[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Abuse ticket

On Tue, Mar 17, 2009 at 03:30:43PM +0100, sven@xxxxxxxxxxx wrote 4.8K bytes in 92 lines about:
> Not if the abuse caused 5TB of traffic. You are comparing the number of 
> events with the number of bytes.

The abuse was a web forum post or some ssh attempts.  In nearly all
cases it was hundreds of KB vs 10TB of non-complaint generating traffic.

> This statement assumes that only complained traffic is bad traffic,  
> which is wrong of course.

Right.  As a node operator, I don't record the traffic so I have no idea
what's good or bad, just what generates complaints.  And what's good or
bad to me may not be classified the same by others.  So fine, a few
hundred KB of complaint traffic vs. 10TB of non-complaint traffic is
still a fine ratio. That's a better ratio than my smtp gateway records;
it's at 1:1 spam/complaint vs. real email.

> something, but not for the general Internet connections. Since a criminal 
> usually has a strong interest to hide something, I expect the proportion 
> of criminal traffic to be quite high, especially in countries with a 
> stable freedom of speech.

Criminals have vastly more opportunities to hide their traffic than
just using Tor.  They're already willing to break the laws, most normal
people aren't.  I've talked to victims of domestic abuse and targets of
e-stalkers, who even after everything they've endured, won't break the
laws.  They won't break the laws even when it's in their best interest
to be safe.  Criminals will always abuse a system for their own gains
and move on to the next thing.  

What you propose is an interesting research project, assuming one can
define "criminal traffic".