> I believe most prefixes are registered in NTTCOM
so you too voted with yout feet
>> unfortunately, the answer for many operators is NO. they voted with
>> their feet. you can say what they SHOULD do. my family has a lot of
>> jokes about how the world should be.
> I don't know why you say th
>>> The following RIR IRR's are in use today: RIPE, APNIC, AfriNIC, ARIN.
>> most operators in X do not register routes in irrX for all X except RIPE
> Sorry, I don't understand what you are saying here.
most folk in non-ripe regions do not use their rir's irr instance.
> I know my employer uses
> The following RIR IRR's are in use today: RIPE, APNIC, AfriNIC, ARIN.
most operators in X do not register routes in irrX for all X except RIPE
> I do not agree with "most rir irr instances are unused".
cool. maybe you could back your disagreement up with measurement.
randy
>>> I know my employer uses the rr.ntt.net instance on a daily basis.
>> yes, i built that and heas has done cool stuff. does your employer
>> register in ARIN or APNIC irr? < light goes on?>
> We encourage anyone to register their routes in the appropiate IRR,
> especially when that IRR offers s
> STEP 1
>
> Any ROUTE object submitted for creation in the RIPE Database involving
> an out of region resource (address space and/or ASN) where that out of
> region resource does not exist in the authoritative RIR database (has
> not been allocated or assigned), reject the creation.
>
> The RIPE
> "Document everything one AS originates in a single database" is the
> primary motivation here (so upstreams/peers can go to a single source
> to build filters, and that single source must not be RADB).
and why not?
randy
[ i may be totally misunderstanding things here, but i never bought
mandatory abuse-c in the first place ]
so the idea is we mandate that there be an abuse-c: so that there is an
email address where we can send mail to which there will be no response?
i am hesitant to mandate behavior beyond t
>> so the idea is we mandate that there be an abuse-c: so that there is an
>> email address where we can send mail to which there will be no response?
>
> The RIPE Database is full of email addresses. If I don't know which one
> is intended to receive abuse complaints by responsible network manag
> If you put an address that does not handle abuse in abuse-c: you
> have just inserted incorrect data into the database. IMO that
> should not be the job of the NCC...
if you force folk to put in abuse-c, there will be non-responsive
email addresses. get over it.
> there has to be accurate records for abuse-c
really? and how does abuse-c affect the effective operation of the ncc
resource registry.
abuse-c is a convenience for ops.
> many network managers do not respond/reply to abuse, this does not
> mean that the complaints are not actioned, for exampl
>> really? and how does abuse-c affect the effective operation of the
>> ncc resource registry.
>
> it makes iet easier for the ncc to know who deals with abuse issues
> which includes, but is not limited to: law enforcement (kiddie porn,
> etc etc), the sync of warrants for courts and a few other
> I may be in za physically, but the infrastructure of my current
> employers are in EU, anyway, as you said already it is a convenience
> for ops to have abuse-c but the point is that it is actually
> convenient for a whole lot of others (incl me)
it would be a convenience to me for you to send m
>> so the idea is we mandate that there be an abuse-c: so that there is an
>> email address where we can send mail to which there will be no response?
>
> you could just as easily make the same arguments about admin-c or tech-c.
no. being able to contact them is necessary for the ncc to maintain
> In these days of political interest in how the internet is 'managed' the
> RIRs need to do more than 'just maintain an accurate registry'. The
> internet is a crucial part of modern life. Abuse is considered to be a
> serious problem. What you are saying is that you don't give a dam about
> a
>> it would be a convenience to me for you to send me €1000/mo, and i am
>> sure many other sould line up. let's make it mandatory.
>
> can we agree to leave the straw men out of this discussion? They're
> not helping.
no. even you seem to confuse what is necessary for the ncc to maintain
a ri
> No. It needs to contain accurate records of who has been delegated
> responsibility for that (admin-c / org).
>
> abuse-c is a way to ease finding the *right* contacts instead of always
> having to write paper mail to the company CEO - and that makes sense,
> but it's a convenience to operators
>> I am also impressed and concerned with the old, inopportune and
>> improper posture of the gentlemen Randy Bush and Gert Doering.
> Always happy to impress the young.
and i always love ad hominem attacks; a sure sign of a loser.
> I've never said people should not h
> the whole point of book keeping is to have accurate data and records
>
> so, pick your poison. All POV leads to exactly the same thing: the ncc
> needs accurate abuse-c as much as any of the other data.
and it needs an accurate record of my blood type.
