Re: [anti-abuse-wg] Anti-Abuse Training: Questions for the WG
Colleagues, Thank you for the various responses and offers of assistance! If others have further feedback on what such training should look like or, indeed, how useful it would be for them or various types of LIR then that would be incredibly useful as well. Alireza, Tobias and I will be collating all of this, discussing it with the NCC L&D team and then we'll come back to the WG and individuals. Thanks again, Brian Brian Nisbet (he/him) Service Operations Manager HEAnet CLG, Ireland's National Education and Research Network 1st Floor, 5 George's Dock, IFSC, Dublin D01 X8N7, Ireland +35316609040 brian.nis...@heanet.ie www.heanet.ie Registered in Ireland, No. 275301. CRA No. 20036270 From: anti-abuse-wg on behalf of Steve Atkins Sent: Tuesday 19 October 2021 10:47 To: anti-abuse-wg@ripe.net Subject: Re: [anti-abuse-wg] Anti-Abuse Training: Questions for the WG CAUTION[External]: This email originated from outside of the organisation. Do not click on links or open the attachments unless you recognise the sender and know the content is safe. > On 19 Oct 2021, at 10:14, Erik Bais wrote: > > Hi Brian & AA-WG, > > I think that an AA automation training would be very helpful for the members. > > For what I had in mind is to get attendees experience with tools like Netbox > (for address management among other things..), and 1 or 2 Abuse management > software tools.. ( like Abuse.io or Abusix (hosted & commercial) ) I’d be happy to share a bunch of Abacus[*] licences or a hosted server for this. Cheers, Steve [*] https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwordtothewise.com%2Ftools%2Fabacus%2F&data=04%7C01%7C%7Cb6a9ad2bcf5240e77aa908d992e5805e%7Ccd9e8269dfb648e082538b7baf8d3391%7C0%7C0%7C637702337124071538%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=zbutC1xSFI9IVNtE5zZJyBU2sZdAhbZM8WkfOLRnxA0%3D&reserved=0
Re: [anti-abuse-wg] Anti-Abuse Training: Questions for the WG
On Sat 23/Oct/2021 01:38:56 +0200 Ronald F. Guilmette wrote: In message <26f1df33-b958-bed4-f748-f82324d0b...@tana.it>, Alessandro Vesely wrote: Shouldn't there be a standard for automatically forwarding messages destined to abuse-c following a path similar to that of RFC 2317 delegations? I'd love if AA training encouraged such behavior. Although delegation of abuse report handling may sound like a good idea in theory, in practice it is a tragically bad idea. What happens when the customer is a spammer and abuse handling is delegated to that customer? Google for the term "list washing". This isn't merely a theoretical possibility. Digital Ocean has previously sent me multiple response emails saying quite explicitly that they had forwarded my spam reports to their spammer customer(s). Those customers will then surely cease to spam *me* but will continue to spam everyone else on the planet. That'd be an incentive to send spam reports, wouldn't it? This does not create any meaningful reduction in the global spam load. It simply rewards those "responsible" spammers who remove from their target lists the email addresses of the few "complainers" who nowadays take the time to report spam. On the other hand, there are honest mailbox providers who have not realized that their system has been hacked, or that their clients' credentials have been stolen. And if you send a complaint to my abuse-c address, I won't get it. For an easy guess, LIRs who offer services at regular prices —not thousand domain discounts— have more of the latter cases. Still, their budget might not be enough for an abuse team capable of looking at each complaint. Best Ale
Re: [anti-abuse-wg] Anti-Abuse Training: Questions for the WG
On Fri 22/Oct/2021 23:26:23 +0200 Ángel González Berdasco wrote: Hello all Shouldn't there be a standard for automatically forwarding messages destined to abuse-c following a path similar to that of RFC 2317 delegations? I'd love if AA training encouraged such behavior. I don't think the standard should be for automatically forwarding messages. You would need a standard for *exchanging* the information. Fields you would need should include IP address being reported, port (optionally), timestamp, whether this may be shared with the customer (default yes), RSIT taxonomy of the incident being reported, etc. Yeah, I didn't mean a capital 'S' Standard. Rather some common practice. And then, among the actions that can be taken, automatically forwarding could be one of them (and probably the less expensive for the abuse-c owner), but they could choose to process them differently. But the first step is to match the report with the machine/customer. If I were LIR.example, I'd set my abuse-c entries to something like: abuse-customer1@LIR.example abuse-customer2@LIR.example ... That way messages can be forwarded without parsing them; but there's still a chance to look at them, if the budget allows it. Many abuse teams already do that automatically, although I don't know the amount of guessing needed by the tools on their normal flows. The first idea