[anti-abuse-wg] the final question ...
Frank Gadegast ripe-anti-spam-wg at powerweb.de
Fri Apr 9 12:23:20 CEST 2010
peter h wrote: (please also read below) Hello, >> So if a machine on a network were compromised / abused and a large amount of spam was sent out, how many of these emails would you see being relayed via RIPE to the abuse contact?? > proportional to the number of spam. Are you suprised that lot's of spam > generates lots of complaints ? Thats a point, so there should be methods implemented to detect outbreaks, lets say something like: if there are more than 50 reports are coming for one IP during 10 minutes, store the reports and do not notify the member anymore about it. >>> >>> You can then look up the report (or even automate it), reset >>> his radius password and kick him out, waiting for him >>> to phone your support :o) >> Not everyone has the same business model > Some does better the others. For those that has no means of > blocking a bad behaving customer the would need to rethink their model. Defny right. But at least the system would make it easier for everybody willing to something. >>> Or you could redirect him to a webpage describing that there >>> are too many reports coming in for his IP in a whatever time. >>> Its all up you. >>> >>> My dream system looks like this: >>> - abuse reports will get standarized >> that would be helpful A big yes. Thats why I outlined it as a final goal in the draft. >>> Well, thats actually what we are doing already with our own users. >>> If we detect incoming spam with high scores a couple of times >>> in a short time we kick the users offline automatically and redirect >>> him next time he loggs in to a information page, where he finds >>> our support numbers :o) >>> >>> Wroks simply great, and I would love to get closer to such a system >>> together with ALL ISP >> >> And again you are working under the false assumption that ALL RIPE members offer the same services as you do and in the same way. > Nope, some lazy ISP's will have to adjust their procedures. > Allowed to use an ip-range is both a benefit and an obligation. Society at large does > not work when rogue individuals mis-behaves and ignores "common rules-of-conduct". Good comment. >>> "Bad providers" could be even published by RIPE :o) >> >> Are you insane? RIPE cannot open itself up for that kind of liability > Why ? If ranges are supplied with an explicit rules-of-use, the if > the provider does not follow the (agreed rules) it's not RIPE's problem. > The key here is to couple assignment of ranges to specific rules for use. Another big YES !!!!! Thats really the point we should discuss here instead of technical solution (wich would help at least a bit, but do not solve the problem all together). So here the final question: ------------------------------------------------------------ Is the community willing to combine the assignment of ranges with specific rules how to use them and how not to use them and should the misuse of the applied resources have consequences ? ------------------------------------------------------------ If we get consensus about that, the problem will be solved all together, because than its only detailed work. But: if we not get consensus about that, we could stop talking about abuse on this group and the spammer will have won, also on this list ... >>> Well, thats only work at RIPE NCC, its not that complicated to >>> automated bounces ... >> So you say .. >> >> You cannot speak for all providers / RIPE members. >> >> You are also suggesting putting a very heavy load on RIPE's systems which someone will have to pay for. Who? > Why not take a fee per ip-address / year ? This is something i suggested to IETF ages ago, > and it would have made allocations much more fair. Noone would like to pay > for resources they don't need, and everyone would have a decent chance of getting > addresses when they need. Or the cost will be simply added to the normal member fee. I like to idea that smaller member have to pay less. Peter: nany thnx for putting the problem of the abuse member back into the foregound and for submitting ideas to solve potential problems ! Kind regards, Frank -- PHADE Software - PowerWeb http://www.powerweb.de Inh. Dipl.-Inform. Frank Gadegast mailto:frank at powerweb.de Schinkelstrasse 17 fon: +49 33200 52920 14558 Nuthetal OT Rehbruecke, Germany fax: +49 33200 52921 ====================================================================== Public PGP Key available for frank at powerweb.de