> At least for for 2028 (12 years further on), we can hope that
> pervasive adoption of IPv6 will have made Legacy IPv4 resources
> irrelevant.
and how is rosenantes?
> It has been implemented for the whole of the address space allocated
> or assigned by the RIPE NCC. We spent 6 months 'encouraging' members
> to deploy it, then another year 'encouraging' PI holders to deploy
> it. ...
and 42% of those addresses black-hole or bounce. and we keep tilting
at this
> I would like abuse-c: much more if it were changed in two ways:
> - permit abuse-c: in inet(6)num: objects
> - permit abuse-c: to point to a normal person: object, not only role:
wfm
>> Sorry Elvis but you are neither a software engineer nor a regular
>> user inputting data into the RIPE Database. So your unsubstantiated
>> statement of 'poor' does not carry much weight.
> I was not making any decision just expressing an opinion just as Elvis
> expressed his opinion on my imple
< rant >
this is insane. neither ripe nor the ncc should be the net police,
courts, and prison rolled into one kangaroo court.
it is droll that the erstwhile anti-abuse working group becomes a
self-righteous abuser. so it is with so many abused children.
put your energy into routing security n
> It wouldn't half surprise me if people like this "randy bush" are
> motivated by criminal groups.
ROFL
i have been allied with satan for years and am damned proud of it.
> so you are taking it upon yourself to attach your own opinion by
> commenting on how you interpret the point(s) Randy is making?
>
> how rude and presumptuous of yourself.
QED? i wish folk would not resort to ad homina
> it seems many people (including myself) are rude, obnoxious, not
> toler
> They had a fiduciary duty not to hand out whole /14s of v4 space to
> snowshoe spammers set up as eastern european LIRs not too long back
as i intended by my reference to martin niemöller, i suspect that's who
the net police/vigilantes will come for next. and then ... and then
... it is incre
> The four week discussion phase for 2019-03 officially ended just over
> a week ago. Since then, while there has been further welcome
> discussion on list, the WG Co-Chairs have been discussing the next
> steps with the proposers and the NCC Policy Officer. We have reached
> the following conclusi
>> Mr. Chairman, I ask you to summarily eject the member in question
> So, if you do not get your way, me being ejected, then you are
> threatening the Chair?
ok children. this is a waste of other people's bandwidth. if you want
to carry on in private, go for it. but stop pissing in the commons
plonk
> Abuse mailboxes are already checked. What matters for abuse
> management is whether reports are acted on. This policy doesn't
> address that.
>
> If the RIPE NCC is instructed to send 6-monthly reminders to all abuse
> contacts with the implicit threat that if they aren't acted on in the
> way
> So, either RIPE LIRs adopt Jordi's work flow for abuse complaint
> management, or the RIPE NCC will take away their internet addresses?
as the american government is demonstrating, and others' including
jordi's have demonstrated in the past, there is no proof of termination
of a growing police s
suspect your question was clear
enough that even i understood it.
randy
---
From: Randy Bush
Subject: Re: [anti-abuse-wg] [Misc] Research project on blacklists
To: Anushah Hossain
Date: Wed, 17 Jul 2019 08:02:31 -0700
i loathe surveys
i use
dialups.mail-abuse.org
dnsbl.sorbs.net
> I'd like to suggest to the chairs that this proposal be formally
> dropped.
please
randy
erik,
> Personally, I'm not in favour of this policy as I don't like the NCC
> to start to injecting ROA's that are not allocated or assigned to
> members or end-users.
>
> I think it sets the wrong precedence for the community and it could
> open up for scope creep to abuse the system for other
> as Alexander Azimov pointed out: people can just announce a *less*
> specific, which will be "Not Found" even if an AS0 ROA exists for more
> specific. And because there is no competing (valid/not found)
> announcement they will attract the traffic.
this was brought up in the sidr wg when as0 wa
> How these things slip through is when paperwork gets submitted that is
> incorrect and falsified with fake signatures.
and the ncc has a job advert out to hire even more lawyers (no blame;
it's a mess). can ripe keep from becoming arin?
randy
> It would be nice if RIPE NCC could provide as part of its annual
> report a list of incidents of this nature so we have an idea of how
> wide-spread this is - or not.
as i try not to indulge in schadenfreude, i don't have much use for this
information.
we spent some time in this space in rotter
> The unpredictability of the NCC's actions don't make the members happy.
s/the members/you/ at least in this case. and maybe a few others. i,
for one, am not unhappy, except that you speak for me.
randy
> I am not a member. However, the increase in such incidents and the
> risk of regulators or lawsuits occurring mean that RIPE NCC does need
> to perform more due diligence than would be consistent with a “we are
> not the internet police” position.
if this is an accusation that they are not, then
> RPKI in its current form provides an insulation layer which stops
> certain types of misorigination problems and mitigates others, but has
> almost no impact on the wider question of policy routing.