that comes to mind when talking about communicating this would be to create a solution based on X-ARF, but it's not without its shortcomings, either, so maybe a different way is felt to be preferable. plain text, X-ARF, ARF, IODEF, https://xkcd.com/927/ Another way is to send an autoresponse which asks to fill the provider's web form, whereby the number of different formats grows unconstrained. However, it'd be possible for a forwarding LIR.example to ask its clients to fill a web form, in order to summarize the complaint and its followup. Most providers only have one or two ISPs, so the number of formats would stay low. And that could ease LIR's monitoring. This is an interesting discussion, although I feel it's a bigger design issue, significantly more ambitious than the proposal of providing some abuse training which opened this thread. Since the training is addressed to LIRs, a schema like the above could at least be aired. Best Ale
Re: [anti-abuse-wg] Anti-Abuse Training: Questions for the WG
In message <26f1df33-b958-bed4-f748-f82324d0b...@tana.it>, Alessandro Vesely wrote: >Shouldn't there be a standard for automatically forwarding messages destined >to abuse-c following a path similar to that of RFC 2317 delegations? I'd love >if AA training encouraged such behavior. Although delegation of abuse report handling may sound like a good idea in theory, in practice it is a tragically bad idea. What happens when the customer is a spammer and abuse handling is delegated to that customer? Google for the term "list washing". This isn't merely a theoretical possibility. Digital Ocean has previously sent me multiple response emails saying quite explicitly that they had forwarded my spam reports to their spammer customer(s). Those customers will then surely cease to spam *me* but will continue to spam everyone else on the planet. This does not create any meaningful reduction in the global spam load. It simply rewards those "responsible" spammers who remove from their target lists the email addreses of the few "complainers" who nowadays take the time to report spam. Regards, rfg
Re: [anti-abuse-wg] Anti-Abuse Training: Questions for the WG
Hello all > Shouldn't there be a standard for automatically forwarding messages > destined to abuse-c following a path similar to that of RFC 2317 > delegations? I'd love if AA training encouraged such behavior. I don't think the standard should be for automatically forwarding messages. You would need a standard for *exchanging* the information. Fields you would need should include IP address being reported, port (optionally), timestamp, whether this may be shared with the customer (default yes), RSIT taxonomy of the incident being reported, etc. And then, among the actions that can be taken, automatically forwarding could be one of them (and probablye the less expensive for the abuse-c owner), but they could choose to process them differently. But the first step is to match the report with the machine/customer. Many abuse teams already do that automatically, although I don't know the amount of guessing needed by the tools on their normal flows. The first idea that comes to mind when talking about communicating this would be to create a solution based on X-ARF, but it's not without its shortcomings, either, so maybe a different way is felt to be preferable. This is an interesting discussion, although I feel it's a bigger design issue, significantly more ambitious than the proposal of providing some abuse training which opened this thread. Best regards -- INCIBE-CERT - Spanish National CSIRT https://www.incibe-cert.es/ PGP keys: https://www.incibe-cert.es/en/what-is-incibe-cert/pgp-public-keys INCIBE-CERT is the Spanish National CSIRT designated for citizens, private law entities, other entities not included in the subjective scope of application of the "Ley 40/2015, de 1 de octubre, de Régimen Jurídico del Sector Público", as well as digital service providers, operators of essential services and critical operators under the terms of the "Real Decreto-ley 12/2018, de 7 de septiembre, de seguridad de las redes y sistemas de información" that transposes the Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union. In compliance with the General Data Protection Regulation of the EU (Regulation EU 2016/679, of 27 April 2016) we inform you that your personal and corporate data (as well as those included in attached documents); and e-mail address, may be included in our records for the purpose derived from legal, contractual or pre-contractual obligations or in order to respond to your queries. You may exercise your rights of access, correction, cancellation, portability, limitationof processing and opposition under the terms established by current legislation and free of charge by sending an e-mail to d...@incibe.es. The Data Controller is S.M.E. Instituto Nacional de Ciberseguridad de España, M.P., S.A. More information is available on our website: https://www.incibe.es/proteccion-datos-personales and https://www.incibe.es/registro-actividad.
