[anti-abuse-wg] DRAFT: RIPE proposal - implementation of an abuse
- Previous message (by thread): [anti-abuse-wg] DRAFT: RIPE proposal - implementation of an abuse
- Next message (by thread): [anti-abuse-wg] DRAFT: RIPE proposal - implementation of an abuse
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Michele Neylon :: Blacknight
michele at blacknight.ie
Fri Apr 9 10:38:36 CEST 2010
On 8 Apr 2010, at 19:27, Frank Gadegast , Dipl-Inform. Frank Gadegast wrote: >> >>> You dont need to know the real one until you have one for every IP. >> >> As I mentioned, you might simply want to contact the abuse team >> regarding a more general issue. Quite often if I can't find a published >> abuse contact for foo.com so I'll dig www.foo.com and then lookup the >> returned address in the RIPE DB - I'm not at all interested in an >> address specific to that IP address though. > > well, you can still look it up. > > But see it this way: > - most provider use anti spam tools like SpamAssassin to protect there > customer > - SA surely lists the IP that was connecting and causing the spam > - you can then automatically forward the spam plus a initial text, > describing that you do not want this to the general "IP like" address > - and the monitoring system will then forward it to the > right RIPE member (and to EVERY member) So if a machine on a network were compromised / abused and a large amount of spam was sent out, how many of these emails would you see being relayed via RIPE to the abuse contact?? > > > You can then look up the report (or even automate it), reset > his radius password and kick him out, waiting for him > to phone your support :o) Not everyone has the same business model > > Or you could redirect him to a webpage describing that there > are too many reports coming in for his IP in a whatever time. > Its all up you. > > My dream system looks like this: > - abuse reports will get standarized that would be helpful > - monitoring systems will be developed at all RIRs Monitoring for what exactly??? > - spam detection will be automated at the providers side > and send standarized reports to the RIRs monitoring system > > - and the RIRs member automates and scans the incoming reports > like he wants (maybe by devining minimum values and limits) > and automates the blockage and information of his users > > Sounds great ? > > Well, thats actually what we are doing already with our own users. > If we detect incoming spam with high scores a couple of times > in a short time we kick the users offline automatically and redirect > him next time he loggs in to a information page, where he finds > our support numbers :o) > > Wroks simply great, and I would love to get closer to such a system > together with ALL ISP And again you are working under the false assumption that ALL RIPE members offer the same services as you do and in the same way. > > "Bad providers" could be even published by RIPE :o) Are you insane? RIPE cannot open itself up for that kind of liability >> > > Well, thats only work at RIPE NCC, its not that complicated to > automated bounces ... So you say .. You cannot speak for all providers / RIPE members. You are also suggesting putting a very heavy load on RIPE's systems which someone will have to pay for. Who? > > >> confirmation would be enough, although you'd need some way to deal with >> automated reports. > > Well, the monitoring system could send always the same backlink > for the same IP, so that the ISP could still count the amount > of incoming reports for one IP automatically and then > "answers" it as being closed with just clicking ONE link. > > Good idea ? So you expect RIPE members to completely rework their abuse desks to fit into your view of the world? I can't see that happening, because not all RIPE members are the same or work in the same way. Mr Michele Neylon Blacknight Solutions Hosting & Colocation, Brand Protection ICANN Accredited Registrar http://www.blacknight.com/ http://blog.blacknight.com/ http://mneylon.tel Intl. +353 (0) 59 9183072 US: 213-233-1612 UK: 0844 484 9361 Locall: 1850 929 929 Twitter: http://twitter.com/mneylon ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,Ireland Company No.: 370845
- Previous message (by thread): [anti-abuse-wg] DRAFT: RIPE proposal - implementation of an abuse
- Next message (by thread): [anti-abuse-wg] DRAFT: RIPE proposal - implementation of an abuse
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]