On Sat 16/Mar/2019 21:15:22 +0100 Ronald F. Guilmette wrote:
> First, I am inclined to wonder aloud why anyone is even still peering
> with any of the several ASNs mentioned in the report. To me, the mere
> fact that any of these ASNs still have connectivity represents a clear
> and self-evident
On Tue 19/Mar/2019 11:03:06 +0100 Linda Slaakweg wrote:
> You can find the report at:
> https://www.ripe.net/publications/docs/ripe-715/
[1] The majority of these requests were sent by
one particular party from the United States.
GOP?
On Fri 08/Nov/2019 14:39:27 +0100 Petrit Hasani wrote:
> The Discussion Period for the policy proposal 2019-04, "Validation of
> "abuse-mailbox"" has been extended until 09 December 2019.
>
> This proposal aims to have the RIPE NCC validate "abuse-c:" information more
> often, and introduces a n
Hi all
On Tue 19/Nov/2019 21:38:44 +0100 David Guo via anti-abuse-wg wrote:
> The most important thing for me is I don’t know how to type those letters on
> my
> English keyboard ☹
It's curious that you can type emoticons and not accented letters. Enabling
composition allows to type uppercase a
Hi,
a few points:
The “abuse-mailbox:” attribute must be available in an unrestricted way
via whois, APIs and future techniques.
I'd explicitly mention RDAP here. It's not a future technique any more
Confirm that the resource holder understands the procedure and the policy,
th
On Wed 12/Feb/2020 09:51:22 +0100 Ronald F. Guilmette wrote:
> The RIPE WHOIS data base says that the abose contact for AS16276 is
> ab...@ovh.net.
>
> It would appear thet the folks at OVH haven't yet quite figured how
> this whole email thing works.
>
> Give them time. Another decade or two an
re sure it's bullet proof. Until it's fully vetted,
some obscurity sounds more secure ;-)
> On Wed, 12-02-2020 13h 16min, Alessandro Vesely wrote:
>
>
> Dear Abuse Team
>
> The following abusive behavior from IP address under your constituency
t
Authentication-Results: authentication result string is not available
Reported Message
Subject: Re: [anti-abuse-wg] Reporting abuse to OVH -- don't bother
Date: Wed, 12 Feb 2020 13:16:36 +0100
From: Alessandro Vesely
To: anti-abuse-wg@ripe.net
On Wed 12/Feb/2020 09:51:2
On Thu 13/Feb/2020 05:26:10 +0100 Fi Shing wrote:
> All OVH and DigitalOcean abuse reports must be submitted via the abuse
> reporting forms on the website, or they won't be actioned:
>
> https://www.ovh.com/world/abuse/
>
> https://www.digitalocean.com/company/contact/abuse/
I'm unable to po
Hi,
On 29/04/2020 13:22, Gert Doering wrote:
>
> If people *want* to handle abuse reports, they do so today already
> (and if they mess up their mail reception, the NCC will check this today
> already, and let them know).
>
> If people *do not want* to handle abuse reports, this proposal will no
e address is removed from the database —and
the corresponding IP ranges duly transmitted.
Best
Ale
> El 4/5/20 12:29, "anti-abuse-wg en nombre de Alessandro Vesely"
> escribió:
>
> Hi,
>
> On 29/04/2020 13:22, Gert Doering wrote:
> >
&g
On Fri 08/May/2020 21:30:14 +0200 Ángel González Berdasco wrote:
> On 08-05-2020 20:17 +0200, Alessandro Vesely wrote:
>> On Fri 08/May/2020 13:28:10 +0200 JORDI PALET MARTINEZ wrote:
>>> Hi Alessandro,
>>>
>>> As I've indicated already several times (and
On Sun 10/May/2020 04:43:30 +0200 No No wrote:
> /" A statement by the registrant that they are not willing to employ an abuse
> team would be the best evidence."/
> /
> /
> ... Followed by swift de-registration of all IP resources.
