From amsk0496 at hotmail.com Thu Apr 2 22:49:40 2009 From: amsk0496 at hotmail.com (anna GFYS) Date: Thu, 2 Apr 2009 16:49:40 -0400 Subject: [anti-abuse-wg] (no subject) Message-ID: I have this ip87.121.241.101. ssh remote login protocol that is trying to hack my compture and when i trace it this is whta i get orgname:Ripe Network Coordination Centre OrgID: Ripe address p.o box 10096 city: Amsterdam Stateprv: Postalcode:1001eb country: NL net range: 87.0.0.0-87.255.255.255 cidr:87.0.0.0/8 netname:87-ripe nethandle: Net-87-0-0-0-1 and so on need some help with? thank you anna _________________________________________________________________ Rediscover Hotmail?: Get quick friend updates right in your inbox. http://windowslive.com/RediscoverHotmail?ocid=TXT_TAGLM_WL_HM_Rediscover_Updates1_042009 -------------- next part -------------- An HTML attachment was scrubbed... URL: From brian.nisbet at heanet.ie Fri Apr 3 12:17:58 2009 From: brian.nisbet at heanet.ie (Brian Nisbet) Date: Fri, 03 Apr 2009 11:17:58 +0100 Subject: [anti-abuse-wg] (no subject) In-Reply-To: References: Message-ID: <49D5E256.3080501@heanet.ie> anna GFYS wrote the following on 02/04/2009 21:49: > I have this ip87.121.241.101. ssh remote login protocol > that is trying to hack my compture and when i trace it this is whta i get This mailing list is not an appropriate place to report abuse. I would advise you to take a look at the RIPE abuse FAQ here: http://www.ripe.net/info/faq/abuse/index.html Also, the whois program reports the following: bnisbet at saratoga:~$ whois 87.121.241.101 % This is the RIPE Whois query server #3. % The objects are in RPSL format. % % Rights restricted by copyright. % See http://www.ripe.net/db/copyright.html % Note: This output has been filtered. % To receive output for a database update, use the "-B" flag. % Information related to '87.121.192.0 - 87.121.255.255' inetnum: 87.121.192.0 - 87.121.255.255 netname: NETERRA-EVO-NET-II descr: IP Address range for Evo - VT country: BG admin-c: RSV1-RIPE tech-c: RSV1-RIPE status: ASSIGNED PA mnt-by: MNT-NETERRA mnt-domains: MNT-NETERRA mnt-domains: ETGABI-MNT mnt-routes: MNT-NETERRA mnt-routes: ETGABI-MNT source: RIPE # Filtered person: Rosen Stefanov Velikov address: 14, Stoyanch Ahtar Str. address: 5000 Veliko Tarnovo address: BULGARIA phone: +359 618 64210 e-mail: djok at evo.bg nic-hdl: RSV1-RIPE source: RIPE # Filtered % Information related to '87.121.240.0/20AS24964' route: 87.121.240.0/20 descr: EVO IP Space origin: AS24964 mnt-by: ETGABI-MNT source: RIPE # Filtered % Information related to '87.121.192.0/18AS24964' route: 87.121.192.0/18 descr: evo.bg IP-Space origin: AS24964 mnt-by: ETGABI-MNT source: RIPE # Filtered Regards, Brian. From michele at blacknight.ie Fri Apr 3 12:18:34 2009 From: michele at blacknight.ie (Michele Neylon :: Blacknight) Date: Fri, 3 Apr 2009 11:18:34 +0100 Subject: [anti-abuse-wg] (no subject) In-Reply-To: References: Message-ID: <5774C4B9-EA2A-446E-BE45-815FB92A11BF@blacknight.ie> On 2 Apr 2009, at 21:49, anna GFYS wrote: > 87.121.241.101 The abuse details are here: inetnum: 87.121.192.0 - 87.121.255.255 netname: NETERRA-EVO-NET-II descr: IP Address range for Evo - VT country: BG admin-c: RSV1-RIPE tech-c: RSV1-RIPE status: ASSIGNED PA mnt-by: MNT-NETERRA mnt-domains: MNT-NETERRA mnt-domains: ETGABI-MNT mnt-routes: MNT-NETERRA mnt-routes: ETGABI-MNT source: RIPE # Filtered person: Rosen Stefanov Velikov address: 14, Stoyanch Ahtar Str. address: 5000 Veliko Tarnovo address: BULGARIA phone: +359 618 64210 e-mail: djok at evo.bg <<<<< nic-hdl: RSV1-RIPE source: RIPE # Filtered % Information related to '87.121.2 Mr Michele Neylon Blacknight Solutions Hosting & Colocation, Brand Protection http://www.blacknight.com/ http://blog.blacknight.com/ Intl. +353 (0) 59 9183072 US: 213-233-1612 UK: 0844 484 9361 Locall: 1850 929 929 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 1 4811 763 ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,Ireland Company No.: 370845 From brian.nisbet at heanet.ie Wed Apr 15 12:48:20 2009 From: brian.nisbet at heanet.ie (Brian Nisbet) Date: Wed, 15 Apr 2009 11:48:20 +0100 Subject: [anti-abuse-wg] Final Call For Agenda Items Message-ID: <49E5BB74.8040401@heanet.ie> Colleagues, RIPE 58 is taking place in Amsterdam in a few short weeks. The WG session is on Thursday afternoon and if you would like to see anything included on the agenda now is the time to mention it. We will be looking to finalise the agenda shortly, so please get in contact should there be any points you wish to raise. Thanks, Brian. From badguyskiller at gmail.com Fri Apr 17 14:31:18 2009 From: badguyskiller at gmail.com (Badguys Killer) Date: Fri, 17 Apr 2009 14:31:18 +0200 Subject: [anti-abuse-wg] What to do when both RIR and ISP don't care? Message-ID: I have first to say sorry to this mailing-list, as this mail isn't related to RIPE but rather to LACNIC. I've traced back some hacking from an IP address (200.113.126.76) in an ISP (Telefonica Empresas). I've sent an abuse complaint to the only email address available (sescobar at isp.tie.cl) in LACNIC Whois but visibly the ISP didn't care and nothing was done. Then I had but to send another abuse complaint to LACNIC (abuse at lacnic.net). The only answer I got is an automatic message saying that it's not their responsibility at LACNIC to investigate abuse issues. That's really a bureaucratic act! What could we do in such situation? PS: Really sorry that I have to bring this issue in RIPE because in LACNIC website, there's really nothing to help users like in RIPE where you have a mailing-list, or like in APNIC where one could report invalid WHOIS info. From michele at blacknight.ie Fri Apr 17 14:46:14 2009 From: michele at blacknight.ie (Michele Neylon :: Blacknight) Date: Fri, 17 Apr 2009 13:46:14 +0100 Subject: [anti-abuse-wg] What to do when both RIR and ISP don't care? In-Reply-To: References: Message-ID: <9839ECAF-B15D-43AA-AC5C-39ACFEB81BC7@blacknight.ie> On 17 Apr 2009, at 13:31, Badguys Killer wrote: > I have first to say sorry to this mailing-list, as this mail > isn't related to RIPE but rather to LACNIC. > > I've traced back some hacking from an IP address (200.113.126.76) > in an ISP (Telefonica Empresas). I've sent an abuse complaint to the > only email address available (sescobar at isp.tie.cl) in LACNIC Whois but > visibly the ISP didn't care and nothing was done. > > Then I had but to send another abuse complaint to LACNIC > (abuse at lacnic.net). The only answer I got is an automatic message > saying that it's not their responsibility at LACNIC to investigate > abuse issues. > > That's really a bureaucratic act! What could we do in such > situation? > > PS: Really sorry that I have to bring this issue in RIPE because in > LACNIC website, there's really nothing to help users like in RIPE > where you have a mailing-list, or like in APNIC where one could report > invalid WHOIS info. > The reply you're going to get here isn't going to help you much either ... Have you tried contacting the ISP via more traditional methods? ie. the phone or fax? The RIR isn't going to be able to do anything Michele Mr Michele Neylon Blacknight Solutions Hosting & Colocation, Brand Protection http://www.blacknight.com/ http://blog.blacknight.com/ Intl. +353 (0) 59 9183072 US: 213-233-1612 UK: 0844 484 9361 Locall: 1850 929 929 Fax. +353 (0) 1 4811 763 ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,Ireland Company No.: 370845 From info at streamservice.nl Fri Apr 17 14:48:35 2009 From: info at streamservice.nl (Stream Service) Date: Fri, 17 Apr 2009 14:48:35 +0200 Subject: [anti-abuse-wg] What to do when both RIR and ISP don't care? In-Reply-To: References: Message-ID: <031301c9bf5a$d3b7f4e0$7b27dea0$@nl> Hello, You could try to find the upstreams for Telefonica Empresas and send the abuse also to them. Use a forward on your original message to sescobar at isp.tie.cl to show that you did send it to them. You could also try to inform Telefonica or another email address on the Telefonica Empresas website. You could also look for the rDNS and send an email to abuse@[domein].[tld] for example. Good luck. With kind regards, Mark Scholten -----Original Message----- From: anti-abuse-wg-admin at ripe.net [mailto:anti-abuse-wg-admin at ripe.net] On Behalf Of Badguys Killer Sent: vrijdag 17 april 2009 14:31 To: anti-abuse-wg at ripe.net Subject: [anti-abuse-wg] What to do when both RIR and ISP don't care? I have first to say sorry to this mailing-list, as this mail isn't related to RIPE but rather to LACNIC. I've traced back some hacking from an IP address (200.113.126.76) in an ISP (Telefonica Empresas). I've sent an abuse complaint to the only email address available (sescobar at isp.tie.cl) in LACNIC Whois but visibly the ISP didn't care and nothing was done. Then I had but to send another abuse complaint to LACNIC (abuse at lacnic.net). The only answer I got is an automatic message saying that it's not their responsibility at LACNIC to investigate abuse issues. That's really a bureaucratic act! What could we do in such situation? PS: Really sorry that I have to bring this issue in RIPE because in LACNIC website, there's really nothing to help users like in RIPE where you have a mailing-list, or like in APNIC where one could report invalid WHOIS info. From badguyskiller at gmail.com Fri Apr 17 19:10:31 2009 From: badguyskiller at gmail.com (Badguys Killer) Date: Fri, 17 Apr 2009 19:10:31 +0200 Subject: [anti-abuse-wg] What to do when both RIR and ISP don't care? In-Reply-To: <9839ECAF-B15D-43AA-AC5C-39ACFEB81BC7@blacknight.ie> References: <9839ECAF-B15D-43AA-AC5C-39ACFEB81BC7@blacknight.ie> Message-ID: No, I haven't tried the phone method as I'm in France while the ISP is in Chile. Is it really my responsibility to call them but not that of its upper RIR, ie LACNIC? I mean, can't LACNIC call it as this ISP is under it? On Fri, Apr 17, 2009 at 