Anti-Abuse WG – RIPE 70

Date: Wednesday, 13 May 14:00 - 15:30
Location: Okura Hotel, Amsterdam
WG Chairs: Brian Nisbet, Tobias Knecht
Scribe: Matt Parker
Chat Monitor: Mirjam Kühne

A. Administrative Matters

Brian opened the session and welcomed the attendees. He introduced the WG co-chair, Tobias Knecht, and thanked the support staff including the scribe, chat monitor and stenographer. Brian mentioned that the minutes
of RIPE 69 were circulated and did not receive any comments so they are now deemed official.

B. Update

B1. AA-WG Chair Matters

Tobias Knecht, WG co-chair, explained that Brian Nisbet would be stepping down as WG co-chair and that there was one new candidate for the role - Brian Nisbet. Tobias explained that there had been no feedback on the mailing list and unless there were any objections in the room Brian would be confirmed as the WG co-chair for a further three years. There were no objections and Tobias congratulated Brian on his appointment.

Brian thanked the WG for it’s support and for putting in place a process for electing new co-chairs and giving other people the opportunity to get involved in the Working Group. Brian stressed that this new process only applies to the Anti-Abuse Working Group (and not all Working Groups as originally mentioned in the agreement sent to the mailing list.

B2. Recent Mailing List Discussions

The most recent discussion on the AA mailing list concerned abuse-c contact methods. People were asking about other solutions, for example web forms, rather than solely using email for abuse reports. Brian believed that this was sufficiently discussed on the mailing list but asked for comments from the audience.

Piotr Strzyzewski, Database WG co-chair, approached the microphone and noted that he had posted an email to the ERX-Holders mailing list to bring the abuse-c discussion to their attention. He also mentioned the proposed 'cleanup' of abuse contacts that is currently being discussed in BoF groups in both the anti-abuse and database working groups.

Brian explained that he believed the proper place for the discussion was the Database WG and the associated mailing list but he will keep a close eye on it in relation to the activities of the Anti-Abuse WG.

C. Policies

Brian announced that the only policy currently involving the Anti-Abuse WG is the abuse-c cleanup that was discussed in the previous agenda item.

In addition Brian spoke about a discussion earlier in the day during the Address Policy WG where the RIPE NCC has been asked about performing regular verification checks on AS Number usage. The Anti-Abuse WG had previously discussed regular verification of information and, with this in mind, Brian will keep an eye on the discussion in Address Policy. Brian’s only comment at this stage was that the proposal could potentially open the door to adding extra information to the verification email.

He stressed that his comment was neither negative nor positive – simply something to be aware of.

D. Interactions

D1. Working Groups

Brian commented that the regular interaction with the Database WG was good and should continue.

D2. RIPE NCC Government/LEA Interactions Update – Marco Hogewoning, RIPE NCC

The presentation is available at:
https://ripe70.ripe.net/presentations/58-MH-RIPE70-AA-LEA-update-draft-AG.pdf

Alexander Isavin, private person, mentioned that he had read the report on LEA requests and asked whether the presentations from the meeting with the UK national crime agency would be published. Marco replied that the RIPE NCC would publish their presentation but the UK National Crime Agency would need to give permission to also share their presentation.

Alexander also raised the question of whether the training and education that the RIPE NCC is providing to LEAs could be abused. He asked how the public could control the activities of the LEAs. Brian noted that the education and training provided by the RIPE NCC only shows LEAs how to use the relevant tools to access publicly available information.

Requests for private information would require the usual court orders etc.

D3. AA-WG at M3AAWG

Brian announced that he and his co-chair, Tobias, would be attending the Messaging Malware Mobile Anti-Abuse Working Groupin Dublin this year. Brian will be presenting about the RIPE community, the AA-WG and the RIPE NCC.

E. Presentations

E1. Mapping out Cyber Crime Infrastructure - A Law Enforcement Approach
- Jon Flaherty, UK National Crime Agency National Cyber Crime Unit

The presentation is available at:

https://ripe70.ripe.net/presentations/56-Mapping-An-LE-Approach-RIPE-70-Final.pdf

Jim Reid, RTFM, thanked Jon for coming and speaking to the working group and commented that it was useful for the Internet community to get an understanding of the challenges that are facing law enforcement. He also commented that the focus of the presentation was public data sources and asked what law enforcement were able to do about criminals who were anonymising their IP addresses. Jon replied that this is a challenge for law enforcement and that although they have some tools available to them there is still some work to do.

Jim Reid commented that it must be problematic dealing with multiple jurisdictions when trying to tackle cyber crime. Marco Hogewoning asked if they were able to share intelligence cross-border or if they were limited to sharing only with UK ISPs. Jon replied that this was something that was still under legal consideration and is certainly of interest.

Alexander Isavin, private person, asked if Jon could share the results of the research in terms of crimes prevented, criminals jailed etc. Jon replied that they would be happy to share their findings but that currently these are ongoing investigations and they are not at a stage where findings can be shared yet.

Brian added that over the years the community interaction with law enforcement has gotten better and better and that he hopes this will not be the last presentation of this kind that we have at RIPE meetings.

E2. DNS-Based DDoS: Fast Changing Threat - Bruce Van Nice, Nominum

The presentation is available at:
https://ripe70.ripe.net/presentations/103-DNSBasedDDoSEvolvingThreatRIPEMAYl2015FINAL.pdf

There were no questions.

X. A.O.B.

Piotr Strzyzewski, Database WG co-chair, raised attention to the ongoing discussion in the Database Working Group about UTF8 implementation in the RIPE Database. Brian encouraged the attendees to take a look.

Rüdiger Volk, Deutsche Telekom Technik, asked whether other attendees had been spammed by one of the meeting sponsors and commented that we should not endorse this type of activity. Brian replied that he was not
aware of this but would be happy to formally take it up with the relevant parties at the RIPE NCC.

Blake Willis, L33 Networks, spoke about the ‘traceability’ of users and discussed challenge of dealing with differing ‘requirements’ for collecting, storing and requesting data across Europe. He would like to encourage more discussion about technologies such as IPv6 and Carrier Grade NAT as well as standardisation of logging requirements. He believes that the Anti-Abuse Working Group is a good place for this discussion.

Z. Agenda for RIPE 71

Brian reminded everybody that agenda items can be submitted at any time, they do not have to wait for the final two months.

RIPE Forum

The RIPE Forum is an additional way to participate in RIPE community mailing list discussions using a web-based interface rather than an email client.

Check out the forum