Re: [anti-abuse-wg] Abuse Report ignored. What to do as next?

[Leo Vegoda]

On Wed, 1 Nov 2023 at 14:26, Gert Doering  wrote:
> On Wed, Nov 01, 2023 at 01:45:03PM -0700, Leo Vegoda wrote:
> > The RIPE NCC periodically asks the community about the priority for
> > cleaning up unused ASNs, e.g.
> >
> > - https://www.ripe.net/participate/ripe/wg/active-wg/db/minutes/ripe-52
> > (item G), and
> > - https://ripe82.ripe.net/presentations/7-RIPE82-Feeback-from-RS.pdf (slide 
> > 16)
> >
> > So far, the answer has been that it is a low priority. Perhaps because
> > there are about 4 billion left.
>
> Low priority or not, the NCC is spending quite a bit of hostmaster time
> in talking to LIRs and trying to reclaim "looks unused" ASNs.  Guess how
> I know.
>
> "Here's my 50 bucks, I claim I need this for another year" is so much
> less lifetime wasted on all sides.

Sure, but that's a membership decision and not a community decision.

-- 

To unsubscribe from this mailing list, get a password reminder, or change your 
subscription options, please visit: 
https://lists.ripe.net/mailman/listinfo/anti-abuse-wg

Re: [anti-abuse-wg] Abuse Report ignored. What to do as next?

[Gert Doering]

Hi,

On Wed, Nov 01, 2023 at 01:45:03PM -0700, Leo Vegoda wrote:
> The RIPE NCC periodically asks the community about the priority for
> cleaning up unused ASNs, e.g.
> 
> - https://www.ripe.net/participate/ripe/wg/active-wg/db/minutes/ripe-52
> (item G), and
> - https://ripe82.ripe.net/presentations/7-RIPE82-Feeback-from-RS.pdf (slide 
> 16)
> 
> So far, the answer has been that it is a low priority. Perhaps because
> there are about 4 billion left.

Low priority or not, the NCC is spending quite a bit of hostmaster time
in talking to LIRs and trying to reclaim "looks unused" ASNs.  Guess how
I know.

"Here's my 50 bucks, I claim I need this for another year" is so much
less lifetime wasted on all sides.

Gert Doering
-- NetMaster
-- 
have you enabled IPv6 on something today...?

SpaceNet AG  Vorstand: Sebastian v. Bomhard, Michael Emmer
Joseph-Dollinger-Bogen 14Aufsichtsratsvors.: A. Grundner-Culemann
D-80807 Muenchen HRB: 136055 (AG Muenchen)
Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279


signature.asc
Description: PGP signature
-- 

To unsubscribe from this mailing list, get a password reminder, or change your 
subscription options, please visit: 
https://lists.ripe.net/mailman/listinfo/anti-abuse-wg

Re: [anti-abuse-wg] Abuse Report ignored. What to do as next?

[Leo Vegoda]

Hi,

On Wed, 1 Nov 2023 at 12:51, Gert Doering  wrote:
> On Wed, Nov 01, 2023 at 06:06:24PM +, Natale Maria Bianchi wrote:
> > RIPE NCC apparently noted a high number of ASNs being abandoned
> > [https://www.ripe.net/ripe/mail/archives/address-policy-wg/2023-June/013757.html]
> > but does not seem to note the relation with abuse that should explain a 
> > fraction
> > of them.
>
> Unfortunately the RIPE members at the last general meeting still preferred
> to have ASNs free of charge... this would have helped at least get them back,
> without spending NCC people's lifetime in chasing them.

The RIPE NCC periodically asks the community about the priority for
cleaning up unused ASNs, e.g.

- https://www.ripe.net/participate/ripe/wg/active-wg/db/minutes/ripe-52
(item G), and
- https://ripe82.ripe.net/presentations/7-RIPE82-Feeback-from-RS.pdf (slide 16)

So far, the answer has been that it is a low priority. Perhaps because
there are about 4 billion left.

Regards,

Leo

-- 

To unsubscribe from this mailing list, get a password reminder, or change your 
subscription options, please visit: 
https://lists.ripe.net/mailman/listinfo/anti-abuse-wg

Re: [anti-abuse-wg] Abuse Report ignored. What to do as next?

