From rfg at tristatelogic.com Fri Oct 1 05:05:40 2010 From: rfg at tristatelogic.com (Ronald F. Guilmette) Date: Thu, 30 Sep 2010 20:05:40 -0700 Subject: [anti-abuse-wg] Policy Proposal: Frequent Update Reminder In-Reply-To: <4CA477D3.50803@hovland.cx> Message-ID: <5979.1285902340@tristatelogic.com> In message <4CA477D3.50803 at hovland.cx>, =?ISO-8859-15?Q?J=F8rgen_Hovland?= wrote: >I am not going to click on 500 emails and type "yes I concur" every X >months. I'm just an ignorant hick from the other side of the pond. Please take pity on me and enlighten me. You are the Responsible Party for 500 separate and different IP allocations? Really?? From Piotr.Strzyzewski at polsl.pl Fri Oct 1 08:47:09 2010 From: Piotr.Strzyzewski at polsl.pl (Piotr Strzyzewski) Date: Fri, 1 Oct 2010 08:47:09 +0200 Subject: [anti-abuse-wg] Policy Proposal: Frequent Update Reminder In-Reply-To: <5979.1285902340@tristatelogic.com> References: <4CA477D3.50803@hovland.cx> <5979.1285902340@tristatelogic.com> Message-ID: <20101001064709.GA6043@hydra.ck.polsl.pl> On Thu, Sep 30, 2010 at 08:05:40PM -0700, Ronald F. Guilmette wrote: > > In message <4CA477D3.50803 at hovland.cx>, > =?ISO-8859-15?Q?J=F8rgen_Hovland?= wrote: > > >I am not going to click on 500 emails and type "yes I concur" every X > >months. > > I'm just an ignorant hick from the other side of the pond. Please take > pity on me and enlighten me. > > You are the Responsible Party for 500 separate and different IP allocations? > > Really?? Simple whois question about Polish Telecom's inetnum objects without person/role references: $ whois -T inetnum -r -i mnt-by TPNET |grep ^inetnum: |wc -l 201157 Best regards, Piotr Strzy?ewski -- gucio -> Piotr Strzy?ewski E-mail: Piotr.Strzyzewski at polsl.pl From Piotr.Strzyzewski at polsl.pl Fri Oct 1 08:57:54 2010 From: Piotr.Strzyzewski at polsl.pl (Piotr Strzyzewski) Date: Fri, 1 Oct 2010 08:57:54 +0200 Subject: [anti-abuse-wg] Policy Proposal: Frequent Update Reminder In-Reply-To: <20101001064709.GA6043@hydra.ck.polsl.pl> References: <4CA477D3.50803@hovland.cx> <5979.1285902340@tristatelogic.com> <20101001064709.GA6043@hydra.ck.polsl.pl> Message-ID: <20101001065754.GB6043@hydra.ck.polsl.pl> On Fri, Oct 01, 2010 at 08:47:09AM +0200, Piotr Strzyzewski wrote: > On Thu, Sep 30, 2010 at 08:05:40PM -0700, Ronald F. Guilmette wrote: > > > > In message <4CA477D3.50803 at hovland.cx>, > > =?ISO-8859-15?Q?J=F8rgen_Hovland?= wrote: > > > > >I am not going to click on 500 emails and type "yes I concur" every X > > >months. > > > > I'm just an ignorant hick from the other side of the pond. Please take > > pity on me and enlighten me. > > > > You are the Responsible Party for 500 separate and different IP allocations? > > > > Really?? > > Simple whois question about Polish Telecom's inetnum objects without > person/role references: > > $ whois -T inetnum -r -i mnt-by TPNET |grep ^inetnum: |wc -l > 201157 Just to excuse myself and clarify one thing: >From the original proposal: "4.1 Send an update notification for all existing objects to the corresponding responsible organization once every X months." Your question was about allocations. But the proposal is about both assignments and allocations, so my answer was more general. Best regards, Piotr Strzy?ewski -- gucio -> Piotr Strzy?ewski E-mail: Piotr.Strzyzewski at polsl.pl From tk at abusix.com Fri Oct 1 08:57:11 2010 From: tk at abusix.com (Tobias Knecht) Date: Fri, 01 Oct 2010 08:57:11 +0200 Subject: [anti-abuse-wg] Policy Proposal: Frequent Update Reminder In-Reply-To: <20101001064709.GA6043@hydra.ck.polsl.pl> References: <4CA477D3.50803@hovland.cx> <5979.1285902340@tristatelogic.com> <20101001064709.GA6043@hydra.ck.polsl.pl> Message-ID: <4CA58647.9050506@abusix.com> Hello, >> In message <4CA477D3.50803 at hovland.cx>, >> =?ISO-8859-15?Q?J=F8rgen_Hovland?= wrote: >> >>> I am not going to click on 500 emails and type "yes I concur" every X >>> months. >> >> I'm just an ignorant hick from the other side of the pond. Please take >> pity on me and enlighten me. >> >> You are the Responsible Party for 500 separate and different IP allocations? >> >> Really?? > > Simple whois question about Polish Telecom's inetnum objects without > person/role references: > > $ whois -T inetnum -r -i mnt-by TPNET |grep ^inetnum: |wc -l > 201157 How about keeping the proposal as it is and just change from updating _all_ objects to just update the direct from RIPE allocated inet(6)num autnums. That way there should be at least one accurate contact for every ip-address in the RIPE region. If