RIPE Anti-Abuse Working Group Minutes – RIPE 63
Tuesday, 1 November 2011, 16:00-17:30, Vienna
Co-Chairs: Brian Nisbet and Tobias Knecht
Scribe: Fergal Cunningham
Chat Monitor: Ingrid Wijte
A: Administrative Matters
The Anti-Abuse Working Group Co-Chair Brian Nisbet opened the session and welcomed the attendees. He thanked the scribe, chat monitor and stenographers and then introduced his co-chair, Tobias Knecht.
Approve Minutes from RIPE 62
Brian noted that there was an initial comment on the draft minutes from RIPE 62. He said some small amendments were made and the minutes were then approved.
There were no additions to the agenda.
B1: Recent List Discussion
Brian noted there was a lot of recent list discussion, not all of it constructive. He said reporting abuse to the RIPE NCC was a main issue and that it would be addressed later in this session with a presentation from the RIPE NCC.
B2: Passive DNS – Joao Damas, ISC
Joao Damas from ISC gave a presentation on passive DNS. The presentation is available at:
Aaron Kaplan, CERT.at, said there were passive DNS installations in Estonia, Austria and Luxembourg. He said there was effort between them to have a common query interface for passive DNS databases and he asked Joao if he would be interested in participating.
Joao said that sounded like a good idea and he would ask his colleague to contact Aaron.
Aaron asked if Joao thought about the data collection as being sensitive from a data protection point of view. He thought there was no easy answer for this.
Joao agreed and said he also had no answer for that. He said most of the queries so far were from people they know so there hasn’t so far been a need to perform much verification.
B3. RIPE NCC Abuse Contact Procedures
Laura Cobley, Customer Services Manager at the RIPE NCC, gave a presentation on the procedures used to report abuse to the RIPE NCC. Her presentation is available at:
Michele Neylon, Blacknight, asked where he could find the webform to report abuse and how to report abuse in the absence of the webform.
Laura said the webform was a proposal and was not available yet, and people could send their reports to abuse _at_ ripe _dot_ net. She added that she would ensure this information would be available on the RIPE NCC website.
Peter Koch, DENIC, asked if the RIPE NCC would scrutinise the person making the report.
Laura said there would be scrutiny of the reporter but that anyone could make a report. She said there could be an email verification check used in combination with the webform.
Peter asked if, in that case, people could make reports with an anonymised name as long as they had a valid email address.
Laura said there were no plans to keep track of identities but that there did need to be a way to communicate with the reporter.
Sascha Luck, Cork Internet Exchange, asked if it would be better to have the webform available from the LIR Portal to prevent such things as DDoS attacks.
Laura said this would limit it to only RIPE NCC members.
Brian agreed with this and said he would not want it to be available only to members.
Kaveh Ranjbar, Database Manager at the RIPE NCC, said that there is a list of email contacts, including abuse _at_ ripe _dot_ net, on the RIPE NCC website. He said there is also a simple webform for contact the RIPE NCC although this does not contain all the options presented by Laura.
Wilfried Woeber, Vienna Univerity/ACOnet, said he did not object to webforms but said there should be some safeguards to ensure that the identity of the person is verifiable and that the complaints are genuine. Wilfried added that many people used email and ticketing systems and it would be a good idea to consider this.
Tobias Knecht, Abusix, said that there are email formats that can be set up to hold the same information as a webform and can be partly automated. He said he would send Laura information on these formats.
Laura thanked Tobias and noted that the format has not been finalised so it would be good to get that information from Tobias.
Brian asked what would happen to abuse _at_ ripe _dot_ net when the webform became available.
Laura said that the address is used for a range of issues and that it would remain available.
Brian asked when the webform might become available.
Laura said she did not have an exact date yet and the RIPE NCC was still gathering feedback. She said she hoped to be able to establish a production timeline soon after the RIPE 63 Meeting.