[Gert Doering]

Hi,

On Wed, Nov 01, 2023 at 07:44:45PM +0100, U.Mutlu wrote:
> Thank you for your interesting analysis.
> 
> Is then RIPE not a "partner in crime" for such criminal companies?

"RIPE" is the community, all of us, including you.

So yes.  But not the way you think.

Gert Doering
-- NetMaster
-- 
have you enabled IPv6 on something today...?

SpaceNet AG  Vorstand: Sebastian v. Bomhard, Michael Emmer
Joseph-Dollinger-Bogen 14Aufsichtsratsvors.: A. Grundner-Culemann
D-80807 Muenchen HRB: 136055 (AG Muenchen)
Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279


signature.asc
Description: PGP signature
-- 

To unsubscribe from this mailing list, get a password reminder, or change your 
subscription options, please visit: 
https://lists.ripe.net/mailman/listinfo/anti-abuse-wg

Re: [anti-abuse-wg] Abuse Report ignored. What to do as next?

[Gert Doering]

Hi,

On Wed, Nov 01, 2023 at 06:06:24PM +, Natale Maria Bianchi wrote:
> RIPE NCC apparently noted a high number of ASNs being abandoned 
> [https://www.ripe.net/ripe/mail/archives/address-policy-wg/2023-June/013757.html]
> but does not seem to note the relation with abuse that should explain a 
> fraction
> of them.

Unfortunately the RIPE members at the last general meeting still preferred
to have ASNs free of charge... this would have helped at least get them back,
without spending NCC people's lifetime in chasing them.

But what do I know...

Gert Doering
-- NetMaster
-- 
have you enabled IPv6 on something today...?

SpaceNet AG  Vorstand: Sebastian v. Bomhard, Michael Emmer
Joseph-Dollinger-Bogen 14Aufsichtsratsvors.: A. Grundner-Culemann
D-80807 Muenchen HRB: 136055 (AG Muenchen)
Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279


signature.asc
Description: PGP signature
-- 

To unsubscribe from this mailing list, get a password reminder, or change your 
subscription options, please visit: 
https://lists.ripe.net/mailman/listinfo/anti-abuse-wg

Re: [anti-abuse-wg] Abuse Report ignored. What to do as next?

[U.Mutlu]

Thank you for your interesting analysis.

Is then RIPE not a "partner in crime" for such criminal companies?
B/c it seems RIPE does not take any action against such evidently
criminal members abusing the network and the other members and users.
RIPE just says this ( https://www.ripe.net/support/abuse ):
"
...
At the RIPE NCC, we allocate blocks of IP addresses to ISPs and
other organisations, but we have no involvement in how these
addresses are used by their users.
...
However, we can help you find out who is abusing your network
by providing you with the relevant network operator contact details.
Our role is to ensure that all abuse contacts are valid and
up-to-date in the RIPE Database. From there, it is the
responsibility of the network operator to handle your abuse report.
There is nothing we can do if a network operator chooses not to reply.
...
"

IMO, RIPE very well can do some more, and needs to do some more...



Natale Maria Bianchi wrote on 11/01/23 19:06:

On Wed, Nov 01, 2023 at 01:55:42PM +0100, John Levine wrote:

It appears that ? ngel Gonzalez Berdasco via anti-abuse-wg 
 said:

Just block their network 80.94.95.0/24 and forget about it.



organisation:   ORG-BA1515-RIPE
org-name:   BtHoster LTD
country:GB
org-type:   OTHER
address:26, New Kent Road, London, SE1 6TJ, UNITED KINGDOM


If you look at that address on Google stret view, you will see a late
2022 picture of a construction site.

Unless you care enough to contact their transit providers and try
and get them disconnected, I wouldn't waste more time on it.


BtHoster is indeed a well known bulletproof hoster, and nothing good can be
expected also from the other two blocks announced by AS204428, 87.246.7.0/24
and 212.70.149.0/24 (4media.bg/4vendeta.com, who also have much cleaner
ranges directly behind their own AS50360).  BtHoster also has AS198465,
today announcing 45.129.14.0/24 and 77.90.185.0/24.

