[anti-abuse-wg] Re: Self registration
Yes we also assign an abuse-c There’s no point in our abuse desk getting reports about things we can do very little about Of course a lot of LEA and others seem to be using some weird tools for parsing the database, so we still get reports for blocks we’ve assigned As for this SWIP thing – all the references in that document refer to ARIN. Was any such policy / process considered in the RIPE region? -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ https://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 I have sent this email at a time that is convenient for me. I do not expect you to respond to it outside of your usual working hours. From: Alessandro Vesely Date: Friday, 26 July 2024 at 12:39 To: Michele Neylon - Blacknight , anti-abuse-wg@ripe.net Subject: Re: [anti-abuse-wg] Re: Self registration [EXTERNAL EMAIL] Please use caution when opening attachments from unrecognised sources. On Fri 26/Jul/2024 12:44:56 +0200 Michele Neylon - Blacknight via anti-abuse-wg wrote: > Alessandro > > I’ve no idea who your upstream LIR is, but I know that quite a few LIRs > **will** assign IP blocks to clients in the RIPE database. Doing it for every > single individual IP would be an admin burden, but I know we do it for a lot > of > our clients who have blocks of IPs. Do you mean "will _register_ IP blocks"? That's my experience as well. Do you also assign an abuse-c? > So please don’t make broad sweeping statements as if they were facts. They /are/ facts, up to a few exceptions. Once there was a sort of self registration, SWIP[*], for self registering small blocks (I got a /29). The concept of ISP in that document[*] was much more transitive than in current acceptation. Why was it dismissed? Best Ale -- [*] https://ftp.ripe.net/ripe/inaddr/arin-templates/swipinstruction.txt - To unsubscribe from this mailing list or change your subscription options, please visit: https://mailman.ripe.net/mailman3/lists/anti-abuse-wg.ripe.net/ As we have migrated to Mailman 3, you will need to create an account with the email matching your subscription before you can change your settings. More details at: https://www.ripe.net/membership/mail/mailman-3-migration/
[anti-abuse-wg] Re: Self registration, was Draft minutes from RIPE 88 for your consideration
Alessandro I’ve no idea who your upstream LIR is, but I know that quite a few LIRs *will* assign IP blocks to clients in the RIPE database. Doing it for every single individual IP would be an admin burden, but I know we do it for a lot of our clients who have blocks of IPs. So please don’t make broad sweeping statements as if they were facts. Regards Michele -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ https://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 I have sent this email at a time that is convenient for me. I do not expect you to respond to it outside of your usual working hours. - To unsubscribe from this mailing list or change your subscription options, please visit: https://mailman.ripe.net/mailman3/lists/anti-abuse-wg.ripe.net/ As we have migrated to Mailman 3, you will need to create an account with the email matching your subscription before you can change your settings. More details at: https://www.ripe.net/membership/mail/mailman-3-migration/
Re: [anti-abuse-wg] IP Range Flagged as VPN/Proxy by Amazon Prime Video/Disney+/Netflix
Been there. It’s an absolute pain. If you contact me offlist I can try and assist you Regards Michele -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ https://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 I have sent this email at a time that is convenient for me. I do not expect you to respond to it outside of your usual working hours. From: anti-abuse-wg on behalf of Westermaier, Andreas Date: Wednesday, 19 June 2024 at 13:07 To: anti-abuse-wg@ripe.net Subject: [anti-abuse-wg] IP Range Flagged as VPN/Proxy by Amazon Prime Video/Disney+/Netflix [EXTERNAL EMAIL] Please use caution when opening attachments from unrecognised sources. Dear members, recently, our customers have been unable to stream content from Amazon Prime Video, Disney+ and possibly Netflix, receiving the error message: "Your device is connected to the internet using a VPN or proxy service. Please disable it and try again." We have confirmed that no VPN or proxy services are being used within our network (we operate the IP addresses from our own AS). We suspect our IP range (a whole /22!) might have been mistakenly flagged by the content delivery networks of these streaming services (or third party blacklist providers). Did anyone deal with this problem before and can steer us in the right direction on resolving this issue or how to get in contact with the streaming or blacklist provider? Thank you for your assistance. Best regards, Andreas Westermaier overturn technologies GmbH Isarstraße 6, 85356 Freising, Germany www.overturn.de<http://www.overturn.de> -- To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/anti-abuse-wg -- To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/anti-abuse-wg
Re: [anti-abuse-wg] Seeking Input on the Future of the Anti-Abuse Working Group
Suresh It might be helpful to discuss this with them. I’m sure there are *some* things that they could do without putting it to the members, but there’s a lot of things that would need member agreement in order to change. Regards Michele -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ https://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 I have sent this email at a time that is convenient for me. I do not expect you to respond to it outside of your usual working hours. From: anti-abuse-wg on behalf of Suresh Ramasubramanian Date: Monday, 13 May 2024 at 14:44 To: Serge Droz Cc: anti-abuse-wg@ripe.net Subject: Re: [anti-abuse-wg] Seeking Input on the Future of the Anti-Abuse Working Group [EXTERNAL EMAIL] Please use caution when opening attachments from unrecognised sources. RIPE NCC doesn’t really need member input or consensus to change a lot of this. Certainly not in tightening or enforcing due diligence procedures rather than charging 50 euro an ASN —srs From: anti-abuse-wg on behalf of Serge Droz via anti-abuse-wg Sent: Monday, May 13, 2024 7:03:18 PM Cc: anti-abuse-wg@ripe.net Subject: Re: [anti-abuse-wg] Seeking Input on the Future of the Anti-Abuse Working Group Hi Michele > RIPE currently does not have the power to do a lot of things. The WG > cannot magically change that. This is the old merry go round. Maybe RIPE NCC needs to change certain things, or it will be changed for them. The WG could provide guidance and suggest possible avenues where RIPE needs/should change. RIPE can then still ignore that. Believe it or not: Organizations can change. So if you say you don't want to discuss this, fine. But don't blame it RIPE not being able to change. Best Serge -- Dr. Serge Droz Member, FIRST Board of Directors https://www.first.org -- To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/anti-abuse-wg -- To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/anti-abuse-wg
Re: [anti-abuse-wg] Seeking Input on the Future of the Anti-Abuse Working Group
Serge It’s not a matter of “comfort zones” – which Nick explained quite articulately RIPE currently does not have the power to do a lot of things. The WG cannot magically change that. If you look at the current “debate” raging on the main members’ list, people are arguing over a potential 50 euro / year fee for an ASN trying to make out that it could potentially bankrupt them…. Getting the same people to agree to giving RIPE NCC more powers over their actions would be an uphill struggle! Regards Michele -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ https://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 I have sent this email at a time that is convenient for me. I do not expect you to respond to it outside of your usual working hours. From: anti-abuse-wg on behalf of Serge Droz via anti-abuse-wg Date: Friday, 10 May 2024 at 13:51 To: Cc: anti-abuse-wg@ripe.net Subject: Re: [anti-abuse-wg] Seeking Input on the Future of the Anti-Abuse Working Group [EXTERNAL EMAIL] Please use caution when opening attachments from unrecognised sources. Hi Nick I agree. But what you are saying, is that the WG should continue having no tangible effect, because the status quo is more important than getting out of one's comfort zone. Meanwhile others will, in my opinion, push for policy change. And these others likely lack crucial insight, i.e. will produce policies that have undesirable side effects. The question was if we want to recharter this WG, so I answered what I felt merits the name. I like the training the WG produced in the past, but I don't remember much else. If we want to make a concrete contribution to fighting abuse, we may have to leave our comfort zone. The internet and the world it lies within has changed considerably in the past years. This would suggest we should too. But I think I made my point by now, and I realise it's not a comfortable one. Best Serge On 10 May 2024 11:57:44 UTC, Nick Hilliard wrote: Serge, there's been extensive debate on AAWG over the years about the principles behind your additional suggestions below, but very little consensus. If sanctioning is added to the charter of a new security-wg, this lack of consensus is likely to continue, and the only outcome will be that the WG will be distracted from other productive output. I understand why you might want it in there, but punitive action is not within the remit of the RIPE NCC. Similarly on point 2, advocacy is important, but requirement / enforcement is out of scope for both the RIPE Community and RIPE NCC. Nick Serge Droz via anti-abuse-wg wrote on 10/05/2024 07:21: Hi Leo It's more about sharpening the focus. I colored this red below. I feel eventually the RIPE NCC must adapt stronger policies to punish non-action or disregard of action. I think it would be better if this WG comes up with such policies which the RIPE NCC can then adopt (or not) rather than the RIPE NCC having to react to external pressure, e.g. from policy makers, in particular the EU. I'm sure one can formulate this much better. I firmly believe, that there is no way around stronger regulation, and I'd much rather see this coming from this community than form the outside. The regulators i see and work with are increasingly irritated and react with totally inadequate demands, which I wont reproduce here. 1. Identifying and analyzing emerging security threats and vulnerabilities affecting Internet infrastructure. 2. Collaborating with stakeholders, in particular the RIPE community, to develop and advocate and implement best practices, guidelines, and standards for securing Internet resources. 3. Facilitating information sharing and cooperation among network operators, law enforcement, and relevant entities to mitigate security risks. 4. Providing education, training, and outreach initiatives to raise awareness of security issues and promote best practices adoption. 5. Develop policies recommendations to the RIPE NCC that help enforcing good behavior and sanction disregard for faccepted security standards. This includes the definition of acceptable minimal standards. Best regards Serge On 09.05.24 21:39, Leo Vegoda wrote: Hi Serge, On Thu, 9 May 2024 at 11:41, Serge Droz via anti-abuse-wg <mailto:anti-abuse-wg@ripe.net> wrote: Hi Leo We can only recommend the community, obviously. I agree. So these aare the best practices We can recommend that RIPE NCC changes its rules and procedures to address certain issues. As a WG, if I'm correct we have no other power. Based on thisl, I d
Re: [anti-abuse-wg] Co-Chair selection
Markus This is great news. Brian has done a fantastic job with this group over the years Regards Michele -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ https://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 I have sent this email at a time that is convenient for me. I do not expect you to respond to it outside of your usual working hours. From: anti-abuse-wg on behalf of Markus de Brün Date: Tuesday, 7 May 2024 at 11:37 To: anti-abuse-wg@ripe.net Subject: [anti-abuse-wg] Co-Chair selection [EXTERNAL EMAIL] Please use caution when opening attachments from unrecognised sources. Dear colleagues, the deadline for nominations has ended and we received one nomination. It is our current and long-standing co-chair Brian. In case you do not know Brian, there is a short biography at the end of this email. Brian is willing to accept his nomination. Tobias and I are happy to continue to work with him. It would be great to hear from you if you support Brian as well. Kind regards, Markus Brian's bio taken from https://www.ripe.net/community/wg/active-wg/anti-abuse/wg-chair-biographies/brian-nisbet/ - snip - Brian Nisbet is Co-chair of the RIPE Anti-Abuse Working Group. He's been an active member of the RIPE community and the Anti-Abuse Working Group since RIPE 49. He's passionate about the Internet being an accessible and enjoyable experience for everyone, and network abuse is completely antithetical to that goal. Brian’s day job is as Network Operations Manager for HEAnet, the Irish National Research and Education Network, and he is the Chair of the NOC Special Interest Group (SIG-NOC) for the European academic networking community. He is also the Working Group Chairs representative to the RIPE PC. - snap - -- To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/anti-abuse-wg -- To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/anti-abuse-wg
Re: [anti-abuse-wg] LEA Transparency Report 2023
Serge As I said, it’s an odd attempt at making a point, if that’s what it is. Regards Michele -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ https://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 I have sent this email at a time that is convenient for me. I do not expect you to respond to it outside of your usual working hours. From: Serge Droz Date: Wednesday, 10 April 2024 at 10:38 To: Michele Neylon - Blacknight , anti-abuse-wg@ripe.net Subject: Re: [anti-abuse-wg] LEA Transparency Report 2023 [EXTERNAL EMAIL] Please use caution when opening attachments from unrecognised sources. Hi Michele As I said: They may make a point. Maybe they don't understand what RIPS dies. But that's an assumption, and the tech community tends to underrate authorities, so don't count on it. Best Serge On 10.04.24 11:32, Michele Neylon - Blacknight wrote: > Serge > > The report speaks about French LEA asking RIPE for data that RIPE does > not have. > > You then go off on some complete tangent about governments not being > satisfied with tech companies. > > How are the two related? > > What purpose does asking RIPE (or anyone else) for data they simply do > not have serve? > > A much more rational explanation is that LEA simply do not understand > what data RIPE (or others) have and that maybe the solution is to > educate them. > > I have heard from some in LEA that the amount of engagement from RIPE, > ICANN etc., in the past couple of years has reduced, though that’s > purely anecdotal. > > Regards > > Michele > > -- > > Mr Michele Neylon > > Blacknight Solutions > > Hosting, Colocation & Domains > > https://www.blacknight.com/ <https://www.blacknight.com/> > > https://blacknight.blog/ <https://blacknight.blog/> > > Intl. +353 (0) 59 9183072 > > Direct Dial: +353 (0)59 9183090 > > Personal blog: https://michele.blog/ <https://michele.blog/> > > Some thoughts: https://ceo.hosting/ <https://ceo.hosting/> > > --- > > Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business > Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 > > I have sent this email at a time that is convenient for me. I do not > expect you to respond to it outside of your usual working hours. > -- Dr. Serge Droz Member, FIRST Board of Directors https://www.first.org -- To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/anti-abuse-wg
Re: [anti-abuse-wg] LEA Transparency Report 2023
Suresh The devil is in the details…. Michele -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ https://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 I have sent this email at a time that is convenient for me. I do not expect you to respond to it outside of your usual working hours. From: Suresh Ramasubramanian Date: Wednesday, 10 April 2024 at 10:38 To: Michele Neylon - Blacknight , Serge Droz , anti-abuse-wg@ripe.net Subject: Re: [anti-abuse-wg] LEA Transparency Report 2023 [EXTERNAL EMAIL] Please use caution when opening attachments from unrecognised sources. LEA especially the computer crime part of LEA has been dealing with RIRs for some decades now? The specifics of this case would be interesting. --srs From: anti-abuse-wg on behalf of Michele Neylon - Blacknight via anti-abuse-wg Sent: Wednesday, April 10, 2024 3:02:51 PM To: Serge Droz ; anti-abuse-wg@ripe.net Subject: Re: [anti-abuse-wg] LEA Transparency Report 2023 Serge The report speaks about French LEA asking RIPE for data that RIPE does not have. You then go off on some complete tangent about governments not being satisfied with tech companies. How are the two related? What purpose does asking RIPE (or anyone else) for data they simply do not have serve? A much more rational explanation is that LEA simply do not understand what data RIPE (or others) have and that maybe the solution is to educate them. I have heard from some in LEA that the amount of engagement from RIPE, ICANN etc., in the past couple of years has reduced, though that’s purely anecdotal. Regards Michele -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ https://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 I have sent this email at a time that is convenient for me. I do not expect you to respond to it outside of your usual working hours. -- To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/anti-abuse-wg
Re: [anti-abuse-wg] LEA Transparency Report 2023
Serge The report speaks about French LEA asking RIPE for data that RIPE does not have. You then go off on some complete tangent about governments not being satisfied with tech companies. How are the two related? What purpose does asking RIPE (or anyone else) for data they simply do not have serve? A much more rational explanation is that LEA simply do not understand what data RIPE (or others) have and that maybe the solution is to educate them. I have heard from some in LEA that the amount of engagement from RIPE, ICANN etc., in the past couple of years has reduced, though that’s purely anecdotal. Regards Michele -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ https://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 I have sent this email at a time that is convenient for me. I do not expect you to respond to it outside of your usual working hours. -- To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/anti-abuse-wg
Re: [anti-abuse-wg] Reverse DNS delegations
It depends on the LIR – some let you, some don’t. And no, you don’t own the IPs – the LIR does -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ https://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 I have sent this email at a time that is convenient for me. I do not expect you to respond to it outside of your usual working hours. From: Alessandro Vesely Date: Friday, 5 April 2024 at 16:24 To: Michele Neylon - Blacknight , anti-abuse-wg Subject: Re: [anti-abuse-wg] Reverse DNS delegations [EXTERNAL EMAIL] Please use caution when opening attachments from unrecognised sources. On Fri 05/Apr/2024 14:41:01 +0200 Michele Neylon - Blacknight via anti-abuse-wg wrote: > Have you asked them to setup PTR records? I did so for IPv4. They're unable to delegate but can set PTRs. For IPv6, they don't have delegation for their own range, so cannot possibly resolve mine. > We usually do it for our clients, so I’ve no idea how others handle it Why can't users of a given range set up their own delegation? I know it should be hierarchical, but in case RIPE did not delegate anything (found SOA 0.a.2.ip6.arpa. dns.ripe.net) couldn't they delegate directly after proof of "ownership"? Best Ale > -- > Mr Michele Neylon > Blacknight Solutions > Hosting, Colocation & Domains > https://www.blacknight.com/ > https://blacknight.blog/ > Intl. +353 (0) 59 9183072 > Direct Dial: +353 (0)59 9183090 > Personal blog: https://michele.blog/ > Some thoughts: https://ceo.hosting/ > --- > Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty > Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 > > I have sent this email at a time that is convenient for me. I do not expect > you to respond to it outside of your usual working hours. > > > From: anti-abuse-wg on behalf of Alessandro > Vesely > Date: Friday, 5 April 2024 at 13:01 > To: anti-abuse-wg > Subject: [anti-abuse-wg] Reverse DNS delegations > [EXTERNAL EMAIL] Please use caution when opening attachments from > unrecognised sources. > > Hi all, > > what's the policy for reverse delegation? My provider assigned me a > 2a02:29e1:500:6c00::/56. Great. However they didn't delegate reverse DNS. > Indeed, their own 2a02:29e1::/32 has no delegations: > > ; <<>> DiG 9.18.24-1-Debian <<>> 1.e.9.2.2.0.a.2.ip6.arpa ns > ;; global options: +cmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 19800 > ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 > > ;; OPT PSEUDOSECTION: > ; EDNS: version: 0, flags:; udp: 1232 > ; COOKIE: cad8ae482b0e559c0100660fe49763aa815e05fda159 (good) > ;; QUESTION SECTION: > ;1.e.9.2.2.0.a.2.ip6.arpa. IN NS > > ;; AUTHORITY SECTION: > 0.a.2.ip6.arpa. 3600IN SOA pri.authdns.ripe.net. > dns.ripe.net. 1712314758 3600 600 864000 3600 > > > Now there are mail servers which reject mail if they don't find a matching > PTR: > ><<< 554 resimta-c2p-559421.sys.comcast.net > resimta-c2p-559421.sys.comcast.net 2a02:29e1:500:6c00::4 Comcast requires > that all mail servers must have a PTR record with a valid Reverse DNS entry. > Currently your mail server does not fill that requirement. For more > information, refer to: https://postmaster.comcast.net/smtp-error-codes.php#554 > > > Why isn't it possible to gain a delegation by proving number assignment? > > > Best > Ale > -- > > > > > > > > > -- > > To unsubscribe from this mailing list, get a password reminder, or change > your subscription options, please visit: > https://lists.ripe.net/mailman/listinfo/anti-abuse-wg > > -- To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/anti-abuse-wg
Re: [anti-abuse-wg] Reverse DNS delegations
Have you asked them to setup PTR records? We usually do it for our clients, so I’ve no idea how others handle it -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ https://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 I have sent this email at a time that is convenient for me. I do not expect you to respond to it outside of your usual working hours. From: anti-abuse-wg on behalf of Alessandro Vesely Date: Friday, 5 April 2024 at 13:01 To: anti-abuse-wg Subject: [anti-abuse-wg] Reverse DNS delegations [EXTERNAL EMAIL] Please use caution when opening attachments from unrecognised sources. Hi all, what's the policy for reverse delegation? My provider assigned me a 2a02:29e1:500:6c00::/56. Great. However they didn't delegate reverse DNS. Indeed, their own 2a02:29e1::/32 has no delegations: ; <<>> DiG 9.18.24-1-Debian <<>> 1.e.9.2.2.0.a.2.ip6.arpa ns ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 19800 ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 ; COOKIE: cad8ae482b0e559c0100660fe49763aa815e05fda159 (good) ;; QUESTION SECTION: ;1.e.9.2.2.0.a.2.ip6.arpa. IN NS ;; AUTHORITY SECTION: 0.a.2.ip6.arpa. 3600IN SOA pri.authdns.ripe.net. dns.ripe.net. 1712314758 3600 600 864000 3600 Now there are mail servers which reject mail if they don't find a matching PTR: <<< 554 resimta-c2p-559421.sys.comcast.net resimta-c2p-559421.sys.comcast.net 2a02:29e1:500:6c00::4 Comcast requires that all mail servers must have a PTR record with a valid Reverse DNS entry. Currently your mail server does not fill that requirement. For more information, refer to: https://postmaster.comcast.net/smtp-error-codes.php#554 Why isn't it possible to gain a delegation by proving number assignment? Best Ale -- -- To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/anti-abuse-wg -- To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/anti-abuse-wg
Re: [anti-abuse-wg] Seeking Input on the Future of the Anti-Abuse Working Group
Markus There should be a simple “continue as now” option, though I do appreciate that opening a discussion on the WG’s future could be useful Expanding the group’s scope – okay, but to what? And to what end? Regards Michele -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ https://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 I have sent this email at a time that is convenient for me. I do not expect you to respond to it outside of your usual working hours. -- To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/anti-abuse-wg
Re: [anti-abuse-wg] IS3C public consultation on an alternative narrative to deploy Internet standards
Serge Several ccTLD registries have given discounts for DNSSEC. What is unclear is how many of the domains with DNSSEC enabled are in active use, so the lack of “problems” could be simply down to a complete lack of us / ignorance that the technology was enabled. My main issue with focus on DNSSEC is that it is seen being a “good use” of resources, so small registries who should invest in other things that are fundamentally more important feel obliged to enable it. There’s also the entire “I’ve got DNSSEC so now my domain / site / service is secure” belief. Much like people who think that smacking an SSL cert on their site magically renders it secure. Regards Michele -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ https://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 I have sent this email at a time that is convenient for me. I do not expect you to respond to it outside of your usual working hours. From: anti-abuse-wg on behalf of Serge Droz via anti-abuse-wg Date: Monday, 11 March 2024 at 12:24 To: anti-abuse-wg@ripe.net Subject: Re: [anti-abuse-wg] IS3C public consultation on an alternative narrative to deploy Internet standards [EXTERNAL EMAIL] Please use caution when opening attachments from unrecognised sources. > Pushing for DNSSEC adoption by financial services, government and other > “enterprise” users makes a lot of sense, but pushing it for all domains > is a terrible idea and has more negative impacts than positives. Not if it's done properly, i.e. by the hosting providers. Should your aunt or uncle do it? Probably not. Since SWITCH gives registrars a discount if they sign, the number has risen dramatically, without any problems: https://www.nic.ch/de/statistics/dnssec/ Best Serge -- Dr. Serge Droz Member, FIRST Board of Directors https://www.first.org -- To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/anti-abuse-wg -- To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/anti-abuse-wg
Re: [anti-abuse-wg] IS3C public consultation on an alternative narrative to deploy Internet standards