2:46 PM, Michele Neylon :: Blacknight wrote: > > > The reply you're going to get here isn't going to help you much either ... > > Have you tried contacting the ISP via more traditional methods? ie. the > phone or fax? > > The RIR isn't going to be able to do anything > > Michele From badguyskiller at gmail.com Fri Apr 17 19:14:02 2009 From: badguyskiller at gmail.com (Badguys Killer) Date: Fri, 17 Apr 2009 19:14:02 +0200 Subject: [anti-abuse-wg] What to do when both RIR and ISP don't care? In-Reply-To: <031301c9bf5a$d3b7f4e0$7b27dea0$@nl> References: <031301c9bf5a$d3b7f4e0$7b27dea0$@nl> Message-ID: Thanks for your suggestion. How am I supposed to find the upstreams? I mean, in LACNIC whois database, I'm not sure how to get such information: http://lacnic.net/cgi-bin/lacnic/whois?lg=EN&query=200.113.96/19 And this rDNS, I'm not sure I understand what it is or how to use it :( On Fri, Apr 17, 2009 at 2:48 PM, Stream Service wrote: > Hello, > > You could try to find the upstreams for Telefonica Empresas and send the > abuse also to them. Use a forward on your original message to > sescobar at isp.tie.cl to show that you did send it to them. > > You could also try to inform Telefonica or another email address on the > Telefonica Empresas website. You could also look for the rDNS and send an > email to abuse@[domein].[tld] for example. > > Good luck. > > With kind regards, > > Mark Scholten From sander at steffann.nl Fri Apr 17 19:16:04 2009 From: sander at steffann.nl (Sander Steffann) Date: Fri, 17 Apr 2009 19:16:04 +0200 Subject: [anti-abuse-wg] What to do when both RIR and ISP don't care? In-Reply-To: References: <9839ECAF-B15D-43AA-AC5C-39ACFEB81BC7@blacknight.ie> Message-ID: Hello, > No, I haven't tried the phone method as I'm in France while the > ISP is in Chile. Is it really my responsibility to call them but not > that of its upper RIR, ie LACNIC? I mean, can't LACNIC call it as > this ISP is under it? No, it's not their responsibility. An RIR provides IP addresses for LIRs. It is not responsible for traffic from those addresses or for communication with the holder of those addresses. Sander Steffann From jdfalk-lists at cybernothing.org Fri Apr 17 21:14:27 2009 From: jdfalk-lists at cybernothing.org (J.D. Falk) Date: Fri, 17 Apr 2009 13:14:27 -0600 Subject: [anti-abuse-wg] What to do when both RIR and ISP don't care? In-Reply-To: References: <031301c9bf5a$d3b7f4e0$7b27dea0$@nl> Message-ID: <49E8D513.7000804@cybernothing.org> Badguys Killer wrote: > Thanks for your suggestion. > > How am I supposed to find the upstreams? I mean, in LACNIC whois > database, I'm not sure how to get such information: > http://lacnic.net/cgi-bin/lacnic/whois?lg=EN&query=200.113.96/19 > > And this rDNS, I'm not sure I understand what it is or how to use it :( http://spam.abuse.net/userhelp/#trace has a lot of good information (though some is out of date) about tracing the source of spam so you can direct complaints appropriately. -- J.D. Falk Return Path Inc http://www.returnpath.net/ From mouse at Rodents-Montreal.ORG Fri Apr 17 16:35:16 2009 From: mouse at Rodents-Montreal.ORG (der Mouse) Date: Fri, 17 Apr 2009 10:35:16 -0400 (EDT) Subject: [anti-abuse-wg] What to do when both RIR and ISP don't care? In-Reply-To: <9839ECAF-B15D-43AA-AC5C-39ACFEB81BC7@blacknight.ie> References: <9839ECAF-B15D-43AA-AC5C-39ACFEB81BC7@blacknight.ie> Message-ID: <200904171446.KAA22635@Sparkle.Rodents-Montreal.ORG> >> Then I had but to send another abuse complaint to LACNIC >> (abuse at lacnic.net). The only answer I got is an automatic message >> saying that it's not their responsibility at LACNIC to investigate >> abuse issues. Yes. This is one of the reasons I got out of abuse-fighting: the upper levels of Internet governance (RIRs, domain registrars, and IANA/ICANN) are exercising authority without accepting the responsibility that goes with it. You're not likely to get anywhere. No such system is sustainable, of course, but the net is robust enough that it's taking quite a while for the abuses to grow to the point where the system collapses from them. (It's coming, though. I recently dropped by a university I used to work for, and someone who goes back even farther than I do there says there are now people trying to get them to build a completely private (totally off the net) email system so they'll have usable internal email.) /~\ The ASCII Mouse \ / Ribbon Campaign X Against HTML mouse at rodents-montreal.org / \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B From mouse at Rodents-Montreal.ORG Fri Apr 17 20:07:42 2009 From: mouse at Rodents-Montreal.ORG (mouse at Rodents-Montreal.ORG) Date: Fri, 17 Apr 2009 14:07:42 -0400 (EDT) Subject: [anti-abuse-wg] What to do when both RIR and ISP don't care? In-Reply-To: References: <9839ECAF-B15D-43AA-AC5C-39ACFEB81BC7@blacknight.ie> Message-ID: <200904171816.OAA23680@Sparkle.Rodents-Montreal.ORG> >> Is it really my responsibility to call them but not that of its >> upper RIR, ie LACNIC? Yes and no. It is LACNIC's responsibility in a moral sense; they have been granted a resource, and with authority over any resource comes responsibility for its use. However, Internet governance is severely broken. Those who need to impose that responsibility (IANA/ICANN) refuse to, and few (no, AFAIK) RIRs are sufficiently ethical to assume it on their own. So in a pragmatic sense, it is nobody's responsibility. Like any system in which responsibility and authority are severely mismatched, this is not sustainable. However, the net is robust enough that it's taking several years for the abuses to grow to the point of systemic collapse. (It's coming, though. I recently dropped by a university I used to work at, and apparently there are big voices arguing for a totally off-the-net private email system, simply for the sake of having working internal email. That's right, the abuses have grown to the point where email connectivity to the net has about equal positive and negative value.) /~\ The ASCII Mouse \ / Ribbon Campaign X Against HTML mouse at rodents-montreal.org / \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B From richard.cox at btuser.net Mon Apr 20 12:29:49 2009 From: richard.cox at btuser.net (Richard Cox) Date: Mon, 20 Apr 2009 10:29:49 +0000 Subject: [anti-abuse-wg] What to do when both RIR and ISP don't care? In-Reply-To: <200904171816.OAA23680@Sparkle.Rodents-Montreal.ORG> References: <200904171816.OAA23680@Sparkle.Rodents-Montreal.ORG> Message-ID: On Fri, 17 Apr 2009 18:07 UTC mouse at Rodents-Montreal.ORG wrote: > It is LACNIC's responsibility in a moral sense; they have been granted > a resource, and with authority over any resource comes responsibility > for its use. If that were the case I'm sure we would ALL be chasing LACNIC, AFRINIC, ARIN, APNIC and indeed RIPE. And while those bodies could do more to persuade their members/users to comply with an AUP, they can only do that where the resource they are providing is itself being abused. An example of that would be fake or misleading WHOIS information, or IP address range or ASN hijack, and so on: RIPE (due to the activities of what we used to call "RBN") has seen plenty of those issues recently. Logically, it is in the RIR's best interests to deal with all abuse issues in a timely manner because when an RIR fails to do that, the result is that the reputation of the IP ranges and ASNs becomes badly tarnished. End users will put in manual blocks so that IP addresses in those ranges cannot connect, or cannot deliver mail. Those blocks, when discarded or returned to the RIR, can no longer be reassigned to new users, and become wasted IP address space. That is happening NOW. > However, Internet governance is severely broken. If there is a meaningful concept of "Internet governance" then yes, it is severely broken. I don't believe that the concept really exists, in that I do not see how ICANN/IANA etc can be expected to enforce any form of policy on countries with vastly differing social and political structures, and with a wide range of cultures. Try getting any Russian prosecuted for any crimes committed outside Russia, for example. And in the case of cybercrime or issues of Internet Governance, there is the fundamental obstacle that it is nigh impossible to state with certainty exactly where (ie and in what jurisdiction) the cited offence occurred. > Those who need to impose that responsibility (IANA/ICANN) refuse to, > and few (no, AFAIK) RIRs are sufficiently ethical to assume it on > their own. So in a pragmatic sense, it is nobody's responsibility. ARIN, to my personal knowledge, has done a lot more than the other RIRs but I'm not at liberty to share any details. However RIRs are limited in what they can do - simply because they have no effective sanctions. There are two situations to consider: (a) where the resource-user is criminal in intent, and (b) where the resource-user provides resources to criminals but ignores complaints and allows the crime to continue. The only sanction an RIR would have (talking theoretically) is either to withdraw the users' resources, or refuse to allocate them new resources. But in case (a) no lack of resources would stop the criminals announcing their own unauthorised IP ranges through ASNs they control (whether or not that control is authorised), and in case (b) the action would only harm the other innocent users of that provider, and that's something that responsible people try to avoid doing. Here I am talking about RIRs as registries, which makes it a separate issue from what the COMMUNITY might choose to do, and that community is in my view where the responsibility for real Internet Governance should lie. The effective control on all forms of abuse is sourced from the ability of an upstream - in the ultimate - to remove connectivity. So in theory if the backbone providers become aware of crime or unmitigated abuse, they can and should block