>
> RPKI also works quite well from the point of view of incremental
> deployment, i.e. it's not
well, not exactly as i see it. abuse-c: is the op's way of saying
"please send any abuse related information here." it is not a legal or
social contract to act on it (and i suspect that next year the wannabe
net police will want to enumerate exactly *how* they must act in 93
different circumstanc
> To an extreme, there should always be a known contact responsible for
> any network infrastructure.
there are, admin and tech
randy, not advocating for or against abuse-c
> The policy proposal here is: if the registry doesn't comply, then it
> is in explicit violation of RIPE policies.
>
> According to the "Closure of Members, Deregistration of Internet
> Resources and Legacy Internet Resources" document (currently RIPE
> 716), if you don't comply with RIPE policie
> It would be interesting if a large number of people who actually work
> for the security / infosec / abuse teams of various ripe members were
> to attend the aawg meetings instead of a clutch of mostly IP / dns /
> network people.
did. a couple of interesting presos, but the plural of anecdote
> I do not see so far any concrete proposal in the sense of addressing
> issues, only shooting down proposals (for good or bad reasons
the desire to stop a whack-a-mole does not imply a responsibility to
make moles.
a lot of folk here actually deal with spam, or likely they would not be
on this l
> It’d be interesting to take individual names of the people most vocal
> in their objections and feed them through LinkedIn - that assumption
> you made about dealing with spam would soon be tested.
give me a hand here. how is this construcive and helpful for the
internet operations community?
> Database and routing people who haven’t worked security or don’t want
> security roles trying to lecture people who work cert and abuse roles
> on why something abuse mitigation related won’t work is always
> interesting. Not you Randy but many other posters in this thread.
lecturing such bs at
> One of the requests was from a Dutch law-enforcement authority
> ordering the RIPE NCC to provide non-public information it holds about
> organisations responsible for Internet number resources. The RIPE NCC
> complied with this request.
is it safe to assume this was a proper court order (excuse
perhaps, instead of really rude ad homina, you could try to be
constructive by finding and nominating a really excellent candidate
or two.
randy
> sorry, we have no policy to kick off dirty spammer from elections. I
> think it is time to do that. Let's do.
i doubt this is necessary
randy
> It's ok for consensus to be that a policy proposal be rejected
> entirely.
but how many times?
randy
> Otherwise we change the way the working Groups works it will remain
> unchanged for ever. I agree that we must get a way to vote or another
> democratic way to get decisions.
the goals of the ripe community are stewardship and cooperation, not
voting, deciding, and "getting things done." you ca
brian,
excuse my continuing to rant. if i write a long message, it can not be
good :) as with spam, you have a delete key.
i think we all dislike spam and other forms of network abuse. but this
is the only working group whose goal is negative, to stop something.
even the wg's name is composed
> Suresh keeps attacking me without a single slightest proof, and hence
> I must respond.
a tale Told by an idiot, full of sound and fury, Signifying nothing.
-- bill
> If this is about "do you want a mail address or a web form for
> reporting abuse?", no, routing and networking people do not really
> care much.
depends. will the bikeshed be magenta?
randy
would those helpful folk kindly giving us legal opinions please tell us
your legal credentials? it would help us better calibrate your legal
assertions. thanks.
randy
hi sabri,
>> would those helpful folk kindly giving us legal opinions please tell
>> us your legal credentials?
fwiw, i did not mean to impugn anyone. the engineering advice on these
lists has some variance, though less variance on some lists than others.
and the lawyers i hear in real life, inc
dear info:
> When you run a VPN service it simply lies in the nature of things that
> some miscreants buy accounts which lead to various types of
> complaints.
> Our principle is not to serve the bad, but the good!
reasonable. probably not easy to tell the good from the bad.
> Our removal reque
> Getting back to your street example. We -just like the police- are
> unable to watch the streets 24/7/365 for a potential bank robber
> traversing the street
or more like the police here in the states seem unable to police
themselves internally for fascist racist murderers.