They’re two very different things so asking about the two and pushing for them at the same time in my view is a bad idea. RPKI is only going to be deployed by network operators and they *should* have the technical ability to do this and doing so is “good” DNSSEC, on the other hand, is available for the many millions of domain names out there and is an incredibly brittle technology. A minor mistake with the deployment will literally kill the domain and all its services. Pushing for DNSSEC adoption by financial services, government and other “enterprise” users makes a lot of sense, but pushing it for all domains is a terrible idea and has more negative impacts than positives. Regards Michele, who has consistently disliked how much time energy and money is pushed into DNSSEC while so many other things aren’t resourced -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ https://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 I have sent this email at a time that is convenient for me. I do not expect you to respond to it outside of your usual working hours. From: anti-abuse-wg on behalf of Wout de Natris Date: Monday, 11 March 2024 at 10:01 To: anti-abuse-wg@ripe.net Subject: [anti-abuse-wg] IS3C public consultation on an alternative narrative to deploy Internet standards [EXTERNAL EMAIL] Please use caution when opening attachments from unrecognised sources. Dear colleagues, IGF DC IS3C invites you to participate in the consultation on positively enhancing the deployment of two Internet standards: DNSSEC and RPKI. You are invited to answer either of these questions: Do the arguments used to favor a positive decision, convince you to order deployment within your organisation or from your service provider? / Do they assist you to convince decision takers in your organisation to invest in security by design? You are invited to share your views and arguments with IS3C’s expert team and have been granted commenting rights in this document to do so. The consultation runs from 11 March to 12PM UTC, Friday 5 April 2024. Your contribution will be taken into consideration when finalising the text before publication this spring. Here is the link to the Google Doc: https://docs.google.com/document/d/1YYq3ie9D03L1Z5ssgPbWKV5becUgNw0h7_fmm9xGWKs/edit?usp=sharing [https://lh7-us.googleusercontent.com/docs/AHkbwyKX2Kk3Ln5vVsuCkXG99FKVph_OJAKVycHnHbNDtU3ypxvkIuZHkBdUoYgSyF8Q-44HL6Bfq8eDGZeMKI2Jyf-_6xgR24RTvX5QEmO69ZSTpnE=w1200-h630-p]<https://docs.google.com/document/d/1YYq3ie9D03L1Z5ssgPbWKV5becUgNw0h7_fmm9xGWKs/edit?usp=sharing> IS3C WG 8 work document<https://docs.google.com/document/d/1YYq3ie9D03L1Z5ssgPbWKV5becUgNw0h7_fmm9xGWKs/edit?usp=sharing> docs.google.com We hope to receive your views so we can present the most convincing arguments to deploy DNSSEC, RPKI and all other security-related Internet standards and ICT best practices. (FYI, this project is sponsored by ICANN and RIPE NCC.) Kind regards, Wout de Natris IS3C: Making the Internet more secure and safer -- To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/anti-abuse-wg
Re: [anti-abuse-wg] Call for Nominations: Co-Chair of the Anti-Abuse Working Group
Is Brian term limited? -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ https://blacknight.blog/ http://ceo.hosting/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265, Ireland Company No.: 370845 From: anti-abuse-wg on behalf of Markus de Brün Sent: Wednesday 6 March 2024 05:53 To: anti-abuse-wg@ripe.net Subject: [anti-abuse-wg] Call for Nominations: Co-Chair of the Anti-Abuse Working Group [EXTERNAL EMAIL] Please use caution when opening attachments from unrecognised sources. Dear colleagues, Brian's term as co-chair of the Anti-Abuse Working Group will conclude at RIPE 88. As such, we are initiating the selection process for a new co-chair. You can find detailed information about the selection process at [1]. We encourage you to submit nominations, whether self-nominations or nominations of others, before 17:00 CET on 5th May 2024. For those interested in understanding the responsibilities and expectations of a working group co-chair, please refer to RIPE-692 [2] and RIPE-765 [3]. If you have any further questions or would like to submit a nomination, please do not hesitate to contact us at aa-wg-ch...@ripe.net. Kind regards, Markus Co-chair, Anti-Abuse Working Group [1] https://www.ripe.net/community/wg/active-wg/anti-abuse/anti-abuse-wg-chair-selection-process/ [2] https://www.ripe.net/publications/docs/ripe-692 [3] https://www.ripe.net/publications/docs/ripe-765/ -- To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/anti-abuse-wg -- To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/anti-abuse-wg
Re: [anti-abuse-wg] Bulletproof servers causing mischief on the internet
Both registries and registrars that are accredited by ICANN have contracts with clear clauses related to abuse and their responsibility towards reports etc., As of right now no such requirement exists in the RIPE region, so I’m not sure that the parallel is a good one. In an ideal world self-regulation would be the way, but sadly there are a lot of providers who turn a blind eye to all sorts of unpleasant behaviour on their platforms / networks etc., so legislators are getting involved more and more. If there are LIRs in the RIPE region with dodgy contact details or anything else that would be illegal under Dutch law or in breach of any contracts or policies then they should be reported to RIPE NCC. It’s in RIPE NCC’s best interest not to run afoul of regulators and I know they invest quite heavily in engagement with government including LEA. Also please do not refer to DMCA. It’s American and is not legal in Europe. Seriously Regards Michele -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ https://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 I have sent this email at a time that is convenient for me. I do not expect you to respond to it outside of your usual working hours. From: anti-abuse-wg on behalf of Carlos Friaças via anti-abuse-wg Date: Friday, 19 January 2024 at 09:36 To: OSINTGuardian Cc: anti-abuse-wg@ripe.net Subject: Re: [anti-abuse-wg] Bulletproof servers causing mischief on the internet [EXTERNAL EMAIL] Please use caution when opening attachments from unrecognised sources. Greetings, Maybe we need a bulletproof hosting directory on the web? :-)) >From what i've learned, illegal content depends on jurisdiction, and effectively that's what greatly impacts the possibility of takedowns. I've also seen what you mention about advertising services as 'bulletproof', but i've already seen some of those companies remove that kind of advertising (in this case, web archives are your friend!) The RIPE NCC, afaik, doesn't act on illegal content, because it lacks any mandate for that. In the same way criminals are able to use phones, they are allowed to use IP addresses. The downside with the IP addresses is they can in practice build/manage (informal?) network operators, which provide them with a lot more flexibility. But that's the model we have had for decades... I totally agree with the ICANN comparison, but it wouldn't be only RIPE NCC, for efectiveness you would have to have all the five RIRs on the same page. But i'm afraid "the community" -- which also includes the 'bulletproofers' -- will not issue any mandate to the RIPE NCC to do something. Instead, at some point, we well see more regulatory stuff kicking in Best Regards, Carlos On Wed, 17 Jan 2024, OSINTGuardian wrote: > hi, > > There are more and more bulletproof hosting in the world every month and they > are causing more and more chaos, feeding the dark web by > providing servers to criminals of all kinds who use the servers on .onion > websites in Tor and flooding the clear web with illegal > content. > > There is a bulletproof hosting market that is even openly promoted, it is as > easy to find companies that provide bulletproof servers as > searching on Google, hacker forums or simple internet websites that provide > lists of bulletproof hosting companies. > > The business model of these companies is to ignore reports of abuse of > illegal content, to look the other way when someone uploads > illegal content. This is openly their business model, what does RIPE NCC do > about this? > > RIPE NCC provides IP addresses to many of these companies with bulletproof > servers that are then used by criminals on the Internet, > strengthening organized crime. > > ICANN publicly has an abuse reporting form, where users can report if a > company provides bulletproof domains or ignores abuse reports. > If RIPE NCC did this same thing, the internet would become a better place. > > If RIPE NCC did this and also other IP address accreditors, they would > greatly affect criminals on the Internet and therefore the > Internet would become a slightly safer place than it is today. Bulletproof > server companies would be afraid of being caught by RIPE NCC > committing these violations. Unfortunately, these companies currently feel > enough freedom to do this, that they even show themselves > publicly. > > Is RIPE NCC planning to do anything against this? > > - Claudia Lopez > OSINTGuardian > > -- To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/anti-abuse-wg
Re: [anti-abuse-wg] Draft RIPE87 Minutes for Consideration
It’s 2023 and Word is fairly commonly used by a lot of people. What format do you propose be used? -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ https://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 I have sent this email at a time that is convenient for me. I do not expect you to respond to it outside of your usual working hours. From: anti-abuse-wg on behalf of Gert Doering Date: Thursday, 21 December 2023 at 19:04 To: Brian Nisbet Cc: anti-abuse-wg@ripe.net Subject: Re: [anti-abuse-wg] Draft RIPE87 Minutes for Consideration [EXTERNAL EMAIL] Please use caution when opening attachments from unrecognised sources. Hi, On Thu, Dec 21, 2023 at 12:17:09PM +, Brian Nisbet wrote: > Please find attached the draft minutes from the WG Session at RIPE87. > > If you have any comments on the minutes, please email aa-wg-ch...@ripe.net > before the end of the first week of January. I do have a comment... and that is "can we have this in a reasonable and nonproprietary format, not known as a transport for viruses of all sorts"? We *do* train people to not klick on random attachments in e-mail. thanks, Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer Joseph-Dollinger-Bogen 14Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279 -- To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/anti-abuse-wg
Re: [anti-abuse-wg] Abuse Report ignored. What to do as next?
Serge The claim is that the change in policy had an impact in other regions. If that is true then where is the data to backup that assertion? Policy changes that have an impact on the NCC's resources and budget and RIPE members should be data driven where possible. Regards Michele -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ https://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 I have sent this email at a time that is convenient for me. I do not expect you to respond to it outside of your usual working hours. From: anti-abuse-wg on behalf of Serge Droz via anti-abuse-wg Date: Sunday, 3 December 2023 at 10:57 To: anti-abuse-wg@ripe.net Subject: Re: [anti-abuse-wg] Abuse Report ignored. What to do as next? [EXTERNAL EMAIL] Please use caution when opening attachments from unrecognised sources. Maybe it's time to measure these numbers in the RIPE region by trying a time limit experiment. If it doesn't work, we stop it again. We would have to discuss criteria for what "it work" means. That's a discussion I'd like to see on this list. By never trying anything concrete it's easy saying it doesn't work. Fact is, that other players have changed once pressure has been upped. Cheers Serge On 3 December 2023 09:48:43 UTC, Michele Neylon - Blacknight via anti-abuse-wg wrote: Please provide actual data. Numbers -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ https://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 I have sent this email at a time that is convenient for me. I do not expect you to respond to it outside of your usual working hours. From: anti-abuse-wg on behalf of jordi.palet--- via anti-abuse-wg Date: Friday, 1 December 2023 at 13:38 To: anti-abuse-wg@ripe.net Subject: Re: [anti-abuse-wg] Abuse Report ignored. What to do as next? [EXTERNAL EMAIL] Please use caution when opening attachments from unrecognised sources. Well … exactly the same way it has been already implemented in 2 other RIRs, working and no issues. Regards, Jordi @jordipalet > El 1 dic 2023, a las 14:28, Laura Atkins escribió: > > > >> On 1 Dec 2023, at 13:22, U.Mutlu wrote: >> >> Laura Atkins wrote on 12/01/23 13:22: >> > None of this will make a company who doesn’t want to deal with abuse >> > complaints deal with abuse complaints. It’s a total waste of resources. >> >> Then RIPE has to sanction that member. > > So we’re back to: how much will it cost to do this and how much will it > actually improve anything? > > Which ignores a lot of big questions like: does RIPE actually have the > authority to sanction folks, who is going to sanction them, what is the > appeals process, how do we get to the sanctioning decision, how are we going > to pay for the inevitable lawsuit, and a bunch of other things. > > It’s clear, though, that this is actually a much older argument. I’m pretty > sure I’m not the first person to ask HOW this will all be implemented. The > fact that someone can’t point me to a FAQ or actual proposal addressing these > questions tells me how seriously this is being taken by the folks who are > proposing it. > > laura > >> >> Example of ignored Abuse Reports regarding email hacking attempts: >> >> You get countless hacking attempts to your email server >> (ie. brute-force attacks trying to login as a mail client >> by using either a valid email login name or some random names; >> they usually fail b/c of wrong password). >> It all gets logged in the emailserver logs together with >> exact timings, so there is enough evidence available for verification. >> >> You send an Abuse Report to the owner of the IP from where >> these hacking attempts occur.But there is no reaction, >> the hacking attemps day and night continue. So, it's not just a one-time >> thing. >> Even if you block that IP, it still generates traffic and eats-up resources >> on the server. >> >> We need an effective solution to stop such abuses. >> RIPE NCC should ask the client to fix the problem and >> formally inform the RIPE NCC about the fix within 7 days. >>
Re: [anti-abuse-wg] Abuse Report ignored. What to do as next?
Please provide actual data. Numbers -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ https://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 I have sent this email at a time that is convenient for me. I do not expect you to respond to it outside of your usual working hours. From: anti-abuse-wg on behalf of jordi.palet--- via anti-abuse-wg Date: Friday, 1 December 2023 at 13:38 To: anti-abuse-wg@ripe.net Subject: Re: [anti-abuse-wg] Abuse Report ignored. What to do as next? [EXTERNAL EMAIL] Please use caution when opening attachments from unrecognised sources. Well … exactly the same way it has been already implemented in 2 other RIRs, working and no issues. Regards, Jordi @jordipalet > El 1 dic 2023, a las 14:28, Laura Atkins escribió: > > > >> On 1 Dec 2023, at 13:22, U.Mutlu wrote: >> >> Laura Atkins wrote on 12/01/23 13:22: >> > None of this will make a company who doesn’t want to deal with abuse >> > complaints deal with abuse complaints. It’s a total waste of resources. >> >> Then RIPE has to sanction that member. > > So we’re back to: how much will it cost to do this and how much will it > actually improve anything? > > Which ignores a lot of big questions like: does RIPE actually have the > authority to sanction folks, who is going to sanction them, what is the > appeals process, how do we get to the sanctioning decision, how are we going > to pay for the inevitable lawsuit, and a bunch of other things. > > It’s clear, though, that this is actually a much older argument. I’m pretty > sure I’m not the first person to ask HOW this will all be implemented. The > fact that someone can’t point me to a FAQ or actual proposal addressing these > questions tells me how seriously this is being taken by the folks who are > proposing it. > > laura > >> >> Example of ignored Abuse Reports regarding email hacking attempts: >> >> You get countless hacking attempts to your email server >> (ie. brute-force attacks trying to login as a mail client >> by using either a valid email login name or some random names; >> they usually fail b/c of wrong password). >> It all gets logged in the emailserver logs together with >> exact timings, so there is enough evidence available for verification. >> >> You send an Abuse Report to the owner of the IP from where >> these hacking attempts occur.But there is no reaction, >> the hacking attemps day and night continue. So, it's not just a one-time >> thing. >> Even if you block that IP, it still generates traffic and eats-up resources >> on the server. >> >> We need an effective solution to stop such abuses. >> RIPE NCC should ask the client to fix the problem and >> formally inform the RIPE NCC about the fix within 7 days. >> >> If the Abuse Reports still get ignored, then RIPE NCC >> should issue a 2nd warning and thereafter then terminate >> or suspend the membership until the issue gets fixed. >> >> >> Laura Atkins wrote on 12/01/23 13:22: >>> None of this will make a company who doesn’t want to deal with abuse >>> complaints deal with abuse complaints. It’s a total waste of resources. >>> >>> laura >>> >>>> On 1 Dec 2023, at 10:53, U.Mutlu wrote: >>>> >>>> For each complaint to RIPE NCC then such an >>>> (automated) email should be sent by the RIPE NCC >>>> to the abuse-c of that member. >>>> This should be the absolute minimum that should be done by the RIPE NCC. >>>> >>>> >>>> Matthias Merkel wrote on 11/30/23 11:47: >>>>> The proposal is to send verification emails to abuse mailboxes and have a >>>>> link >>>>> in them clicked, right? I would have no objection to that. >>>>> >>>>> Is there more that is being proposed in this proposal specifically? >>>>> >>>>> — >>>>> Maria Merkel >>>> >>>> >>>> >>>> -- >>>> >>>> To unsubscribe from this mailing list, get a password reminder, or change >>>> your subscription options, please visit: >>>> https://lists.ripe.net/mailman/listinfo/anti-abuse-wg >>> >>> -- >>> The Delivery Expert >>> >>> Laur
Re: [anti-abuse-wg] Abuse Report ignored. What to do as next?
Jordi Can you please provide links to the policies that were implemented elsewhere. Regards Michele -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ https://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 I have sent this email at a time that is convenient for me. I do not expect you to respond to it outside of your usual working hours. -- To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/anti-abuse-wg
Re: [anti-abuse-wg] URGENT
Simone We do not have any power to do anything. Regards Michele -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ https://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 I have sent this email at a time that is convenient for me. I do not expect you to respond to it outside of your usual working hours. From: anti-abuse-wg on behalf of simone miccolo Date: Tuesday, 28 November 2023 at 14:23 To: anti-abuse-wg@ripe.net Subject: Re: [anti-abuse-wg] URGENT [EXTERNAL EMAIL] Please use caution when opening attachments from unrecognised sources. yes michele old company was privacy-ukraine and old site was camgirl.gallery in the 2019 and now new site it's fastimages.org<http://fastimages.org> https://www.ripe.net/ripe/mail/archives/anti-abuse-wg/2019-July/005263.html https://www.ripe.net/ripe/mail/archives/anti-abuse-wg/2019-July/005263.html secunet and Cryptoservers are also no real hosting companies. the email is invalid They are just proxies to hide the real host IP 93.115.60.0<https://myip.ms/view/ip_addresses/93.115.60.0> - 93.115.60.255<https://myip.ms/view/ip_addresses/93.115.60.255> is DCH. Proxy del provider di hosting, da datacenter o CDN (Content Delivery Network). Before NForce there is another company called KnownSrv. KnownSrv has rented server space at NForce i read this on your website ripe: RIPE member Known Holdings Ltd operated by Krunoslav Begic set-up a fake entity called "Privacy Ukraine LLC" (AS206106) to host criminal enterprises. Secunet and Cryptoservers LTD have rented space at KnownSrv. It's designed to keep complaints away from NForce and to hide the ip address of the material illegal/Illicit content/activity. We believe that this entity was setup in order to reduce the amount of abuse complaints coming to Mr. Begic's main account. There are only illegal websites knownsvr(Kruno Begic) respond at me several times always obviously not hosted from us of knownsvr !!! i read also this on your website ripe: He assigned an entire /24 to one of the most notorious piracy websites operated out of Sweden by Antoine Hedgecock a/k/a macnibblet of Interactive Solutions There are only illegal websites that stolen photos/videos and not respond never at request dmca/copyright Antoine Charles Edouard Hedgecock CEO&Founder http://gaycamvideos.net<https://t.co/gQma5j3gfx> , http://<https://t.co/LXexOiC9PU>fastimages.org<http://fastimages.org/>, camvideos.me<http://camvideos.me/>, http://chaturbatevideos.net<https://t.co/t0129WwEAY> let me know please TY OK BYE Il giorno mar 28 nov 2023 alle ore 15:12 simone miccolo mailto:simonlimonban...@gmail.com>> ha scritto: secunet and Cryptoservers are also no real hosting companies. the email is invalid They are just proxies to hide the real host IP 93.115.60.0<https://myip.ms/view/ip_addresses/93.115.60.0> - 93.115.60.255<https://myip.ms/view/ip_addresses/93.115.60.255> is DCH. Proxy del provider di hosting, da datacenter o CDN (Content Delivery Network). Before NForce there is another company called KnownSrv. KnownSrv has rented server space at NForce i read this on your website ripe: RIPE member Known Holdings Ltd operated by Krunoslav Begic set-up a fake entity called "Privacy Ukraine LLC" (AS206106) to host criminal enterprises. Secunet and Cryptoservers LTD have rented space at KnownSrv. It's designed to keep complaints away from NForce and to hide the ip address of the material illegal/Illicit content/activity. We believe that this entity was setup in order to reduce the amount of abuse complaints coming to Mr. Begic's main account. There are only illegal websites knownsvr(Kruno Begic) respond at me several times always obviously not hosted from us of knownsvr !!! i read also this on your website ripe: He assigned an entire /24 to one of the most notorious piracy websites operated out of Sweden by Antoine Hedgecock a/k/a macnibblet of Interactive Solutions There are only illegal websites that stolen photos/videos and not respond never at request dmca/copyright Antoine Charles Edouard Hedgecock CEO&Founder http://gaycamvideos.net<https://t.co/gQma5j3gfx> , http://<https://t.co/LXexOiC9PU>fastimages.org<http://fastimages.org/>, camvideos.me<http://camvideos.me/>, http://chaturbatevideos.net<https://t.co/t0129WwEAY> let me know please TY OK BYE -- To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/anti-abuse-wg
Re: [anti-abuse-wg] URGENT
Sorry, but “on your website” – do you mean in the email list archives? Also this is the RIPE anti-abuse WG – we have no power to do anything, so I’m not sure what you’re expecting. If you think there is something illegal being done by an operator I’d recommend you report it to the police. Regards Michele -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ https://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 I have sent this email at a time that is convenient for me. I do not expect you to respond to it outside of your usual working hours. From: anti-abuse-wg on behalf of simone miccolo Date: Tuesday, 28 November 2023 at 14:12 To: anti-abuse-wg@ripe.net Subject: [anti-abuse-wg] URGENT [EXTERNAL EMAIL] Please use caution when opening attachments from unrecognised sources. secunet and Cryptoservers are also no real hosting companies. the email is invalid They are just proxies to hide the real host IP 93.115.60.0<https://myip.ms/view/ip_addresses/93.115.60.0> - 93.115.60.255<https://myip.ms/view/ip_addresses/93.115.60.255> is DCH. Proxy del provider di hosting, da datacenter o CDN (Content Delivery Network). Before NForce there is another company called KnownSrv. KnownSrv has rented server space at NForce i read this on your website ripe: RIPE member Known Holdings Ltd operated by Krunoslav Begic set-up a fake entity called "Privacy Ukraine LLC" (AS206106) to host criminal enterprises. Secunet and Cryptoservers LTD have rented space at KnownSrv. It's designed to keep complaints away from NForce and to hide the ip address of the material illegal/Illicit content/activity. We believe that this entity was setup in order to reduce the amount of abuse complaints coming to Mr. Begic's main account. There are only illegal websites knownsvr(Kruno Begic) respond at me several times always obviously not hosted from us of knownsvr !!! i read also this on your website ripe: He assigned an entire /24 to one of the most notorious piracy websites operated out of Sweden by Antoine Hedgecock a/k/a macnibblet of Interactive Solutions There are only illegal websites that stolen photos/videos and not respond never at request dmca/copyright Antoine Charles Edouard Hedgecock CEO&Founder http://gaycamvideos.net<https://t.co/gQma5j3gfx> , http://<https://t.co/LXexOiC9PU>fastimages.org<http://fastimages.org/>, camvideos.me<http://camvideos.me/>, http://chaturbatevideos.net<https://t.co/t0129WwEAY> let me know please TY OK BYE -- To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/anti-abuse-wg
Re: [anti-abuse-wg] Abuse Report ignored. What to do as next?
Peter Economic incentives make a lot of sense. In the domain space we’ve seen registries offering promotions that are linked to a registrar’s “rating” and it seems to work. Regards Michele -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ https://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 I have sent this email at a time that is convenient for me. I do not expect you to respond to it outside of your usual working hours. From: anti-abuse-wg on behalf of Peter Koch Date: Thursday, 2 November 2023 at 13:36 To: anti-abuse-wg@ripe.net Subject: Re: [anti-abuse-wg] Abuse Report ignored. What to do as next? [EXTERNAL EMAIL] Please use caution when opening attachments from unrecognised sources. Moin, On Wed, Nov 01, 2023 at 02:37:27PM -0700, Leo Vegoda wrote: > Sure, but that's a membership decision and not a community decision. this perceived disconnect is a re-occuring scheme and therefore deserves a bit more thought, albeit not in this WG but likely in NCC Services and/or Address Policy as well as within the membership. If (or "iff" for the formal reader) policy is helped by economic incentives or counter-incentives, then it could be a good thing to have a way of (conditional) policy making to solve the deadlock without stepping on each others' toes. Not saying that's a solution for the case that started this threat, also recognizing the emotional aspect of fee scheme decisions. -Peter -- To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/anti-abuse-wg -- To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/anti-abuse-wg
Re: [anti-abuse-wg] Abuse Report ignored. What to do as next?
Gert I think a lot of us were not going to accept ANY changes to the charging scheme that time round. Anyway .. history now .. Michele -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ https://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 I have sent this email at a time that is convenient for me. I do not expect you to respond to it outside of your usual working hours. On 02/11/2023, 10:39, "Gert Doering" wrote: Hi, On Thu, Nov 02, 2023 at 09:29:52AM +, Michele Neylon - Blacknight wrote: > The ASN cost for us would have had practically no impact ? we only have two > and I suspect we?re getting rid of one at some point. > > However the other costs that the charging schemes suggested would have cost > us thousands ? and that simply wasn?t acceptable ASN charges yes/no were their own voting item, fully independent on the charging scheme A/B/C/D vote. (Resolution 4 vs. Resolution 3) https://www.ripe.net/participate/meetings/gm/meetings/may-2023/draft-minutes-of-the-general-meeting-may-2023 But maybe the question itself was loaded and biased... "Resolution 4: "In addition to the RIPE NCC Charging Scheme adopted in Resolution 3, the General Meeting adopts an extra charge of EUR 50 per ASN as an integral part of the Charging Scheme 2024." naming this an "extra charge" *without* being very clear that it's not going to change the overall budget (= by implication, the individual charges on model A, B, C, D need to become lower) does, indeed, suggest that it will be "more expensive". *sigh* Time for retirement, Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer Joseph-Dollinger-Bogen 14Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279 -- To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/anti-abuse-wg
Re: [anti-abuse-wg] Abuse Report ignored. What to do as next?
