Re: [anti-abuse-wg] Bulletproof servers causing mischief on the internet
Over a decade ago, a friend (then working at a large national telecom regulator) told me that industry self regulation works best, and that if the government was forced to step in and regulate, neither industry nor government would be happy with the results. Looks like that saying seems to be coming true. --srs From: anti-abuse-wg on behalf of Serge Droz via anti-abuse-wg Sent: Friday, January 19, 2024 2:16:19 AM To: anti-abuse-wg@ripe.net Subject: Re: [anti-abuse-wg] Bulletproof servers causing mischief on the internet Hi Hank Thanks for this: It's pure gold. I sometimes think this WG is held prisoner by a hand full of people, which are the ones that then whine in five years because the EU will put a stop at this on their terms. Here in Switzerland more and more anti abuse legislation is enacted because some providers just won't move. Best Serge On 18/01/2024 07:46, Hank Nussbacher wrote: > On 17/01/2024 23:05, Tomás Oliveira Valente Leite de Castro via > anti-abuse-wg wrote: > >> I believe RIPE NCC's job is not to police the internet, but to provide >> registration services. However RIPE should guarantee that the >> registrant's data is correct and up to date. This includes a proper >> abuse contact. > > I have heard so often that RIPE NCC's job is to *not* police the > Internet. Then I heard John Curran's keynote at NANOG in October: > The Expanding Landscape of Internet Governance: Why Network Operators > Need a Global View > https://www.youtube.com/watch?v=U1Ip39Qv-Zk > and realize that over the next decade we will be handed EU edicts that > will far exceed anything we thought possible. Take the 45 minutes and > listen to John. > > Regards, > Hank > -- Dr. Serge Droz Director, Forum of Incident Response and Security Teams (FIRST) serge.d...@first.org | https://www.first.org -- To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/anti-abuse-wg -- To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/anti-abuse-wg
Re: [anti-abuse-wg] Bulletproof servers causing mischief on the internet
Hi Hank Thanks for this: It's pure gold. I sometimes think this WG is held prisoner by a hand full of people, which are the ones that then whine in five years because the EU will put a stop at this on their terms. Here in Switzerland more and more anti abuse legislation is enacted because some providers just won't move. Best Serge On 18/01/2024 07:46, Hank Nussbacher wrote: On 17/01/2024 23:05, Tomás Oliveira Valente Leite de Castro via anti-abuse-wg wrote: I believe RIPE NCC's job is not to police the internet, but to provide registration services. However RIPE should guarantee that the registrant's data is correct and up to date. This includes a proper abuse contact. I have heard so often that RIPE NCC's job is to *not* police the Internet. Then I heard John Curran's keynote at NANOG in October: The Expanding Landscape of Internet Governance: Why Network Operators Need a Global View https://www.youtube.com/watch?v=U1Ip39Qv-Zk and realize that over the next decade we will be handed EU edicts that will far exceed anything we thought possible. Take the 45 minutes and listen to John. Regards, Hank -- Dr. Serge Droz Director, Forum of Incident Response and Security Teams (FIRST) serge.d...@first.org | https://www.first.org -- To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/anti-abuse-wg
Re: [anti-abuse-wg] Bulletproof servers causing mischief on the internet
So we repeat the entire exercise with v6 or Jim fleming’s ipv9 if and when that comes out? Right --srs From: anti-abuse-wg on behalf of Tomás Leite de Castro via anti-abuse-wg Sent: Thursday, January 18, 2024 8:51:29 PM To: anti-abuse-wg@ripe.net Subject: Re: [anti-abuse-wg] Bulletproof servers causing mischief on the internet Hi, I just wanted to make a last comment on the previous email you sent. > The business model of many bulletproof companies is to ignore reports of > abuse, RIPE NCC does not seem to do much against this and criminals are not > afraid of retaliation from RIPE NCC towards them. and currently RIPE NCC is > an attractive organization to get IP addresses for bulletproof servers, how > good is this? It is true that their job is to ignore abuse reports. Also please note that RIPE currently no longer has IPv4 blocks to assign. New members must either get their space from a waitlist (which takes time and it’s limited to a single /24) or buy IP space from other entities. I do not believe that RIPE is more “attractive” than other Registries to obtain IP space for such illegal activities. All 5 RIRs have similar policies. Take a look at ARIN’s fraud reporting results. https://www.arin.net/vault/reference/tools/fraud_report/results/2023/#2023Q2 