[anti-abuse-wg] Hijacked netblocks - any SOP for these?
Frank Gadegast ripe-anti-spam-wg at powerweb.de
Thu Jul 28 12:33:59 CEST 2011
Michele Neylon :: Blacknight wrote: > > On 28 Jul 2011, at 09:48, Frank Gadegast wrote: >>> >> >> Not at all out of scope. > > I think it is out of scope > > It is a slippery slope > > Next you'll have people demanding that RIPE check what content is published on IP blocks .. Good idea. Other organisations are monitoring content too to prevent abuse, like search engines that do not even want results from hacked sites in their index. RIPE is defny responsible for any abuse, whatever it is. Lets have an example: A highjacker is using some netblocks to attack a big bank. They are flodded from this IP block and the attacker also sets up a lot of pishing servers using these IPs. Will RIPE ask the LIR about whats going on with his assignment ? Will RIPE deroute this netblock at all ? Just after the bank complaints ? After somebody complains to RIPE that there are pishing servers on this netblock ? What will happen ? Cant be, that RIPE is doing nothing (to my opinion). And it would be very interesting what RIPE would do right now in this scenario. Who knows more ? Kind regards, Frank > > > >> >> You are right saying, that a listing does not proof anything, >> but its a good indication (like I sayd above). > > Not necessarily. > > There are a multitude of reasons why an IP block can get listed - while it *might* be an indicator that you or I can use for our own *private* networks, it is not something that an organization like RIPE should be doing, as there is absolutely no standard or certification of DNS blacklists. > > >> >> RIPE NCC could ask the member, whats going on with that netblock, >> if they see a listing. I guess a lot of members do not >> even realize, that their old netblocks are routed >> somewhere else. >> >> RIPE NCC has to check the use of assigned netblocks anyway >> (if I understand some rules right). > > No - the "usage" is related to the assignment rules > > >> It cannot be that >> assigned netblocks are used by non-members or members >> the netblock wasnt assigned to … > > Sorry, but I don't understand what you mean here > > regards > > Michele > > Mr Michele Neylon > Blacknight Solutions > Hosting& Colocation, Brand Protection > ICANN Accredited Registrar > http://www.blacknight.com/ > http://blog.blacknight.com/ > http://blacknight.mobi/ > http://mneylon.tel > Intl. +353 (0) 59 9183072 > US: 213-233-1612 > UK: 0844 484 9361 > Locall: 1850 929 929 > Direct Dial: +353 (0)59 9183090 > Twitter: http://twitter.com/mneylon > ------------------------------- > Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty > Road,Graiguecullen,Carlow,Ireland Company No.: 370845 > > > > -- Mit freundlichen Gruessen, -- PHADE Software - PowerWeb http://www.powerweb.de Inh. Dipl.-Inform. Frank Gadegast mailto:frank at powerweb.de Schinkelstrasse 17 fon: +49 33200 52920 14558 Nuthetal OT Rehbruecke, Germany fax: +49 33200 52921 ====================================================================== Public PGP Key available for frank at powerweb.de