[anti-abuse-wg] Hijacked netblocks - any SOP for these?
Aftab Siddiqui aftab.siddiqui at gmail.com
Thu Jul 28 12:55:38 CEST 2011
If you check the weekly CIDR-Report than you will find certain prefixes in bogus adv head for many many months. NO RIR cares about it. we've been attacked/spammed/phished by such bogus prefix adv in past. Regards, Aftab A. Siddiqui On Thu, Jul 28, 2011 at 3:33 PM, Frank Gadegast < ripe-anti-spam-wg at powerweb.de> wrote: > Michele Neylon :: Blacknight wrote: > >> >> On 28 Jul 2011, at 09:48, Frank Gadegast wrote: >> >>> >>>> >>> Not at all out of scope. >>> >> >> I think it is out of scope >> >> It is a slippery slope >> >> Next you'll have people demanding that RIPE check what content is >> published on IP blocks .. >> > > Good idea. > > Other organisations are monitoring content too to prevent abuse, like > search engines that do not even want results from hacked sites > in their index. > > RIPE is defny responsible for any abuse, whatever it is. > > Lets have an example: > A highjacker is using some netblocks to attack a big bank. > They are flodded from this IP block and the attacker also > sets up a lot of pishing servers using these IPs. > > Will RIPE ask the LIR about whats going on with his assignment ? > Will RIPE deroute this netblock at all ? > Just after the bank complaints ? > After somebody complains to RIPE that there are pishing servers on this > netblock ? > > What will happen ? > > Cant be, that RIPE is doing nothing (to my opinion). > And it would be very interesting what RIPE would do right now > in this scenario. > Who knows more ? > > > Kind regards, Frank > > > >> >> >> >>> You are right saying, that a listing does not proof anything, >>> but its a good indication (like I sayd above). >>> >> >> Not necessarily. >> >> There are a multitude of reasons why an IP block can get listed - while it >> *might* be an indicator that you or I can use for our own *private* >> networks, it is not something that an organization like RIPE should be >> doing, as there is absolutely no standard or certification of DNS >> blacklists. >> >> >> >>> RIPE NCC could ask the member, whats going on with that netblock, >>> if they see a listing. I guess a lot of members do not >>> even realize, that their old netblocks are routed >>> somewhere else. >>> >>> RIPE NCC has to check the use of assigned netblocks anyway >>> (if I understand some rules right). >>> >> >> No - the "usage" is related to the assignment rules >> >> >> It cannot be that >>> assigned netblocks are used by non-members or members >>> the netblock wasnt assigned to … >>> >> >> Sorry, but I don't understand what you mean here >> >> regards >> >> Michele >> >> Mr Michele Neylon >> Blacknight Solutions >> Hosting& Colocation, Brand Protection >> ICANN Accredited Registrar >> http://www.blacknight.com/ >> http://blog.blacknight.com/ >> http://blacknight.mobi/ >> http://mneylon.tel >> Intl. +353 (0) 59 9183072 >> US: 213-233-1612 >> UK: 0844 484 9361 >> Locall: 1850 929 929 >> Direct Dial: +353 (0)59 9183090 >> Twitter: http://twitter.com/mneylon >> ------------------------------**- >> Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business >> Park,Sleaty >> Road,Graiguecullen,Carlow,**Ireland Company No.: 370845 >> >> >> >> >> > > -- > > Mit freundlichen Gruessen, > -- > PHADE Software - PowerWeb http://www.powerweb.de > Inh. Dipl.-Inform. Frank Gadegast mailto:frank at powerweb.de > Schinkelstrasse 17 fon: +49 33200 52920 > 14558 Nuthetal OT Rehbruecke, Germany fax: +49 33200 52921 > ==============================**==============================**========== > Public PGP Key available for frank at powerweb.de > > -------------- next part -------------- An HTML attachment was scrubbed... URL: https://www.ripe.net/ripe/mail/archives/anti-abuse-wg/attachments/20110728/dc3eca3e/attachment.html