the IP ranges involved. And many of them do. I raise a glass to Telia, Level3, and Cogent, who recently did exactly that and stopped a considerable amount of criminal activity on the net which was originating in Turkey. Turkish law apparently does NOT allow providers there to disconnect customers for abuse unless Turkish law is broken: and Turkish law to deal with Cybercrime is close-to-nonexistent. I think we should all raise a glass to Hurricane Electric and the other USA upstreams that shut down McColo and Intercage: and now the trend has reached Hong Kong where Pacnet shut down the criminal-hoster "Hostfresh". (Hostfresh had previously got a lot of hosting from Intercage/Cernel Inc) So what is now needed is that other backbones/upstreams, who have so far operated a highly-diluted abuse policy, get with the program. Abovenet, Reach, VerizonBusiness (in the USA), RelianceGlobal, to name but a few. Identifying which they are, and persuading them to "upgrade" their abuse policies, is a task to which we can all contribute. But don't forget the impact of "Neutral Exchange Points" such as LINX, AMSIX etc: which by their own choices have NO Acceptable Use Policies. It's far more difficult to block criminal and harmful traffic when it is routed through such an Exchange, and the communities running those Exchanges really should review whether their policies are relevant to today's level criminal and abusive online activities. > the abuses have grown to the point where email connectivity to the > net has about equal positive and negative value. A large part of the _email_ abuse is caused by the failure of the US government to make the spamming of private persons illegal, just as it is in most civilised countries (and particularly Europe). But email abuse is now a very small part of the abuse on the Internet (think of botnets, malware, DNS changing, and so on) and that is why the name of this group was changed recently to reflect that trend. -- Richard Cox From badguyskiller at gmail.com Tue Apr 21 10:54:59 2009 From: badguyskiller at gmail.com (Badguys Killer) Date: Tue, 21 Apr 2009 10:54:59 +0200 Subject: [anti-abuse-wg] What to do when both RIR and ISP don't care? In-Reply-To: References: <200904171816.OAA23680@Sparkle.Rodents-Montreal.ORG> Message-ID: Actually, the problem also exists within EU itself. For example, the followining address has been having problem since a long time and nobody cares. __________________ The following recipient(s) cannot be reached: abuse at auna.es on 2009.04.21 10:16 There was a SMTP communication problem with the recipient's email server. Please contact your system administrator. From nuno.vieira at nfsi.pt Tue Apr 21 11:01:09 2009 From: nuno.vieira at nfsi.pt (Nuno Vieira - nfsi telecom) Date: Tue, 21 Apr 2009 10:01:09 +0100 (WEST) Subject: [anti-abuse-wg] What to do when both RIR and ISP don't care? In-Reply-To: Message-ID: <943126771.53861240304469228.JavaMail.root@zimbra.nfsi.pt> Try: abuse at ono.es afaik, Auna has been merged. regards, --- Nuno Vieira nfsi telecom, lda. nuno.vieira at nfsi.pt Tel. (+351) 21 949 2300 - Fax (+351) 21 949 2301 http://www.nfsi.pt/ ----- "Badguys Killer" wrote: > Actually, the problem also exists within EU itself. For example, > the followining address has been having problem since a long time and > nobody cares. > __________________ > > The following recipient(s) cannot be reached: > > abuse at auna.es on 2009.04.21 10:16 > There was a SMTP communication problem with the > recipient's email server. Please contact your system administrator. > denied.> From diego.lopez at rediris.es Tue Apr 21 17:42:36 2009 From: diego.lopez at rediris.es (Diego R. Lopez) Date: Tue, 21 Apr 2009 17:42:36 +0200 Subject: [anti-abuse-wg] What to do when both RIR and ISP don't care? In-Reply-To: <943126771.53861240304469228.JavaMail.root@zimbra.nfsi.pt> References: <943126771.53861240304469228.JavaMail.root@zimbra.nfsi.pt> Message-ID: AUNA was acquired long time ago by Orange, and I guess they have stopped servicing the domain at some point in time... On 21 Apr 2009, at 11:01, Nuno Vieira - nfsi telecom wrote: > Try: abuse at ono.es > > afaik, Auna has been merged. > > regards, > --- > Nuno Vieira > nfsi telecom, lda. > > nuno.vieira at nfsi.pt > Tel. (+351) 21 949 2300 - Fax (+351) 21 949 2301 > http://www.nfsi.pt/ > > > > ----- "Badguys Killer" wrote: > >> Actually, the problem also exists within EU itself. For example, >> the followining address has been having problem since a long time and >> nobody cares. >> __________________ >> >> The following recipient(s) cannot be reached: >> >> abuse at auna.es on 2009.04.21 10:16 >> There was a SMTP communication problem with the >> recipient's email server. Please contact your system administrator. >> > denied.