Gert The ASN cost for us would have had practically no impact – we only have two and I suspect we’re getting rid of one at some point. However the other costs that the charging schemes suggested would have cost us thousands – and that simply wasn’t acceptable Michele -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ https://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 I have sent this email at a time that is convenient for me. I do not expect you to respond to it outside of your usual working hours. On 02/11/2023, 10:28, "Gert Doering" wrote: Hi, On Thu, Nov 02, 2023 at 09:19:13AM +, Michele Neylon - Blacknight wrote: > That?s a massive over simplification of what happened. > > The NCC proposed a number of charging schemes which *included* charges per > ASN. The proposal was rejected by the majority of the members who voted > because the changes would have cost a lot of us significantly more than what > we currently pay. The charge per ASN was only one of multiple elements in the > proposal ? to characterise it that the members rejected charging per ASN is > very misleading. I wasn't talking about the previous AGM but about the one where the pre-existing ASN charges got abandoned. Talking about the *last* meeting, I think most of the members are just not very good at math... introducing a charge for ASN *with a given total budget* would have *lowered* the overall bill for most members, holding only 1 or 2 ASNs (redistributing the overall budget differently). But "nah, can't have extra costs". Yes, a few would have had to pay way more, but I think that's legitimate - if your business is "doling out ASNs to end customers", you'd better have "oh, it might cost money at some point" in your contracts - and in that case, the extra costs directly go to the end customers wanting the ASN. Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer Joseph-Dollinger-Bogen 14Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279 -- To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/anti-abuse-wg
Re: [anti-abuse-wg] Abuse Report ignored. What to do as next?
Gert That’s a massive over simplification of what happened. The NCC proposed a number of charging schemes which *included* charges per ASN. The proposal was rejected by the majority of the members who voted because the changes would have cost a lot of us significantly more than what we currently pay. The charge per ASN was only one of multiple elements in the proposal – to characterise it that the members rejected charging per ASN is very misleading. Regards Michele -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ https://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 I have sent this email at a time that is convenient for me. I do not expect you to respond to it outside of your usual working hours. From: anti-abuse-wg on behalf of Gert Doering Date: Thursday, 2 November 2023 at 09:30 To: Shane Kerr Cc: anti-abuse-wg@ripe.net Subject: Re: [anti-abuse-wg] Abuse Report ignored. What to do as next? [EXTERNAL EMAIL] Please use caution when opening attachments from unrecognised sources. Hi, On Thu, Nov 02, 2023 at 09:21:01AM +0100, Shane Kerr wrote: > (*) I guess? I admit to never having read the details of how charging is > set, since I have never represented a RIPE NCC member. members vote at the RIPE AGM, to select one out of a number of possible charging schemes proposed by the board (or just "this is the new one, accept it or not?"). Since this is about money, it's real voting - and of course the members are free to ignore whatever arguments the community brings forward. Note that there *was* a fee for ASNs, which led to massive complaints by some people at an ENOG meeting, and then the NCC management promised "to do away with it" - so the next charging scheme proposed did not include the ASN fee anymore (and the members had the choice of "approve" or "keep the old one, which might not give us enough moneyz to fund all the toys, so drama"). Politics and smoke filled rooms at its best. Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer Joseph-Dollinger-Bogen 14Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279 -- To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/anti-abuse-wg
Re: [anti-abuse-wg] Abuse Report ignored. What to do as next?
+1 The proposal put a massive burden on both us as members and the NCC with zero benefit to anyone. -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ https://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 I have sent this email at a time that is convenient for me. I do not expect you to respond to it outside of your usual working hours. From: anti-abuse-wg on behalf of Gert Doering Date: Wednesday, 1 November 2023 at 10:21 To: jordi.pa...@consulintel.es Cc: anti-abuse-wg@ripe.net , U.Mutlu Subject: Re: [anti-abuse-wg] Abuse Report ignored. What to do as next? [EXTERNAL EMAIL] Please use caution when opening attachments from unrecognised sources. Hi, On Wed, Nov 01, 2023 at 10:10:45AM +0100, jordi.palet--- via anti-abuse-wg wrote: > We had a policy proposal to ensure that the abuse mailbox was valid and > monitored, but this community didn???t liked it. In other regions it works > and it proven to be a very valid tool. You failed to demonstrate why "the mailbox is monitored in a way that satisfies the proposed policy" would imply "the ISP in question suddenly gets interested in acting against abuse". Especially those that promote themselves as "bulletproof hosting". This is what the community did not like - added bureaucracy with no provable gain. Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer Joseph-Dollinger-Bogen 14Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279 -- To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/anti-abuse-wg
Re: [anti-abuse-wg] Cost-benefit of registering reassignments
How big an IP allocation do you have? As an LIR we routinely assign blocks of IPs to clients with more than X IPs or blocks etc., and give them their own abuse-c etc., But we wouldn’t do it for a single IP. Though tbh it sounds more like an issue with the block list than anything to do with the IP address, your ISP or anyone else. Regards Michele -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ https://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 I have sent this email at a time that is convenient for me. I do not expect you to respond to it outside of your usual working hours. From: anti-abuse-wg on behalf of Alessandro Vesely Date: Wednesday, 19 April 2023 at 11:24 To: anti-abuse-wg Subject: [anti-abuse-wg] Cost-benefit of registering reassignments [EXTERNAL EMAIL] Please use caution when opening attachments from unrecognised sources. Hi all, I found a (minor) black list who blocks my new IP. They say to not even try to ask for delisting unless I am the official owner of the IP. They observe that "rwhois/SWIP is normally offered free of charge by most providers". Sounds oldish, doesn't it? RDAP is working well, at least for numbers, and I see no reason to mention rwhois, SWIP is mentioned in a 1993 RFC[*] in the context of a move toward an "X.500 distributed database model". Where are we now? I see ARIN has relatively recent blogs on that.[†] My ISP says that registration is reserved to non-GPON "privileged fiber" whose costs start at around 10x ordinary fares. How much does RIPE charge for registering reassignments? Why isn't it possible for end-user to claim IP "ownership"? If the IP database were dependable, there wouldn't be so many site-verification TXT records in the DNS. I use RDAP to complain about network abuse, and the average response I get is that they passed the complaint to their customer. Some times ISPs make pressure on the customer to fix security leaks, so this seems good. In some other cases, ISPs ignore complaints, whereas the operator might have been interested. Alternatively, complaints might be sent in Cc: to national CERTs, LEAs, AbuseIPDB, and the like. Simple reassignments can be done without changing abuse-c. Does that still imply any responsibility? Best Ale -- [*] https://datatracker.ietf.org/doc/html/rfc1491#section-2.2.4.1 [†] https://www.arin.net/blog/2018/05/03/which-swip-type-is-right-for-you/ -- To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/anti-abuse-wg -- To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/anti-abuse-wg
Re: [anti-abuse-wg] Hijacking and Blocking of Business Users Profiles on Meta Platforms
Hank I’m a little confused. This is the RIPE anti-abuse WG. I don’t see how this issue is related to this group. Could you please explain? Thanks and regards Michele -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ https://blacknight.blog/ Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 I have sent this email at a time that is convenient for me. I do not expect you to respond to it outside of your usual working hours. From: anti-abuse-wg on behalf of Hank Nussbacher Date: Friday, 17 February 2023 at 09:23 To: anti-abuse-wg@ripe.net Subject: [anti-abuse-wg] Hijacking and Blocking of Business Users Profiles on Meta Platforms [EXTERNAL EMAIL] Please use caution when opening attachments from unrecognised sources. Hijacking and Blocking of Business Users Profiles on Meta Platforms https://en.isoc.org.il/netica/hijacking-and-blocking-of-business-users-profiles-on-meta-platforms ISOC-IL wishes to raise the issue that Meta is not taking sufficient actions to curtail hijacking of business profiles. In the attached paper ISOC-IL shows countless examples (actually 170 cases in the past year) of targeted attacks that are designed to block and hijack specific business accounts. These customers are paying customers yet due to Facebook's automatic blocking of planted pedophilia or terrorist videos, these customers have no recourse to even open a complaint with Meta. Paying customers should not have to threaten legal action for the issue to be dealt with. Meta must develop tools that can distinguish between systematic, deliberate publication of offensive and destructive content, and the publication of damaging content on hijacked, innocent profiles for the purpose of blocking those profiles. Meta needs to establish customer service that responds to business account owners wronged by hacking and fraud. Regards, Hank -- To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/anti-abuse-wg
Re: [anti-abuse-wg] RIPE NCC Anti-Abuse Training A Reality!
Excellent news! -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ https://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 From: anti-abuse-wg on behalf of Brian Nisbet Date: Friday, 3 February 2023 at 13:53 To: anti-abuse-wg@ripe.net Subject: [anti-abuse-wg] RIPE NCC Anti-Abuse Training A Reality! [EXTERNAL EMAIL] Please use caution when opening attachments from unrecognised sources. Colleagues, After much hard work by both the RIPE NCC Learning and Development Team and members of this Working Group, the Anti-Abuse training is now a reality! The training is primarily intended for new LIRs and those who are planning to set up an abuse desk, but there's likely something in there for a lot of people. The first webinar was held recently and the whole thing is now available here: https://www.ripe.net/support/training/webinar-recordings/webinar-anti-abuse-training/ The content has undergone a couple of slight revisions since then and it will be rerun in Q2 of this year. We would encourage you all to spread the word to those for whom it would be useful to try to make the world a better place for Internet users! Thanks again to all who were involved! Brian Co-Chair, RIPE AA-WG Brian Nisbet (he/him) Service Operations Manager HEAnet CLG, Ireland's National Education and Research Network 1st Floor, 5 George's Dock, IFSC, Dublin D01 X8N7, Ireland +35316609040 brian.nis...@heanet.ie www.heanet.ie Registered in Ireland, No. 275301. CRA No. 20036270 -- To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/anti-abuse-wg
Re: [anti-abuse-wg] Anti-Abuse Training - Final? Draft Slides & Zoom Call
Brian et al I like the content, but I don’t see how this could be delivered in one hour. There are 55 slides. That’s roughly 1 slide per minute. Michele -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ https://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 From: anti-abuse-wg on behalf of Brian Nisbet Date: Friday, 12 August 2022 at 09:30 To: anti-abuse-wg@ripe.net Subject: [anti-abuse-wg] Anti-Abuse Training - Final? Draft Slides & Zoom Call [EXTERNAL EMAIL] Please use caution when opening attachments from unrecognised sources. Colleagues, As you know the RIPE NCC L&D team has been working on a one hour anti-abuse training session. We've received substantial input from the WG and we're hoping that will continue as the Gerardo and the team work to get everything into the final state. First off, this is the current slide deck. If you have the opportunity we would ask if you could take a look and either reply with your feedback to the list or directly to Gerardo - gvivi...@ripe.net https://docs.google.com/presentation/d/1FylfGQoMrgg0xJjNnE3wLvcW9KV1KmwcE4ceuir-Msk/edit?usp=sharing We're also arranging for another online round table to discuss the material as needed, because sometimes voice is better than text. This will be taking place on Tuesday 27th September from 10:00 - 12:00 CEST on Zoom. The plan is to run down through the full slidedeck and allow for comments and discussion as needed. The link to this call will be: https://ripe.zoom.us/j/91448568019?pwd=VDFKWEJqT2lkbFdGbVpaL0FmL1R1Zz09 This call, as with any AA-WG activity, will be subject to the RIPE Community Code of Conduct. Thanks for all your work so far and I look forward to more productive discussion! Brian Co-Chair, RIPE AA-WG Brian Nisbet (he/him) Service Operations Manager HEAnet CLG, Ireland's National Education and Research Network 1st Floor, 5 George's Dock, IFSC, Dublin D01 X8N7, Ireland +35316609040 brian.nis...@heanet.ie www.heanet.ie Registered in Ireland, No. 275301. CRA No. 20036270 -- To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/anti-abuse-wg
Re: [anti-abuse-wg] personal data in the RIPE Database
Jeroen RIPE policy is not decided by a vote or astro-turfing. Also what you are proposing is over simplistic and would be impossible to operationalise without bankrupting the NCC. What is "abusive traffic"? Who decides what is or is not "abusive"? Who is going to enforce this? How? Bear in mind that RIPE does not have the power to fine a member, so that would have to change. And I can't imagine RIPE's Board or management would want to be put in that position. I know that most of the members wouldn't want RIPE to have that kind of power. Now if you want to run your own network and impose those kind of sanctions on your own users you are free to do so. Also if you want to effect change then you should do research into why things are the way they are now and who you are dealing with and where they are coming from. Regards Michele -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ https://blacknight.blog/ http://ceo.hosting/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265, Ireland Company No.: 370845 From: jer...@hackersbescherming.nl Sent: Thursday 2 June 2022 14:27 To: Michele Neylon - Blacknight; 'denis walker' Cc: 'anti-abuse-wg' Subject: RE: [anti-abuse-wg] personal data in the RIPE Database [EXTERNAL EMAIL] Please use caution when opening attachments from unrecognised sources. Michele, I have a question for u then. What would happen if i can find more people that actually would want this then u can find people that don’t want this. Would that make a difference? I’m very curious on your answer. Kind regards Van: Michele Neylon - Blacknight Verzonden: woensdag 1 juni 2022 13:05 Aan: jer...@hackersbescherming.nl; 'denis walker' CC: 'anti-abuse-wg' Onderwerp: Re: [anti-abuse-wg] personal data in the RIPE Database Jeroen “- Change the current contracts with all responsible companies where they will have to pay a fine if any of their ip's has been detected and confirmed to produce abusive traffic. “ That will never happen and suggesting it is not helpful. Nobody is ever going to agree to it and it’s completely unworkable. Regards Michele -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ https://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 From: anti-abuse-wg mailto:anti-abuse-wg-boun...@ripe.net>> on behalf of jer...@hackersbescherming.nl<mailto:jer...@hackersbescherming.nl> mailto:jer...@hackersbescherming.nl>> Date: Wednesday, 1 June 2022 at 11:01 To: 'denis walker' mailto:ripede...@gmail.com>> Cc: 'anti-abuse-wg' mailto:anti-abuse-wg@ripe.net>> Subject: Re: [anti-abuse-wg] personal data in the RIPE Database [EXTERNAL EMAIL] Please use caution when opening attachments from unrecognised sources. Good morning Denis/everyone, I believe that personal data in the RIPE public database is unwanted and adds no value at all to the public interest. Removing personal data instead of replacing it with actual "responsible organisation" data is unwanted also. To me as a public interest user personal data like assignments of ip addresses is the same as no data at all and should be avoided at all costs. The fact that a real person can be responsible for an ip address shows how immature the solution actually is. When i look at the abuse that online services receive my guess is that ~50% of online traffic is unwanted! I'm currently crunching the numbers so i can back my statements but this is what i got so far. Access log for one online service Total different ip's : little over 11K High risk ip's: 276 (combined hosting/rdp/etc) Abusers: 21 (blocked in next update) In the same period i blocked 173K requests (not IP still need to process this part) This would mean in terms of abuse i would have to send thousands of abuse emails for this single service only (this would be just stupid) how effective will that be if u send them to a "responsible person"? When i goto a grocery and steal or wreck something on purpose and get caught the police will come and i will get a big fine. or even jail time. When i catch an abuser in the Wild Wild West, the internet makes it cost me even more money! (shouldn't i be payed for catching them?) Clearly the whole abuse part of Ripe isn't working and wi
Re: [anti-abuse-wg] personal data in the RIPE Database
Jeroen “- Change the current contracts with all responsible companies where they will have to pay a fine if any of their ip's has been detected and confirmed to produce abusive traffic. “ That will never happen and suggesting it is not helpful. Nobody is ever going to agree to it and it’s completely unworkable. Regards Michele -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ https://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 From: anti-abuse-wg on behalf of jer...@hackersbescherming.nl Date: Wednesday, 1 June 2022 at 11:01 To: 'denis walker' Cc: 'anti-abuse-wg' Subject: Re: [anti-abuse-wg] personal data in the RIPE Database [EXTERNAL EMAIL] Please use caution when opening attachments from unrecognised sources. Good morning Denis/everyone, I believe that personal data in the RIPE public database is unwanted and adds no value at all to the public interest. Removing personal data instead of replacing it with actual "responsible organisation" data is unwanted also. To me as a public interest user personal data like assignments of ip addresses is the same as no data at all and should be avoided at all costs. The fact that a real person can be responsible for an ip address shows how immature the solution actually is. When i look at the abuse that online services receive my guess is that ~50% of online traffic is unwanted! I'm currently crunching the numbers so i can back my statements but this is what i got so far. Access log for one online service Total different ip's : little over 11K High risk ip's: 276 (combined hosting/rdp/etc) Abusers: 21 (blocked in next update) In the same period i blocked 173K requests (not IP still need to process this part) This would mean in terms of abuse i would have to send thousands of abuse emails for this single service only (this would be just stupid) how effective will that be if u send them to a "responsible person"? When i goto a grocery and steal or wreck something on purpose and get caught the police will come and i will get a big fine. or even jail time. When i catch an abuser in the Wild Wild West, the internet makes it cost me even more money! (shouldn't i be payed for catching them?) Clearly the whole abuse part of Ripe isn't working and will never goto work as long as nobody can be held responsible for the actual damage that has been done. I would like to suggest the following: - Remove all personal data and replace with actual data from responsible companies - Change the current contracts with all responsible companies where they will have to pay a fine if any of their ip's has been detected and confirmed to produce abusive traffic. - Part of the fine will be payed to the company that caught the abuser and other part goes to Ripe for administrative costs. With the above we move the problem away from the victims to the causers as it should have been from the beginning! And yes the hosting companies will start crying about this since they never really had to take responsibility for their end-users and probably only see a small portion of the actual abuse since most abuse never get's reported since it costs the victims extra money If for some reason there is no company behind any personal registration i believe the resources should be removed from that member unless there is a very goo reason to keep a person responsible (i can't think of any) I'm not good at putting documents or presentations together (Ripe 84), so my excuse for that but i do have the data to backup all of the above! Kind regards, Jeroen -Oorspronkelijk bericht----- Van: anti-abuse-wg Namens denis walker Verzonden: dinsdag 31 mei 2022 19:27 Aan: Michele Neylon - Blacknight CC: anti-abuse-wg Onderwerp: Re: [anti-abuse-wg] personal data in the RIPE Database Hi Michele The proposal is here https://www.ripe.net/participate/policies/proposals/2022-01 cheers denis proposal author On Tue, 31 May 2022 at 18:07, Michele Neylon - Blacknight wrote: > > Denis > > > > Where’s the actual proposal? > > > > I’d love to get my personal details removed – especially as they’re for an > address I no longer occupy! > > > > Regards > > > Michele > > > > > > -- > > Mr Michele Neylon > > Blacknight Solutions > > Hosting, Colocation & Domains > > https://www.blacknight.com/ > > https://blacknight.blog/ > > Intl. +353 (0) 59 9183072 > > Direct Dial: +353 (0)59 9183090 > > Personal blog: https://michele.b
Re: [anti-abuse-wg] personal data in the RIPE Database
Denis Where’s the actual proposal? I’d love to get my personal details removed – especially as they’re for an address I no longer occupy! Regards Michele -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ https://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 From: anti-abuse-wg on behalf of denis walker Date: Tuesday, 31 May 2022 at 14:12 To: anti-abuse-wg Subject: [anti-abuse-wg] personal data in the RIPE Database [EXTERNAL EMAIL] Please use caution when opening attachments from unrecognised sources. Colleagues I have raised an issue on the DB WG mailing list about publishing in the database the identity of natural persons holding resources. So far no one has been willing or able to support any public interest value in doing so. As things stand all personal data in the RIPE Database will have to be removed, or hidden from public view. If you have an opinion about this the conversation is here https://www.ripe.net/ripe/mail/archives/db-wg/2022-May/007432.html cheers denis 2022-01 proposal author -- To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/anti-abuse-wg -- To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/anti-abuse-wg
Re: [anti-abuse-wg] Someone on this list has been hacked
It’s one of the more recent tactics being used by the “lovely” scumbags. It’s happening against multiple public mailing lists both RIPE and LINX ones so far .. probably others -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ https://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 From: anti-abuse-wg on behalf of Rob Evans Date: Thursday, 14 April 2022 at 09:19 To: Hans-Martin Mosner Cc: anti-abuse-wg@ripe.net Subject: Re: [anti-abuse-wg] Someone on this list has been hacked [EXTERNAL EMAIL] Please use caution when opening attachments from unrecognised sources. Hi Hans-Martin, > looks like someone on this list had their PC and/or mailbox hacked, I got a > "reply" to one of my mails trying to make me open some link (probably > malware). This stuff is pretty common, but it feels a bit weird that it > happened through someone who's active in anti-abuse and presumably not a noob > :-) I received a similar message on Monday supposedly ‘in reply to’ a message I sent to the list nearly two years ago. It may not be a list subscriber’s mailbox that has been hacked, it may just be using a public archive of the list. Whilst the “real name” in the From: field was indeed the person I was replying to at the time (Suresh), the sender’s email address did not match the name. In my case the spam message originated from: > Received: from beatingart.com ([62.113.107.99]) The sending IP address matches the SPF record for beatingart.com and from a quick check doesn’t seem to be on the major block lists, so it could well be a user in that domain has been compromised via phishing or some other means… I must admit I had just deleted the message at the time, but perhaps worth following up with , assuming your message matches the details of mine. Cheers, Rob -- To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/anti-abuse-wg -- To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/anti-abuse-wg
Re: [anti-abuse-wg] RIPE NCC Anti-Abuse Training: Next Steps & WG Input!
You really want to claim that CSAM is legal somewhere? I can assure you that it is NOT -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ https://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 From: anti-abuse-wg on behalf of JORDI PALET MARTINEZ via anti-abuse-wg Date: Thursday, 17 February 2022 at 13:52 To: anti-abuse-wg@ripe.net Subject: Re: [anti-abuse-wg] RIPE NCC Anti-Abuse Training: Next Steps & WG Input! [EXTERNAL EMAIL] Please use caution when opening attachments from unrecognised sources. I just put a couple of examples. If we define abuse in a fix way, future ways to abuse will remain excluded. It is a matter of how we word it. We just need to explain this very well in trainings, not define “abuse”. I don’t recall specific countries, but in several African countries, when discussing the anti-abuse policies in AFRINIC, we got those comments. And now that you mention it, are you sure that CSAM is illegal in 100% of the countries? There may be countries where legislation even don’t mention it. So it is a perfect example of what I’m saying. Regards, Jordi @jordipalet El 17/2/22 13:43, "Michele Neylon - Blacknight" mailto:mich...@blacknight.com>> escribió: I disagree Some types of network activity are not going to be welcome anywhere. Some kinds of use of networks and platforms are not welcome by most people. Please show me ANY COUNTRY where CSAM is legal. And “legality” is NOT the bar. Never has been. If we don’t try to deal with this then governments will probably step in and try to force their views on us, no matter how unworkable they are. -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ https://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 From: anti-abuse-wg on behalf of JORDI PALET MARTINEZ via anti-abuse-wg Date: Tuesday, 15 February 2022 at 11:40 To: anti-abuse-wg@ripe.net Subject: Re: [anti-abuse-wg] RIPE NCC Anti-Abuse Training: Next Steps & WG Input! [EXTERNAL EMAIL] Please use caution when opening attachments from unrecognised sources. I don’t think we can, neither should, define what is abuse. Examples are ok, but should be clear that are only examples of common considered abuse activities and not necessarily inclusive/restrictive of all the possible situations. It all depends on the origin of the claim. Simple examples: In country “a”, unsolicited email maybe legally considered abuse, but not in the country “b” of the origin of that spam. You can even take out of the question the “legal” part, if you want. In country “c” attempt to ssh to hosts from other folks is a criminal action, but in country “d” (origin of the problem) is not. The problem here is to ensure that if you get a claim for a presumed abuse, you’re able to process it, even up to the point to say “sorry” in our jurisdiction or best current practices, or internal policy or AUP ... whatever, this is not an abuse so we can’t accept your claim, or otherwise, “we are handling it … we have resolved that this way”. Regards, Jordi @jordipalet El 10/2/22 10:25, "anti-abuse-wg en nombre de Brian Nisbet" mailto:anti-abuse-wg-boun...@ripe.net> en nombre de brian.nis...@heanet.ie<mailto:brian.nis...@heanet.ie>> escribió: Colleagues, Since we last spoke about the proposed training the NCC have been working with various community members to put a draft syllabus in place for further discussion. This is a link to the feedback document for this draft: https://docs.google.com/document/d/1M9Wrqu-VKGGwMfJQGK0NlTs5UzH6xJ2_HR2MkTBVR2w/edit?usp=sharing What the NCC and the Co-Chairs would love is if everybody could just comment what they think they understand from the learning goals as they’re written and suggest any changes or additions and obviously ask any questions. We’d also like the feedback on the webinar flow design. It’s important for everybody to understand that the learning objectives are the basis for the training. These are the skills that the learner must acquire. With these skills we also expect a change of attitude towards abuse handling (which is we think the purpose of this training). While discussion on the list is welcomed and encouraged, we've also planned a Zoom session for any interested parties to discuss this further. This will take place on We
Re: [anti-abuse-wg] RIPE NCC Anti-Abuse Training: Next Steps & WG Input!