Bravo! Here you're touching the very essence of our disagreemen
Hi Jordy,
On Tue 12/May/2020 11:34:19 +0200 JORDI PALET MARTINEZ via anti-abuse-wg wrote:
>> El 8/5/20 20:18, "anti-abuse-wg en nombre de Alessandro Vesely"
>> escribió:
>> On Fri 08/May/2020 13:28:10 +0200 JORDI PALET MARTINEZ via anti-abuse-wg
>> wrote:
Hi Jordy,
On Tue 12/May/2020 22:21:11 +0200 JORDI PALET MARTINEZ via anti-abuse-wg wrote:
> El 12/5/20 19:26, "anti-abuse-wg en nombre de Alessandro Vesely"
> escribió:
>
> I think it is more useful instead of removing the address, marking the
> record as invalid, an
Hi Jordi and all,
TL;DR: Fail2ban can deal with missing or non-responding abuse teams
automatically, without the need to load RIPE with extra costs.
In the draft minutes I read:
Jordi said he thinks it will work because smaller providers use more and
more Open Source tools and
On Tue 08/Sep/2020 16:33:20 +0200 Alex de Joode wrote:
A webform, for a regulator, most likely will be seen as an 'upgrade'. Note that
FB and Google also *only accept* complaints, notices etc via webforms. So one
can argue a webform is abuse@ 2.0 :) So I do not share you view that a webform
is
On Wed 23/Sep/2020 01:45:26 +0200 ripedenis--- via anti-abuse-wg wrote:
Hi Leo
I was proposing a tool to help the registrant manage their data. If you want to
find the abuse contact you just query the resource and the abuse contact is
returned.
I thought only ISPs had the right to manage th
On Mon 26/Oct/2020 15:33:21 +0100 Alex de Joode wrote:
Jordi et al,
I have to comment RIPE NCC and WGCC (and those that recused themselves). The
appeals process was used, the outcome reaffirmed the original decision.
It's clear the proposal was fatally flawed.
May I suggest we do not waist
Hi Tobias,
On Thu 12/Nov/2020 16:28:58 +0100 Tobias Knecht wrote:
Please see the draft minutes from our Anti-Abuse Working Group Session in
127.0.0.1. Please let us know about any objections or necessary corrections asap.
Maybe it's me, but I cannot quite parse this sentence:
From his
On 30/11/2020 08:08, Ronald F. Guilmette wrote:
Please be advised that the set of IPv4 blocks listed below appear to be
squatted on at the present time, with the apparent aid and assistance of
AS44050 -- "Petersburg Internet Network Ltd." (Russia) and also AS58552 --
"PT Multidata Rancana Prima"
On Mon 30/Nov/2020 22:56:22 +0100 John Levine wrote:
In article ,
Richard Clayton wrote:
Only a few of them are listed on https://www.spamhaus.org/drop/
So announcing a prefix that is on that list is not a good sign (indeed
far from it) -- but don't expect a "new" hijacker to only choose fro
Sorry for being late to the party...
On Sun 21/Feb/2021 03:44:07 +0100 Cynthia Revström via anti-abuse-wg wrote:
If the hosting company provides a web form, they can have a field where they
explicitly ask for the offending IP address.
This report could then automatically also be sent to the cust
On Thu 25/Feb/2021 14:41:00 +0100 Cynthia Revström wrote:
I think you have misunderstood my point.
Would they send such report using their customer's own web form?
No? I don't know what implied that?
If you predicate sending reports via web form, then report forwarding
from the ISP to it
On Sat 27/Feb/2021 01:40:01 +0100 Ángel González Berdasco wrote:
Cynthia Revström writes:
if you want a human to read your emails, you shouldn't automate the
sending so you end up with potential situations like that. >
No. You should actually love automated reports.
[...automated classificati
On Tue 02/Mar/2021 12:12:33 +0100 Esa Laitinen wrote:
On 02.03.21 10:49, Vittorio Bertola via anti-abuse-wg wrote:
Il 02/03/2021 00:08 Kristijonas Lukas Bukauskas via anti-abuse-wg
ha scritto:
UCEPROTECT blacklists the whole range of IP addresses, including the full IP
range of some autono
On Thu 04/Mar/2021 17:16:34 +0100 Christian Teuschel wrote:
If I am reading the feedback in this discussion correctly, the sentiment
is leaning towards adding more RBLs instead of less and if that is the
case we are going to look into how and when we can achieve this. Please
let me know if that i
On Tue 09/Mar/2021 10:37:17 +0100 Christian Teuschel wrote:
Dear colleagues,
Thinking about a course of action - it looks there is an agreement to
have more RBLs on RIPEstat. It would be good to have a list of
candidates that the community feels would be useful. Once we have this
list, we can pe
Hi all,
I'm aware of the various pages that Wikipedia dedicate to Yahoo! and related
services. I'm unsure how to treat YAHOONET as an ISP.