Sending abuse reports to these places is - how to say? - a bit naive.
Abuse is their core business.  You can see for instance BtHoster's ad in
https://bitcointalk.org/index.php?topic=5407833.0 :

RDP FOR SCAN/BRUTE - PRICE 10 $ /MONTH
WHM FOR PISHING WITH UNLIMITED DOMAIN LICENSE -PRICE 130 $ /MONTH
RESELLER FOR  RDP WITH PANEL -PRICE 150 $ + IP /MONTH
SERVER FOR SCAN/BRUTE 32 GB RAM -PRICE 130 $ /MONTH

So the "ignoring" is fully expected, it is a feature of their hosting offer.
The best action is to completely prevent their packets from entering your 
networks
through protection at the network edge.  This is precisely what our 
DROP/EDROP/ASN-DROP
free datasets are for: block all packets on the edge router.

Of course, like it or not, the people behind this are members of this 
community, read these
lists, make posts, etc, and of course they would not be connected to the 
Internet if there
weren't facilitating ISPs between them and backbones - in this case the 
operators of
AS47890, AS202425 and the abovementioned AS50360.  These are also part of the 
abuse
ecosystem.

The two-layered approach is essential for the stability of their connectivity -
otherwise the backbones would just cut them off.  When pressure from backbones 
becomes
excessive and the intermediary is forced to disconnect them, they change 
intermediary
or they create a new company, get a new ASN and move the operation so that 
reputation
restarts from zero. These patterns are very established, and cause a 
considerable
ASN turnaround.  RIPE NCC apparently noted a high number of ASNs being abandoned
[https://www.ripe.net/ripe/mail/archives/address-policy-wg/2023-June/013757.html]
but does not seem to note the relation with abuse that should explain a fraction
of them.

Natale M Bianchi
Spamhaus Project





--

To unsubscribe from this mailing list, get a password reminder, or change your 
subscription options, please visit: 
https://lists.ripe.net/mailman/listinfo/anti-abuse-wg

Re: [anti-abuse-wg] Abuse Report ignored. What to do as next?

[Natale Maria Bianchi]

On Wed, Nov 01, 2023 at 01:55:42PM +0100, John Levine wrote:
> It appears that ? ngel Gonzalez Berdasco via anti-abuse-wg 
>  said:
> >> Just block their network 80.94.95.0/24 and forget about it.
> 
> >organisation:   ORG-BA1515-RIPE
> >org-name:   BtHoster LTD
> >country:GB
> >org-type:   OTHER
> >address:26, New Kent Road, London, SE1 6TJ, UNITED KINGDOM
> 
> If you look at that address on Google stret view, you will see a late
> 2022 picture of a construction site.
> 
> Unless you care enough to contact their transit providers and try
> and get them disconnected, I wouldn't waste more time on it.

BtHoster is indeed a well known bulletproof hoster, and nothing good can be
expected also from the other two blocks announced by AS204428, 87.246.7.0/24
and 212.70.149.0/24 (4media.bg/4vendeta.com, who also have much cleaner
ranges directly behind their own AS50360).  BtHoster also has AS198465,
today announcing 45.129.14.0/24 and 77.90.185.0/24.

Sending abuse reports to these places is - how to say? - a bit naive.
Abuse is their core business.  You can see for instance BtHoster's ad in
https://bitcointalk.org/index.php?topic=5407833.0 :

RDP FOR SCAN/BRUTE - PRICE 10 $ /MONTH
WHM FOR PISHING WITH UNLIMITED DOMAIN LICENSE -PRICE 130 $ /MONTH
RESELLER FOR  RDP WITH PANEL -PRICE 150 $ + IP /MONTH
SERVER FOR SCAN/BRUTE 32 GB RAM -PRICE 130 $ /MONTH

So the "ignoring" is fully expected, it is a feature of their hosting offer.
The best action is to completely prevent their packets from entering your 
networks
through protection at the network edge.  This is precisely what our 
DROP/EDROP/ASN-DROP
free datasets are for: block all packets on the edge router.