I disagree Some types of network activity are not going to be welcome anywhere. Some kinds of use of networks and platforms are not welcome by most people. Please show me ANY COUNTRY where CSAM is legal. And “legality” is NOT the bar. Never has been. If we don’t try to deal with this then governments will probably step in and try to force their views on us, no matter how unworkable they are. -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ https://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 From: anti-abuse-wg on behalf of JORDI PALET MARTINEZ via anti-abuse-wg Date: Tuesday, 15 February 2022 at 11:40 To: anti-abuse-wg@ripe.net Subject: Re: [anti-abuse-wg] RIPE NCC Anti-Abuse Training: Next Steps & WG Input! [EXTERNAL EMAIL] Please use caution when opening attachments from unrecognised sources. I don’t think we can, neither should, define what is abuse. Examples are ok, but should be clear that are only examples of common considered abuse activities and not necessarily inclusive/restrictive of all the possible situations. It all depends on the origin of the claim. Simple examples: In country “a”, unsolicited email maybe legally considered abuse, but not in the country “b” of the origin of that spam. You can even take out of the question the “legal” part, if you want. In country “c” attempt to ssh to hosts from other folks is a criminal action, but in country “d” (origin of the problem) is not. The problem here is to ensure that if you get a claim for a presumed abuse, you’re able to process it, even up to the point to say “sorry” in our jurisdiction or best current practices, or internal policy or AUP ... whatever, this is not an abuse so we can’t accept your claim, or otherwise, “we are handling it … we have resolved that this way”. Regards, Jordi @jordipalet El 10/2/22 10:25, "anti-abuse-wg en nombre de Brian Nisbet" mailto:anti-abuse-wg-boun...@ripe.net> en nombre de brian.nis...@heanet.ie<mailto:brian.nis...@heanet.ie>> escribió: Colleagues, Since we last spoke about the proposed training the NCC have been working with various community members to put a draft syllabus in place for further discussion. This is a link to the feedback document for this draft: https://docs.google.com/document/d/1M9Wrqu-VKGGwMfJQGK0NlTs5UzH6xJ2_HR2MkTBVR2w/edit?usp=sharing What the NCC and the Co-Chairs would love is if everybody could just comment what they think they understand from the learning goals as they’re written and suggest any changes or additions and obviously ask any questions. We’d also like the feedback on the webinar flow design. It’s important for everybody to understand that the learning objectives are the basis for the training. These are the skills that the learner must acquire. With these skills we also expect a change of attitude towards abuse handling (which is we think the purpose of this training). While discussion on the list is welcomed and encouraged, we've also planned a Zoom session for any interested parties to discuss this further. This will take place on Wednesday 23rd February at 14:00 CET: https://ripe.zoom.us/j/8221791822?pwd=ZFY0MnNQeWJsTkhQSFlyeEZlUkNJQT09 Meeting ID: 822 179 1822 Passcode: 1277 Hopefully with discussion on list and at the session on the 23rd we can move this into a final draft and progress from there. Thanks, Brian Co-Chair, RIPE AA-WG Brian Nisbet (he/him) Service Operations Manager HEAnet CLG, Ireland's National Education and Research Network 1st Floor, 5 George's Dock, IFSC, Dublin D01 X8N7, Ireland +35316609040 brian.nis...@heanet.ie www.heanet.ie Registered in Ireland, No. 275301. CRA No. 20036270 -- To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/anti-abuse-wg ** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered
Re: [anti-abuse-wg] Proposal: Publish effective users' abuse-c
That’s not entirely true. It’ll depend on how granular the LIR is with their allocations to their clients. Speaking on behalf of my company we do assign blocks and abuse-c contacts to quite a few of our clients. However we wouldn’t do that for every single IP address and due to the nature of some of the services we provide a single IP address is going to be linked to multiple clients. The main issue we run into is with some reporters using a scatter gun approach with reporting abuse, which is just a waste of everyone’s time. (Basically sending notices to every single contact they can find – not just the abuse-c) Regards Michele -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ https://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 From: anti-abuse-wg on behalf of Ángel González Berdasco Date: Saturday, 22 January 2022 at 23:12 To: denis walker Cc: anti-abuse-wg@ripe.net Subject: Re: [anti-abuse-wg] Proposal: Publish effective users' abuse-c [EXTERNAL EMAIL] Please use caution when opening attachments from unrecognised sources. > This bit is not possible. The "abuse-c:" attribute is 'single'. So the > resource object can only ever reference one abuse contact. Thanks Denis. abuse-c arity is a point I was dubious about. Thus, it is not currently possible to publish an abuse-c with the customer address and keep the ISP copied at the same time, as desired. In order to know what is being sent thete, the ISP needs to provide its own address and (if appropriate) forward complaints received there to the customer. Best regards -- INCIBE-CERT - Spanish National CSIRT https://www.incibe-cert.es/ PGP keys: https://www.incibe-cert.es/en/what-is-incibe-cert/pgp-public-keys INCIBE-CERT is the Spanish National CSIRT designated for citizens, private law entities, other entities not included in the subjective scope of application of the "Ley 40/2015, de 1 de octubre, de Régimen Jurídico del Sector Público", as well as digital service providers, operators of essential services and critical operators under the terms of the "Real Decreto-ley 12/2018, de 7 de septiembre, de seguridad de las redes y sistemas de información" that transposes the Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union. In compliance with the General Data Protection Regulation of the EU (Regulation EU 2016/679, of 27 April 2016) we inform you that your personal and corporate data (as well as those included in attached documents); and e-mail address, may be included in our records for the purpose derived from legal, contractual or pre-contractual obligations or in order to respond to your queries. You may exercise your rights of access, correction, cancellation, portability, limitationof processing and opposition under the terms established by current legislation and free of charge by sending an e-mail to d...@incibe.es. The Data Controller is S.M.E. Instituto Nacional de Ciberseguridad de España, M.P., S.A. More information is available on our website: https://www.incibe.es/proteccion-datos-personales and https://www.incibe.es/registro-actividad. -- To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/anti-abuse-wg
Re: [anti-abuse-wg] Fwd: [dns-wg] EU: DNS abuse study
Exactly And unfortunately this is a trend with a lot of the EC’s activities that push towards more and more regulation of digital I also find the ridiculously broad definition of abuse so broad that it renders any output without much merit. -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ https://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 From: anti-abuse-wg on behalf of Farzaneh Badiei Date: Wednesday, 9 February 2022 at 15:16 To: Markus de Brün , anti-abuse-wg@ripe.net Subject: Re: [anti-abuse-wg] Fwd: [dns-wg] EU: DNS abuse study [EXTERNAL EMAIL] Please use caution when opening attachments from unrecognised sources. I probably should say this on the DNS mailing list but I find it quite curious that the study surveyed such limited stakeholders, and mainly the intellectual property crowd. "We gathered the data and inputs from stakeholders with two questionnaires: 1) the first one surveyed registries, registrars, hosting providers, other DNS operators, and 2) the second one surveyed intellectual property rightholders, practitioners, associations, business intelligence, and brand protection companies. The study also collected data from third parties and publicly available reports (secondary research), as well as evaluated the impact of DNS abuse." (Page 7) Intellectual property is not the best way to combat abuse and it will lead to protectionism and intellectual property overreach. Same applies to this space. They use "illegal" and "harmful" in their definition of DNS abuse which are ambiguous at best and expand the definition of DNS abuse so much that of course can result in concluding that we are all drowning in harmful activities online and it's all the DNS fault. On Sun, Feb 6, 2022 at 10:50 AM Markus de Brün mailto:mar...@mxdomain.de>> wrote: For those who are not following the DNS wg list: The European Commission has published a quite comprehensive study on DNS abuse. (One could also call it enormous.) It study itself be found here: https://op.europa.eu/en/publication-detail/-/publication/7d16c267-7f1f-11ec-8c40-01aa75ed71a1/language-en/ There is an additional document containing the appendix: https://op.europa.eu/en/publication-detail/-/publication/d9804355-7f22-11ec-8c40-01aa75ed71a1/language-en -- Markus de Brün Forwarded Message Subject: Re: [dns-wg] EU: DNS abuse study Date: Fri, 4 Feb 2022 10:52:53 +0100 From: Petr Špaček mailto:pspa...@isc.org>> To: dns...@ripe.net<mailto:dns...@ripe.net> On 01. 02. 22 9:32, Hank Nussbacher wrote: > The EU has published is 173 page opus on DNS abuse: > > https://op.europa.eu/en/publication-detail/-/publication/7d16c267-7f1f-11ec-8c40-01aa75ed71a1/language-en/ I have had a peak when waiting for other things to happen and it might be interesting read. Here is a gist from chapter Executive summary: The study adopts the following definition of DNS abuse: Domain Name System (DNS) abuse is any activity that makes use of domain names or the DNS protocol to carry out harmful or illegal activity. The main findings of the measurements are: a) In relative terms, new generic Top-Level Domains (new gTLDs), with an estimated market share of 6.6%, are the most abused group of TLDs (Appendix 1 – Technical Report, Section 5, p. 26). b) Not all new gTLDs suffer from DNS abuse to the same extent. The two most abused new gTLDs combined account for 41% of all abused new gTLD names (Appendix 1 – Technical Report, Section 9.2, p. 32). c) European Union country code TLDs (EU ccTLDs) are by far the least abused in absolute terms and relative to their overall market share (Appendix 1 – Technical Report, Section 5, p. 26). d) The vast majority of spam and botnet command-and-control domain names are maliciously registered (Appendix 1 – Technical Report, Section 10.3, p. 41). e) About 25% of phishing domain names and 41% of malware distribution domain names are presumably registered by legitimate users, but compromised at the hosting level (Appendix 1 – Technical Report, Section 10.3, p. 41). f) The top five most abused registrars account for 48% of all maliciously registered domain names (Appendix 1 – Technical Report, Section 11.2, pp. 43-44). g) Hosting providers with disproportionate concentrations of spam domains reach 3,000 abused domains per 10,000 registered domain names (Appendix 1 – Technical Report, Section 12.3, pp. 48-49). h) The overall level of DNS security extensions (DNSSEC) adoption remains low. (Appendix 1 – Technical Report, Section 15.3, pp. 62-63). i) There are 2.5 million open DNS resolvers worldwide that can
Re: [anti-abuse-wg] Anti-Abuse Training: Questions for the WG
Brian I missed earlier emails about this. I think it would be beneficial for a lot of LIRs to get some basic training. Anything that improves the landscape should be encouraged and welcomed! 1. Would training, as described, be of interest to you? Potentially for new staff if the materials were available ie. As a resource 1. Would training, as described, be of interest to other LIRs you know of/work with? I don’t know of any specifically, but that’s down to my role. 3) If not, would there be other areas of Anti-Abuse training that would be of interest? A lot of hosting providers aren’t LIRs, but are getting IP space from LIRs. Maybe providing materials that LIRs could share with their clients would help? There seems to be a lot of ignorance out there. 4) Would you be willing to help write training materials for this course? I don’t have time to produce materials but I’d be happy to review same. Regards Michele -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ https://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 From: anti-abuse-wg on behalf of Brian Nisbet Date: Friday, 15 October 2021 at 10:15 To: anti-abuse-wg@ripe.net Subject: [anti-abuse-wg] Anti-Abuse Training: Questions for the WG [EXTERNAL EMAIL] Please use caution when opening attachments from unrecognised sources. Colleagues, As you may remember the WG Co-Chairs have been talking to the NCC about some possible Anti-Abuse training in March of this year. This proposal got very little reaction from the community, so we are going to try again to see if there is interest, or if people who are already on this mailing list believe that there would be interest from other LIRs that they know. I have re-attached the proposal that Alireza sent to the mailing list in March. Between now and RIPE 83 (when this matter will be on the WG session agenda) I would ask the following questions: 1) Would training, as described, be of interest to you? 2) Would training, as described, be of interest to other LIRs you know of/work with? 3) If not, would there be other areas of Anti-Abuse training that would be of interest? 4) Would you be willing to help write training materials for this course? After the list discussion and discussion at RIPE 83 the Co-Chairs will work with the NCC Learning & Development Team to decide if there is enough interest to develop the course and, if there is, how to proceed from there. We really do believe this is something that would be of interest to a large number of small LIRs in the region, but that's not something we can really determine without the help of the WG Thank you, Brian Co-Chair, RIPE AA-WG Brian Nisbet (he/him) Service Operations Manager HEAnet CLG, Ireland's National Education and Research Network 1st Floor, 5 George's Dock, IFSC, Dublin D01 X8N7, Ireland +35316609040 brian.nis...@heanet.ie www.heanet.ie<http://www.heanet.ie> Registered in Ireland, No. 275301. CRA No. 20036270
Re: [anti-abuse-wg] False positive CSAM blocking attributed to RIPE
Jeremy While it’s possible that a network or networks might have stopped routing traffic to / from somewhere else that is a decision at the network level. It’s not something that an RIR like RIPE or ARIN can do. For example RIPE NCC has assigned my company multiple blocks of IPv4 and IPv6 space. They do not have any interaction with or control over which providers we use to connect our network to the rest of the internet. None. They have zero control over what traffic we accept or reject. So if traffic is being blocked it’s NOT being blocked by RIPE NCC. Regards Michele Mr Michele Neylon Blacknight Hosting & Domains https://www.blacknight.com @mneylon Sent from mobile so typos and brevity are normal On 28 Sep 2021, at 19:57, Jeremy Malcolm wrote: [EXTERNAL EMAIL] Please use caution when opening attachments from unrecognised sources. Dear all, I am new to this list, although I am not completely new to the Internet technical community, as I am a long-time IGF (and occasionally ICANN) participant. I am writing about a case that has been referred to my organization involving global blocking (packet dropping, apparently) of IP addresses that have been reported as hosting CSAM by the Canadian Center for Child Protection (C3P). According to public information, the C3P runs a web crawler called Project Arachnid which searches for instances of CSAM on the clearweb, and sends automated takedown notices to providers. However, in the case that was reported to me, rather than allowing the hosting provider to take down the offending image, the takedown notice was followed by global packet dropping of the hosting IP address, which took down the entire server and other websites along with it: the hosting provider has attributed this censorship to RIPE, although I cannot verify whether or not this is true. If I am able to obtain more details from RIPE staff, I will follow up with them. Moreover the website in question was not a CSAM website, and neither was the image reported by the C3P a CSAM image. It was a scan of a 1960s postcard of an indigenous family, sent through the mail, which was included in a detailed ethnographic blog article about indigenous women and girls. In other words, this is an obvious false positive, and it should never have been reported as CSAM at all. I'm writing to find out if anyone has more information that they can share about how this might have happened, and how it can be prevented from happening in the future. Many thanks in advance for any help that you can offer. Not sure if I should include the RIPE Cooperation ML on this, given that it relates to the actions of the C3P? -- Jeremy Malcolm PhD LLB (Hons) B Com Executive Director, Prostasia Foundation https://prostasia.org - +1 415 650 2557 [https://mailfoogae.appspot.com/t?sender=aamVyZW15QHByb3N0YXNpYS5vcmc%3D&type=zerocontent&guid=6da5a3c0-b605-489c-a914-49bb037aca56]ᐧ
Re: [anti-abuse-wg] New on RIPE Labs: RIPE NCC Anti-Abuse Support - What to Do if It Happens to You
Ronald Please explain. If somebody hacks, attempts to hack, DDOS or perpetrates any other sort of cybercrime against me or my company we have to report it law enforcement. I know that they might not be able to do a huge amount about a specific incident, but we still need to report it to them, much as we'd report a theft in the offline world. Regards Michele -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ https://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845
Re: [anti-abuse-wg] Input request for system on how to approach abuse filtering on Route Servers - bad hosters
Laura They provide lists / data – they don’t actually block anything themselves as far as I’m aware, so I don’t see what experience they’d have of relevance Regards Michele -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ https://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 From: Laura Atkins Date: Thursday 20 May 2021 at 09:27 To: Michele Neylon Cc: "connect...@ripe.net" , "anti-abuse-wg@ripe.net" Subject: Re: [anti-abuse-wg] Input request for system on how to approach abuse filtering on Route Servers - bad hosters [EXTERNAL EMAIL] Please use caution when opening attachments from unrecognised sources. Spamhaus has maintained the DROP list, focused primarily on email abuse, for a long time now. I expect they can share have operational, policy and legal experience related to blocking and filtering router traffic in Europe and worldwide. laura On 20 May 2021, at 09:03, Michele Neylon - Blacknight via anti-abuse-wg mailto:anti-abuse-wg@ripe.net>> wrote: Erik But wouldn’t creating this list involve looking at the traffic *somewhere*? Personally I’d love to see scummy providers marginalised as much as possible, but the “how” is important to get right. Regards Michele -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ https://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 From: anti-abuse-wg mailto:anti-abuse-wg-boun...@ripe.net>> on behalf of Erik Bais mailto:eb...@a2b-internet.com>> Date: Wednesday 19 May 2021 at 13:00 To: Thomas King mailto:thomas.k...@de-cix.net>>, Erik Bais mailto:e...@bais.name>>, "connect...@ripe.net<mailto:connect...@ripe.net>" mailto:connect...@ripe.net>>, "anti-abuse-wg@ripe.net<mailto:anti-abuse-wg@ripe.net>" mailto:anti-abuse-wg@ripe.net>> Subject: Re: [anti-abuse-wg] Input request for system on how to approach abuse filtering on Route Servers - bad hosters [EXTERNAL EMAIL] Please use caution when opening attachments from unrecognised sources. Hi Thomas, Thank you for your reply and insight. I’m not asking for IXP’s to look in the traffic.. I’m looking for a top 50 list of badhosts.. that is generated in a way that we as a community would feel comfortable with as a start. Use that top 50 list .. as the ASn filtering, to get to a way of clean internet for the default Routeserver customer. ( secure by design / default ) If that customer would like to receive the unfiltered option, they could set that via the IXP portal in their member account and receive the unfiltered view. Or setup direct peerings .. It is already possible to do this for someone if they know how to do it, via BGP communities or RPSL in the RIPE DB.. But the problem is that the list might not get updated .. and it is easier to do this for the whole group with regular updates, without re-configing all routers on a peering lan. As we are now talking about this in the Dutch community, it should be possible to push this also to other regions .. and it should be open for everyone to see why they would be listed and what the qualifiers are that they are there … That way we can avoid the real badhosts to pick out an internet exchange that doesn’t support filtering on this, just so they can push their bad packets into some networks. Regards, Erik Bais From: anti-abuse-wg mailto:anti-abuse-wg-boun...@ripe.net>> on behalf of Thomas King mailto:thomas.k...@de-cix.net>> Date: Wednesday 19 May 2021 at 13:14 To: Erik Bais mailto:e...@bais.name>>, "connect...@ripe.net<mailto:connect...@ripe.net>" mailto:connect...@ripe.net>>, "anti-abuse-wg@ripe.net<mailto:anti-abuse-wg@ripe.net>" mailto:anti-abuse-wg@ripe.net>> Subject: Re: [anti-abuse-wg] Input request for system on how to approach abuse filtering on Route Servers - bad hosters Hi Erik, This is a vital topic! You focused a bit on the Dutch community. However, I think it is globally significant. We at DE-CIX are very active in reacting to abusive peers on our IXPs. We have disconnected peers who were (repeatedly) not obeying the law or the DE-CIX Terms and Conditions. I gave a talk about what DE-CIX does in this regard during RIPE75 (https://ripe75.ripe.net/archives/video/103/). Disclaimer: I am not a lawye
Re: [anti-abuse-wg] Input request for system on how to approach abuse filtering on Route Servers - bad hosters
Erik But wouldn’t creating this list involve looking at the traffic *somewhere*? Personally I’d love to see scummy providers marginalised as much as possible, but the “how” is important to get right. Regards Michele -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ https://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 From: anti-abuse-wg on behalf of Erik Bais Date: Wednesday 19 May 2021 at 13:00 To: Thomas King , Erik Bais , "connect...@ripe.net" , "anti-abuse-wg@ripe.net" Subject: Re: [anti-abuse-wg] Input request for system on how to approach abuse filtering on Route Servers - bad hosters [EXTERNAL EMAIL] Please use caution when opening attachments from unrecognised sources. Hi Thomas, Thank you for your reply and insight. I’m not asking for IXP’s to look in the traffic.. I’m looking for a top 50 list of badhosts.. that is generated in a way that we as a community would feel comfortable with as a start. Use that top 50 list .. as the ASn filtering, to get to a way of clean internet for the default Routeserver customer. ( secure by design / default ) If that customer would like to receive the unfiltered option, they could set that via the IXP portal in their member account and receive the unfiltered view. Or setup direct peerings .. It is already possible to do this for someone if they know how to do it, via BGP communities or RPSL in the RIPE DB.. But the problem is that the list might not get updated .. and it is easier to do this for the whole group with regular updates, without re-configing all routers on a peering lan. As we are now talking about this in the Dutch community, it should be possible to push this also to other regions .. and it should be open for everyone to see why they would be listed and what the qualifiers are that they are there … That way we can avoid the real badhosts to pick out an internet exchange that doesn’t support filtering on this, just so they can push their bad packets into some networks. Regards, Erik Bais From: anti-abuse-wg on behalf of Thomas King Date: Wednesday 19 May 2021 at 13:14 To: Erik Bais , "connect...@ripe.net" , "anti-abuse-wg@ripe.net" Subject: Re: [anti-abuse-wg] Input request for system on how to approach abuse filtering on Route Servers - bad hosters Hi Erik, This is a vital topic! You focused a bit on the Dutch community. However, I think it is globally significant. We at DE-CIX are very active in reacting to abusive peers on our IXPs. We have disconnected peers who were (repeatedly) not obeying the law or the DE-CIX Terms and Conditions. I gave a talk about what DE-CIX does in this regard during RIPE75 (https://ripe75.ripe.net/archives/video/103/). Disclaimer: I am not a lawyer. The European telecommunication law does not allow IXPs to look into peers' traffic on the application level (for a good reason, I believe). So, we do not know if a peer hosts malware or is sending out spam only. DE-CIX is only allowed to look into the operational data (e.g., Route or ASN hijacks) or behavior (e.g., unwanted traffic due to static routes on the Peering LAN). Based on this information, DE-CIX is acting. I am highlighting this because I see issues if IXPs (or carriers and transit providers) are used as central infrastructure to filter data due to information they cannot verify or generate. Just think about the central DNS filtering and censoring discussion we had on a European level to stop certain abusive and harmful Internet services from being accessible. Best regards, Thomas -- Dr. Thomas King Chief Technology Officer (CTO) DE-CIX Management GmbH | Lindleystraße 12 | 60314 Frankfurt am Main | Germany | www.de-cix.net<http://www.de-cix.net> | Phone +49 69 1730902 87 | Mobile +49 175 1161428 | Fax +49 69 4056 2716 | thomas.k...@de-cix.net<mailto:thomas.k...@de-cix.net> | Geschaeftsfuehrer Harald A. Summa and Sebastian Seifert | Registergericht AG Koeln HRB 51135 DE-CIX 25th anniversary: Without you the Internet would not be the same! Join us on the journey at https://withoutyou.de-cix.net From: connect-wg mailto:connect-wg-boun...@ripe.net>> On Behalf Of Erik Bais Sent: Tuesday, 18 May 2021 21:52 To: connect...@ripe.net<mailto:connect...@ripe.net>; anti-abuse-wg@ripe.net<mailto:anti-abuse-wg@ripe.net> Subject: [connect-wg] Input request for system on how to approach abuse filtering on Route Servers - bad hosters Hi, As I asked during the Connect WG today, there are discussions currently going on in the Dutch network community to see if there is a way to get a cleaner feed from routes
Re: [anti-abuse-wg] Question about spam to abuse inbox
