give you new IP» rules when ISP failed to handle their abuse ?
sed quis custodiet ipsos custodes?
* julien tayon:
Europa (RIPE region) seems to be the region with the most infected big ISP (which is not correlated with volume)...
You have to be a bit careful about the underlying measurement methodology. In some European countries, most Internet access offered to consumers reassigns a new IP address once a day. (There are two reasons for this: static IP addresses to differentiate business products, and the drop in P2P traffic after IP address reassignment. The latter is probably not very relevant today.) Such daily IP address reassignments can easily account for one or two orders of magnitude of errors, depending on the observation period.
My question is : does RIPE have a responsability in this topic by not enforcing the «we shall not give you new IP» rules when ISP failed to handle their abuse ?
Disregarding feasibility etc., this would only be a short-term measure because IP addresses will no longer be scarce ressource a year or two, so the RIRs will lose any leverage they might currently have. -- Florian Weimer <fweimer@bfk.de> BFK edv-consulting GmbH http://www.bfk.de/ Kriegsstraße 100 tel: +49-721-96201-1 D-76133 Karlsruhe fax: +49-721-96201-99
Le 22/11/2010 13:17, Florian Weimer a écrit :
* julien tayon:
Europa (RIPE region) seems to be the region with the most infected big ISP (which is not correlated with volume)...
You have to be a bit careful about the underlying measurement methodology. In some European countries, most Internet access offered to consumers reassigns a new IP address once a day. (There are two reasons for this: static IP addresses to differentiate business products, and the drop in P2P traffic after IP address reassignment. The latter is probably not very relevant today.) Such daily IP address reassignments can easily account for one or two orders of magnitude of errors, depending on the observation period.
That's the reason why I love this discussion, I am a troll on internet because I always ask questions that tickles me, here people understand my questions, and help me broaden my views. Great, I love being smarter every days, so thank you ! So mostly your point is measurement are biased because dynamic IPs are more used in Europa thus triggering multiple false positive. And you are right for my experience in french ISP is they almost all use 24 hours long dhcp lease. But I ignore all of foreign ISP (china, india, US). This report dont give a clue on this one. So you have a point. What if mesure were not made by IP but by volume of spams emitted per group of IPs belonging to an ISP (let's say by AS) ? Wouldn't it be an interesting figure to have ? «Lazy ISP» would be as obvious as a duck sitting in my shoe.
My question is : does RIPE have a responsability in this topic by not enforcing the «we shall not give you new IP» rules when ISP failed to handle their abuse ?
Disregarding feasibility etc., this would only be a short-term measure because IP addresses will no longer be scarce ressource a year or two, so the RIRs will lose any leverage they might currently have.
the alternative to the RIPE (and all its counterpart) action, is LEA taking over the control of internet policy for the greater good.. Am I the only one uneasy with «cyber» crime ? A crime is a crime whatever the media is used. The only difference is internet makes it easier to target a a victim from another country, therefore making legal pursuits tougher. Furthermore countries such as US (because of war crimes), Europe (in ordeer to keep their financial paradise) refuse to accept any international legislation, except in the case of IP (intellectual properties). So it is like RIPE is under a set of rules that are buggies : - cyber-crimes should be fought (you shall take actions) ; - no one has agreed on a common set of definition of crimes & actions to be taken ; - RIPE & internet organisations have the legitimity through contracts signed with LIR/RIR to act but dont have the legality to act for anything else than what lies in the contract ; - there is no common definition of actors trusted for reporting/gathering crimes (private information should not be delivered to whoever claim he is a victim, and people should not be accused without proof) ; - there seems to be a confusion on the role of abuse / crime reporting & handling; So RIPE & al are in a pretty uncomfortable position I guess, because it is not their job to substitute themselves to the governments, while being held responsible for the good state of internet legal cooperation mechanisms. -- Amicalement, Julien Tayon / digital craftman / http://libroscope.org
On 22/Nov/10 14:33, julien tayon wrote:
Am I the only one uneasy with «cyber» crime ? A crime is a crime whatever the media is used.
While that's true, media or territory may determine the jurisdiction.
So RIPE & al are in a pretty uncomfortable position I guess, because it is not their job to substitute themselves to the governments, while being held responsible for the good state of internet legal cooperation mechanisms.
IMHO, when there will be enough NGOs to deal with every relevant aspect of life, we'll be finally able to dismiss governments altogether. Nowadays, it has been extensively demonstrated how deceptive advertisement, cheats, and profit-driven decision making can fool away traditional implementations of "democracy". Perhaps, the role of the Internet in the history of mankind is exactly to overcome those issues (including the ones I haven't quoted from your previous message).
participants (4)
-
Alessandro Vesely -
Florian Weimer -
julien tayon -
Michele Neylon :: Blacknight