subdelegations are wrong, there will be still a request for correcting the data and the inet(6)num, aut-num will still appear on the lists, but the pressure is smaller and it would help. For example if the contact of a subdelegated range is wrong the abuse reports could be send to the delegation above, and above and so on. How does that sound? Thanks, Tobias -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 262 bytes Desc: OpenPGP digital signature URL: From Piotr.Strzyzewski at polsl.pl Fri Oct 1 09:19:36 2010 From: Piotr.Strzyzewski at polsl.pl (Piotr Strzyzewski) Date: Fri, 1 Oct 2010 09:19:36 +0200 Subject: [anti-abuse-wg] Policy Proposal: Frequent Update Reminder In-Reply-To: <4CA58647.9050506@abusix.com> References: <4CA477D3.50803@hovland.cx> <5979.1285902340@tristatelogic.com> <20101001064709.GA6043@hydra.ck.polsl.pl> <4CA58647.9050506@abusix.com> Message-ID: <20101001071936.GC6043@hydra.ck.polsl.pl> On Fri, Oct 01, 2010 at 08:57:11AM +0200, Tobias Knecht wrote: Hi > > Simple whois question about Polish Telecom's inetnum objects without > > person/role references: > > > > $ whois -T inetnum -r -i mnt-by TPNET |grep ^inetnum: |wc -l > > 201157 > > How about keeping the proposal as it is and just change from updating > _all_ objects to just update the direct from RIPE allocated inet(6)num > autnums. > > That way there should be at least one accurate contact for every > ip-address in the RIPE region. If subdelegations are wrong, there will > be still a request for correcting the data and the inet(6)num, aut-num > will still appear on the lists, but the pressure is smaller and it would > help. > > For example if the contact of a subdelegated range is wrong the abuse > reports could be send to the delegation above, and above and so on. > > How does that sound? Correct me if I am wrong, but this is more or less the same what RIPE NCC is doing right now. Allocations are maintained by RIPE-NCC-HM-MNT, organisation objects with org-type field set to LIR are maintained by RIPE-NCC-HM-MNT. Those objects are filled with date coming from both internal database (used also for accounting purposes) and LIR portal. Every year LIRs are paying their invoices, which proves that both email and snail mail addresses provided as billing contacts are working. Best regards, Piotr Strzy?ewski -- gucio -> Piotr Strzy?ewski E-mail: Piotr.Strzyzewski at polsl.pl From tk at abusix.com Fri Oct 1 09:42:02 2010 From: tk at abusix.com (Tobias Knecht) Date: Fri, 01 Oct 2010 09:42:02 +0200 Subject: [anti-abuse-wg] Policy Proposal: Frequent Update Reminder In-Reply-To: <20101001071936.GC6043@hydra.ck.polsl.pl> References: <4CA477D3.50803@hovland.cx> <5979.1285902340@tristatelogic.com> <20101001064709.GA6043@hydra.ck.polsl.pl> <4CA58647.9050506@abusix.com> <20101001071936.GC6043@hydra.ck.polsl.pl> Message-ID: <4CA590CA.90402@abusix.com> Hi Piotr, > Correct me if I am wrong, but this is more or less the same what RIPE > NCC is doing right now. > Allocations are maintained by RIPE-NCC-HM-MNT, organisation objects with > org-type field set to LIR are maintained by RIPE-NCC-HM-MNT. Those > objects are filled with date coming from both internal database (used > also for accounting purposes) and LIR portal. Every year LIRs are paying > their invoices, which proves that both email and snail mail addresses > provided as billing contacts are working. But it does not mean that admin-c, tech-c, IRT and all other objects are accurate. For example: We are at the moment just using the delegated information, which is not good but we are working on. Different subject. We see loads of abuse-mailbox attributes not being correct, or giving back a "mailbox full" or "550 - address not existing" We receive at least every second month an email where somebody is asking us why we are sending reports to them, because they are not working for this company for years, but the objects are still linked to the inet(6)num or aut-nums. One of those guys (74 years old) now sued his old company, he worked for until 2002, because they didn't change the whois information on his request for over a year and he was getting frustrated. These are the things that should be faced with this proposal. Another idea could be, that once a year an email is sent to the email address in the person object and person it self has to acknowledge that the information is accurate and so on. If those mails bounce or the customer is not replying within a few days the issue will be forwarded to the maintainer of the netrange. By thinking about this approach I think this