Jordi At least you are consistent in your belief that you can dictate how we all run our businesses I can’t and won’t comment on providers who are unresponsive etc., but I sincerely doubt that the medium of the reports has any impact on that. I will note, however, that other providers who use forms do so in order that they can collect all the evidence they need in one place at one time. However you cannot dictate to me how we will accept reports. If we decide that all reports need to go via form so that they can be routed to the correct place then that is our decision and you can either cooperate or not. Regards Michele -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ https://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 From: anti-abuse-wg on behalf of JORDI PALET MARTINEZ via anti-abuse-wg Date: Thursday, 18 February 2021 at 15:59 To: anti-abuse-wg@ripe.net Subject: Re: [anti-abuse-wg] Question about spam to abuse inbox I see it in the other way around. Forms are not useful at all. You need to manually fill in the form, unless you modify the automated reporting tools for “each” “form-holder”. Many of them also ask you to create an account in their ticketing system, but because you’re not their customer, you actually can’t do it, or can’t use it, etc. … When I tried to follow the steps, with major datacenters, such as OVH (one very common hoster of “bad” customers, not to say criminals), they never solve the issues, or you can’t see the “results” of the investigation (I tend to think that never investigated in fact …). Most of the abuse reports that we send by email are responded, typically automatically, and there is a reaction to them *when* we have already attached the relevant logs. The problem continues to be those that don’t get the emails, bounce, don’t read them, etc., or force to fill the forms. In those case, we just permanently ban the full ranges, if the abuse continues. No other way. We keep records of all that, in case of legal issues, so to be able to probe the ignorance of the abuse-mailbox. Regards, Jordi @jordipalet El 18/2/21 16:41, "anti-abuse-wg en nombre de Javier Martín" mailto:anti-abuse-wg-boun...@ripe.net> en nombre de javier.mar...@centrored.net<mailto:javier.mar...@centrored.net>> escribió: Hello. The subject of abuse emails are, with few exceptions, a useless thing, it depends on the good faith of the recipient. For our part, we continue to have servers from large companies attacking us for more than 6 months and after dozens of emails no one has helped us. Regards. Javier Sobre 18/02/2021 16:33:07, Michele Neylon - Blacknight via anti-abuse-wg escribió: Hans-Martin I’d disagree For larger companies the types of abuse reported will go to different places and teams. They’re also better for collecting the data you need to be able to act on a report. Abuse reports are a nuisance – anyone who thinks otherwise needs to get their head examined. However a lot of us will deal with abuse reports, but will not put up with people telling us how we should receive them. Regards Michele -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ https://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 From: anti-abuse-wg on behalf of Hans-Martin Mosner Date: Thursday, 18 February 2021 at 15:27 To: anti-abuse-wg@ripe.net Subject: Re: [anti-abuse-wg] Question about spam to abuse inbox Am 18.02.21 um 15:02 schrieb Michele Neylon - Blacknight via anti-abuse-wg: I know quite a few companies now use specific forms for handling reports of different types of reports and have moved away from email almost entirely, which makes a lot of sense. At the risk of derailing this interesting and useful topic, I have to disagree with the use of forms to report abuse. In the cases I've seen, those forms are hard to find, are a burden to fill out, require me to add information that is completely irrelevant to the abuse incident, and don't allow me to add relevant information (such as a complete mail header). Not getting a response only adds to the feeling that I've wasted my time... It may make a lot of sense for companies who see abuse reports as a nuisance, though :-) There are better ways to increase the quality of abuse reports received. The best is to res
Re: [anti-abuse-wg] Question about spam to abuse inbox
Javier I can well imagine. We’ve been hit with multiple phishing attacks and getting some companies to respond AND take action was painful. Regards Michele -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ https://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 From: Javier Martín Date: Thursday, 18 February 2021 at 15:40 To: Michele Neylon - Blacknight , Hans-Martin Mosner , Michele Neylon - Blacknight via anti-abuse-wg Subject: Re: [anti-abuse-wg] Question about spam to abuse inbox Hello. The subject of abuse emails are, with few exceptions, a useless thing, it depends on the good faith of the recipient. For our part, we continue to have servers from large companies attacking us for more than 6 months and after dozens of emails no one has helped us. Regards. Javier Sobre 18/02/2021 16:33:07, Michele Neylon - Blacknight via anti-abuse-wg escribió: Hans-Martin I’d disagree For larger companies the types of abuse reported will go to different places and teams. They’re also better for collecting the data you need to be able to act on a report. Abuse reports are a nuisance – anyone who thinks otherwise needs to get their head examined. However a lot of us will deal with abuse reports, but will not put up with people telling us how we should receive them. Regards Michele -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ https://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 From: anti-abuse-wg on behalf of Hans-Martin Mosner Date: Thursday, 18 February 2021 at 15:27 To: anti-abuse-wg@ripe.net Subject: Re: [anti-abuse-wg] Question about spam to abuse inbox Am 18.02.21 um 15:02 schrieb Michele Neylon - Blacknight via anti-abuse-wg: I know quite a few companies now use specific forms for handling reports of different types of reports and have moved away from email almost entirely, which makes a lot of sense. At the risk of derailing this interesting and useful topic, I have to disagree with the use of forms to report abuse. In the cases I've seen, those forms are hard to find, are a burden to fill out, require me to add information that is completely irrelevant to the abuse incident, and don't allow me to add relevant information (such as a complete mail header). Not getting a response only adds to the feeling that I've wasted my time... It may make a lot of sense for companies who see abuse reports as a nuisance, though :-) There are better ways to increase the quality of abuse reports received. The best is to respond positively to informative and verifiable abuse reports with timely and appropriate replies and, above all, actions. Cheers, Hans-Martin
Re: [anti-abuse-wg] Question about spam to abuse inbox
Hans-Martin I’d disagree For larger companies the types of abuse reported will go to different places and teams. They’re also better for collecting the data you need to be able to act on a report. Abuse reports are a nuisance – anyone who thinks otherwise needs to get their head examined. However a lot of us will deal with abuse reports, but will not put up with people telling us how we should receive them. Regards Michele -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ https://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 From: anti-abuse-wg on behalf of Hans-Martin Mosner Date: Thursday, 18 February 2021 at 15:27 To: anti-abuse-wg@ripe.net Subject: Re: [anti-abuse-wg] Question about spam to abuse inbox Am 18.02.21 um 15:02 schrieb Michele Neylon - Blacknight via anti-abuse-wg: I know quite a few companies now use specific forms for handling reports of different types of reports and have moved away from email almost entirely, which makes a lot of sense. At the risk of derailing this interesting and useful topic, I have to disagree with the use of forms to report abuse. In the cases I've seen, those forms are hard to find, are a burden to fill out, require me to add information that is completely irrelevant to the abuse incident, and don't allow me to add relevant information (such as a complete mail header). Not getting a response only adds to the feeling that I've wasted my time... It may make a lot of sense for companies who see abuse reports as a nuisance, though :-) There are better ways to increase the quality of abuse reports received. The best is to respond positively to informative and verifiable abuse reports with timely and appropriate replies and, above all, actions. Cheers, Hans-Martin
Re: [anti-abuse-wg] Question about spam to abuse inbox
Cynthia We’ve had to block some services from our abuse mailbox as they were sending us an insane volume of low quality reports. I’m not sure what the cut off point would be, but we’ve tried to engage with some of these services in the past and they never reply so they’re basically spammers as far as we’re concerned and dealing with their useless reports was a waste of our resources. I know quite a few companies now use specific forms for handling reports of different types of reports and have moved away from email almost entirely, which makes a lot of sense. Regards Michele -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ https://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 From: anti-abuse-wg on behalf of Cynthia Revström via anti-abuse-wg Date: Thursday, 18 February 2021 at 12:40 To: anti-abuse-wg@ripe.net Subject: [anti-abuse-wg] Question about spam to abuse inbox Hi aa-wg, For some context, today and yesterday I have been receiving spam in the form of fake abuse notices to my abuse contact email address. Is there a generally accepted standard for when it's okay to block an address or a prefix from emailing your abuse contact? I consider being able to contact the abuse email address of a network a rather important function, so I prefer not to block it. But also as I have more relaxed spam filters for the abuse contact to make sure nothing gets lost, it feels like blocking the address/prefix is my only option other than manually filtering through these emails (10 so far in total, today and yesterday). So back to the question, is there a generally accepted point at which blocking an address/prefix is fine? Thanks, -Cynthia
Re: [anti-abuse-wg] DDoS-Guard, a dodgy Russian firm that also hosts the official site for the terrorist group Hamas
Looks like Parler is now using them as well: parler.com has address 190.115.31.151 -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ https://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 From: anti-abuse-wg on behalf of Ronald F. Guilmette Date: Wednesday, 13 January 2021 at 02:59 To: Siyuan Miao Cc: anti-abuse-wg@ripe.net Subject: Re: [anti-abuse-wg] DDoS-Guard, a dodgy Russian firm that also hosts the official site for the terrorist group Hamas In message , you wrote: >hamas.ps seems to be hosted on Sucuri ... a doggy US based firm? According to data provided by Farsight Security, Inc. the site was formerly located at 190.115.18.139, which is indeed DDos-Guard, up until 2020-11-12, and it was then moved to its current location, 192.124.249.13, which is indeed, Securi. -- ;; bailiwick: hamas.ps. ;; count: 70144 ;; first seen: 2019-05-14 23:18:11 - ;; last seen: 2020-11-12 13:40:58 - hamas.ps. IN A 190.115.18.139 ;; bailiwick: hamas.ps. ;; count: 11017 ;; first seen: 2020-11-12 13:45:02 - ;; last seen: 2021-01-12 14:21:11 - hamas.ps. IN A 192.124.249.13
Re: [anti-abuse-wg] IPv4 squatting -- Courtesy of AS44050, AS58552
I don’t think it’s simply a matter of two sides, which your language attempts to categorise it as. Some of us refuse to have our processes and businesses dictated to by people who won’t listen to reasonable arguments against their unworkable proposals -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ https://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 From: anti-abuse-wg on behalf of Suresh Ramasubramanian Date: Wednesday 2 December 2020 at 14:06 To: IP Abuse Research , Serge Droz Cc: "anti-abuse-wg@ripe.net" Subject: Re: [anti-abuse-wg] IPv4 squatting -- Courtesy of AS44050, AS58552 +1 – most of the activity on this list has been people from the anti abuse community come up with suggestions that the RIPE regulars find unworkable, and then many people spend lots of time pointing out why the proposal is unworkable. So far I have not seen one case of a proposal coming in from the other side on what can be done instead to achieve the goals of the unworkable proposal, but have a chance of working under RIPE policies and procedures. From: anti-abuse-wg on behalf of IP Abuse Research Date: Wednesday, 2 December 2020 at 7:25 PM To: Serge Droz Cc: "anti-abuse-wg@ripe.net" Subject: Re: [anti-abuse-wg] IPv4 squatting -- Courtesy of AS44050, AS58552 I'd like to second Serge's sentiment, RFG catches a good deal of abuse for his contributions, which we have all seen on this and other lists. What the continued findings indicate is a need for IANA and the RIRs to adapt to a new stage in the resource issuance and governance lifecycle. Since this is by definition a working group, would it make sense to establish some metrics to quantify the perceived impact of this phenomenon on abuse? If we establish a process to collect these observations of either "abandoned" resources, prefixes or ASNs, which then re-appear mysteriously or in the case of an ASN start routing space that is unexpectedly, "hijack", we can take a step as a community to quantify the phenomenon? Note: This is specifically not an internet policing function as much as a neighborhood watch effort to help inform the governing bodies / policy ... etc. Right now from responses it seems like defacto this weight has been put onto the shoulder of Spamhaus vs. having a working group work on a solution. If this is of interest I'm happy to write up a proposal and or work with the chairs to see if this is something that is seen as constructive. Also if this doesn't fit into the anti-abuse working group ... where does it fit? On Wed, Dec 2, 2020 at 3:12 AM Serge Droz via anti-abuse-wg mailto:anti-abuse-wg@ripe.net>> wrote: First of: Congrats and thank you Ronald for this work. What makes me a bit sad is, that posting this here immediately starts a discussion about what is expected behavior on these lists, rather than how we could combat abuse more efficiently. It seems a seeminglu, to me at least, humorous remark, sparks more discussion than the troubling fact that criminals have the time of their lives during this period of time. I'm all in favor of staying civil on public fora. But noting in the original post was not civil. I am wondering what the we want to achieve here on the anti-abuse list? Call me stupid, but I just don't get it. Best Serge On 01.12.20 22:48, Ronald F. Guilmette wrote: > In message > outlook.com<http://outlook.com>>, Brian Nisbet > mailto:brian.nis...@heanet.ie>> wrote: > >> However I suspect that X-posting to a list like apnic-talk may not be the >> wisest idea, given the different populations etc... > > It is among my fondest hopes that cybercriminals of all stripes, and > particularly the ones who squat on IPv4 space that doesn't belong to > them, will, in future, show more respect for regional boundaries, such > that their devious activities will only oblige me to notify the > members of a single one of the five RIR regions regarding any single > one of these elaborate criminal schemes. Alas, in this instance > however, the perpetrators, in a very unsportsmanlike manner, elected > to make messes whose roots were found in both the RIPE region and also > in the APNIC region. (And that's not even to mention that most of the > squatted IPv4 real estate was and is under the administration of the > ARIN region.) > > Clearly, authorities in all five regions should be devoting somewhat > more effort towards the cultivation of a better and more respectful > class of cybercriminals who will confine their convoluted schemes to > their own home regions. > > > Regards, > rfg > -- Dr. Serge Droz Chair of the FIRST Board of Directors https://www.first.org
Re: [anti-abuse-wg] Report & Co-Chair's Decision on Proposal 2019-04
Your fixation with web forms isn't helping you. Either you want operators to deal with abuse reports or not. If operators use web forms AND take action when appropriate, then you've no reason to complain about them. -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com https://blacknight.blog / http://ceo.hosting/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park, Sleaty Road, Graiguecullen, Carlow, R93 X265,Ireland Company No.: 370845 On 08/09/2020, 14:51, "anti-abuse-wg on behalf of Carlos Friaças via anti-abuse-wg" wrote: On Tue, 8 Sep 2020, Alex de Joode wrote: > There are a couple of things in play here. > Networks normally fall under the "mere conduit' provisions of the eCommerce Directive (ECD (EU law)), this > means they do not have a (legal) requirement to actively address abuse within their networks. They need to > forward the abuse to their customer, but basically that is it. Before that, a webform may be in the way :-) If the regulator understands that artificial 'requirement' to be a way of avoiding that action of forwarding the abuse, then they might act. Or not. > The up coming DSA (Digital Services Act, which > will supersede the ECD) (as it stand now) will retain this provision for networks. So the chance of regulation > (within the EU area) for networks with respect to 'abuse handling' is very low. Unless there are some additional provisions... > The proposal was flawed, no clear identifiable upside (except for a feel good factor) and a lot extra work for > no real gain. > > If you want to fight the prevalence of internet abuse, ripe policy might not be your best avenue. Clearly. But this comment is directly tied with the earlier suggestion of renaming the WG... Regards, Carlos > Cheers, > Alex > > ?-- IDGARA | Alex de Joode | a...@idgara.nl | +31651108221 | Skype:adejoode > > On Tue, 08-09-2020 13h 33min, Suresh Ramasubramanian wrote: > Probably through regulation as you say. If ripe doesn?t want to be the Internet police they?ll suddenly find > that there actually is such a thing created and with oversight over them, sooner or later. Nobody is > going to like the result if that happens, neither the government nor ripe nor its membership. > > --srs > > __ > From: anti-abuse-wg on behalf of Carlos Friaças via anti-abuse-wg > > Sent: Tuesday, September 8, 2020 4:44:26 PM > To: anti-abuse-wg@ripe.net > Subject: Re: [anti-abuse-wg] Report & Co-Chair's Decision on Proposal 2019-04 > > Hi, > > I would like to second Piotr's comment. Thank you for your hard work, and > for not quitting over anti-abuse. > > As i read it consensus was not reached, and it's hard to dispute the > objections are not valid/admissible: > > " > 1) Nick Hilliard and Erik Bais commented that the effort and cost to > implement this proposal are too great in relations to the benefits that > are alleged. > > 2) Michele Neylon and Arash Naderpour commented that they oppose forcing > operators to use only email for > handling abuse reports and internal handling procedures should be solely > defined by the operator. > " > > I just want to note that: > A) it's very hard to measure the benefits. some parties would see bigger > benefits than others. > B) converging abuse reports to email usage is a rule that is inexistent > *today*. people which are not worried about abuse, will likely want to > keep it that way... as a webform is an effective way of discouraging > reports. > > > At some point, people which discard abuse reports (or people which > simulate handling abuse reports) will not be able to run networks. > We're far from it, but if it gets to that point that will not be reached > through consensus, but probably through regulation. > > > Regards, > Carlos > > > > > On Mon, 7 Sep 2020, Piotr Strzyzewski via anti-abuse-wg wrote: > > > On Mon, Sep 07, 2020 at 03:19:27PM +, Brian Nisbet wrote: > > > > Brian, Alireza, Tobias, > > > >> A few weeks ago we reached the end of the latest review phase for 2019-
Re: [anti-abuse-wg] Report & Co-Chair's Decision on Proposal 2019-04
Maybe you need to tone it down? -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com https://blacknight.blog / http://ceo.hosting/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park, Sleaty Road, Graiguecullen, Carlow, R93 X265,Ireland Company No.: 370845 From: anti-abuse-wg on behalf of JJS JJS Date: Tuesday 8 September 2020 at 11:44 To: "anti-abuse-wg@ripe.net" Subject: Re: [anti-abuse-wg] Report & Co-Chair's Decision on Proposal 2019-04 "Effectively either of these two things would have had the same result for the decision on consensus." Perhaps if someone moves to re-name the group "promotion of abuse working group" -- On Tue, Sep 8, 2020 at 6:31 PM Brian Nisbet mailto:brian.nis...@heanet.ie>> wrote: Jordi, I'm not entirely certain that we would 100% agree here, but this may be nuance. We didn't do a direct mapping, but we did make an indicative assumption that opinions wouldn't have changed, while also considering what would have happened if those same people had said exactly the same thing in the Review Phase. Effectively either of these two things would have had the same result for the decision on consensus. Brian Co-Chair, RIPE AA-WG Brian Nisbet Service Operations Manager HEAnet CLG, Ireland's National Education and Research Network 1st Floor, 5 George's Dock, IFSC, Dublin D01 X8N7, Ireland +35316609040 brian.nis...@heanet.ie<mailto:brian.nis...@heanet.ie> www.heanet.ie<http://www.heanet.ie> Registered in Ireland, No. 275301. CRA No. 20036270 From: JORDI PALET MARTINEZ mailto:jordi.pa...@consulintel.es>> Sent: Tuesday 8 September 2020 09:20 To: Brian Nisbet mailto:brian.nis...@heanet.ie>>; anti-abuse-wg@ripe.net<mailto:anti-abuse-wg@ripe.net> mailto:anti-abuse-wg@ripe.net>> Subject: Re: [anti-abuse-wg] Report & Co-Chair's Decision on Proposal 2019-04 CAUTION[External]: This email originated from outside of the organisation. Do not click on links or open the attachments unless you recognise the sender and know the content is safe. Hi Brian, I understand that the people can change their mind, for example, after other comments or the IA, etc. This is the same across different proposal versions, even editorial text changes. People can change their mind. However not stating a “mind change”, should be taken as having changed their position. I understand that you agree on all that and your decision is based on that perspective? (I want to make sure that language differences between English and Spanish are not an interpretation problem here) Regards, Jordi @jordipalet El 8/9/20 10:07, "Brian Nisbet" mailto:brian.nis...@heanet.ie>> escribió: Jordi, Under the PDP, given potential changes to the policy and inputs such as the Impact Analysis it is very difficult for the Co-Chairs to make assumptions about points of view as we move into the Review Phase, hence people will often restate their support or opposition to the policy, and indeed will often hark back to comments they have previously made. Again, this is why we listed the comments from the Discussion Phase and the Co-Chairs feel, even if everyone had made those same comments, the Co-Chairs feel there was no clear consensus for change. Brian Co-Chair, RIPE AA-WG Brian Nisbet Service Operations Manager HEAnet CLG, Ireland's National Education and Research Network 1st Floor, 5 George's Dock, IFSC, Dublin D01 X8N7, Ireland +35316609040 brian.nis...@heanet.ie<mailto:brian.nis...@heanet.ie> www.heanet.ie<http://www.heanet.ie> Registered in Ireland, No. 275301. CRA No. 20036270 From: JORDI PALET MARTINEZ mailto:jordi.pa...@consulintel.es>> Sent: Tuesday 8 September 2020 08:58 To: Brian Nisbet mailto:brian.nis...@heanet.ie>>; anti-abuse-wg@ripe.net<mailto:anti-abuse-wg@ripe.net> mailto:anti-abuse-wg@ripe.net>> Subject: Re: [anti-abuse-wg] Report & Co-Chair's Decision on Proposal 2019-04 CAUTION[External]: This email originated from outside of the organisation. Do not click on links or open the attachments unless you recognise the sender and know the content is safe. Hi Brian, all, First of all, tks for this detailed report. I’m still processing it. However, I’ve a open question for you, which I think it has been also clear from other emails, that it is not clear for the community. People in favor (or against) the proposal has not (including myself), re-stated their position or repeated the same arguments. Is not that an indication that they keep their previous position? Regards, Jordi @jordipalet El 7/9/20 17:19, "a
Re: [anti-abuse-wg] 2019-04 Review Phase (Validation of "abuse-mailbox") Reminder
Brian Thanks for the reminder. I’m not sure if there’s anything to be gained in my repeating previous comments on this, but to summarise briefly: * We oppose policy forcing operators to use email only for handling abuse reports. If an operator’s processes and procedures require reporters to use a form then so be it. * We oppose increasing the costs to RIPE NCC due to the proposed policy change * We do not believe that tweaking the proposal again is of any value and we, therefore, believe that the proposal should be shelved Regards Michele -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com https://blacknight.blog / http://ceo.hosting/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park, Sleaty Road, Graiguecullen, Carlow, R93 X265,Ireland Company No.: 370845 From: anti-abuse-wg on behalf of Brian Nisbet Date: Monday 17 August 2020 at 09:42 To: "anti-abuse-wg@ripe.net" Subject: [anti-abuse-wg] 2019-04 Review Phase (Validation of "abuse-mailbox") Reminder Folks, Just to remind you all, the current Review Phase is formally due to end tomorrow. If you haven't, then now is an excellent opportunity to look at Petrit's email from the 22nd of July and to read the Impact Analysis from the NCC and make any comments you wish to make. Thanks, Brian Co-Chair, RIPE AA-WG Brian Nisbet Service Operations Manager HEAnet CLG, Ireland's National Education and Research Network 1st Floor, 5 George's Dock, IFSC, Dublin D01 X8N7, Ireland +35316609040 brian.nis...@heanet.ie www.heanet.ie Registered in Ireland, No. 275301. CRA No. 20036270
Re: [anti-abuse-wg] Fwd: Re: botnet controllers
So you're ignoring abuse reports from other network operators? Or do you mean that you view reports from a CERT as being the only type of report you'll take seriously? -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com https://blacknight.blog / http://ceo.hosting/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park, Sleaty Road, Graiguecullen, Carlow, R93 X265,Ireland Company No.: 370845 On 10/07/2020, 11:04, "anti-abuse-wg on behalf of i...@fos-vpn.org" wrote: To answer your last question: If we receive a valid abuse report i.e. from a CERT we temporarily close the regarding Port on the particular IP. If the customer then starts to complain we send him a copy of the report and point out that another violation of our ToS will result in a termination of the account without a prior warning and without the option of a refund.
Re: [anti-abuse-wg] Fwd: Re: botnet controllers
Do you have a clear anti-abuse policy? Do you have clear terms of service? Are you enforcing both of them? -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com https://blacknight.blog / http://ceo.hosting/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park, Sleaty Road, Graiguecullen, Carlow, R93 X265,Ireland Company No.: 370845 On 09/07/2020, 21:46, "anti-abuse-wg on behalf of i...@fos-vpn.org" wrote: Getting back to your street example. We -just like the police- are unable to watch the streets 24/7/365 for a potential bank robber traversing the street. Assuming that we lease the street and let others use it openly, we can only do our best to keep miscreants off it. It is however not a reason for anyone to declare the actual owner of the specific street, which owns hundreds of streets, as criminal! This would equal declaring every state criminal for supporting criminals in moving between places by providing streets. It is indeed unreasonable not to act at all, this is however nothing we ever stated. It is equally unreasonable never to remove SBL Listings which are not valid, can not be reproduced and merely serve the purpose of discrediting us and putting pressure on our upstream providers.