Of course, like it or not, the people behind this are members of this 
community, read these
lists, make posts, etc, and of course they would not be connected to the 
Internet if there
weren't facilitating ISPs between them and backbones - in this case the 
operators of
AS47890, AS202425 and the abovementioned AS50360.  These are also part of the 
abuse
ecosystem.

The two-layered approach is essential for the stability of their connectivity -
otherwise the backbones would just cut them off.  When pressure from backbones 
becomes
excessive and the intermediary is forced to disconnect them, they change 
intermediary
or they create a new company, get a new ASN and move the operation so that 
reputation
restarts from zero. These patterns are very established, and cause a 
considerable
ASN turnaround.  RIPE NCC apparently noted a high number of ASNs being 
abandoned 
[https://www.ripe.net/ripe/mail/archives/address-policy-wg/2023-June/013757.html]
but does not seem to note the relation with abuse that should explain a fraction
of them.

Natale M Bianchi
Spamhaus Project


-- 

To unsubscribe from this mailing list, get a password reminder, or change your 
subscription options, please visit: 
https://lists.ripe.net/mailman/listinfo/anti-abuse-wg

Re: [anti-abuse-wg] Abuse Report ignored. What to do as next?

[Michele Neylon - Blacknight via anti-abuse-wg]

+1
The proposal put a massive burden on both us as members and the NCC with zero 
benefit to anyone.



--
Mr Michele Neylon
Blacknight Solutions
Hosting, Colocation & Domains
https://www.blacknight.com/
https://blacknight.blog/
Intl. +353 (0) 59  9183072
Direct Dial: +353 (0)59 9183090
Personal blog: https://michele.blog/
Some thoughts: https://ceo.hosting/
---
Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty 
Road,Graiguecullen,Carlow,R93 X265,Ireland  Company No.: 370845

I have sent this email at a time that is convenient for me. I do not expect you 
to respond to it outside of your usual working hours.


From: anti-abuse-wg  on behalf of Gert Doering 

Date: Wednesday, 1 November 2023 at 10:21
To: jordi.pa...@consulintel.es 
Cc: anti-abuse-wg@ripe.net , U.Mutlu 

Subject: Re: [anti-abuse-wg] Abuse Report ignored. What to do as next?
[EXTERNAL EMAIL] Please use caution when opening attachments from unrecognised 
sources.

Hi,

On Wed, Nov 01, 2023 at 10:10:45AM +0100, jordi.palet--- via anti-abuse-wg 
wrote:
> We had a policy proposal to ensure that the abuse mailbox was valid and 
> monitored, but this community didn???t liked it. In other regions it works 
> and it proven to be a very valid tool.

You failed to demonstrate why "the mailbox is monitored in a way that
satisfies the proposed policy" would imply "the ISP in question suddenly
gets interested in acting against abuse".  Especially those that promote
themselves as "bulletproof hosting".

This is what the community did not like - added bureaucracy with no
provable gain.

Gert Doering
-- NetMaster
--
have you enabled IPv6 on something today...?

SpaceNet AG  Vorstand: Sebastian v. Bomhard, Michael Emmer
Joseph-Dollinger-Bogen 14Aufsichtsratsvors.: A. Grundner-Culemann
D-80807 Muenchen HRB: 136055 (AG Muenchen)
Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279
-- 

To unsubscribe from this mailing list, get a password reminder, or change your 
subscription options, please visit: 
https://lists.ripe.net/mailman/listinfo/anti-abuse-wg

Re: [anti-abuse-wg] Abuse Report ignored. What to do as next?

[Randy Bush]

> It's not like these norms do not exist today - abuse contacts have to
> be provided already today.  Responsible ISPs read these mailboxes and
> act upon them.
> 
> Forcing everybody through a "you must click here to validate your
> abuse contact, otherwise bad things will happen to your resources"
> cycle in the vague hope that this is something irresponsible ISPs will
> fail to do so (or that it will magically turn them into responsible
> ISPs) is pure wishful thinking.

thanks for saying it simply

randy

-- 

To unsubscribe from this mailing list, get a password reminder, or change your 
subscription options, please visit: 
https://lists.ripe.net/mailman/listinfo/anti-abuse-wg

Re: [anti-abuse-wg] Abuse Report ignored. What to do as next?