Re: [anti-abuse-wg] Anti-Abuse Training: Questions for the WG
Hi all, On Mon 18/Oct/2021 18:40:06 +0200 Michele Neylon - Blacknight via anti-abuse-wg wrote: 3) If not, would there be other areas of Anti-Abuse training that would be of interest? A lot of hosting providers aren’t LIRs, but are getting IP space from LIRs. Maybe providing materials that LIRs could share with their clients would help? There seems to be a lot of ignorance out there. There are also people who are not hosting providers, but host their own server(s) using a handful of IP addresses. I know mailbox self-providers are an endangered species, but they may still happen to have an IP delegation w/o abuse-c. And complainants may prefer to send reports to the top level delegate. However, top level delegate may happen to have non-responding abuse teams. At best, ISPs forward complaints to their clients. Shouldn't there be a standard for automatically forwarding messages destined to abuse-c following a path similar to that of RFC 2317 delegations? I'd love if AA training encouraged such behavior. Best Ale --
Re: [anti-abuse-wg] Anti-Abuse Training: Questions for the WG
> On 19 Oct 2021, at 10:14, Erik Bais wrote: > > Hi Brian & AA-WG, > > I think that an AA automation training would be very helpful for the members. > > For what I had in mind is to get attendees experience with tools like Netbox > (for address management among other things..), and 1 or 2 Abuse management > software tools.. ( like Abuse.io or Abusix (hosted & commercial) ) I’d be happy to share a bunch of Abacus[*] licences or a hosted server for this. Cheers, Steve [*] https://wordtothewise.com/tools/abacus/
Re: [anti-abuse-wg] Anti-Abuse Training: Questions for the WG
Hi Brian & AA-WG, I think that an AA automation training would be very helpful for the members. For what I had in mind is to get attendees experience with tools like Netbox (for address management among other things..), and 1 or 2 Abuse management software tools.. ( like Abuse.io or Abusix (hosted & commercial) ) I create some time ago a write up of what the training could entail ( not set in stone obviously .. ) feel free to take your own path .. https://docs.google.com/document/d/1V8yv7VmflmhJyu3jgz3R63YWNdhKKKaP8LEs25ZexoE/edit?usp=sharing Once people see how easy it is to move away from excel sheets for IP address management .. and see the benefits of off-the-shelves products .. and how this could help them in their daily work, I'm sure that we will be in a better place in the future. So a big +1 from me on any training for the NCC members on training on this subject. Regards, Erik Bais On 15/10/2021, 11:15, "anti-abuse-wg on behalf of Brian Nisbet" wrote: Colleagues, As you may remember the WG Co-Chairs have been talking to the NCC about some possible Anti-Abuse training in March of this year. This proposal got very little reaction from the community, so we are going to try again to see if there is interest, or if people who are already on this mailing list believe that there would be interest from other LIRs that they know. I have re-attached the proposal that Alireza sent to the mailing list in March. Between now and RIPE 83 (when this matter will be on the WG session agenda) I would ask the following questions: 1) Would training, as described, be of interest to you? 2) Would training, as described, be of interest to other LIRs you know of/work with? 3) If not, would there be other areas of Anti-Abuse training that would be of interest? 4) Would you be willing to help write training materials for this course? After the list discussion and discussion at RIPE 83 the Co-Chairs will work with the NCC Learning & Development Team to decide if there is enough interest to develop the course and, if there is, how to proceed from there. We really do believe this is something that would be of interest to a large number of small LIRs in the region, but that's not something we can really determine without the help of the WG Thank you, Brian Co-Chair, RIPE AA-WG Brian Nisbet (he/him) Service Operations Manager HEAnet CLG, Ireland's National Education and Research Network 1st Floor, 5 George's Dock, IFSC, Dublin D01 X8N7, Ireland +35316609040 brian.nis...@heanet.ie www.heanet.ie Registered in Ireland, No. 275301. CRA No. 20036270
Re: [anti-abuse-wg] Anti-Abuse Training: Questions for the WG