The abuse contact they registered at RIPE in 2007 is ab...@yahoo-inc.com. It
bounces. I wrote to network-ab...@cc.yahoo-inc.com asking what address shou
6.0.0-98.139.255.255,
...
RIPE's YAHOONET, 77.238.177.0-77.238.177.255, seems to be an abandoned object.
Best
Ale
Original Message
Subject: [anti-abuse-wg] What is YAHOONET?
Date: Wed, 17 Mar 2021 09:46:45 +0100
From: Alessandro Vesely
To: anti-abuse-wg@ripe.net
Hi all,
I&
On Wed 17/Mar/2021 15:42:26 +0100 alireza vaziri wrote:
I have attached the draft proposal of the training and it would be great to
provide us with your feedback
The draft states four general principle. The 4th is expressed as:
- The community expects you to handle Abuse in your network
Thanks for the update
Ale
On Wed 17/Mar/2021 21:16:06 +0100 Richard Clayton wrote:
In message <8dfb9cd5-8088-02af-2245-0eaf3f96f...@tana.it>, Alessandro
Vesely writes
However, IP addresses for mail seem to use ARIN networks, such as:
A-YAHOO-US2 66.163.160.0-66.163.191.255,
A-YAH
Hi,
it is rather common to find auto-responders at abuse addresses. For this one,
however, it took me a minute to understand its intent,
Best
Ale
Forwarded Message
Subject: Confirmacion para RIPE
Date: Sun, 17 Oct 2021 04:32:32 +0200
To: ab...@tana.it
Auto-Submitted: auto-
Hi all,
On Mon 18/Oct/2021 18:40:06 +0200 Michele Neylon - Blacknight via anti-abuse-wg
wrote:
3) If not, would there be other areas of Anti-Abuse training that would be of
interest?
A lot of hosting providers aren’t LIRs, but are getting IP space from LIRs.
Maybe providing materials that
On Fri 22/Oct/2021 23:26:23 +0200 Ángel González Berdasco wrote:
Hello all
Shouldn't there be a standard for automatically forwarding messages
destined to abuse-c following a path similar to that of RFC 2317
delegations? I'd love if AA training encouraged such behavior.
I don't think the sta
On Sat 23/Oct/2021 01:38:56 +0200 Ronald F. Guilmette wrote:
In message <26f1df33-b958-bed4-f748-f82324d0b...@tana.it>, Alessandro Vesely
wrote:
Shouldn't there be a standard for automatically forwarding messages destined
to abuse-c following a path similar to that of RFC 2317
Hi,
On Wed 17/Nov/2021 09:12:13 +0100 Hans-Martin Mosner wrote:
Here I want to focus on hacked mail accounts. I can think of two major root
causes but I have no idea about their relative significance:
I agree with Steve and Ángel that the main causes are reused passwords and
phishing.
Hi all,
we all know abuse-c data is to be filled by the IP assignee, which I call ISP
in the following.
I understand that, since ISPs own IP space it is their job to ensure that it
isn't abused. If they give up the receiving of abuse complaints and give it to
their customer instead, and the
buse email.
cheers
denis
co-chair DB-WG
On Thu, 20 Jan 2022 at 13:37, Alessandro Vesely wrote:
Hi all,
we all know abuse-c data is to be filled by the IP assignee, which I call ISP
in the following.
I understand that, since ISPs own IP space it is their job to ensure that it
isn't abused.