[Sergey Myasoedov]

We have had 2017-02, which is basically the same as yours 2019-04, except the 
validation will be done 2x more often.

But the abuse-c validation does work. What's the problem then?


--
Sergey



> On Nov 1, 2023, at 05:10, jordi.palet--- via anti-abuse-wg 
>  wrote:
> 
> We had a policy proposal to ensure that the abuse mailbox was valid and 
> monitored, but this community didn’t liked it. In other regions it works and 
> it proven to be a very valid tool.
> 
> Should we restart that discussion? I’m happy to resubmit the proposal then.
> 
> Regards,
> Jordi
> 
> @jordipalet
> 
> 
>> El 31 oct 2023, a las 21:55, U.Mutlu  escribió:
>> 
>> Hello,
>> 
>> the IP 80.94.95.181 is endlessly (ie. brute-force) trying
>> to hack our emailserver by attempting to login as a user.
>> The login attempts of course fail, and we have blocked
>> that IP in the firewall.
>> 
>> But this IP still continues sending packets to our server,
>> eventhough his packets get dropped/rejected by our firewall.
>> This now of course constitutes a DoS attack.
>> 
>> 10 days ago we filed an Abuse Report to the abuse address
>> given in the WHOIS database for this IP:
>> % Abuse contact for '80.94.95.0 - 80.94.95.255' is 
>> 'internethosting-...@yandex.ru'
>> 
>> But this hoster seems to ignore all Abuse Reports,
>> b/c researching this IP on the web shows that
>> it's a well known abuser IP and many people have
>> reported and complained about this IP. For example see this:
>> https://www.abuseipdb.com/check/80.94.95.181
>> 
>> So, what to do if the hoster is uncooperative, like in this case?
>> Where else to complain, what else to do?
>> 
>> Thx
>> 
>> U.Mutlu
>> admin & hostmaster
>> 
>> -- 
>> 
>> To unsubscribe from this mailing list, get a password reminder, or change 
>> your subscription options, please visit: 
>> https://lists.ripe.net/mailman/listinfo/anti-abuse-wg
> 
> 
> **
> IPv4 is over
> Are you ready for the new Internet ?
> http://www.theipv6company.com
> The IPv6 Company
> 
> This electronic message contains information which may be privileged or 
> confidential. The information is intended to be for the exclusive use of the 
> individual(s) named above and further non-explicilty authorized disclosure, 
> copying, distribution or use of the contents of this information, even if 
> partially, including attached files, is strictly prohibited and will be 
> considered a criminal offense. If you are not the intended recipient be aware 
> that any disclosure, copying, distribution or use of the contents of this 
> information, even if partially, including attached files, is strictly 
> prohibited, will be considered a criminal offense, so you must reply to the 
> original sender to inform about this communication and delete it.
> 
> 
> 
> 
> 
> -- 
> 
> To unsubscribe from this mailing list, get a password reminder, or change 
> your subscription options, please visit: 
> https://lists.ripe.net/mailman/listinfo/anti-abuse-wg


-- 

To unsubscribe from this mailing list, get a password reminder, or change your 
subscription options, please visit: 
https://lists.ripe.net/mailman/listinfo/anti-abuse-wg

[anti-abuse-wg] Open consultation invitation

[Wout de Natris]

Dear colleagues,

Internet standards are what makes the internet work. What are the most 
important security-related standards any organisation should deploy? Join our 
consultation here: 
https://docs.google.com/document/d/1ZC6PBHOREbObHUgopAkPQbIWC_EgLQ8nDyDvULjCwd8/edit?usp=sharing
 Deadline: Sunday 7 November 23.59 UTC.

