On Mon, Oct 05, 2009 at 03:55:02PM -0700, Owen DeLong wrote: > > On Oct 5, 2009, at 11:23 AM, Barry Shein wrote: > > > > >Perhaps someone has said this but a potential implementation problem > >in the US are anti-trust regulations. Sure, they may come around to > >seeing it your way since the intent is so good but then again "we all > >decided to get together and blacklist customers who..." is not a great > >elevator pitch to an attorney-general no matter how good the intent. > > > That's not what is being discussed from my understanding. > > From my understanding, the intent is to share names of known > abusers and data necessary to help in tracking DDOS. > > I don't believe that any ISP is expected to necessarily take any > particular action determined by the group with respect to the > list of names they are given. > > I do think that it is reasonable to have an agreement among > an industry organization or collaboration which states that > ISPs which determine that abuse is being sourced from one of > their customers (either through their own processes or by > notification from another participant) should be expected to > take the necessary steps to mitigate that abuse from exiting > said ISPs autonomous system.
In a way, this is kind of like stores keeping a list of bad check writers. The whole information sharing thing can get more than a little touchy from a legal perspective. Then again, an independant database could also be viewed as a sort of internet credit agency. Stuff in a name, get a score back and certain flags and make your judgement based on that. "I'm sorry, I can't give you an email account. Your internet-karma rating came back below our minimum levels." -Wayne --- Wayne Bouchard w...@typo.org Network Dude http://www.typo.org/~web/