Hi Ángel,
On Thu 20/Jan/2022 16:27:59 +0100 Ángel González Berdasco wrote:
Alessandro Vesely wrote:
I propose that RIPE accepts abuse-c email addresses from verified effective
users of a range of IP numbers, stores them in the database, and serves them in
RDAP/ WHOIS queries besides the
Hi,
On Fri 21/Jan/2022 19:40:40 +0100 denis walker wrote:
On Fri, 21 Jan 2022 at 13:03, Alessandro Vesely wrote:
The idea is to add extra addresses to assignment objects, irrespective of the
resource holder, based on the wish of its customer who is actually connected to
the resource. Would
On Fri 21/Jan/2022 14:21:41 +0100 Hans-Martin Mosner wrote:
Am 20.01.22 um 13:37 schrieb Alessandro Vesely:
However, it is the ISPs' customers who are the effective users of those IPs.
Any complaint, whether reporting spam or botnet activity, can probably be
handled more effectively b
Hi,
On Thu 10/Feb/2022 22:40:18 +0100 denis walker wrote:
Yes you can allow any customer with an assignment to have their own
abuse-c contact. But the database query will only return a single
abuse contact for any IP address. If the assignment object has an
abuse-c then a query on any IP addres
Hi,
On Tue 07/Jun/2022 11:45:05 +0200 Max Grobecker wrote:
Our abuse mailbox is not overflowing with these, of course, but it makes
semi-automated handling a bit painful. For example, we would like to forward
these information to our customers, but we wont need to take further action
on this,
On Tue 07/Jun/2022 20:14:49 +0200 Ángel González Berdasco via anti-abuse-wg
wrote:
Gert Doering wrote:
"whois, as in 'this particular way users interface with the DB'" :-)
(I'm aware it's the server doing this - which makes changing the
implementation easier, as it's "just one place" - but i
Hi Max,
thank you for your reply and explanations. Some more comments/
questions inline:
On Sun 03/Jul/2022 23:25:28 +0200 Max Grobecker wrote:
Am 20.06.22 um 18:04 schrieb Alessandro Vesely:
Our abuse mailbox is not overflowing with these, of course, but it
makes semi-automated handling
Hi all,
I found a (minor) black list who blocks my new IP. They say to not even try to
ask for delisting unless I am the official owner of the IP. They observe that
"rwhois/SWIP is normally offered free of charge by most providers".
Sounds oldish, doesn't it? RDAP is working well, at least
On Wed 19/Apr/2023 15:39:48 +0200 Michele Neylon - Blacknight via anti-abuse-wg
wrote:
How big an IP allocation do you have?
/29, which I think is the minimum size.
As an LIR we routinely assign blocks of IPs to clients with more than X IPs or
blocks etc., and give them their own abuse-c et
Hi all,
I heard about the Shared WHOIS Project from MIPSpace, an IP reputation database
who reads in Cc:. They say it should be available at every RIR, but at RIPE I
only found this:
https://ftp.ripe.net/ripe/inaddr/arin-templates/swipinstruction.txt
It is a 1998 article with guidelines for
On Thu 30/Nov/2023 12:40:46 +0100 Laura Atkins wrote:
What happens if / when someone doesn’t?
A minimal, yet useful reaction would be to remove their abuse PoC from RDAP
pages. If the convention is clear that network operators without abuse-c are
non-responders, it is easy for all the other
On Tue 05/Dec/2023 15:17:59 +0100 Gert Doering wrote:
On Mon, Dec 04, 2023 at 09:40:22AM +, Michele Neylon - Blacknight via
anti-abuse-wg wrote:
The claim is that the change in policy had an impact in other regions.
If that is true then where is the data to backup that assertion?
Especial
On 11/03/2024 22:30, John Levine wrote:
It appears that Michele Neylon - Blacknight via anti-abuse-wg
said:
Several ccTLD registries have given discounts for DNSSEC.
What is unclear is how many of the domains with DNSSEC enabled are in active
use, so the lack of �problems� could be simply d
On Tue 12/Mar/2024 17:24:08 +0100 David Conrad wrote:
On Mar 12, 2024, at 1:57 AM, Alessandro Vesely wrote:
DNSSEC everywhere would make more sense than HTTPS everywhere, which instead
won the hype.