I'm looking forward to your views and ideas

Kind regards,

Wout de Natris


- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 
- - - - - - - - - - - - - - - - - - - - - - - -
De Natris Consult

Kamerlingh Onnesstraat 43   
 Tel: +31 648388813

2014 EK Haarlem 
 Skype: wout.de.natris

denatriscons...@hotmail.nl

http://www.denatrisconsult.nl

Blog http://woutdenatris.wordpress.com
-- 

To unsubscribe from this mailing list, get a password reminder, or change your 
subscription options, please visit: 
https://lists.ripe.net/mailman/listinfo/anti-abuse-wg

Re: [anti-abuse-wg] Abuse Report ignored. What to do as next?

[John Levine]

It appears that � ngel Gonzalez Berdasco via anti-abuse-wg 
 said:
>> Just block their network 80.94.95.0/24 and forget about it.

>organisation:   ORG-BA1515-RIPE
>org-name:   BtHoster LTD
>country:GB
>org-type:   OTHER
>address:26, New Kent Road, London, SE1 6TJ, UNITED KINGDOM

If you look at that address on Google stret view, you will see a late
2022 picture of a construction site.

Unless you care enough to contact their transit providers and try
and get them disconnected, I wouldn't waste more time on it.

R's,
John

-- 

To unsubscribe from this mailing list, get a password reminder, or change your 
subscription options, please visit: 
https://lists.ripe.net/mailman/listinfo/anti-abuse-wg

Re: [anti-abuse-wg] Abuse Report ignored. What to do as next?

[Gert Doering]

Hi,

On Wed, Nov 01, 2023 at 10:50:20AM +0100, Serge Droz via anti-abuse-wg wrote:
> We do this in many other places, it's called voluntary norms for responsible
> behaviour, and is seen as a great tool to improve things. Happy to explain
> more if there is an interest.

It's not like these norms do not exist today - abuse contacts have to be
provided already today.  Responsible ISPs read these mailboxes and act
upon them.

Forcing everybody through a "you must click here to validate your abuse
contact, otherwise bad things will happen to your resources" cycle in the
vague hope that this is something irresponsible ISPs will fail to do so
(or that it will magically turn them into responsible ISPs) is pure
wishful thinking.

I have better things to do with my time than jump through hoops that do
not serve an effect besides "look, we *are* doing something! better than
nothing!".  No, something needs to be provably *effective* before being
*forced* on everybody.

Gert Doering
-- NetMaster
-- 
have you enabled IPv6 on something today...?

SpaceNet AG  Vorstand: Sebastian v. Bomhard, Michael Emmer
Joseph-Dollinger-Bogen 14Aufsichtsratsvors.: A. Grundner-Culemann
D-80807 Muenchen HRB: 136055 (AG Muenchen)
Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279


signature.asc
Description: PGP signature
-- 

To unsubscribe from this mailing list, get a password reminder, or change your 
subscription options, please visit: 
https://lists.ripe.net/mailman/listinfo/anti-abuse-wg

Re: [anti-abuse-wg] Abuse Report ignored. What to do as next?

[Serge Droz via anti-abuse-wg]

I think this community let's the perfect be the enemy of the possible.

Just because there are traffic rules doesn't mean people don't violate 
them. But they violate them much less.


See, what I fear is, that at some stage states will start to regulate, 
because the industry fails to do so. And usually that is not fun.


So I support Jordi in that we should demand this. Yes there will be 
Bullet proof hosters, but maybe a lot of the others will actually 
comply, exactly because they are not bullet proof hosters.


We do this in many other places, it's called voluntary norms for 
responsible behaviour, and is seen as a great tool to improve things. 
Happy to explain more if there is an interest.


Best
Serge


On 01.11.23 10:21, Gert Doering wrote:

Hi,

On Wed, Nov 01, 2023 at 10:10:45AM +0100, jordi.palet--- via anti-abuse-wg 
wrote:

We had a policy proposal to ensure that the abuse mailbox was valid and 
monitored, but this community didn???t liked it. In other regions it works and 
it proven to be a very valid tool.


You failed to demonstrate why "the mailbox is monitored in a way that
satisfies the proposed policy" would imply "the ISP in question suddenly
gets interested in acting against abuse".  Especially those that promote
themselves as "bulletproof hosting".

This is what the community did not like - added bureaucracy with no
provable gain.