> > > -- "Esta vez no fallaremos, Doctor Infierno" Dr Diego R. Lopez Red.es - RedIRIS The Spanish NREN e-mail: diego.lopez at rediris.es jid: diego.lopez at rediris.es Tel: +34 955 056 621 Mobile: +34 669 898 094 ----------------------------------------- From badguyskiller at gmail.com Wed Apr 22 11:05:13 2009 From: badguyskiller at gmail.com (Badguys Killer) Date: Wed, 22 Apr 2009 11:05:13 +0200 Subject: [anti-abuse-wg] What to do when both RIR and ISP don't care? In-Reply-To: References: <943126771.53861240304469228.JavaMail.root@zimbra.nfsi.pt> Message-ID: Thanks to all for your replies. I see that the contact info has been updated. Very fast. It would be nice if RIPE could provide a method for us to report invalid contact in Whois database. OTOH, abuse at auna.es or abuse at ono.es both have the same problem. I think it's something within that company. ----- The following recipient(s) cannot be reached: abuse at ono.es on 2009.04.22 11:00 There was a SMTP communication problem with the recipient's email server. Please contact your system administrator. ----- On Tue, Apr 21, 2009 at 5:42 PM, Diego R. Lopez wrote: > AUNA was acquired long time ago by Orange, and I guess they have stopped > servicing the domain > at some point in time... > > > On 21 Apr 2009, at 11:01, Nuno Vieira - nfsi telecom wrote: > >> Try: abuse at ono.es >> >> afaik, Auna has been merged. From badguyskiller at gmail.com Fri Apr 24 15:09:26 2009 From: badguyskiller at gmail.com (Badguys Killer) Date: Fri, 24 Apr 2009 15:09:26 +0200 Subject: [anti-abuse-wg] What to do when both RIR and ISP don't care? In-Reply-To: References: <943126771.53861240304469228.JavaMail.root@zimbra.nfsi.pt> Message-ID: About this error, my mail was actually sent from my company. I thought my company's mail server IP address might be blacklisted by auna.es SMTP server. So I had sent another mail from GMail asking if they are using some special blacklist. Two days have passed, I don't have this error, but I don't have any answer either! So you see, not only those countries like Russia or Turkey are the problem, those within EU are not that cooperating either... On Wed, Apr 22, 2009 at 11:05 AM, Badguys Killer wrote: > ? ? Thanks to all for your replies. > > ? ? I see that the contact info has been updated. ?Very fast. ?It > would be nice if RIPE could provide a method for us to report invalid > contact in Whois database. > > ? ? OTOH, abuse at auna.es or abuse at ono.es both have the same problem. > I think it's something within that company. > ----- > The following recipient(s) cannot be reached: > > ? ? ?abuse at ono.es on 2009.04.22 11:00 > ? ? ? ? ? ?There was a SMTP communication problem with the > recipient's email server. ?Please contact your system administrator. > ? ? ? ? ? ? > ----- From jesus.heras at rediris.es Fri Apr 24 18:19:34 2009 From: jesus.heras at rediris.es (Jesus Sanz de las Heras) Date: Fri, 24 Apr 2009 18:19:34 +0200 Subject: [anti-abuse-wg] What to do when both RIR and ISP don't care? In-Reply-To: References: <943126771.53861240304469228.JavaMail.root@zimbra.nfsi.pt> Message-ID: <49F1E696.40205@rediris.es> Badguys Killer escribi?: > About this error, my mail was actually sent from my company. I > thought my company's mail server IP address might be blacklisted by > auna.es SMTP server. So I had sent another mail from GMail asking if > they are using some special blacklist. Two days have passed, I don't > have this error, but I don't have any answer either! > > So you see, not only those countries like Russia or Turkey are > the problem, those within EU are not that cooperating either... Thats is no true. When a I read your message immediately I sent email to ONO abuse team and could be possible they updated contact. Its true that ONO had to keep updated them In Spain we have a good technical coordination forum of ISPs abuse spanish teams , his name its Foro ABUSES (http://www.abuses.es). I don't know if other europeans countries have a similar iniciatives. The main objetive of this Forum i have good contacts points and define best current practices and other iniciatives as Spanish WhiteList, spamtraps networks, SPF, special contact (police, hotmail,yahoo etc and other cert teams) and other activities (two anual meetings) included to have updated data RIPE Foro ABUSES is coordinated for people of spanish academic network as the best neutral spanish ISP. It's is free. I hope to improve your image of Spain ;-) and you are invite the next meeting in May, Madrid to know ONO/AUNA people ;-) Thanks in advance Regards > > > On Wed, Apr 22, 2009 at 11:05 AM, Badguys Killer > wrote: >> Thanks to all for your replies. >> >> I see that the contact info has been updated. Very fast. It >> would be nice if RIPE could provide a method for us to report invalid >> contact in Whois database. >> >> OTOH, abuse at auna.es or abuse at ono.es both have the same problem. >> I think it's something within that company. >> ----- >> The following recipient(s) cannot be reached: >> >> abuse at ono.es on 2009.04.22 11:00 >> There was a SMTP communication problem with the >> recipient's email server. Please contact your system administrator. >> >> ----- > > > -- Jesus Sanz de las Heras Red.ES/RedIRIS Tel:+34 91 212 76 25 (ext. 4319) Edificio Bronce Plaza Manuel Gomez Moreno, s/n 28020 Madrid SPAIN Email Systems security & abuse LISTSERV manager - Spanish Academic & Research Network (www.rediris.es) - From jorgen at hovland.cx Fri Apr 24 20:17:10 2009 From: jorgen at hovland.cx (=?ISO-8859-1?Q?J=F8rgen_Hovland?