Hi All Michele, I think this is a great idea. It would probably make sense to liaise with https://www.m3aawg.org/ and FIRST (tha latter would be me ;-) and I can broker an intro to the M3AAWG peoples. Not also, that FIRST has a "DNS Abuse SIG", that focuses on domain related abuse, but in a wide sense. I'm sure that work could be extended to cover IP abuse. And before we start our usual skirmishes: The fist step the group did was to come up with a taxonomy, so that we all speak of the same. A second step will then be suggestions on how to mitigate this. If we feel something like this would be of value for "IP abuse" I'm happy to help set up a FIRST SIG, so we cover the world, and not just RIPE. But irrespective of this, I think some training courses would be awesome. I'd be super happy to help. Best Serge On 18/10/2021 18:40, Michele Neylon - Blacknight via anti-abuse-wg wrote: Brian I missed earlier emails about this. I think it would be beneficial for a lot of LIRs to get some basic training. Anything that improves the landscape should be encouraged and welcomed! 1. Would training, as described, be of interest to you? Potentially for new staff if the materials were available ie. As a resource 2. Would training, as described, be of interest to other LIRs you know of/work with? I don’t know of any specifically, but that’s down to my role. 3) If not, would there be other areas of Anti-Abuse training that would be of interest? A lot of hosting providers aren’t LIRs, but are getting IP space from LIRs. Maybe providing materials that LIRs could share with their clients would help? There seems to be a lot of ignorance out there. 4) Would you be willing to help write training materials for this course? I don’t have time to produce materials but I’d be happy to review same. Regards Michele -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ <https://www.blacknight.com/> https://blacknight.blog/ <https://blacknight.blog/> Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ <https://michele.blog/> Some thoughts: https://ceo.hosting/ <https://ceo.hosting/> --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 *From: *anti-abuse-wg on behalf of Brian Nisbet *Date: *Friday, 15 October 2021 at 10:15 *To: *anti-abuse-wg@ripe.net *Subject: *[anti-abuse-wg] Anti-Abuse Training: Questions for the WG [EXTERNAL EMAIL] Please use caution when opening attachments from unrecognised sources. Colleagues, As you may remember the WG Co-Chairs have been talking to the NCC about some possible Anti-Abuse training in March of this year. This proposal got very little reaction from the community, so we are going to try again to see if there is interest, or if people who are already on this mailing list believe that there would be interest from other LIRs that they know. I have re-attached the proposal that Alireza sent to the mailing list in March. Between now and RIPE 83 (when this matter will be on the WG session agenda) I would ask the following questions: 1) Would training, as described, be of interest to you? 2) Would training, as described, be of interest to other LIRs you know of/work with? 3) If not, would there be other areas of Anti-Abuse training that would be of interest? 4) Would you be willing to help write training materials for this course? After the list discussion and discussion at RIPE 83 the Co-Chairs will work with the NCC Learning & Development Team to decide if there is enough interest to develop the course and, if there is, how to proceed from there. We really do believe this is something that would be of interest to a large number of small LIRs in the region, but that's not something we can really determine without the help of the WG Thank you, Brian Co-Chair, RIPE AA-WG Brian Nisbet (he/him) Service Operations Manager HEAnet CLG, Ireland's National Education and Research Network 1st Floor, 5 George's Dock, IFSC, Dublin D01 X8N7, Ireland +35316609040 brian.nis...@heanet.ie www.heanet.ie <http://www.heanet.ie> Registered in Ireland, No. 275301. CRA No. 20036270 -- Dr. Serge Droz Director, Forum of Incident Response and Security Teams (FIRST) Phone +41 76 542 44 93 | serge.d...@first.org | https://www.first.org
Re: [anti-abuse-wg] Anti-Abuse Training: Questions for the WG