Re: [anti-abuse-wg] Fwd: Re: botnet controllers
+1 on all points That someone who won't even disclose who they are has the gall to demand that Spamhaus or anyone else should is hilarious and disturbing. -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com https://blacknight.blog / http://ceo.hosting/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park, Sleaty Road, Graiguecullen, Carlow, R93 X265,Ireland Company No.: 370845 On 09/07/2020, 07:30, "anti-abuse-wg on behalf of Serge Droz via anti-abuse-wg" wrote: Hi Info Maybe one of the reasons some Non-logging VPNs end up on blacklist sis that the Non-Looging phrase is just an excuse to not go after misuse. The rights to privacy and free speech do not mean anything goes. You can fight abuse without violating privacy. But of course that's not for free, you need abuse people that investigate and they cost money. Sadly, many of these VPNs frankly just don't care, using the lame excuse that they are protecting fundamental rights, when in fact they are just don't care or take responsibility. I don't agree with everything Spamhaus does, but I find them responsible and and always found a way way to talk to them. I was reluctant writing this, because I'm not sure this discussion will lead anywhere. It's one of these where opinions seem to already have been formed. But you start accusing people of posting anonymously. I totally agree this is bad, but then, who are you, i...@fos-vpn.org? You don't seem to offer a name yourself. I find this a bit hypocritical. Best Serge On 08.07.20 20:46, i...@fos-vpn.org wrote: > All I would like from Spamhaus is to stop publishing fake SBL records in > order to discredit us and to use that to put pressure both upon us and > our upstreams. > Non-logging VPN services are as legal within the EU as Exit Nodes of the > Tor Network (which have massive abuse entries in various data bases, > especially the larger ones) and public WiFi Hotspots, which can be used > for abusive activities, too. > > I don't know who "PP" is (probably the same person which posts under the > nickname "Petras Simeon" on Twitter and on various boards), but he > contacted us and our upstream providers without telling his name, just > using this email address: phishphuc...@storey.ovh and sending us the > list of SBL entries which he also posted here. > Don't know if he's working for Spamhaus or not, but before attacking > others publicly, people should reveal their true identity, anything else > would be sneaky in my opinion. > -- Dr. Serge Droz Chair of the FIRST Board of Directors https://www.first.org
Re: [anti-abuse-wg] 2019-04 Discussion Phase (Validation of "abuse-mailbox")
Elad You are entitled to your opinion however while what you describe might be attractive to you it is not attractive or anyway useful to companies such as ourselves. Regards Michele -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com https://blacknight.blog / http://ceo.hosting/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park, Sleaty Road, Graiguecullen, Carlow, R93 X265,Ireland Company No.: 370845 From: Elad Cohen Date: Wednesday 29 April 2020 at 17:07 To: Michele Neylon , "anti-abuse-wg@ripe.net" , Serge Droz Subject: Re: [anti-abuse-wg] 2019-04 Discussion Phase (Validation of "abuse-mailbox") Michele, Ripe have many many expenses in the ~30M euros yearly expenses that are not related to the core goals of Ripe and can be avoid. To my opinion, this kind of anti-abuse system expense will be low and much more needed than many other expenses in the ~30M euros yearly expenses of Ripe. There will be an API for the system with an option for email notifications just like abuse complaints are received in email messages now, so there will be no overhead to your staff. Regarding the reporters - this overhead can protect from flood of automatic tools abuse complaints - if the reporter cannot fill a form and solve a captcha then the abuse complaint is not important enough to him. Regarding the little to no value that you wrote, through this system there will be no spam of abuse, no spam to the abuse publicly visible email address, there will be an API to LIR's internal systems for them to better track and to better handle abuse complaints, there will be tracking if abuse complaints were handled and public visibility of the percentage (of unhandled abuse complaints) of each LIR, in Ripe website. Respectfully, Elad ____________ From: Michele Neylon - Blacknight Sent: Wednesday, April 29, 2020 6:50 PM To: Elad Cohen ; anti-abuse-wg@ripe.net ; Serge Droz Subject: Re: [anti-abuse-wg] 2019-04 Discussion Phase (Validation of "abuse-mailbox") Elad I strongly oppose this concept. It’s not up to RIPE to run this and we don’t pay RIPE fees to have them waste resources on this kind of thing. It’s an extra overhead for RIPE, for our staff and for reporters and it would be bring little to no value. Regards Michele -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com https://blacknight.blog / http://ceo.hosting/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park, Sleaty Road, Graiguecullen, Carlow, R93 X265,Ireland Company No.: 370845 From: anti-abuse-wg on behalf of Elad Cohen Date: Wednesday 29 April 2020 at 12:18 To: "anti-abuse-wg@ripe.net" , Serge Droz Subject: Re: [anti-abuse-wg] 2019-04 Discussion Phase (Validation of "abuse-mailbox") What is this ? "However, the community should report any situation to the RIPE NCC, which can provide (anonymous) periodical statistics to the community, which can take further decisions about that." Ripe members are informers? "divide and conquer" strategy ? Abuse email addresses (just like any other email address) are being spammed, not only by non-relevant spammers but also by automatic useless services that are installed at servers that don't take themselves any measure of proper configuration to avoid the automatic useless services. To my opinion, Ripe should create its own anti-abuse system, each LIR will have login access to it (LIR will be able to choose to receive notifications through sms / email) and to mark each abuse complaint as resolved or not (that system can also have an API so LIR's will be able to pull their abuse complaints), the main issue is that complaints to that system will not be able to be done automatically or by email - only manually by form filling with captcha. (after the LIR will mark an abuse complain as resolved - the complainer will receive an email address also to confirm with him if issue is resolved or not, non-detailed statistics will be able to be displayed to the whole community - to see the percentage of how many manual complaints weren't handled by each LIR) --- Besides the above, I also believe that we as a community should not accept complainers which are not taking the most basic configuration actions to protect their systems, and would consider these complaints as spam. In order for abuse complaints not to be abused. Respectfully, Elad From: anti-abuse-wg on behalf of Serge Droz via anti-abuse-wg Sent: Wednesday, April 29, 2020 11:22 AM To: anti-abuse-wg@ripe.ne
Re: [anti-abuse-wg] 2019-04 Discussion Phase (Validation of "abuse-mailbox")
Elad I strongly oppose this concept. It’s not up to RIPE to run this and we don’t pay RIPE fees to have them waste resources on this kind of thing. It’s an extra overhead for RIPE, for our staff and for reporters and it would be bring little to no value. Regards Michele -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com https://blacknight.blog / http://ceo.hosting/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park, Sleaty Road, Graiguecullen, Carlow, R93 X265,Ireland Company No.: 370845 From: anti-abuse-wg on behalf of Elad Cohen Date: Wednesday 29 April 2020 at 12:18 To: "anti-abuse-wg@ripe.net" , Serge Droz Subject: Re: [anti-abuse-wg] 2019-04 Discussion Phase (Validation of "abuse-mailbox") What is this ? "However, the community should report any situation to the RIPE NCC, which can provide (anonymous) periodical statistics to the community, which can take further decisions about that." Ripe members are informers? "divide and conquer" strategy ? Abuse email addresses (just like any other email address) are being spammed, not only by non-relevant spammers but also by automatic useless services that are installed at servers that don't take themselves any measure of proper configuration to avoid the automatic useless services. To my opinion, Ripe should create its own anti-abuse system, each LIR will have login access to it (LIR will be able to choose to receive notifications through sms / email) and to mark each abuse complaint as resolved or not (that system can also have an API so LIR's will be able to pull their abuse complaints), the main issue is that complaints to that system will not be able to be done automatically or by email - only manually by form filling with captcha. (after the LIR will mark an abuse complain as resolved - the complainer will receive an email address also to confirm with him if issue is resolved or not, non-detailed statistics will be able to be displayed to the whole community - to see the percentage of how many manual complaints weren't handled by each LIR) --- Besides the above, I also believe that we as a community should not accept complainers which are not taking the most basic configuration actions to protect their systems, and would consider these complaints as spam. In order for abuse complaints not to be abused. Respectfully, Elad From: anti-abuse-wg on behalf of Serge Droz via anti-abuse-wg Sent: Wednesday, April 29, 2020 11:22 AM To: anti-abuse-wg@ripe.net Subject: Re: [anti-abuse-wg] 2019-04 Discussion Phase (Validation of "abuse-mailbox") Hi All I think this is a good policy. We can always find use cases where it fails, but it will help in some cases. And if some one is not able to answer an e-mail every six month, there are probably underlying issues. Also the argument, that the bad guys flood the mailbox is not really acceptable. It just means you can't filter spam. The proposal does not check how the reports are used. But it helps us to enumerate organizations, that don't act, coming up with various excuses, along the lines the best problems are some one else's problems, so let's make it some on else's problem. The fact is: Most mature organizations are perfectly capable of handling such mail boxes, even if they have a high load. Coming from the incident response side, I'm tiered of people constantly telling me, that issues are not their problem Best Serge On 28.04.20 16:01, Petrit Hasani wrote: > Dear colleagues, > > A new version of RIPE policy proposal, 2019-04, "Validation of > "abuse-mailbox"", is now available for discussion. > > This proposal aims to have the RIPE NCC validate "abuse-c:" information > more often and introduces a new validation process. > > Most of the text has been rewritten following the last round of > discussion and the proposal is now at version 3.0. Some key points in > this version: > > - The abuse-mailbox should not force the sender to use a form > - The validation process must ensure that the abuse mailbox is able to > receive messages > - The validation should happen at least every six months > > You can find the full proposal at: > https://www.ripe.net/participate/policies/proposals/2019-04 > > As per the RIPE Policy Development Process (PDP), the purpose of this > four-week Discussion Phase is to discuss the proposal and provide > feedback to the proposer. > > At the end of the Discussion Phase, the proposer, with the agreement of > the Anti-Abuse Working Group Chairs, will decide how to proceed with the > proposal. > > We encourage you to review this proposal and send your comments to > before 27 May 2020. > > Kind regards, > -- > Petrit Hasani > Policy Officer > RIPE NCC > > > > > -- Dr. Serge Droz Chair of the FIRST Board of Directors https://www.first.org
Re: [anti-abuse-wg] 2019-04 Discussion Phase (Validation of "abuse-mailbox")
No point repeating Nick's points, but I agree. The current proposal should be abandoned - it's not getting better with each iteration Regards Michele -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com https://blacknight.blog / http://ceo.hosting/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park, Sleaty Road, Graiguecullen, Carlow, R93 X265,Ireland Company No.: 370845 On 28/04/2020, 20:27, "anti-abuse-wg on behalf of Nick Hilliard" wrote: Petrit Hasani wrote on 28/04/2020 15:01: > A new version of RIPE policy proposal, 2019-04, "Validation of > "abuse-mailbox"", is now available for discussion. The updated version of this policy proposal is here: > https://www.ripe.net/participate/policies/proposals/2019-04/draft The proposal has the following problems, each of which would be sufficient reason it its own right to reject the proposal: > and must not force the sender to use a form. It's not the job of the RIPE NCC to tell its members how to handle abuse reports, and it is beyond inappropriate for this working group to expect the RIPE NCC to withdraw numbering resources if member organisations don't comply with an arbitrary policy which forces the use of SMTP email like this. > [...] is present and can receive messages at least every six months*. > If the validation fails, the RIPE NCC and: > *The RIPE NCC may change the validation period depending on the level > of accuracy of the contacts. For example, switching from six-month to > one-year period once contact accuracy has improved. This addition proposes to micromanage the RIPE NCC even further. Arbitrary time-scales like this are operational details which have no place in a well-thought-out policy. > This validation process will not check how the abuse cases are > processed. The community should escalate/report back to the RIPE NCC, > so anonymised statistics can be collected and periodically > published. > However, the community should report any situation to the RIPE NCC, > which can provide (anonymous) periodical statistics to the community, > which can take further decisions about that. This proposes that the RIPE NCC becomes an abuse reporting clearinghouse based on unsubstantiated community gossip. This is inappropriate in many different ways. > It should be clear that the policy intent is not to look into how the > abuse mailbox is monitored or how abuse cases are handled. It's difficult to take this seriously when the intent of most of the rest of the text in the proposal is about using the RIPE NCC to monitor how abuse cases are handled and to ensure that the abuse mailbox is monitored. The proposal is self-contradictory, intrusive into NCC membership business processes and there is no compelling reason to believe that the proposal will end up reducing the amount of abuse on the internet. In addition, all of these problems were identified in previous versions of the proposal, i.e. none of them has been resolved and because of that, there is no reason to think that this version is any more likely to reach consensus than any of the previous versions. The proposal needs to be abandoned. Nick
Re: [anti-abuse-wg] RIPE NCC Report: Law Enforcement Agency Requests 2019
+1 A lot of people aren't familiar with these terms -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com https://blacknight.blog / http://ceo.hosting/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow, R93 X265 ,Ireland Company No.: 370845 On 25/03/2020, 10:49, "anti-abuse-wg on behalf of Sergey Myasoedov via anti-abuse-wg" wrote: Dear Maria, Thank you for this report. I think it's better to explain abbreviations like 'MLAT' as I google it and it wasn't too easy to find the meaning without RIPE NCC website. PS. MLAT stands for 'mutual legal assistance treaties' -- Sergey > On 25 Mar 2020, at 10:47, Maria Stafyla wrote: > > Dear colleagues, > > We have published a transparency report that details the nature > of the requests we received from Law Enforcement Agencies in 2019. > > You can find the report at: > https://www.ripe.net/publications/docs/ripe-740/ > > Kind regards, > > Maria Stafyla > Senior Legal Counsel > RIPE NCC > >
Re: [anti-abuse-wg] AS24961 myLoc managed IT AG, uadns.com, ledl.net, and non-disclosing registries
ICANN has absolutely nothing to do with whois policies for ccTLDs like .de, .eu and .at. If you want to cast wild aspersions at organisations without providing *any* actual proof of anything then please at least get some basic facts right. The .eu registry does have policies around registration data and they do actively enforce them. I also fail to see what exactly you want this group to do, since you haven't provided any tangible information beyond the incredibly vague assertion that there's something wrong out there. Regards Michele -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ https://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 On 19/02/2020, 07:21, "anti-abuse-wg on behalf of Hans-Martin Mosner" wrote: AS24961 (RIPE NCC member myLoc managed IT AG) continues to host one persistent spam sender years after years. I have complained to them a number of times, with no noticeable effect. The sender is recognizable by characteristics of their domain names and local parts, and most importantly by their DNS service, which is always uadns.com. Would be easy to deny them service if myLoc wanted to. Domain registrations are most often done via Ledl.net GmbH (RIPE NCC member). Registries DENIC eG (RIPE NCC member), EURid vzw (RIPE NCC member), nic.at GmbH (RIPE NCC member) willingly accept registrations that have most likely fake data (which I can't check because these data are conveniently not disclosed, although they very likely describe a commercial entity and not existing private persons and are therefore not subject to GDPR protections.) Excuse me while I vomit a little. I know that this working group is not responsible for handling individual cases of abuse, so my intention is not to get a solution (which I already did via nullrouting that AS) but to understand how persistent abuse-enabling entities can act unhindered without any clear escalation path. Effectively extracting the last rotten tooth "ICANN Whois Inaccuracy Complaint" by hiding all registration data so that an inaccuracy check is made impossible didn't help much... Cheers, Hans-Martin
Re: [anti-abuse-wg] @EXT: RE: working in new version of 2019-04 (Validation of "abuse-mailbox")
I suspect this stems from the incorrect assumption that Section 230 style protections extend outside the US. Even if they did, I don't think that they would be enough to allow for the NCC to start "naming and shaming" companies / members based on this kind of thing -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ https://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 On 17/01/2020, 17:54, "anti-abuse-wg on behalf of Richard Clayton" wrote: In message <1609071e-bf44-4e1d-9c81-98616f11b...@consulintel.es>, JORDI PALET MARTINEZ via anti-abuse-wg writes >?El 16/1/20 21:37, "anti-abuse-wg en nombre de Richard Clayton" boun...@ripe.net en nombre de rich...@highwayman.com> escribió: > >In message , JORDI >PALET MARTINEZ via anti-abuse-wg writes > >> I'm sure if the >>service provider tries to avoid being "informed" by not looking at >notifications >>(email, postal, fax, etc.), they will also be liable in front of courts. > >correct, but that's a "Hosting" aspect and that's not necessarily the >issue when considering spam (which is certainly some of what is being >considered under the generic "abuse" label) > >I'm not sure to understand what do you mean. In my opinion, if the hosting >provider is the resource-holder of the addresses being used for any abuse >(including spam), he is the responsible against the law and he is consequently >liable of possible damages. The ECommerce Directive gives a free pass to companies that just pass packets around ("Mere Conduit") ... so if you complain to AS that there is a spammer using their network and they do nothing then suing them is unlikely to be productive. You need, in such a matter, to take proceedings against the spammer (and the Court may assist you in compelling the network provider to reveal what they know about the spammer). The ECommerce Directive also gives a free pass to a hosting company in respect of material they publish such as (where this thread started) a website claiming the people operating AS are pondscum and regularly rape their mothers ... but once the hosting company has "actual knowledge" of this defamatory material then they must act to remove it. If they do not do so then you can take legal proceedings against them for continuing to publish the libel. You may have some opinion of your own as to whether this is right (and this, as covered earlier, is not the same in the USA) ... ... but until you explain exactly the legal basis on which you intend to proceed against a resource holder and exactly the sort of harm which they are facilitating (not all abuse is the same in law) then it's impossible to say whether some special situation applies (and your opinion about liability is correct) or whether the overarching provisions of the ECommerce Directive (which override laws that appear to say something else) mean that you cannot proceed against a network provider at all or a hosting company that does not have actual knowledge. IANAL, jurisdictions differ (but Directives bind all EU Member States) -- richard Richard Clayton Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755
Re: [anti-abuse-wg] Periodic Reminder: List Conduct
Brian and the other co-chairs have never claimed to be the internet police, however they are the co-chairs of this group. I don’t agree with every bit of legislation, but that does not mean that the laws are not binding on me Arguing that simply because you do not agree with a rule that it shouldn’t apply to you is farcical. Put more simply, if you want to participate in RIPE Community discussions you need to abide by the rules. If you don’t want to respect the rules then you can’t participate. -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com https://blacknight.blog / http://ceo.hosting/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow, R93 X265 ,Ireland Company No.: 370845 From: anti-abuse-wg on behalf of Fi Shing Date: Saturday 18 January 2020 at 07:23 To: "anti-abuse-wg@ripe.net" Subject: Re: [anti-abuse-wg] Periodic Reminder: List Conduct It appears you missed the point of my email. How can you say rules apply to this list, but not RIPE itself? Given the logic of many on this list: 1. You are not the internet police, 2. Some people may not agree with a rule, so therefore there are no rules at all, 3. you, as an administrator enforcing this rule of "no personal attacks" would require you to open your emails, which is too much to ask of you as an administrator. - Original Message - Subject: RE: [anti-abuse-wg] Periodic Reminder: List Conduct From: "Brian Nisbet" Date: 1/17/20 10:42 pm To: "Fi Shing" , "anti-abuse-wg@ripe.net" Honestly, you can disagree all you want, but there are rules of conduct in the RIPE community and on this list. My email served as a polite reminder of those rules. If a member of the list chooses not to follow them, then steps will be taken in regards to direct communication, then moderation of postings if it is felt necessary and on from there. The Co-Chairs would greatly prefer not to have to deal with any of this, nor impose any restrictions on engagement with the working group, but if we must, we must, because such attacks do not help the list discussion nor the policy development process. Thanks, Brian Co-Chair, RIPE AA-WG Brian Nisbet Service Operations Manager HEAnet CLG, Ireland's National Education and Research Network 1st Floor, 5 George's Dock, IFSC, Dublin D01 X8N7, Ireland +35316609040 brian.nis...@heanet.ie www.heanet.ie Registered in Ireland, No. 275301. CRA No. 20036270 From: anti-abuse-wg On Behalf Of Fi Shing Sent: Friday 17 January 2020 11:33 To: anti-abuse-wg@ripe.net Subject: Re: [anti-abuse-wg] Periodic Reminder: List Conduct >> but we can tell you not to do it here, so please don't. Well... no, i disagree. Brian Nisbet, i would like to remind you, that ... You are not the Internet Police. In fact, what you consider to be a rule, might not be something that every single person on this planet also considers to be a rule, and so therefore, we have no rules at all, nor is there any basis for you to impose any rules on this list such as that which you have said. To enforce this rule of "no personal attacks", would require you to open you email and read it once every year. That is too much for RIPE to envisage. It's too much resources. It's something that no administrator such as you SHOULD HAVE TO DO. So therefore, let us discuss, in meaningless circular fashion, similar to what you find inside an insane asylum, this idea of yours. SOUND FAMILIAR, ANYONE? - Original Message - Subject: [anti-abuse-wg] Periodic Reminder: List Conduct From: "Brian Nisbet" mailto:brian.nis...@heanet.ie>> Date: 1/17/20 8:23 pm To: "anti-abuse-wg@ripe.net<mailto:anti-abuse-wg@ripe.net>" mailto:anti-abuse-wg@ripe.net>> Colleagues, It seems that at some point in every large list discussion I am compelled to send a mail of this type. This is not in response to any single mail, rather it is a reminder to all. Please remember to conduct yourselves well on this list, to discuss the matter at hand and not to attack the person writing the email. Most of the list discussion takes place in the appropriate manner, but I realise that when we're discussing matters about which any of us are passionate we can forget this. Ad hominem attacks, general slights, unfounded accusations, and many other things do not contribute to the list discussion. The Co-Chairs can't tell you not to send them by private mail (albeit we'd greatly prefer you didn't) nor to act in this manner in other for a (albeit we'd prefer if you didn't do that either), but we can tell you not to do it here, so please don't. Thank you all for your interest and p
[anti-abuse-wg] Abuse mailbox validation?