As it’s been said, it’s not RIPE’s job to police the internet. And please note that ultimately the ISPs providing connectivity to these organisations are the ones “allowing” the fraud to happen. If all RIRs took action then I’m sure criminals would lease IP space from reputable LIRs. Given the current IPv4 shortage, I believe this is the case already. RIPE isn’t allocating a lot of IPs recently simply because they ran out. Best regards, Tomás Leite de Castro > On 18 Jan 2024, at 10:20, OSINTGuardian wrote: > > Hi Tomas, > > I am not referring to bulletproof servers in Tor, since I understand that > this is more difficult to detect since it is deep in the internet. I am > referring to the bulletproof hosting that is flooding the clear web with > illegal content. > I currently know different bulletproof hosting, as you probably do too, but > no one does anything against this, which mostly affects the clear web. > > illegal activities: > > I am not referring to fighting bulletproof hosting due to spam networks, > botnets and DDOS attacks. I am referring to bulletproof hosting that has > clients who are pedophiles or drug traffickers (and these clients say it > openly) and when the police or internet users send abuse reports to the > bulletproof hosting email, the report is ignored. > > Because of bulletproof hosting, the dark net has been on the clear web for > some years with child pornography sites, pedophile forums, drug sales sites > and among other websites that the owners are clients of bulletproof hosting. > So you can see that I'm not exaggerating, google "dutchanonstore.to" and > you'll see what I mean > > In case you are wondering, the company behind this drug sales website is > KODDOS (Amarutu Technology Ltd), one of the most famous bulletproof companies > currently and which is on the TOP 1 list of ISPs that provide bulletproof > servers for illegal websites > > This is not the only famous bulletproof hosting, cybercriminals use a company > like Cloudflare but Russian and with bulletproof servers that are hosted in > Russia. the company DDOS-GUARD and it is not the first time that this company > is mentioned here since some time ago a famous client of ddos-guard was Hamas > (terrorist group) > > I have a lot of evidence against bulletproof servers and how they are > complicit in illegal activities, although having evidence of this is not that > difficult since many of them are publicly promoted as "bulletproof hosting." > The police usually do not do much against this, intelligence agencies such as > the FBI, Interpol, Europol and among others are slow to do something against > the bulletproof servers, and when they do something against this and they > arrest the owners of these companies, which What they do is that new > criminals create 6 new bulletproof hosting companies and all the clients go > to that new company to host the illegal websites. > > Not to mention, the time it takes for authorities to do something against > bulletproof hosting is 3 to 6 years, until they arrest the people behind the > company with illegal activities. The authorities act extremely slowly and the > clean web is filling up with illegal websites. > > Basically this is what has been happening for years and no one does anything: > screenshot: https://i.imgur.com/nKZz8qx.png > > The business model of many bulletproof companies is to ignore reports of > abuse, RIPE NCC does not seem to do much against this and criminals are not > afraid of retaliation from RIPE NCC towards them. and currently RIPE NCC is > an attractive organization to get IP addresses for bulletproof
Re: [anti-abuse-wg] Bulletproof servers causing mischief on the internet
Hi, I just wanted to make a last comment on the previous email you sent. > The business model of many bulletproof companies is to ignore reports of > abuse, RIPE NCC does not seem to do much against this and criminals are not > afraid of retaliation from RIPE NCC towards them. and currently RIPE NCC is > an attractive organization to get IP addresses for bulletproof servers, how > good is this? It is true that their job is to ignore abuse reports. Also please note that RIPE currently no longer has IPv4 blocks to assign. New members must either get their space from a waitlist (which takes time and it’s limited to a single /24) or buy IP space from other entities. I do not believe that RIPE is more “attractive” than other Registries to obtain IP space for such illegal activities. All 5 RIRs have similar policies. Take a look at ARIN’s fraud reporting results. https://www.arin.net/vault/reference/tools/fraud_report/results/2023/#2023Q2 As it’s been said, it’s not RIPE’s job to