Hi, On 15-10-2021 11:14, Brian Nisbet wrote: 1) Would training, as described, be of interest to you? Yes, we (AS12859) would be interested. I hope it will help new colleagues in getting a good understanding of the issues. 2) Would training, as described, be of interest to other LIRs you know of/work with? I expect so, yes. Before covid I spoke regularly with LIR's who expressed some tips and tricks on the subject would be helpful. 3) If not, would there be other areas of Anti-Abuse training that would be of interest? I think most people would benefit from practical tips and sharing of experiences from other LIR's/providers. 4) Would you be willing to help write training materials for this course? Yes, I am co-author of an anti-abuse code of conduct and roadmap for Dutch providers and registrars. These are both creative commons licensed. Last year I helped developing an anti-abuse course by the .NL registry for .NL registrars, I have asked whether this content can be shared. Kind regards, -- Wido Potters
Re: [anti-abuse-wg] Anti-Abuse Training: Questions for the WG
Hi, On Mon, Oct 18, 2021 at 04:40:06PM +, Michele Neylon - Blacknight via anti-abuse-wg wrote: > 1. Would training, as described, be of interest to you? > Potentially for new staff if the materials were available ie. As a resource Indeed, that would be helpful. (And I'm not volunteering to write something - sorry, already too many competing voluntary projects) Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer Joseph-Dollinger-Bogen 14Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279 signature.asc Description: PGP signature
Re: [anti-abuse-wg] Anti-Abuse Training: Questions for the WG
Brian I missed earlier emails about this. I think it would be beneficial for a lot of LIRs to get some basic training. Anything that improves the landscape should be encouraged and welcomed! 1. Would training, as described, be of interest to you? Potentially for new staff if the materials were available ie. As a resource 1. Would training, as described, be of interest to other LIRs you know of/work with? I don’t know of any specifically, but that’s down to my role. 3) If not, would there be other areas of Anti-Abuse training that would be of interest? A lot of hosting providers aren’t LIRs, but are getting IP space from LIRs. Maybe providing materials that LIRs could share with their clients would help? There seems to be a lot of ignorance out there. 4) Would you be willing to help write training materials for this course? I don’t have time to produce materials but I’d be happy to review same. Regards Michele -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ https://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 From: anti-abuse-wg on behalf of Brian Nisbet Date: Friday, 15 October 2021 at 10:15 To: anti-abuse-wg@ripe.net Subject: [anti-abuse-wg] Anti-Abuse Training: Questions for the WG [EXTERNAL EMAIL] Please use caution when opening attachments from unrecognised sources. Colleagues, As you may remember the WG Co-Chairs have been talking to the NCC about some possible Anti-Abuse training in March of this year. This proposal got very little reaction from the community, so we are going to try again to see if there is interest, or if people who are already on this mailing list believe that there would be interest from other LIRs that they know. I have re-attached the proposal that Alireza sent to the mailing list in March. Between now and RIPE 83 (when this matter will be on the WG session agenda) I would ask the following questions: 1) Would training, as described, be of interest to you? 2) Would training, as described, be of interest to other LIRs you know of/work with? 3) If not, would there be other areas of Anti-Abuse training that would be of interest? 4) Would you be willing to help write training materials for this course? After the list discussion and discussion at RIPE 83 the Co-Chairs will work with the NCC Learning & Development Team to decide if there is enough interest to develop the course and, if there is, how to proceed from there. We really do believe this is something that would be of interest to a large number of small LIRs in the region, but that's not something we can really determine without the help of the WG Thank you, Brian Co-Chair, RIPE AA-WG Brian Nisbet (he/him) Service Operations Manager HEAnet CLG, Ireland's National Education and Research Network 1st Floor, 5 George's Dock, IFSC, Dublin D01 X8N7, Ireland +35316609040 brian.nis...@heanet.ie www.heanet.ie<http://www.heanet.ie> Registered in Ireland, No. 275301. CRA No. 20036270
[anti-abuse-wg] Anti-Abuse Training: Questions for the WG