B4. Hosters v Malware: Tools & Best Practice
Michele Neylon, Blacknight, gave a presentation on tools and best practices from a hosting provider’s point of view. The presentation is available at:
During the presentation, Michele asked for a show of hands on the following questions:
• Who is involved with hosting in some way?
• Who provides dial-up or DSL-type services?
• Who deals with abuse reports on a daily basis?
• Are you taking proactive measures to deal with the abuse reports?
Several people raised their hands for all these questions.
There were no questions for Michele from the floor.
C1: Abuse Contact Management Task Force
Brian said the Abuse Contact Management Task Force was formed after the RIPE 61 Meeting. He said there were a number of policies proposed there and the task force was formed with the intention of combining common issues from a number of those policies. He noted that the task force concentrated on abuse contact management issues.
Tobias gave an update on the work of the task force. He said they were close to making a proposal that addresses most of the issues seen. He said the proposal would include a request for an abuse-c contact in RIPE Database objects that is like the admin-c contact. He said the task force wants to ensure that everything is done in a way that makes life easy for maintainers. He said he hoped that the proposal could be published well in advance of the RIPE 64 Meeting.
Brian said he didn’t want to have a discussion on the proposal until it was issued. He said that Policy Proposal 2011-06 would pass through the Policy Development Process and hopefully consensus would be reached. He said they would then determine whether the task force should continue or be discontinued. He said information on the task force is published on the Anti-Abuse Working Group webpages. He said the task force would work on the proposal together with the RIPE Database Working Group. He concluded by asking that people give a clear opinion on the proposal on the Anti-Abuse mailing list when it is posted.
D1. Working Groups
Brian said there would be interaction with the RIPE Database Working Group, as noted in agenda point C1.
D3. RIPE NCC Gov/LEA Interactions Update
Brian noted that legal enforcement agencies (LEAs) and governments are becoming more aware of how people are using the Internet. He said the RIPE NCC has done an excellent job of getting LEAs around table and there has been a noticeably more collegiate atmosphere between representatives of LEAs and the Internet community of late. He said LEAs have not been as visible lately because they better understanding of the work of the RIPE community and are concentrating on other things at the moment.
Brian said he went to Europol with Jochem de Ruig and Marco Hogewoning from the RIPE NCC to talk about security issues. They have started to look at training investigators on IPv6 issues. He said there was also a Cyber Crime Working Party (CCWP) meeting in Paris the week before the RIPE 63 Meeting.
Brian said RIPE community representatives would go to the SOCA meeting in London in March 2012 to maintain that relationship. He also noted that governments have some ideas on web filtering but they are trying to steer them in the right direction where possible.
Aaron Kaplan, CERT.at, asked if anyone thought about collecting statistics from each country on IRT object entries.
Wilfried Woeber, RIPE Database Working Group Co-Chair, he thought the Anti-Abuse Policy Proposal should be set in motion first to see what then happens.
Brian reiterated that the proposal would go into the PDP as soon as possible.
Michele Neylon, Blacknight, said that a problem LEAs had was that registrars were slow to have something official available for the LEAs. He recommended that this group learn from that lesson.
Sasha Luck, Cork Internet Exchange, asked if the content of the discussion with LEAs would be published anywhere.
Brian said that the discussions are usually confidential but it was agreed with that people involved with the CCWP could report back to their communities on the issues were discussed.
Wilfried said that he has seen LEAs become more involved with Internet number resource issues. He said the Internet community should work with them as much as possible.
Tobias said that he wanted a RIPE Policy in place as soon as possible for those very reasons.
There was no other business to attend to.
Z. Agenda for RIPE 64
Brian said the working group tries to have a good mix of technical and anti-abuse-related discussions. He concluded that if people wanted different areas discussed or if they wanted to present at RIPE 64, they should contact one of the working group chairs. Brian thanked everyone for attending and closed the session at 17:28 (UTC +1).