=) Date: Fri, 24 Apr 2009 20:17:10 +0200 Subject: [anti-abuse-wg] What to do when both RIR and ISP don't care? In-Reply-To: <49F1E696.40205@rediris.es> References: <943126771.53861240304469228.JavaMail.root@zimbra.nfsi.pt> <49F1E696.40205@rediris.es> Message-ID: <49F20226.4070207@hovland.cx> An HTML attachment was scrubbed... URL: From info at streamservice.nl Fri Apr 24 21:01:16 2009 From: info at streamservice.nl (Stream Service) Date: Fri, 24 Apr 2009 21:01:16 +0200 Subject: [anti-abuse-wg] What to do when both RIR and ISP don't care? In-Reply-To: <49F1E696.40205@rediris.es> References: <943126771.53861240304469228.JavaMail.root@zimbra.nfsi.pt> <49F1E696.40205@rediris.es> Message-ID: <00ed01c9c50f$0ccb6f50$26624df0$@nl> Hello, But is there somewhere a list with all similar sites/forums about where to report things for more countries? With kind regards, Mark Scholten -----Original Message----- From: anti-abuse-wg-admin at ripe.net [mailto:anti-abuse-wg-admin at ripe.net] On Behalf Of Jesus Sanz de las Heras Sent: vrijdag 24 april 2009 18:20 To: Badguys Killer Cc: anti-abuse-wg at ripe.net Subject: Re: [anti-abuse-wg] What to do when both RIR and ISP don't care? Badguys Killer escribi?: > About this error, my mail was actually sent from my company. I > thought my company's mail server IP address might be blacklisted by > auna.es SMTP server. So I had sent another mail from GMail asking if > they are using some special blacklist. Two days have passed, I don't > have this error, but I don't have any answer either! > > So you see, not only those countries like Russia or Turkey are > the problem, those within EU are not that cooperating either... Thats is no true. When a I read your message immediately I sent email to ONO abuse team and could be possible they updated contact. Its true that ONO had to keep updated them In Spain we have a good technical coordination forum of ISPs abuse spanish teams , his name its Foro ABUSES (http://www.abuses.es). I don't know if other europeans countries have a similar iniciatives. The main objetive of this Forum i have good contacts points and define best current practices and other iniciatives as Spanish WhiteList, spamtraps networks, SPF, special contact (police, hotmail,yahoo etc and other cert teams) and other activities (two anual meetings) included to have updated data RIPE Foro ABUSES is coordinated for people of spanish academic network as the best neutral spanish ISP. It's is free. I hope to improve your image of Spain ;-) and you are invite the next meeting in May, Madrid to know ONO/AUNA people ;-) Thanks in advance Regards > > > On Wed, Apr 22, 2009 at 11:05 AM, Badguys Killer > wrote: >> Thanks to all for your replies. >> >> I see that the contact info has been updated. Very fast. It >> would be nice if RIPE could provide a method for us to report invalid >> contact in Whois database. >> >> OTOH, abuse at auna.es or abuse at ono.es both have the same problem. >> I think it's something within that company. >> ----- >> The following recipient(s) cannot be reached: >> >> abuse at ono.es on 2009.04.22 11:00 >> There was a SMTP communication problem with the >> recipient's email server. Please contact your system administrator. >> >> ----- > > > -- Jesus Sanz de las Heras Red.ES/RedIRIS Tel:+34 91 212 76 25 (ext. 4319) Edificio Bronce Plaza Manuel Gomez Moreno, s/n 28020 Madrid SPAIN Email Systems security & abuse LISTSERV manager - Spanish Academic & Research Network (www.rediris.es) - From badguyskiller at gmail.com Sat Apr 25 16:56:06 2009 From: badguyskiller at gmail.com (Badguys Killer) Date: Sat, 25 Apr 2009 16:56:06 +0200 Subject: [anti-abuse-wg] What to do when both RIR and ISP don't care? In-Reply-To: <49F1E696.40205@rediris.es> References: <943126771.53861240304469228.JavaMail.root@zimbra.nfsi.pt> <49F1E696.40205@rediris.es> Message-ID: On Fri, Apr 24, 2009 at 6:19 PM, Jesus Sanz de las Heras wrote: > > Thats is no true. When a I read your message immediately I sent email to > ONO abuse team and ?could be possible they updated contact. Its true that > ONO had to keep updated them Do you mean you got the same "550" error or not? > In Spain we have a good technical coordination forum of ?ISPs abuse spanish > teams , his name its Foro ABUSES (http://www.abuses.es). I don't know if > other europeans countries have a similar iniciatives. The main objetive of > this Forum i have good contacts points and define best current practices > and other iniciatives as Spanish WhiteList, spamtraps networks, SPF, > special contact (police, hotmail,yahoo