Re: [anti-abuse-wg] Is the LoA DoA for Routing? - article at FIRST blog

2024-01-19 Thread Tomás Leite de Castro via anti-abuse-wg 
Hello Carlos,

> Even if who signs it can't hold what they claim with the RIRs' trust anchors

If you believe this is true, then you can forward a claim to the local 
authorities as signing a Fake LOA is a criminal offense which could end in 
imprisonment. 

Best Regards,


Tomás

> On 19 Jan 2024, at 08:52, Carlos Friaças via anti-abuse-wg 
>  wrote:
> 
> 
> On Friday, 19 January 2024 at 08:36, Gert Doering  wrote:
> 
>> 
>> It's a good writeup to enlighten the unenlighted, but hardly a "novel
>> approach" ("introduces the idea...") - this is how we've run our network
>> for the last 20 years, or so. IRR filters based on RIPE route: objects,
>> and later on ROA info.
>> 
>> Paper never played any role in authorizing route announcements here (not
>> even fax).
> 
> Hi,
> 
> Great for you and the networks you manage, unfortunately (in the ~75k 
> networks/autonomous systems) there is still people around the world that 
> accept and rely on simple signed papers by someone. Even if who signs it 
> can't hold what they claim with the RIRs' trust anchors... ;-) 
> 
> ps: unfortunately i have not enabled IPv6 on something today (did my part 
> long ago...), but last week i still received a LoA :-) so yes, some people 
> are still pushing papers.
> 
> Cheers,
> Carlos
> 
> 
>> Gert Doering
>> -- NetMaster
>> --
>> have you enabled IPv6 on something today...?
>> 
>> SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer
>> Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann
>> D-80807 Muenchen HRB: 136055 (AG Muenchen)
>> Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279
> 
> -- 
> 
> To unsubscribe from this mailing list, get a password reminder, or change 
> your subscription options, please visit: 
> https://lists.ripe.net/mailman/listinfo/anti-abuse-wg


-- 

To unsubscribe from this mailing list, get a password reminder, or change your 
subscription options, please visit: 
https://lists.ripe.net/mailman/listinfo/anti-abuse-wg

Re: [anti-abuse-wg] Bulletproof servers causing mischief on the internet

2024-01-18 Thread Tomás Leite de Castro via anti-abuse-wg 
Hi,

I just wanted to make a last comment on the previous email you sent.

> The business model of many bulletproof companies is to ignore reports of 
> abuse, RIPE NCC does not seem to do much against this and criminals are not 
> afraid of retaliation from RIPE NCC towards them. and currently RIPE NCC is 
> an attractive organization to get IP addresses for bulletproof servers, how 
> good is this?

It is true that their job is to ignore abuse reports. Also please note that 
RIPE currently no longer has IPv4 blocks to assign. New members must either get 
their space from a waitlist (which takes time and it’s limited to a single /24) 
or buy IP space from other entities. I do not believe that RIPE is more 
“attractive” than other Registries to obtain IP space for such illegal 
activities. All 5 RIRs have similar policies. Take a look at ARIN’s fraud 
reporting results. 
https://www.arin.net/vault/reference/tools/fraud_report/results/2023/#2023Q2

As it’s been said, it’s not RIPE’s job to police the internet. And please note 
that ultimately the ISPs providing connectivity to these organisations are the 
ones “allowing” the fraud to happen. If all RIRs took action then I’m sure 
criminals would lease IP space from reputable LIRs. Given the current IPv4 
shortage, I believe this is the case already. RIPE isn’t allocating a lot of 
IPs recently simply because they ran out.

Best regards,


Tomás Leite de Castro

> On 18 Jan 2024, at 10:20, OSINTGuardian  wrote:
> 
> Hi Tomas,
> 
> I am not referring to bulletproof servers in Tor, since I understand that 
> this is more difficult to detect since it is deep in the internet. I am 
> referring to the bulletproof hosting that is flooding the clear web with 
> illegal content.
> I currently know different bulletproof hosting, as you probably do too, but 
> no one does anything against this, which mostly affects the clear web.
> 
> illegal activities:
> 
> I am not referring to fighting bulletproof hosting due to spam networks, 
> botnets and DDOS attacks. I am referring to bulletproof hosting that has 
> clients who are pedophiles or drug traffickers (and these clients say it 
> openly) and when the police or internet users send abuse reports to the 
> bulletproof hosting email, the report is ignored.
> 
> Because of bulletproof hosting, the dark net has been on the clear web for 
> some years with child pornography sites, pedophile forums, drug sales sites 
> and among other websites that the owners are clients of bulletproof hosting.
> So you can see that I'm not exaggerating, google "dutchanonstore.to" and 
> you'll see what I mean
> 
> In case you are wondering, the company behind this drug sales website is 
> KODDOS (Amarutu Technology Ltd), one of the most famous bulletproof companies 
> currently and which is on the TOP 1 list of ISPs that provide bulletproof 
> servers for illegal websites
> 
> This is not the only famous bulletproof hosting, cybercriminals use a company 
> like Cloudflare but Russian and with bulletproof servers that are hosted in 
> Russia. the company DDOS-GUARD and it is not the first time that this company 
> is mentioned here since some time ago a famous client of ddos-guard was Hamas 
> (terrorist group)
> 
> I have a lot of evidence against bulletproof servers and how they are 
> complicit in illegal activities, although having evidence of this is not that 
> difficult since many of them are publicly promoted as "bulletproof hosting."
> The police usually do not do much against this, intelligence agencies such as 
> the FBI, Interpol, Europol and among others are slow to do something against 
> the bulletproof servers, and when they do something against this and they 
> arrest the owners of these companies, which What they do is that new 
> criminals create 6 new bulletproof hosting companies and all the clients go 
> to that new company to host the illegal websites.
> 
> Not to mention, the time it takes for authorities to do something against 
> bulletproof hosting is 3 to 6 years, until they arrest the people behind the 
> company with illegal activities. The authorities act extremely slowly and the 
> clean web is filling up with illegal websites.
> 
> Basically this is what has been happening for years and no one does anything:
> screenshot: https://i.imgur.com/nKZz8qx.png
> 
> The business model of many bulletproof companies is to ignore reports of 
> abuse, RIPE NCC does not seem to do much against this and criminals are not 
> afraid of retaliation from RIPE NCC towards them. and currently RIPE NCC is 
> an attractive organization to get IP addresses for bulletproof servers, how 
> good is this?
> 
> Claudia Lopez
> OSINTGuardian
> 
> 
> On ene. 17 2024, at 9:10 pm, Tomás Oliveira Valente Leite de Castro via 
> anti-abuse-wg  wrote: 
> Hi,
> 
> As far as "taking down" bulletproof hosting, that is very hard to do as 
> they often operate on jurisdictions that are easier for them to run 
> their business.
> RIPE NCC only allo