I figure enabling DNSSEC validation everywhere and signing what makes sense
after doing a
Hi chairs, all,
I think this is a great working group. Periods of silence are physiological;
for example, they may arise after a thorough discussion about a proposed point
which is eventually found to be unfeasible. The idea to force every abuse-c to
actually receive email messages and act o
Hi all,
what's the policy for reverse delegation? My provider assigned me a
2a02:29e1:500:6c00::/56. Great. However they didn't delegate reverse DNS.
Indeed, their own 2a02:29e1::/32 has no delegations:
; <<>> DiG 9.18.24-1-Debian <<>> 1.e.9.2.2.0.a.2.ip6.arpa ns
;; global options: +cmd
;;
utside of your usual working hours.
From: anti-abuse-wg on behalf of Alessandro Vesely
Date: Friday, 5 April 2024 at 13:01
To: anti-abuse-wg
Subject: [anti-abuse-wg] Reverse DNS delegations
[EXTERNAL EMAIL] Please use caution when opening attachments from unrecognised
sources.
Hi all,
what's
On Fri 05/Apr/2024 20:19:59 +0200 John Levine wrote:
It appears that Alessandro Vesely said:
Why isn't it possible to gain a delegation by proving number assignment?
Because your ISP can't be bothered.
Is such unbotherability legitimate?
I appreciate the fact that my provider
On Sat 06/Apr/2024 17:23:27 +0200 Gert Doering wrote:
On Sat, Apr 06, 2024 at 11:52:45AM +0200, Alessandro Vesely wrote:
On Fri 05/Apr/2024 20:19:59 +0200 John Levine wrote:
It appears that Alessandro Vesely said:
Why isn't it possible to gain a delegation by proving number assig
On Sat 06/Apr/2024 19:54:27 +0200 Randy Bush wrote:
Why isn't it possible to gain a delegation by proving number
assignment?
Because your ISP can't be bothered.
Is such unbotherability legitimate?
these years, it is one of the things when considering a provider from
which one gets address sp
On Sun 07/Apr/2024 16:47:37 +0200 Semisol via anti-abuse-wg wrote:
On 7.04.2024 15:42, Alessandro Vesely wrote:
BTW, how should one search DB objects like 2.0.a.2.ip6.arpa? I can search it
in the DNS but not in https://apps.db.ripe.net/db-web-ui/query
-T domain -d
I believe you can also
On Sun 07/Apr/2024 20:33:28 +0200 Gert Doering wrote:
On Sun, Apr 07, 2024 at 01:44:45PM -0400, John Levine wrote:
If you care about rDNS, you need to find a better ISP that meets your
needs. Then tell the old one why you left.
That seems to be a problem in Italy these days - few ISPs offer I
On Mon 08/Apr/2024 12:19:15 +0200 Gert Doering wrote:
On Mon, Apr 08, 2024 at 12:10:57PM +0200, Alessandro Vesely wrote:
Delegations don't seem to be generated from the database. How is that
supposed to work?
They are, but maybe not for the highest level.
Like, 8.0.6.0.1.0.0.2.ip6
On Tue 07/May/2024 11:37:10 +0200 Markus de Brün wrote:
Brian is willing to accept his nomination. Tobias and I are happy to continue
to work with him.
All well, then. My full support to all three of you.
Best
Ale
--
--
To unsubscribe from this mailing list, get a password reminder, o
On Fri 10/May/2024 13:57:44 +0200 Nick Hilliard wrote:
Serge,
there's been extensive debate on AAWG over the years about the principles
behind your additional suggestions below, but very little consensus. If
sanctioning is added to the charter of a new security-wg, this lack of
consensus is l
On Fri 19/Jul/2024 14:07:56 +0200 Markus de Brün wrote:
## D.1. Illegal Content Online: What's Our Role as a Regional Internet Registry
Maria Stafyla, RIPE NCC
The presentation is available at:
https://ripe88.ripe.net/wp-content/uploads/presentations/58-RIPE-88-AntiAbuse-WG-Illegal-Content-Onli
On Fri 26/Jul/2024 12:44:56 +0200 Michele Neylon - Blacknight via anti-abuse-wg
wrote:
Alessandro
I’ve no idea who your upstream LIR is, but I know that quite a few LIRs
**will** assign IP blocks to clients in the RIPE database. Doing it for every
single individual IP would be an admin burden,
66 matches
Mail list logo