etc and other cert teams) ? and > other activities (two anual meetings) included to have updated data RIPE > > Foro ABUSES is coordinated for people of spanish academic network as ?the > best neutral spanish ISP. It's is free. > I hope to improve your image of Spain ;-) and you are invite the next > meeting in May, Madrid to know ONO/AUNA ?people ;-) Don't get me wrong. I didn't mean every Spanish ISP is like that, just some. Or in a more general sense, even in EU some ISP isn't that co-operative. And in the opposite, it's not because an ISP isn't in EU, eg Russia or Turkey or China, that it's certainly bad/not co-operative. We have to see things individually but not judge them in a whole. I'd like to go to Spain, but May is also a very busy month for me :( But thanks for the invitation :) From badguyskiller at gmail.com Sat Apr 25 17:01:56 2009 From: badguyskiller at gmail.com (Badguys Killer) Date: Sat, 25 Apr 2009 17:01:56 +0200 Subject: [anti-abuse-wg] What to do when both RIR and ISP don't care? In-Reply-To: <49F20226.4070207@hovland.cx> References: <943126771.53861240304469228.JavaMail.root@zimbra.nfsi.pt> <49F1E696.40205@rediris.es> <49F20226.4070207@hovland.cx> Message-ID: It's not a matter of laziness or not, but a matter of time and money. I mean, should I use my own time and my company's money to fix something not belonging to me/us? Of course, I won't argue that someone might say YES, and this is very generous. But discarding generosity from someone full of resource (time, money), I doubt this YES means a majority. I'm quite certain that common sense would make most of us say NO. 2009/4/24 J?rgen Hovland : > May I suggest, > > If the contact method doesn't work, use another.? Also please tell the LIR > about the invalid contact information when you reach them. If you are too > lazy to use another contact method, the incident is obviously of no > importance. > If none of the contact methods listed for the LIR work, tell the RIR about > it and they will hopefully update the contactinfo (or you can perhaps also > ask for proper contact info on this list). > Contactinfo for the RIR is listed on their website. From jorgen at hovland.cx Sun Apr 26 09:22:17 2009 From: jorgen at hovland.cx (=?ISO-8859-1?Q?J=F8rgen_Hovland?=) Date: Sun, 26 Apr 2009 09:22:17 +0200 Subject: [anti-abuse-wg] What to do when both RIR and ISP don't care? In-Reply-To: References: <943126771.53861240304469228.JavaMail.root@zimbra.nfsi.pt> <49F1E696.40205@rediris.es> <49F20226.4070207@hovland.cx> Message-ID: <49F40BA9.3060601@hovland.cx> An HTML attachment was scrubbed... URL: From bradley.freeman at csirt.ja.net Mon Apr 27 12:38:40 2009 From: bradley.freeman at csirt.ja.net (Bradley Freeman) Date: Mon, 27 Apr 2009 11:38:40 +0100 Subject: [anti-abuse-wg] Few Points on Documentation Message-ID: <000601c9c724$54ad1870$fe074950$@freeman@csirt.ja.net> Just a few questions, the only document I can find associated with the anti abuse wg is ripe-409 Good Practice in Minimising E-mail Abuse (Are there any more?). As it was initially crafted when the working groups focus was primarily on anti spam and now that the working group is looking at ways of reducing network abuse would there be any benefit to coming up with a new document which details best practices in reducing abuse and dealing with it? Also ripe-409 is becoming dated notably in its discussion of which abuse mailbox to use for abuse reports, would it be advisable to update this document to reflect changes. Cheers, Bradley From brian.nisbet at heanet.ie Mon Apr 27 13:48:57 2009 From: brian.nisbet at heanet.ie (Brian Nisbet) Date: Mon, 27 Apr 2009 12:48:57 +0100 Subject: [anti-abuse-wg] Few Points on Documentation In-Reply-To: <000601c9c724$54ad1870$fe074950$@freeman@csirt.ja.net> References: <000601c9c724$54ad1870$fe074950$@freeman@csirt.ja.net> Message-ID: <49F59BA9.4050809@heanet.ie> Bradley, Bradley Freeman wrote the following on 27/04/2009 11:38: > Just a few questions, the only document I can find associated with the anti > abuse wg is ripe-409 Good Practice in Minimising E-mail Abuse (Are there any > more?). As it was initially crafted when the working groups focus was > primarily on anti spam and now that the working group is looking at ways of > reducing network abuse would there be any benefit to coming up with a new > document which details best practices in reducing abuse and dealing with it? > > > Also ripe-409 is becoming dated notably in its discussion of which abuse > mailbox to use for abuse reports, would it be advisable to update this > document to reflect changes. In short, yes. There would be benefit to updating ripe-409 and there is a plan in place to do so. Sadly the time and people haven't been there to do it. Richard and I are rather hoping that, with some assistance from the WG, we can update the bulk of the document this year, but I'm hoping we'll have more accurate timelines after RIPE 58. Regards, Brian. AA WG Co-Chair