> In this article Vasileios Giotsas summarises the results of a detailed
> study of how transferred IPv4 prefixes are misused in the wild by
> synthesising an array of longitudinal IP blacklists, honeypot data, and
> AS reputation lists:
>
> https://labs.ripe.net/Members/vgiotsas/a-first-look-at-t
> If I didn't know that you expected me to offer support for this
> proposal, neither did anyone else.
i, for one, did. it's standard procedure under the pdp.
and assuming no one else understands what you do not understand is an
interesting mis-understanding.
randy
> I disagree that it did not reach consensus. There was never any proper
> measure of whether it reached consensus.
i will admit to being lazy/busy and have not looked at pdp to confirm.
but ...
i believe that the way we measure consensus is by looking at the faces
of the co-chairs. that's why t
> Which then allows you to mistakenly claim there is or isn't consensus.
> Which itself is prone to abuse.
you may want to take a look at
7282 On Consensus and Humming in the IETF. P. Resnick. June 2014.
but we have been here before
--
Ettore Bugatti, maker of the finest cars of his day, w
> Amongst the greatest mysteries of the shady underbelly of the
> internet: how to pronounce "Guilmette"
speaking of anti-abuse; back in the '80s we agreed that making fun of
others' typos, misspellings, personal names, etc. was impolite.
randy
there is a fair bit of spectrum between the internet of cooperating
competitors running their networks as prudently as they can afford
and an internet desired by some where everything is done uniformly
by rigid written rules.
what i find interesting is that a number of the folk here who
loudly esp
> There seems to be at least one rule common to everyone: if you want to
> run a network with an independent routing policy you'll need to use
> BGP.
:)
> Unfortunately it seems dealing with abuse emerging from the networks
> one runs is not a common, basic, rule for everyone.
>
> Also, network
> It seems to me that if your abuse@ email is being overloaded and you are
> unable to keep your network spam free, then you shouldn't be taking on any
> more customers until you figure things out.
great. should be no problem telling the people in management who wear
shiny shoes that being social
> UCEProtect was added as a data source prior to 2010 and is still used by
> several network operators to filter traffic into their networks.
> Including it as a data source in RIPEstat allows users to see whether
> resources are included in their lists.
uceful :)
randy
> Given that, if RIPE NCC and its community doesn't trust UCEProtect
my impression is that this wg does not really like or trust anything.
it's all about not liking and rage at the machine.
imiho, it is very useful that ripe stat has longitudinal measurement
data on a few anti-spam technologies.
i think two things are being confused here; what the measurement folk
find useful and what the anti-spam folk find useful. the ncc and ripe
stat is not supplying the latter.
it is the mail operators' choice of which anti-spam techniques to use,
and i do that with one hat. but with a different ha
i am just a measurement guy who wandered over here because who doesn't
like the smell of blood in the water.
as this discission is about what ripe stat has been doing measurement
stats on since dirt was invented, perhaps the mat wg should have been
where this discussion occurred. at least it shou
interesting wg to do routing security analysis.
as i do really not know the dod's or their proxy's motive(s), i can not
say much about their tactics let alone strategy.
i do know, and have actually seen and experienced, part of 11/8 being
used as if it was 1918 space; ripe bologna was the first t
[ brian lured me into the abuse circle; so reposting with routing ]
interesting wg to do routing security analysis.
as i do really not know the dod's or their proxy's motive(s), i can not
say much about their tactics let alone strategy.
i do know, and have actually seen and experienced, part of
> It's not like these norms do not exist today - abuse contacts have to
> be provided already today. Responsible ISPs read these mailboxes and
> act upon them.
>
> Forcing everybody through a "you must click here to validate your
> abuse contact, otherwise bad things will happen to your resources
> Plain text ?
doh
--
To unsubscribe from this mailing list, get a password reminder, or change your
subscription options, please visit:
https://lists.ripe.net/mailman/listinfo/anti-abuse-wg
> DNSSEC everywhere would make more sense than HTTPS everywhere, which
> instead won the hype. Being sure to connect to the IP designated by
> the domain is essential, while encrypting every page of sites like,
> say, wikipedia is just wasting cycles.
tls gives a bit of authenticity too. modulo
>>> Why isn't it possible to gain a delegation by proving number
>>> assignment?
>> Because your ISP can't be bothered.
> Is such unbotherability legitimate?
these years, it is one of the things when considering a provider from
which one gets address space.
part of the problem is that this used n
> In a recent talk Jane Easterly said: "The private sector has promised
> better security for yeas but has not delivered. This has to change".
was this not in the context of software and platform safety? easterly
has been riding that hobby horse for a few years, and with serious
justification.
b
78 matches
Mail list logo