police the internet. And please note that ultimately the ISPs providing connectivity to these organisations are the ones “allowing” the fraud to happen. If all RIRs took action then I’m sure criminals would lease IP space from reputable LIRs. Given the current IPv4 shortage, I believe this is the case already. RIPE isn’t allocating a lot of IPs recently simply because they ran out. Best regards, Tomás Leite de Castro > On 18 Jan 2024, at 10:20, OSINTGuardian wrote: > > Hi Tomas, > > I am not referring to bulletproof servers in Tor, since I understand that > this is more difficult to detect since it is deep in the internet. I am > referring to the bulletproof hosting that is flooding the clear web with > illegal content. > I currently know different bulletproof hosting, as you probably do too, but > no one does anything against this, which mostly affects the clear web. > > illegal activities: > > I am not referring to fighting bulletproof hosting due to spam networks, > botnets and DDOS attacks. I am referring to bulletproof hosting that has > clients who are pedophiles or drug traffickers (and these clients say it > openly) and when the police or internet users send abuse reports to the > bulletproof hosting email, the report is ignored. > > Because of bulletproof hosting, the dark net has been on the clear web for > some years with child pornography sites, pedophile forums, drug sales sites > and among other websites that the owners are clients of bulletproof hosting. > So you can see that I'm not exaggerating, google "dutchanonstore.to" and > you'll see what I mean > > In case you are wondering, the company behind this drug sales website is > KODDOS (Amarutu Technology Ltd), one of the most famous bulletproof companies > currently and which is on the TOP 1 list of ISPs that provide bulletproof > servers for illegal websites > > This is not the only famous bulletproof hosting, cybercriminals use a company > like Cloudflare but Russian and with bulletproof servers that are hosted in > Russia. the company DDOS-GUARD and it is not the first time that this company > is mentioned here since some time ago a famous client of ddos-guard was Hamas > (terrorist group) > > I have a lot of evidence against bulletproof servers and how they are > complicit in illegal activities, although having evidence of this is not that > difficult since many of them are publicly promoted as "bulletproof hosting." > The police usually do not do much against this, intelligence agencies such as > the FBI, Interpol, Europol and among others are slow to do something against > the bulletproof servers, and when they do something against this and they > arrest the owners of these companies, which What they do is that new > criminals create 6 new bulletproof hosting companies and all the clients go > to that new company to host the illegal websites. > > Not to mention, the time it takes for authorities to do something against > bulletproof hosting is 3 to 6 years, until they arrest the people behind the > company with illegal activities. The authorities act extremely slowly and the > clean web is filling up with illegal websites. > > Basically this is what has been happening for years and no one does anything: > screenshot: https://i.imgur.com/nKZz8qx.png > > The business model of many bulletproof companies is to ignore reports of > abuse, RIPE NCC does not seem to do much against this and criminals are not > afraid of retaliation from RIPE NCC towards them. and currently RIPE NCC is > an attractive organization to get IP addresses for bulletproof servers, how > good is this? > > Claudia Lopez > OSINTGuardian > > > On ene. 17 2024, at 9:10 pm, Tomás Oliveira Valente Leite de Castro via > anti-abuse-wg wrote: > Hi, > > As far as "taking down" bulletproof hosting, that is very hard to do as > they often operate on jurisdictions that are easier for them to run > their business. > RIPE NCC only
Re: [anti-abuse-wg] Bulletproof servers causing mischief on the internet
Hi, On Thu, Jan 18, 2024 at 04:04:03AM +, Suresh Ramasubramanian wrote: > If the database is filled with nonsensical information that anyone can hand > in and get themselves a large netblock there isn???t much point to the entire > exercise. This claim has, as usual, no basis. Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer Joseph-Dollinger-Bogen 14Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279 signature.asc Description: PGP signature -- To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/anti-abuse-wg
Re: [anti-abuse-wg] Bulletproof servers causing mischief on the internet
<<< text/html; charset=UTF-8: Unrecognized >>> -- To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/anti-abuse-wg