I've been trying to follow the back and forth here over the last few days and to be honest I'm rather confused. Which text is actually being proposed? A lot of the discussion here seems to have gone off into all sorts of tangents and it's hard to see what is actually being discussed Michele -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ https://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845
Re: [anti-abuse-wg] working in new version of 2019-04 (Validation of "abuse-mailbox")
+1000 -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ https://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 On 15/01/2020, 12:49, "anti-abuse-wg on behalf of Nick Hilliard" wrote: JORDI PALET MARTINEZ via anti-abuse-wg wrote on 15/01/2020 12:38: > and allows sending abuse reports You're demanding that resource holders handle abuse reports by email and how to handle that mailbox, i.e. telling them how to run their businesses. It's not appropriate for the RIPE NCC to get involved with this sort of thing. Nick
Re: [anti-abuse-wg] [routing-wg] An arrest in Russia
Sergey You DO NOT speak for all members. Regards Michele -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ https://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 On 02/01/2020, 19:34, "anti-abuse-wg on behalf of Sergey Myasoedov via anti-abuse-wg" wrote: Hi Nikolas, Thank you for your explanation, I appreciate it. > On 2 Jan 2020, at 14:29, Nikolas Pediaditis wrote: > > With regards to implementing policies and procedures, we apply them as equally and neutrally as possible, but we also consider it reasonable and sensible to take extraordinary circumstances into account. On this occasion, RIPE NCC Management reviewed a case in which new information had come to light and it decided to act as it saw necessary and appropriate. I do believe that the extraordinary circumstances are when the ER department is involved in the process. But usually RIPE NCC don't perform the rollback of transfers. In the case we've seen, two members are still active, no M&A deal, but suddenly Ministry of foreign affairs got involved, crime investigation is ongoing... In the similar circumstances in Kazakhstan (2018-2019) the NCC decided not to make any statements in the court and didn't revert the transaction until the Supreme court made its decision. The unpredictability of the NCC's actions don't make the members happy. -- Kind regards, Sergey Myasoedov
Re: [anti-abuse-wg] Massive prefix theft in AFRINIC - attributed to an insider
Great work from Ron Sad to see this happen, though it was to be expected considering how much IPs are now worth -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ http://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 On 04/12/2019, 19:43, "anti-abuse-wg on behalf of Suresh Ramasubramanian" wrote: Congratulations, Ron Guilmette. You’ve been doing this for years and this is your biggest success yet. https://mybroadband.co.za/news/internet/330379-how-internet-resources-worth-r800-million-were-stolen-and-sold-on-the-black-market.html tl;dr - The insider is apparently Ernest Byaruhanga, AFRINIC employee #2, and he has now separated from AFRINIC --srs
Re: [anti-abuse-wg] Non-ASCII characters in abuse-mailbox addresses
Why? It’s an EAI issue more than anything else. If your email client or server can’t handle UTF-8 then doing the punycode conversion is unlikely to help I’d also encourage RIPE NOT to force Latin characters only – the RIPE region covers multiple languages which are not Latin based and if anything it should be leading by example More details on EAI and UA issues here: https://uasg.tech/ Regards Michele -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ https://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 From: anti-abuse-wg on behalf of David Guo via anti-abuse-wg Reply to: David Guo Date: Tuesday 19 November 2019 at 13:34 To: Thomas Hungenberg , "anti-abuse-wg@ripe.net" Subject: Re: [anti-abuse-wg] Non-ASCII characters in abuse-mailbox addresses Oh you already tried and it works. I suggest RIPE can convert the IDN domains to punnycode on database. From: David Guo Sent: Tuesday, November 19, 2019 2:32:54 PM To: Thomas Hungenberg ; anti-abuse-wg@ripe.net Subject: Re: [anti-abuse-wg] Non-ASCII characters in abuse-mailbox addresses Did you try IDN / Punnycode converter? Try abuse@xn--zrich-kva.email ? From: anti-abuse-wg on behalf of Thomas Hungenberg Sent: Tuesday, November 19, 2019 2:27:13 PM To: anti-abuse-wg@ripe.net Subject: [anti-abuse-wg] Non-ASCII characters in abuse-mailbox addresses Hi, some abuse contacts registered with RIPE use non-ascii characters with the abuse-mailbox addresses, e.g. % Abuse contact for '195.78.76.0 - 195.78.77.255' is 'abuse@zürich.email' However, the corresponding MTA does not support SMTPUTF8: 7B579403C6: to=, relay=mail.xn--zrich-kva.email[109.95.241.50]:25, delay=0.33, delays=0.01/0/0.32/0, dsn=5.6.7, status=bounced (SMTPUTF8 is required, but was not offered by host mail.xn--zrich-kva.email[109.95.241.50]) (In this particular case, sending email to the IDNA representation of the email address works.) In our experience, using umlauts and other non-ascii characters in (the host part of) email addresses still cause a lot of problems in general. Even if the recipient's MX supports SMTPUTF8 correctly, MTAs on the transport way may fail to handle SMTPUTF8 messages. To prevent such problems and make sure all abuse mailboxes can be addressed, I wonder if the values of abuse-mailbox attributes should be restricted to ASCII characters only. What do you think? - Thomas
Re: [anti-abuse-wg] 2019-03 Review Phase (Resource Hijacking is a RIPE Policy Violation)
Carlos Nick and others have covered why it should be dropped in their emails to this list. It's also pretty clear that the cost implications of this proposal far outweigh any potential benefit. So it should just be dropped. And your counterargument about cost is completely divorced from economic reality. RIPE NCC are not the routing police. Regards Michele -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ https://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 On 09/09/2019, 15:53, "Carlos Friaças" wrote: Hi Michele, All, Can you be more specific about which problems derive from this proposal's simple existence...? About: "going to cost more" -- when you try to improve something, it's generally not cheaper, yes. but then there is "worth", which generates different views. (...) The "causes more harms" bit is mostly derived from the possibility of lawsuits...? Regards, Carlos On Mon, 9 Sep 2019, Michele Neylon - Blacknight wrote: > 100% agreed > > This proposal should be dropped as it's creating more problems, going to cost more and generally causes more harms than those it was aimed to solve. > > > > -- > Mr Michele Neylon > Blacknight Solutions > Hosting, Colocation & Domains > https://www.blacknight.com/ > https://blacknight.blog/ > Intl. +353 (0) 59 9183072 > Direct Dial: +353 (0)59 9183090 > Personal blog: https://michele.blog/ > Some thoughts: https://ceo.hosting/ > --- > Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty > Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 > > On 05/09/2019, 17:15, "anti-abuse-wg on behalf of Nick Hilliard" wrote: > >Marco Schmidt wrote on 05/09/2019 14:23: >> The RIPE NCC has prepared an impact analysis on this latest proposal >> version to support the community?s discussion. You can find the full >> proposal and impact analysis at: >> https://www.ripe.net/participate/policies/proposals/2019-03 > >that is as damning an impact analysis as I've ever seen, and it sends a >clear signal that the proposal would not solve the root problem while >simultaneously being very harmful to the RIPE NCC. > >I'd like to suggest to the chairs that this proposal be formally >dropped. It's taken up a good deal of working group time at this point >and there is an obvious lack of consensus that the proposal should be >adopted as a policy. > >Nick > > > > >
Re: [anti-abuse-wg] 2019-03 Review Phase (Resource Hijacking is a RIPE Policy Violation)
100% agreed This proposal should be dropped as it's creating more problems, going to cost more and generally causes more harms than those it was aimed to solve. -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ https://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 On 05/09/2019, 17:15, "anti-abuse-wg on behalf of Nick Hilliard" wrote: Marco Schmidt wrote on 05/09/2019 14:23: > The RIPE NCC has prepared an impact analysis on this latest proposal > version to support the community’s discussion. You can find the full > proposal and impact analysis at: > https://www.ripe.net/participate/policies/proposals/2019-03 that is as damning an impact analysis as I've ever seen, and it sends a clear signal that the proposal would not solve the root problem while simultaneously being very harmful to the RIPE NCC. I'd like to suggest to the chairs that this proposal be formally dropped. It's taken up a good deal of working group time at this point and there is an obvious lack of consensus that the proposal should be adopted as a policy. Nick
Re: [anti-abuse-wg] 2019-04 New Policy Proposal (Validation of "abuse-mailbox")
As do I -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ http://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 On 23/05/2019, 01:10, "anti-abuse-wg on behalf of Fearghas McKay" wrote: > On 22 May 2019, at 22:38, Gert Doering wrote: > > Before you all argue for "we need to have more paperwork!" please take > a step back and explain a) what is wrong with the current validation > process, and b) why this proposal would improve this. What Gert said - at the very least these need to be answered before this policy can gain consensus. I oppose the policy as written and proposed. Thanks f
Re: [anti-abuse-wg] diff online 2019-03 v1 vs v2
As I said in the face to face meeting this morning, I both withdraw my support for this proposal and would also urge you to completely withdraw it. The name of the policy does not reflect its intent and that alone should be reason enough for it to be removed Regards Michele -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ http://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 On 23/05/2019, 09:00, "anti-abuse-wg on behalf of JORDI PALET MARTINEZ via anti-abuse-wg" wrote: Hi all, As v2 of 2019-03 is not yet published, according to the PDP, until the impact analysis is completed, I've published a diff online at: https://www.diffchecker.com/Fy6z4VYH Regards, Jordi ** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.
Re: [anti-abuse-wg] Astroturfing?
Carlos I've absolutely zero issue with new people engaging, but lots of one line "+1" or almost identical emails isn't meaningful engagement. Regards Michele -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ https://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 On 03/04/2019, 12:53, "Carlos Friaças" wrote: Hi Michele, All, I had to Google for 'astroturfing'. I learned something today. :-) As i see it, the "community" is not a closed group. It was repeateadly stated that "consensus" or "rough consensus" is not a vote. I think that is clear for everyone. Just like a few days ago i wrote that i hoped there wasn't any kind of discrimination against portuguese participants, i hope there isn't also any kind of discrimination against new participants on this WG. I may understand if some people prefer to have less people in the WG, but i'm not part of that set. While worrying about how we can improve rules/tools against Abuse (that's the point of an Anti-Abuse WG, right?), i would also like to see a much larger number of people involved! If someone has any doubt about if newcomers are real persons, then please Google away. :-) I met in person most of people that are supporting 2019-03 and also those that are opposing it (some of which i even co-authored other proposals), since a while back. ps: I think i haven't met Sebastien Lahtinen in person since 10y or so, so if 2019-03 made him show up on the list, that's another plus :-)) Best Regards, Carlos On Wed, 3 Apr 2019, Michele Neylon - Blacknight wrote: > All > > Is someone encouraging astroturfing? > > The number of either new or inactive members of this list who have posted one line messages in support of the recent policy discussion has reached insane levels > > Regards > > Michele > > -- > Mr Michele Neylon > Blacknight Solutions > Hosting, Colocation & Domains > https://www.blacknight.com/ > https://blacknight.blog/ > Intl. +353 (0) 59 9183072 > Direct Dial: +353 (0)59 9183090 > Personal blog: https://michele.blog/ > Some thoughts: https://ceo.hosting/ > --- > Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty > Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 > >
[anti-abuse-wg] Astroturfing?
All Is someone encouraging astroturfing? The number of either new or inactive members of this list who have posted one line messages in support of the recent policy discussion has reached insane levels Regards Michele -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ https://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845
Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
We support the proposal The language of the policy needs a little bit of work, but the concept is something we definitely support. Regards Michele -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ https://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 On 19/03/2019, 12:41, "anti-abuse-wg on behalf of Marco Schmidt" wrote: Dear colleagues, A new RIPE Policy proposal, 2019-03, "BGP Hijacking is a RIPE Policy Violation", is now available for discussion. The goal of this proposal is to define that BGP hijacking is not accepted as normal practice within the RIPE NCC service region. You can find the full proposal at: https://www.ripe.net/participate/policies/proposals/2019-03 As per the RIPE Policy Development Process (PDP), the purpose of this four-week Discussion Phase is to discuss the proposal and provide feedback to the proposer. At the end of the Discussion Phase, the proposers, with the agreement of the Anti-Abuse WG co-chairs, decide how to proceed with the proposal. We encourage you to review this proposal and send your comments to before 17 April 2019. Kind regards, Marco Schmidt Policy Officer RIPE NCC Sent via RIPE Forum -- https://www.ripe.net/participate/mail/forum
Re: [anti-abuse-wg] Constructive Approach & Anonymity (Was RE: Verification of abuse contact addresses ? )
Brian I agree with you on most points, however I do have issues with the one regarding anonymity. If someone is going to come onto this list and start casting aspersions at RIPE members, RIPE NCC staff etc., which has happened more than once and seems to be trend, then I do not see why they should have the right to anonymity. RIPE members and NCC staff should have the ability to face their accuser, but if they're hiding behind a veil of anonymity that's problematic. Personally I also find it very hard to engage in any meaningful debate with "someone" if I have absolutely no idea who they are, who they represent or what their agenda is. Regards Michele -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ http://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 On 09/03/2019, 00:15, "anti-abuse-wg on behalf of Brian Nisbet" wrote: Folks, We aim for constructive discussion on the mailing list at all times and I would ask everyone to bear this in mind. I very much agree with " We make this a better world by helping with advice that empowers, not with diminish comments." I would also point out that there is no requirement for legal names to be used on the mailing list and there are many reasons in this world for anonymity. As a final point to consider, the word 'lame' isn't great as it is ableist. There are many, many other suitable words in the English language that merit examination that are much better in this context. Thanks, Brian Co-Chair, RIPE AA-WG Brian Nisbet Service Operations Manager HEAnet CLG, Ireland's National Education and Research Network 1st Floor, 5 George's Dock, IFSC, Dublin D01 X8N7, Ireland +35316609040 brian.nis...@heanet.ie www.heanet.ie Registered in Ireland, No. 275301. CRA No. 20036270 > -Original Message- > From: anti-abuse-wg On Behalf Of > Serge Droz via anti-abuse-wg > Sent: Friday 8 March 2019 10:54 > To: anti-abuse-wg@ripe.net > Subject: Re: [anti-abuse-wg] Verification of abuse contact addresses ? > > Hi > > I'm fairly new here. This is a formidable task, and not easily achieved. > So kudos to RIPE for doing this. The abuse contacts already there helped me > a lot. > > I don't appreciate people who can't even stand up with their real names, just > pointing out that others are lame. > > We make this a better world by helping with advice that empowers, not with > diminish comments. > > Cheers > Serge > > > On 08.03.19 11:40, Shane Kerr wrote: > > Fi Shing, > > > > I'm sure verifying the delivery of 70k e-mails (or however many is in > > the database) can be done in a few hours. > > > > But Marco's response mentions to *correcting* the contact addresses, > > not just verifying them. That involves working with human beings, so > > it makes sense that it will take a while. > > > > Cheers, > > > > -- > > Shane > > > > On 08/03/2019 11.07, Fi Shing wrote: > >> If it takes more than a week to verify your entire database, there is > >> the first sign that something is wrong with your system. > >> > >> > >> Original Message > >> Subject: Re: [anti-abuse-wg] Verification of abuse contact > >> addresses ? > >> From: Marco Schmidt >> <mailto:mschm...@ripe.net>> > >> Date: Thu, March 07, 2019 10:03 pm > >> To: "Ronald F. Guilmette" >> <mailto:r...@tristatelogic.com>>, > >> anti-abuse-wg@ripe.net <mailto:anti-abuse-wg@ripe.net> > >> > >> Hello Ronald, > >> > >> We are planning to publish an updated timeline soon. > >> > >> Ultimately, our implementation will depend of the level of > >> cooperation > >> we get from LIRs and the nature of issues that need to be fixed > >> before > >> an abuse contact can be updated (for example, some organisations > >> may > >> need to reset their maintainer password). > >>
Re: [anti-abuse-wg] Verification of abuse contact addresses ?
Earlier versions of the proposed policy had language that some people took to mean that removing resources etc., was a possible escalation. I don't think it was originally the intent, though personally I can see merit in it being an escalation path. -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ http://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 On 09/03/2019, 06:46, "anti-abuse-wg on behalf of Shane Kerr" wrote: Fi Shing, As far as I know there is nothing in any policy about decommissioning resources. (I'm not even sure what that would mean in practice...) I don't think that such a proposal would get consensus in the RIPE community, but I am often wrong so if you want this then please submit a policy proposal. The RIPE NCC staff, the working group chairs, or some friendly community member can help you with this. Cheers, -- Shane On 08/03/2019 22.25, Fi Shing wrote: > /But Marco's response mentions to *correcting* the contact addresses, not > just verifying them. That involves working with human beings, so it > makes sense that it will take a while./ > / > / > No it doesn't - that was the whole point of the "change" in the first > place, that it was to reduce the amount of verification needed to be > done by RIPE. There is a simple automated way to verify the entries - > click a link, enter a CAPTCHA, or your resources are decommissioned > within 24 hours. > > How much crime can be committed in the months it has taken (and > continues to take)? > > > > > > Original Message > Subject: Re: [anti-abuse-wg] Verification of abuse contact addresses ? > From: Shane Kerr <mailto:sh...@time-travellers.org>> > Date: Fri, March 08, 2019 9:40 pm > To: anti-abuse-wg@ripe.net <mailto:anti-abuse-wg@ripe.net> > > Fi Shing, > > I'm sure verifying the delivery of 70k e-mails (or however many is in > the database) can be done in a few hours. > > But Marco's response mentions to *correcting* the contact addresses, > not > just verifying them. That involves working with human beings, so it > makes sense that it will take a while. > > Cheers, > > -- > Shane > > On 08/03/2019 11.07, Fi Shing wrote: > > If it takes more than a week to verify your entire database, there is > > the first sign that something is wrong with your system. > > > > > > Original Message > > Subject: Re: [anti-abuse-wg] Verification of abuse contact addresses ? > > From: Marco Schmidt mailto:mschm...@ripe.net> > ><mailto:mschm...@ripe.net>> > > Date: Thu, March 07, 2019 10:03 pm > > To: "Ronald F. Guilmette" mailto:r...@tristatelogic.com> > > <mailto:r...@tristatelogic.com>>, > > anti-abuse-wg@ripe.net <mailto:anti-abuse-wg@ripe.net> > <mailto:anti-abuse-wg@ripe.net> > > > > Hello Ronald, > > > > We are planning to publish an updated timeline soon. > > > > Ultimately, our implementation will depend of the level of cooperation > > we get from LIRs and the nature of issues that need to be fixed before > > an abuse contact can be updated (for example, some organisations may > > need to reset their maintainer password). > > > > Over the next few weeks we will be analysing our progress, to make a > > realistic estimation. From observations so far, we think we might be > > able to finish our initial validation of all abuse contacts within six > > months - but it is still too early to make any strong predictions. > > > > Kind regards, > > Marco Schmidt > > RIPE NCC > > > > > > On 05/03/2019 21:51, Ronald F. Guilmette wrote: > > > In message <9c95
Re: [anti-abuse-wg] Verification of abuse contact addresses ?
Agreed It's good to see that there is progress on this. Regards Michele -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ http://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 On 08/03/2019, 04:40, "anti-abuse-wg on behalf of Ronald F. Guilmette" wrote: In message , Marco Schmidt wrote: >We are planning to publish an updated timeline soon. > >Ultimately, our implementation will depend of the level of cooperation >we get from LIRs and the nature of issues that need to be fixed before >an abuse contact can be updated (for example, some organisations may >need to reset their maintainer password). > >Over the next few weeks we will be analysing our progress, to make a >realistic estimation. From observations so far, we think we might be >able to finish our initial validation of all abuse contacts within six >months - but it is still too early to make any strong predictions. Thanks again for the additional information. I'm sure that you face many challenges, given that this project is dependent upon so many vagaries, and upon the active cooperation of so many individuals and companies. But it is my sincere hope that this can be made to take less than 6 months. It seems that there are really two parts here, i.e. (1) identifying all of the broken contact addresses and then (b) attempting to get as many of those fixed as possible. The latter part may last indefinitely. The former however should be amenable to completion on a very short time scale. I would encourage you to seek to find out what is broken, as expeditiously as possible, and to then publish those findings for all to see. Such publication could have multiple useful knock-on effects. Regards, rfg
Re: [anti-abuse-wg] SPAMHAUS SBL team contacts
+1 If you need to be delisted by any DNSBL you need to follow their published process -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ http://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 From: anti-abuse-wg on behalf of Suresh Ramasubramanian Date: Tuesday 12 February 2019 at 07:30 To: Milad Afshari , "anti-abuse-wg@ripe.net" Subject: Re: [anti-abuse-wg] SPAMHAUS SBL team contacts But that IS the best way to talk to them about an SBL listing. From: anti-abuse-wg on behalf of Milad Afshari Date: Tuesday, 12 February 2019 at 12:50 PM To: Subject: [anti-abuse-wg] SPAMHAUS SBL team contacts Hi Folks, I would be happy If you share with me any contacts information from Spamhaus SBL team except the one which is shown on the website (sbl-remov...@spamhaus.org<mailto:sbl-remov...@spamhaus.org>) since I need to talk to them ASAP. Many thanks Milad Afshari
Re: [anti-abuse-wg] What if a regional Internet Registry organization lost its authority?
Jordi There’s already a policy proposal to deal with this in the RIPE region which has been discussed on and off several times over the past 12+ months Regards Michele -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ https://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 From: anti-abuse-wg on behalf of JORDI PALET MARTINEZ via anti-abuse-wg Reply to: JORDI PALET MARTINEZ Date: Wednesday 6 February 2019 at 12:04 To: "anti-abuse-wg@ripe.net" Subject: Re: [anti-abuse-wg] What if a regional Internet Registry organization lost its authority? Hi, This is just an issue in LACNIC, in all the regions we have similar situations, and I believe that if there is a mandatory abuse email, and it is not up-to-date, then the LIR is not following the policies, and consequently it is not following the service contract, and could get their resources retired, because all the services contracts in all the RIRs, if I’m not mistaken, enforce following the policies. I’ve a policy proposal on this in several regions (coming on in RIPE as well, just need some time to clean it up). Here is the LACNIC version in English: https://politicas.lacnic.net/politicas/detail/id/LAC-2018-5?language=en In APNIC already reached consensus and is being implemented. Regards, Jordi De: anti-abuse-wg en nombre de Badguys Killer Fecha: miércoles, 6 de febrero de 2019, 12:47 Para: Asunto: [anti-abuse-wg] What if a regional Internet Registry organization lost its authority? Hi, This mail is a follow-up to my previous email "What to do when "abuse" email address does not work?" -- a short summary below: I found some spams sent to my company came from an IP address under Telefonica Peru. I sent a complaint email to the e-address found in WHOIS database, but it turned out that the e-address was fake! With the help of people here, I managed to contact "hostmaster" of LACNIC who sent an email to someone of Telefonica Peru to request them to update their abuse email address. That email was sent more than two weeks ago. I have just checked but the abuse email address is still not up-to-date. I started to wonder the real authority of LACNIC over ISP. Can a regional Internet Registry organization like LACNIC apply sanction/punishment to ISP if they don't follow International standards? Personally, I hope the answer is "yes". But what if these organizations actually have no real authority? That means the Internet is one step forward to anarchy? Hmm, some matter of reflection for our future. ** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.
