[anti-abuse-wg] Reporting Fraud
- Previous message (by thread): [anti-abuse-wg] Reporting Fraud
- Next message (by thread): [anti-abuse-wg] Reporting Fraud
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Michele Neylon :: Blacknight
michele at blacknight.ie
Wed Sep 29 10:45:58 CEST 2010
Ronald If we were putting servers in the US we would probably have to get an AS number and allocation from ARIN. We also would have non-EU clients with RIPE space. Regards Michele Mr. Michele Neylon Blacknight http://Blacknight.tel Via iPhone so excuse typos and brevity On 28 Sep 2010, at 22:06, "Ronald F. Guilmette" <rfg at tristatelogic.com> wrote: > > In message <A.1P0dJI-000Kvu-EO at smtp-ext-layer.spamhaus.org>, you wrote: > >> Brian Nisbet <brian.nisbet at heanet.ie> wrote: >> >>> There's no webform for this, no, but if you email ncc at ripe.net >>> and/or abuse at ripe.net, this should get things to the right >>> person and it can go from there. >> >> Given the number of cases I've reported to RIPE, and the apparent >> inaction, I'm not convinced that either of those would be a viable >> communications channel. Perhaps we do need a webform. No doubt >> the RIPE NCC will protest that since there isn't a policy that tells >> them to actually do anything about such cases, there's no point us >> having a webform anyway. > > Hummm... OK. I didn't realize things were that bad. > > So, ah, maybe the Right Place To Start would be for somebody (perhaps > even this working group?) to propose at least some sort of a policy > (e.g. on hijacked ASNs and/or address blocks) for RIPE's consideration (?) > > I do agree that in the absence of any policy to even investigate, a web > form for submissions isn't going to help a lot. > > Meanwhile, on a related topic... > > Now that people here were kind enough to point me at the -B option for the > RIPE whois server, I did manage to get a tiny bit more information about > that Belize-domiciled network (INSTANTEXCHANGER-NET) that I mentioned earlier: > > % fgrep ' 20' INSTANTEXCHANGER-NET > changed: hostmaster at ripe.net 20100414 > changed: sp at instant-exchanger.com 20100410 > changed: sp at instant-exchanger.com 20100410 > > % fgrep ' 20' AS50877 > changed: hostmaster at ripe.net 20100414 > changed: sp at instant-exchanger.com 20100410 > changed: sp at instant-exchanger.com 20100410 > > So it would appear that I may have been correct, and that this ``European'' > oddity was issued only just earlier this year... in April to be precise. > > Short of traveling a long distance by plane and showing up physically to > the next RIPE meeting, is there any way for me to find out why an ASN > (AS50877) and also a non-trivial amount of IPv4 space (195.80.148.0/22) > would have been assigned by RIPE staff to a company that, according to > the RIPE whois records themselves, is domiciled in Latin America? > > (Separate question: Is there any way to obtain archived dumps of the > RIPE whois data base, e.g. from April of this year, so that I might be > able to check and see if the original whois for the AS & IP block also > said "Belize", as I suspect it did?) > > Certainly, if RIPE is not responding at all to reports of hijackings of > pre-existing & previously allocated ASNs and/or IP blocks, then I would > say that that is certainly a problem. But this whole Belize thing is > different, I think, and perhaps in some ways worse. Why would anyone > bother to hijack an IP block or an ASN if RIPE will just issue you either > of those things, willy nilly, no matter where you live? > > > Regards, > rfg >
- Previous message (by thread): [anti-abuse-wg] Reporting Fraud
- Next message (by thread): [anti-abuse-wg] Reporting Fraud
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]