Gert Doering
 -- NetMaster




--
Dr. Serge Droz
Member, FIRST Board of Directors
https://www.first.org

--

To unsubscribe from this mailing list, get a password reminder, or change your 
subscription options, please visit: 
https://lists.ripe.net/mailman/listinfo/anti-abuse-wg

Re: [anti-abuse-wg] Abuse Report ignored. What to do as next?

[Gert Doering]

Hi,

On Wed, Nov 01, 2023 at 10:10:45AM +0100, jordi.palet--- via anti-abuse-wg 
wrote:
> We had a policy proposal to ensure that the abuse mailbox was valid and 
> monitored, but this community didn???t liked it. In other regions it works 
> and it proven to be a very valid tool.

You failed to demonstrate why "the mailbox is monitored in a way that 
satisfies the proposed policy" would imply "the ISP in question suddenly
gets interested in acting against abuse".  Especially those that promote
themselves as "bulletproof hosting".

This is what the community did not like - added bureaucracy with no 
provable gain.

Gert Doering
-- NetMaster
-- 
have you enabled IPv6 on something today...?

SpaceNet AG  Vorstand: Sebastian v. Bomhard, Michael Emmer
Joseph-Dollinger-Bogen 14Aufsichtsratsvors.: A. Grundner-Culemann
D-80807 Muenchen HRB: 136055 (AG Muenchen)
Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279


signature.asc
Description: PGP signature
-- 

To unsubscribe from this mailing list, get a password reminder, or change your 
subscription options, please visit: 
https://lists.ripe.net/mailman/listinfo/anti-abuse-wg

Re: [anti-abuse-wg] Abuse Report ignored. What to do as next?

[jordi.palet--- via anti-abuse-wg]

We had a policy proposal to ensure that the abuse mailbox was valid and 
monitored, but this community didn’t liked it. In other regions it works and it 
proven to be a very valid tool.

Should we restart that discussion? I’m happy to resubmit the proposal then.

Regards,
Jordi

@jordipalet


> El 31 oct 2023, a las 21:55, U.Mutlu  escribió:
> 
> Hello,
> 
> the IP 80.94.95.181 is endlessly (ie. brute-force) trying
> to hack our emailserver by attempting to login as a user.
> The login attempts of course fail, and we have blocked
> that IP in the firewall.
> 
> But this IP still continues sending packets to our server,
> eventhough his packets get dropped/rejected by our firewall.
> This now of course constitutes a DoS attack.
> 
> 10 days ago we filed an Abuse Report to the abuse address
> given in the WHOIS database for this IP:
> % Abuse contact for '80.94.95.0 - 80.94.95.255' is 
> 'internethosting-...@yandex.ru'
> 
> But this hoster seems to ignore all Abuse Reports,
> b/c researching this IP on the web shows that
> it's a well known abuser IP and many people have
> reported and complained about this IP. For example see this:
> https://www.abuseipdb.com/check/80.94.95.181
> 
> So, what to do if the hoster is uncooperative, like in this case?
> Where else to complain, what else to do?
> 
> Thx
> 
> U.Mutlu
> admin & hostmaster
> 
> -- 
> 
> To unsubscribe from this mailing list, get a password reminder, or change 
> your subscription options, please visit: 
> https://lists.ripe.net/mailman/listinfo/anti-abuse-wg


**
IPv4 is over
Are you ready for the new Internet ?
http://www.theipv6company.com
The IPv6 Company

This electronic message contains information which may be privileged or 
confidential. The information is intended to be for the exclusive use of the 
individual(s) named above and further non-explicilty authorized disclosure, 
copying, distribution or use of the contents of this information, even if 
partially, including attached files, is strictly prohibited and will be 
considered a criminal offense. If you are not the intended recipient be aware 
that any disclosure, copying, distribution or use of the contents of this 
information, even if partially, including attached files, is strictly 
prohibited, will be considered a criminal offense, so you must reply to the 
original sender to inform about this communication and delete it.





-- 

To unsubscribe from this mailing list, get a password reminder, or change your 
subscription options, please visit: 
https://lists.ripe.net/mailman/listinfo/anti-abuse-wg