Colleagues, As you may remember the WG Co-Chairs have been talking to the NCC about some possible Anti-Abuse training in March of this year. This proposal got very little reaction from the community, so we are going to try again to see if there is interest, or if people who are already on this mailing list believe that there would be interest from other LIRs that they know. I have re-attached the proposal that Alireza sent to the mailing list in March. Between now and RIPE 83 (when this matter will be on the WG session agenda) I would ask the following questions: 1) Would training, as described, be of interest to you? 2) Would training, as described, be of interest to other LIRs you know of/work with? 3) If not, would there be other areas of Anti-Abuse training that would be of interest? 4) Would you be willing to help write training materials for this course? After the list discussion and discussion at RIPE 83 the Co-Chairs will work with the NCC Learning & Development Team to decide if there is enough interest to develop the course and, if there is, how to proceed from there. We really do believe this is something that would be of interest to a large number of small LIRs in the region, but that's not something we can really determine without the help of the WG Thank you, Brian Co-Chair, RIPE AA-WG Brian Nisbet (he/him) Service Operations Manager HEAnet CLG, Ireland's National Education and Research Network 1st Floor, 5 George's Dock, IFSC, Dublin D01 X8N7, Ireland +35316609040 brian.nis...@heanet.ie www.heanet.ie Registered in Ireland, No. 275301. CRA No. 20036270 Context The Internet is a complex ecosystem where many people and organisations converge, with differing outlooks and motivations. While the vast majority of these are for the general good, sadly that is not always the case. To deal with this negative part, the RIPE Community created the Anti-Abuse Working Group that aims to tackle online abuse from both the technical and non-technical angles. Some of the ideas that can be useful to understand the context of anti-abuse and how important collaboration and mutual understanding is, are: - Your outbound is somebodyâs inbound. And vice versa. - My network, my rules. You want your rules accepted, accept the rules of others as well. - You define what abuse is. So do others. Be respectful and try to solve the issues together. - The community expects you to handle Abuse in your network and keep the resources you have been granted clean It is also not possible to have a one-fit-all definition of abuse. To say the least it depends on the point of view, so you define when enough is enough. Twitter has a different definition than a small LIR. While you have your definition and Twitter has its own, don't judge another person for complaining about what they define as abuse of their network. Be reasonable! In addition to this, there are different types of resources to be considered. For example, due to enormous IPv6 address space and v6 spammers constantly changing their prefixes, it is not clear yet what are the best practices fighting IPv6 abuses. Despite the difficulties on defining anti-abuse, the WG considers that a training activity about anti-abuse could be of great help. Anti-abuse training - Title: Anti-abuse for LIRs - Target audience: Small new LIRs (mostly), but also all the other ones (eg. old-big ones can share more with the new ones) - Topic: How to report and handle abuse of your LIR resources (IPs and ASNs) - Stakeholders: RIPE NCCâs LIRs (with special focus on very small LIRs that doesnât know where and how to report abuse), targets of abuse, "facilitators" of abuse, the ones that abuse, LIRs with resources in other RIRs - Format: webinar (1-2 hrs) with trainers and interaction (questions and polls) *In the future we can develop other reference materials for easy sharing: BCOPs, RIPElabs articles, etc. - Pedagogical approach: adult learning for professionals, where they will learn actionable things that are useful for their daily job. - Scope: We consider abuse and anti-abuse from the point of view of RIPE NCCâs LIRs and related with Internet numeric resources (IPs and ASNs) - Main Goals (from the participant point of view): 1) Explain the "abuse" context, and identify your place on it 2) Understand what is expected from you from the Internet community Examples of questions to ask yourself: What led your network to abuse others?, Am I attacking others currently?, How do I know?, Where should I check my reputation? 3) Define a plan about what you, as an LIR, can do for others about fighting abuse Examples: maintain your anti-abuse contact info, report on abuse, share info on abuse cases, collaborate with other stakeholders (LEAs, CERTs, LIRs, RIPE Community), automate abuse handling/tools? 4) Understand what you can expect from other stakeholders related with abuse fightin