Re: [anti-abuse-wg] When email verification behavior is abusive
If you framed your issues or questions more clearly and succinctly it would be helpful. In relation to your specific "ask" I don't think it's the right one. You could, potentially, come up with a best practice eg. That providers should verify that account holders / users have access to an email address before letting them add it to a service. But I've no idea how you'd decided on rate limiting the verification emails. Based on my own experiences with mail servers, spam filters, grey listing etc., you can easily end up spamming yourself when those emails don't come through quickly enough. -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ https://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 On 18/07/2018, 12:30, "anti-abuse-wg on behalf of ac" wrote: Thank you for asking that very valid question! Whether something is Abuse or not abuse and when Internet behavior is abuse or not has everything to do with this WG. And, discussing what constitutes abuse (or not), how (or even if) it affects RIR etc is very relevant as it leads to a clearer understanding of many things. One very basic thing would be resource abuse reporting. How can anyone report abuse if it is not even considered to be abuse? I can go on and on, but that would be counter productive. Why do you not help and tell me what arbitrary number of verify your email address, emails would you consider to be abuse - and in/over which period? That would be super helpful to everyone, as I do not think any of us actually knows what we all consider the arbitrary number to be? Or are you saying it is not abuse at all? Actually, sorry I may not understand why you are asking about relevance? Regards Andre On Wed, 18 Jul 2018 11:03:47 + Michele Neylon - Blacknight wrote: > What's any of this got to do with RIPE and this WG? > Is there a policy proposal or something else forthcoming? > > Regards > > Michele > > -- > Mr Michele Neylon > Blacknight Solutions > Hosting, Colocation & Domains > https://www.blacknight.com/ > https://blacknight.blog/ > Intl. +353 (0) 59 9183072 > Personal blog: https://michele.blog/ > Some thoughts: https://ceo.hosting/ > --- > Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business > Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: > 370845 >
Re: [anti-abuse-wg] When email verification behavior is abusive
What's any of this got to do with RIPE and this WG? Is there a policy proposal or something else forthcoming? Regards Michele -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ https://blacknight.blog/ Intl. +353 (0) 59 9183072 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845
[anti-abuse-wg] GDPR - ICANN vs Tucows
https://www.internetnews.me/2018/05/31/icann-vs-epag-tucows-german-court-rules-against-icann/ -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ http://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845
Re: [anti-abuse-wg] GDPR - positive effects on email abuse
It's also not relevant -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ http://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 On 30/05/2018, 13:37, "anti-abuse-wg on behalf of Malcolm Hutty" wrote: Please stop. This is not helpful. On 30/05/2018 13:36, ox wrote: > On Wed, 30 May 2018 13:06:57 +0100 > Malcolm Hutty wrote: >> >> But can we please leave out accusations that your political opponents >> abduct babies? That surely crosses the line. The trope is, at least, > > there are no accusations of any kind. > > and, to be more clear, nobody said anything about abducting. > > Factually: > https://www.nytimes.com/2018/05/28/us/trump-immigrant-children-lost.html > > The USA does forcefully remove babies from the arms of their mothers. > > Furthermore: The US Government does "lose" 000 these children. > > This is not accusations. And, mentioning the facts, as they are, > undisputed, does not cross any line. > > And who are 'political opponents' ? > > Please do bother actually reading the argument? or ask if you did not > understand it? > > Simply stating that, in your opinion, there are accusations and > abductions are pathetic in itself as it completely ignores or > addresses the salient fact that Ronald said my opinion is 'rubbish' > and that my opinion is equal to what "Fox" blasts out and "Fox" (by > implication, Republicans, in America states. > > It is my choice to find that offensive as by implication my opinion > equates that which the USA (and Fox) is promoting. > > As it disgusts me, it is an insult and it is offensive. > > >> Older Than Feudalism, and very likely Older Than Dirt, and as always >> raising it serves no purpose other than to demonise one group of >> people and to smear another by association, thereby shutting down the >> conversation. It's not an argument, it's a transparent attempt to >> exclude. Please stop. >> > Please stop what? Speaking the truth? > > Taking offense at people equating my opinions to rubbish? > > Please be more clear in what you are stating Malcolm? What would you > like to stop? > >> More generally, I believe this discussion would be improved if people >> stopped throwing around terms like "European" and "Republican" as >> though they are terms of abuse. Our community is, and should be, open >> to all. >> > Who said anything to the contrary? > > Andre > > > -- Malcolm Hutty | tel: +44 20 7645 3523 Head of Public Affairs | Read the LINX Public Affairs blog London Internet Exchange | http://publicaffairs.linx.net/ London Internet Exchange Ltd Monument Place, 24 Monument Street London EC3R 8AJ Company Registered in England No. 3137929 Trinity Court, Trinity Street, Peterborough PE1 1DA
Re: [anti-abuse-wg] GDPR - positive effects on email abuse
Andre 1 - yes and no - you need access to an SMTP server. 2 - again - you need access to resources I agree however that the domain without anything attached to it can't do anything The resources need IPs.. Re: RIPE whois - if there are inaccuracies you can report them to RIPE. Regards Michele -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ http://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 On 29/05/2018, 14:39, "anti-abuse-wg on behalf of ox" wrote: Please correct me if you think I am wrong: 1. You cannot send spam without an IP number. 2. You cannot do any abuse without an IP number. I can do a whois on any.com or some.eu and have a tech or abuse email address and WORKING registrar contact information. I cannot do a whois on ALL ripe assigned ipv4 resources and get accurate and/or working resource contact information. So, where the problem is - is easy to see, no? Andre On Tue, 29 May 2018 15:12:27 +0200 JORDI PALET MARTINEZ via anti-abuse-wg wrote: > I consider an abuse the fact of collecting emails and sending spam. > Also, if you have a domain, you can see what IPs are related to it > for other kinds of abuses. > > Regards, > Jordi > > > > -Mensaje original- > De: anti-abuse-wg en nombre de ox > Organización: ox.co.za > Fecha: martes, 29 de mayo de 2018, 14:32 > Para: > Asunto: Re: [anti-abuse-wg] GDPR - positive effects on email abuse > > > Abuse has nothing to do with a domain name. > > Nobody can abuse anyone armed only with a domain name. > > Without using an actual IP number, a domain name can do nothing. > > Protecting the privacy of a domain registrant is absolutely > correct. > The trouble is that network operators are resistant to accept the > responsibility (costs, issues, trouble) of managing abuse > > Even if you do a whois right now, you will find a functional > registrar abuse email address. > > The same cannot yet be said for the resources assigned by this RR > > Andre > > > On Tue, 29 May 2018 14:00:44 +0200 > JORDI PALET MARTINEZ via anti-abuse-wg > wrote: > > Whois, as everything in the life, has good and bad things. > > Against: Privacy invaded. In fact, when you register a new > > domain and you associate a visible email to it, in a matter of > > hours, you get spam. > > Pro: If it is a real email with humans behind, it facilitates > > the resolution of abuse cases. > > The balance is always difficult ... > > Regards, > > Jordi > > > > > De: anti-abuse-wg en nombre de > > Volker Greimann Fecha: martes, 29 > > de mayo de 2018, 13:49 Para: Suresh Ramasubramanian > > , "anti-abuse-wg@ripe.net" > > Asunto: Re: [anti-abuse-wg] GDPR - > > positive effects on email abuse > > > > > > > > Even in those cases, whois is but one tool that helps identify > > bad actors by means of violating privacy rights of millions. > > There are other tools, like DNS traces, reviews of hosting > > infrastructures used, etc. all of which will continue to be > > available for the uses you refer to. > > > > And maybe it is time to ensure law enforcement is better > > equipped to deal with such issues earlier and faster. Up to > > now, governments have been afforded the luxury of being able to > > underfund such efforts as others were doing their jobs for > > them. Maybe this will lead to better law enforcement and > > international cooperation. > > > > Best, > > > > Volker > > > > > > > > Am 29.05.2018 um 13:34 schrieb Suresh Ramasubramanian: > > > > This unfortunately is entirely wrong and short sighted > > > > > >
Re: [anti-abuse-wg] GDPR - positive effects on email abuse
Volker I don't think your choice of language is particularly helpful or constructive. In fact I think you're being intentionally inflammatory. Why don't you tone it down a little? There's no need to use words like: "vigilantes" or "rent-a-cops" unless you're simply trying to troll people or believe that the anti-abuse community shouldn't exist, which by extension would suggest that you want to enable online abuse. Regards Michele -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ http://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 On 29/05/2018, 11:36, "anti-abuse-wg on behalf of Volker Greimann" wrote: Wow, the level of narrowmindedness and fearmongering is high with this one. Crime online will likely not increase due to GDPR. It may be more difficult to detect and take action against due to the loss of one tool amongst many, but ultimately that tool was illegal to begin with as it violated the rights to privacy of millions of domain owners. "Private researchers" and other vigilantes or rent-a-cops will indeed have a more difficult time to obtain such data as they will finally have to do so by legal means, but then they are in an untenable position anyway, taking upon themselves functions that should be fulfilled by actual law enforcement. Ultimately, private data if internet users no longer being public will lead to better registration data for those with a right to access it. Those with no such rights will have to figure out alternate routes to do their jobs that does not violate the rights of millions. Best, Volker Am 28.05.2018 um 21:13 schrieb Ronald F. Guilmette: > ox wrote: > >> Firstly I would like to comment that the multinationals and their funded trade >> groups (and their lobby orgs) shouted from the rooftops that if the GDPR came >> into effect, Internet in the EU would collapse and there would be digital doom >> and gloom. > I am not a multinational. I am an individual volunteer anti-abuse researcher. > And yet even -I- have told everyone I know that the disappearance of public > WHOIS is and will be an epic catastrophy. If there was cybercrime on the > Internet before, it will be increased, going forward, by tenfold. > >> How wrong they were (hindsight is perfect - as we can all clearly see) > Be patient. The change has only just occurred. > >> The EU has truly become a world and global leader in the reclamation of >> individual rights and the free Internet. > Here on this side of the pond, one usually has to turn on Fox News in order > to be treated to this level of rubbish. > > The only thing that has happened is that private researchers the world > over have been effectively blinded due to the supreme arogance and idiocy > of europeans... europeans who, in their religious fervor, have come to view > it as their holy obligation to foist their demented notions onto the rest > of the world, whether any of the rest of us like it or not. > > Meanwhile the malevolent forces of state-sponsored intrigue and violation > of human rights are and shall remain totally unfettered and unaffected by > GDPR, as they will be the first ones to obtain special exemptions allowing > them to continue to see WHOIS data. The CIA, NSA, BDN, and FSB are > undoubtedly celebrating the arrival of GDPR, as it further entrenches > their special status at the expense of the great unwashes masses. > > Friday was a sad day for both transparency and democracy, but all across > the globe both criminals and statists undoubtedly celebrated it with > toasts of champaign. > > > Regards, > rfg > -- Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung. Mit freundlichen Grüßen, Volker A. Greimann - Rechtsabteilung - Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901 Fax.: +49 (0) 6894 - 9396 851 Email: vgreim...@key-systems.net Web: www.key-systems.net / www.RRPproxy.net www.domaindiscount24.com / www.BrandShelter.com Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook: www.facebook.com/KeySystems www.twitter.com/key_systems Geschäftsführer: Alexan
Re: [anti-abuse-wg] GDPR - positive effects on email abuse
Brian Agreed. Regards Michele -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ http://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 On 29/05/2018, 09:32, "anti-abuse-wg on behalf of Brian Nisbet" wrote: Folks, GDPR is a valid subject for this WG. Discussions around how it will affect things around abuse of the Internet is valid etc. etc. However let's not get into whose government is better or worse, please. Thanks, Brian Brian Nisbet Network Operations Manager HEAnet CLG, Ireland's National Education and Research Network 1st Floor, 5 George's Dock, IFSC, Dublin D01 X8N7, Ireland +35316609040 brian.nis...@heanet.ie www.heanet.ie Registered in Ireland, No. 275301. CRA No. 20036270 > -Original Message- > From: anti-abuse-wg On Behalf Of ox > Sent: Tuesday 29 May 2018 06:53 > To: anti-abuse-wg@ripe.net > Subject: Re: [anti-abuse-wg] GDPR - positive effects on email abuse > > On Mon, 28 May 2018 12:13:32 -0700 > "Ronald F. Guilmette" wrote: > > > >The EU has truly become a world and global leader in the reclamation > > >of individual rights and the free Internet. > > Here on this side of the pond, one usually has to turn on Fox News in > > order to be treated to this level of rubbish. > > > or read a Tweet from the President of the United States that says the evil > democratic party is responsible for the separation of little children from their > refugee parents - whereas and in truth it is the President himself that is > responsible. - And innocent little children are being "lost" by the thousands > by the American Government? > > https://www.nytimes.com/2018/05/28/us/trump-immigrant-children- > lost.html > > The USA and US citizens have lost credibility or any moral high ground. > > As far as Fox news are concerned (are they the people that say "Good > Morning President Trump", when broadcasting to the US each morning?) > > As far as Internet Abuse and 'private' "researchers" are concerned: So, > private researchers have 'rights' to obtain other 'private' people's private > information? > > I cannot wait for the EU to yet again lead the world with ePrivacy as all the > USA does is dominate, control, track, divide and so many other negative > things. > > The EU has become an innovator, protector and Internet light. > > > The only thing that has happened is that private researchers the world > > over have been effectively blinded due to the supreme arogance and > > idiocy of europeans... europeans who, in their religious fervor, have > > come to view it as their holy obligation to foist their demented > > notions onto the rest of the world, whether any of the rest of us like > > it or not. > > > > Meanwhile the malevolent forces of state-sponsored intrigue and > > violation of human rights are and shall remain totally unfettered and > > violation of human rights? > > wow. > > Your government loses innocent little children and you have the audacity to > lecture? > > When you take a little baby or a 2 year old (still also a baby) and LOSE that > human person? > > Have you no shame? > > With whatever respect you deserve: You cannot lecture or comment on > "state-sponsored intrigue and violation of human rights" > > As your own country is part of the problem, that others have to help you > solve and resolve. > > As for abuse and as to how this all relates to abuse: It is mostly US companies > that are infringing on the privacy of citizens of all other countries. > > I need not rehash how the top USA Internet companies abuse children, > develop technology to kill people or completely colonise and enslave > developing societies. > > or even lose the little babies they have violently dragged from the hands of > their mothers. > > Andre
Re: [anti-abuse-wg] [policy-announce] 2017-02 Review Phase (Regular abuse-c Validation)
+1 Who cares what the email address / alias / forwarder / mailbox looks like -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ https://blacknight.blog/ https://ceo.hosting/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265, Ireland Company No.: 370845 On 19/01/2018, 09:47, "anti-abuse-wg on behalf of ox" wrote: not sure that I know of any abuse@ email that is privacy.85o8095.849804...@example.com (the privacy.xxx domain may exist and be a real domain - as such the "privacy.85o8095.849804...@privacy.xxx" you used, in your example, may actually belong to someone...) But quick question: who decides what email address is "real" and what is not "real" If an abuse@ uses privacy.85o8095.849804...@example.com then receives email and solves a capcha and then clicks a tickbox - the email address is functional / working and "real" ??? Regards Andre On Fri, 19 Jan 2018 10:40:40 +0100 JORDI PALET MARTINEZ via anti-abuse-wg wrote: > One more thing I just realized ... > > I understand that the mailbox must be a "real" one, not the typical > "privacy.85o8095.849804...@privacy.xxx" that is used often in whois > data ... > > Regards, > Jordi > > -Mensaje original- > De: anti-abuse-wg en nombre de ox > Organización: ox.co.za > Fecha: viernes, 19 de enero de 2018, 10:37 > Para: > Asunto: Re: [anti-abuse-wg] [policy-announce] 2017-02 Review Phase > (Regular abuse-c Validation) > > > Yes, the idea Thomas had about human interaction, solving a > captcha and a tickbox is a great idea > my 1c > > Andre > > On Fri, 19 Jan 2018 10:29:42 +0100 > JORDI PALET MARTINEZ via anti-abuse-wg > wrote: > > I also think that Thomas suggestion of a checkbox agreeing with > > regularly monitoring the abuse-mailbox is a wonderful > > suggestion. Regards, > > Jordi > > Para: > > Asunto: Re: [anti-abuse-wg] [policy-announce] 2017-02 Review > > Phase (Regular abuse-c Validation) > > I support the proposal in general and i also think a human > > interaction of the resource holder is required. > > > > Am 19.01.18 um 09:52 schrieb Thomas Hungenberg: > > > I second Jordi's opinion that validation of the > > > abuse-mailbox should require human interaction of the > > > resource holder. In addition to solving a captcha the > > > resource holder might need to confirm (click a checkbox) > > > that he will monitor the abuse-mailbox account on a > > > regular basis and take appropriate action to solve > > > reported abuse cases. > > > > > > > > > - Thomas > > > > > > CERT-Bund Incident Response & Malware Analysis Team > > > > > > > > > On 18.01.2018 19:44, JORDI PALET MARTINEZ via > > > anti-abuse-wg wrote: > > >> I fully agree with this proposal and should be > > >> implemented ASAP. > > >> > > >> HOWEVER, I’ve a question regarding the impact analysis, > > >> and specially this sentence: > > >> > > >> “To increase efficiency, this process will use an > > >> automated solution that will allow the validation of > > >> “abuse-mailbox:” attributes without sending an email. No > > >> action will be needed by resource holders that have > > >> configured their “abuse-mailbox:” attribute correctly.” > > >> > > >> Reading the policy proposal, how the NCC concludes that > > >> it should be “without sending an email”? > > >> > > >> I will say that the right way to do a validation (at > > >> creation/modification and yearly) is, in a way that makes > > >> sense (having an email that nobody is processing is >
Re: [anti-abuse-wg] 2017-02 Review Phase (Regular abuse-c Validation)
We support the proposal. -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ http://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 On 18/01/2018, 11:23, "anti-abuse-wg on behalf of Marco Schmidt" wrote: Dear colleagues, Policy proposal 2017-02, "Regular abuse-c Validation" is now in the Review Phase. The goal of this proposal is to give the RIPE NCC a mandate to regularly validate "abuse-c:" information and to follow up in cases where the attribute is deemed to be incorrect. This proposal has been updated following the last round of discussion and is now at version v2.0. Some of the differences from version v1.0 include: - A focus on validating the "abuse-mailbox:" attribute and fixing incorrect contact information - Added references to RIPE Policies and RIPE NCC procedures The RIPE NCC has prepared an impact analysis on this latest proposal version to support the community’s discussion. You can find the full proposal and impact analysis at: https://www.ripe.net/participate/policies/proposals/2017-02 And the draft documents at: https://www.ripe.net/participate/policies/proposals/2017-02/draft As per the RIPE Policy Development Process (PDP), the purpose of this four-week Review Phase is to continue discussing the proposal, taking the impact analysis into consideration, and to review the full draft policy document. At the end of the Review Phase, the WG Chairs will determine whether the WG has reached rough consensus. It is therefore important to provide your opinion, even if it is simply a restatement of your input from the previous phase. We encourage you to read the proposal, impact analysis and draft document, and share your comments on before 16 February 2018. Kind regards, Marco Schmidt Policy Development Officer RIPE NCC Sent via RIPE Forum -- https://www.ripe.net/participate/mail/forum
Re: [anti-abuse-wg] 2017-02 New Policy Proposal (Regular abuse-c Validation)
Gert The current situation is that abuse-c can be populated with rubbish. The email addresses can be completely non-functioning. That is the real and current issue. Whether organisations will start actually acting on abuse reports etc., is a whole other issue and while it definitely merits discussion I suspect that any such discussion will be interminable. Having an abuse-c email address that is known to work as in not bounce is a move in the right direction. So I think we should accept this proposal. Will it fix abuse? No. But it's not meant to. Regards Michele -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ http://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845
Re: [anti-abuse-wg] 2017-02: what does it achieve?
Malcolm At the moment people can put in any rubbish they want into an abuse-c and there is zero validation. The proposed change will mean that at least there is a valid email address at the other side even if it triggers an auto-response. In fact an auto-reply would be preferable to the black holes in many cases .. Regards Michele -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ http://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 On 25/09/2017, 15:02, "anti-abuse-wg on behalf of Malcolm Hutty" wrote: On 25/09/2017 14:26, herve.clem...@orange.com wrote: > With regard to your first scenario, the auto-answer you mention can be > considered as a valid reply, and the "support service" would help to > proceed with the abuse report. Hervé, Thank you for your reply. If an autoresponder directing the enquirer to go read a FAQ, and possibly submit a web ticket, is deemed compliant with this policy it seems unlikely to do much harm, albeit equally unlikely to do anything terribly useful. I still think Gregory's/Europol's needs would be better addressed by asking the NCC to provide a simple visualisation tool for the BGP routing table that enabled investigators to easily discover for a given network that was targetted for investigation which other network was providing the transit. I strongly suspect that for most of the suspect networks Europol has difficulty pinning down there is a very small number (maybe even only one) much larger, more reputable, and more easily found located network operator who would also be much more willing to be cooperative - and the only thing standing in the way of Europol making such an approach is difficulty in inspecting routing and visualising these relationships. That may not provide a perfect solutions in all cases, but neither will asking the NCC to validate data submitted by a small number of organisations that wish to conceal/lie about their data, hiding in amongst a large number of organisations that fail to maintain their data for less nefarious reasons. Malcolm. -- Malcolm Hutty | tel: +44 20 7645 3523 Head of Public Affairs | Read the LINX Public Affairs blog London Internet Exchange | http://publicaffairs.linx.net/ London Internet Exchange Ltd Monument Place, 24 Monument Street London EC3R 8AJ Company Registered in England No. 3137929 Trinity Court, Trinity Street, Peterborough PE1 1DA
Re: [anti-abuse-wg] 2017-02 New Policy Proposal (Regular abuse-c Validation)
Marco I think this policy proposal is a positive move and I have no reservations in supporting it. Regards Michele -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ http://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 On 07/09/2017, 12:59, "anti-abuse-wg on behalf of Marco Schmidt" wrote: Dear colleagues, A new RIPE Policy proposal, 2017-02, "Regular abuse-c Validation", is now available for discussion. The goal of this proposal is to give the RIPE NCC a mandate to regularly validate "abuse-c:" information and to follow up in cases where contact information is found to be invalid. You can find the full proposal at: https://www.ripe.net/participate/policies/proposals/2017-02 As per the RIPE Policy Development Process (PDP), the purpose of this four-week Discussion Phase is to discuss the proposal and provide feedback to the proposer. At the end of the Discussion Phase, the proposer, with the agreement of the RIPE Working Group Chairs, decides how to proceed with the proposal. We encourage you to review this proposal and send your comments to before 6 October 2017. Kind regards, Marco Schmidt Policy Development Officer RIPE NCC Sent via RIPE Forum -- https://www.ripe.net/participate/mail/forum
Re: [anti-abuse-wg] oppose 2017-02 "Regular abuse-c Validation"
Peter Where in the proposed policy does it say that RIPE is going to de-register anyone? I can’t see any language for that. All it says is: “in cases where the “abuse-mailbox:” contact attribute is invalid, the RIPE NCC will follow up with the resource holder and attempt to correct the issue.” Also, if your abuse-c email address is valid it’ll take you about 30 seconds once a year to validate it. Regards Michele -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ http://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 On 07/09/2017, 13:43, "anti-abuse-wg on behalf of Peter Hessler" wrote: STRONG OPPOSITION! As an operator who has to read abuse-c emails, this is a waste of my time. I have real things to do, instead of bothering with this kind of crap. Responding to RIPE ping mails does not mean an abuse-c will respond to emails from non-RIPE entities, nor that a mailbox will keep working in-between pings. This is simply busy work, and has no value. Additionally, the threat that RIPE will deregister for failure to respond is insulting, vulgar, and obscene. -- Katz' Law: Man and nations will act rationally when all other possibilities have been exhausted.
Re: [anti-abuse-wg] Bringing Law Enforcement Into the RIPE Community
Brian I think this is a very positive move. LEA (and others) need to be part of the dialogue and the technical community need to learn how to engage with them meaningfully. Anyone who wants to start making hyperbolic arguments about big government / brother / black helicopters is deluded. RIPE and other organisations need to work with LEA et al. That does not mean that anyone is bowing to their requests and if it did I wouldn’t be supportive of it. Regards Michele -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ http://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845
Re: [anti-abuse-wg] Bringing Law Enforcement Into the RIPE Community
Vittorio I think this is going way off topic, but since you started .. Most businesses cannot afford to engage in policy with ICANN, RIPE or anywhere else. A lot of people make the false assumption that somehow because they’re a company that they’re funding their staff to attend events and engage and that the said employees are given carte blanche. That’s definitely not true. So the arguments around supporting academics is also not really true. An academic could get a grant to study something, even if there’s no economic benefit. For a business we have to rationalise the spend. Regards Michele -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ http://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 , Italy
Re: [anti-abuse-wg] Abuse: Too big to fail
+1 -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ http://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 On 19/06/2017, 15:53, "Suresh Ramasubramanian" wrote: On 19/06/17, 8:20 PM, "anti-abuse-wg on behalf of ox" wrote: And, apart from the fact that 25% of all spam lists does in fact list Twitter as a spammer Sturgeon’s law manifests itself all the time. eg: the number of weird and wonderful blocklists used by maybe two men and their dog, the population of cranks on the Internet… --srs
Re: [anti-abuse-wg] Abuse: Too big to fail
Andre You’re claiming that Twitter is a spammer, yet you haven’t provided any evidence that they are. What makes them a spammer? Any emails I’ve seen from them have been 100% legit and if there’s any I personally get that I don’t want I simply unsubscribe. In common with any other company that provides email services we get a LOT of email from social networks such as Facebook and Twitter. It’s not spam. So I really fail to understand what it is you’re actually complaining about. Regards Michele -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ http://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845
Re: [anti-abuse-wg] fake abuse lists
Guys Can you please take this offlist? Regards Michele -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ http://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 On 29/05/2017, 13:49, "anti-abuse-wg on behalf of ox" wrote: On Mon, 29 May 2017 09:14:50 -0300 "Marilson" wrote: > On May 28 Andre wrote: > > I am not a criminal and not a criminal company. So, I do > > not have criminal competitors. > Although this phrase is beyond my capacity for understanding, does not stop you from commenting on it though > > Just on a side note, my opinion is that you calling Martin Hetzner a > > Nazi (and a sociopath) is not acceptable behavior. > > I'll explain to you what is not acceptable behavior: no need to explain anything to anyone. we can all just read what you wrote. Andre
Re: [anti-abuse-wg] [cooperation-wg] WannaCry Ransomware
Gordon 100% agree with you on all points. Regards Michele -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ http://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 On 15/05/2017, 12:59, "cooperation-wg on behalf of Gordon Lennox" wrote: Thanks Richard for distributing this. However I am sure everybody else on this list had already checked their favourite sources of information well before this was sent out. Europol has to be much faster. “a critical exploit in a popular communication protocol used by Windows systems”? OK again people here know what was going on: it was not the protocol but the implementation. If Europol is going to address the wider public then they have to use simpler, cleaner language. Anyway what Europol omits to even hint at is that this bit of poor programming from Microsoft was known to certain government agencies from way back. And they tried to kept secret so they could use it themselves? We need a better discussion about this. Access providers are being asked to carry out user surveillance / logging on behalf of LEAs. Meanwhile the IETF is encouraging encryption while government ministers are trying to discourage encryption. Meanwhile governments know where common systems are vulnerable and yet neither tell the public nor protect the public. Gordon > On 15 May 2017, at 07:57, Richard Leaning wrote: > > Dear Colleagues, > > The European cybercrime centre at Europol have asked us to circulate the below. I hope you find it useful and please forward it on to anyone who you may think will benefit from it. > > Kind regards > > Richard Leaning > External Relations > RIPE NCC > > > ///snip
Re: [anti-abuse-wg] "abuse-c:" - a question....with no answers?
Hal 100% agreed. If the emergency contact is made public it’ll become the default and will be rendered useless. Regards Michele -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ http://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 From: anti-abuse-wg on behalf of Hal ponton Date: Friday 31 March 2017 at 09:54 To: ox Cc: "anti-abuse-wg@ripe.net" Subject: Re: [anti-abuse-wg] "abuse-c:" - a questionwith no answers? Sorry didn't cc in the list, Regards, Hal Hal ponton<mailto:h...@buzcom.net> 31 March 2017 at 09:53 Andre, The issue I see with two contacts (emergency and standard) is that everyone will email the emergency contact. I fully agree that the response required for 1 spam email vs 1 emails is vastly different, however, if someone wants a response they will email the account they think they'd get the fastest / best response from. It's just human nature. Whilst at first non-emergency complaints will be ignored, it will get to a "boy who cried wolf" situation where the amount of non-emergency emails vastly outweighs the emergency emails. To the point where the organisation will just treat the emergency mailbox the same as the current abuse mailbox. You would need some disincentive to email the emergency mailbox. Like on a train where if you pull the emergency handle without there being an emergency you get a fine. I'm not advocating a fine here, just something similar to try and regulate emails coming into the emergency mailbox.