could at least work pretty good as well. And the best would be a combination. Sending update request for inet(6)num, aut-num, IRT, ..., Organization Objects to the maintainers and send frequent requests for person objects to the person it self. Sounds more reasonable? Thanks, Tobias -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 262 bytes Desc: OpenPGP digital signature URL: From gert at space.net Fri Oct 1 11:29:21 2010 From: gert at space.net (Gert Doering) Date: Fri, 1 Oct 2010 11:29:21 +0200 Subject: [anti-abuse-wg] Policy Proposal: Frequent Update Reminder In-Reply-To: <4CA58647.9050506@abusix.com> References: <4CA477D3.50803@hovland.cx> <5979.1285902340@tristatelogic.com> <20101001064709.GA6043@hydra.ck.polsl.pl> <4CA58647.9050506@abusix.com> Message-ID: <20101001092921.GP32268@Space.Net> Hi, On Fri, Oct 01, 2010 at 08:57:11AM +0200, Tobias Knecht wrote: > How about keeping the proposal as it is and just change from updating > _all_ objects to just update the direct from RIPE allocated inet(6)num > autnums. This makes more sense to me. We have about 7 allocated inet(6)num objects (and their contacts are OK), and about 500+ assigned inet(6)num objects - most of which are ok, but sometimes customer mail addresses change and we're not told, so some of them will always be broken. Our customer support people know how to reach the customer, so if an abuse complaint hits our support desk, we *will* contact the customers (and if we're told that the inetnum: data is wrong, we'll fix that, of course) - so I think we're in pretty good shape, and having to click 500x "yes, ok" once a year is overdoing things a bit... Gert Doering -- LIR contact for de.space -- did you enable IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (89) 32356-444 USt-IdNr.: DE813185279 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 306 bytes Desc: not available URL: From rdobbins at arbor.net Mon Oct 4 04:55:12 2010 From: rdobbins at arbor.net (Dobbins, Roland) Date: Mon, 4 Oct 2010 02:55:12 +0000 Subject: [anti-abuse-wg] Request for participation - Arbor 2010 Worldwide Infrastructure Security Report. Message-ID: Request for participation - Arbor 2010 Worldwide Infrastructure Security Report. ----- Folks, We're in the process of collecting feedback for the 2010 Worldwide Infrastructure Security Report (WWISR); this is the Sixth Edition of the report, and we'd really be grateful for your participation! This is the only security-focused survey we're aware of which is specifically oriented towards those who design, build, operate, and defend public-facing network infrastructure/applications/services, and provides the opportunity to share your experiences and perspectives with your peers in the operational community, as well as to benefit from their experiences and perspectives. The 2010 Infrastructure Security Survey is up and available for your input. You can register to complete the survey via this URL, which will redirect your browser to the survey tool (the survey is accessed via http/s): Once again, we've added several insightful questions from past participants. Feedback collection will end as soon as we've reached the desired number of respondents (ideally, 100+). The results will be published in the 2010 Worldwide Infrastructure Security Report in January of 2011. Also, please note that NO personally- or organizationally-identifiable information will be shared in any manner. The 2009 edition of the survey is available here (registration required): Thanks in advance! ----- ----------------------------------------------------------------------- Roland Dobbins // Sell your computer and buy a guitar. From vesely at tana.it Tue Oct 5 09:54:02 2010 From: vesely at tana.it (Alessandro Vesely) Date: Tue, 05 Oct 2010 09:54:02 +0200 Subject: [anti-abuse-wg] Maintenance nightmares Message-ID: <4CAAD99A.6050703@tana.it> Hi all, I've just subscribed to this list, after I found no web form to report an invalid abuse-mailbox in whois data. As an example, let me mention that the welcome message I received has a "List-Archive" header field with a value of . The corresponding web page's title is "RIPE Mailing Lists", and searching for the keyword "abuse" leads no results. Perhaps, that header field's value should have been . So what? Entropy damages invisible data more steadily. I like Tobias proposals, but wonder if they wouldn't be more incisive by concentrating on specific details, such as the abuse-mailboxes. Suppose we had a "ping" abuse-report-type to be sent to such addresses every few weeks, just to collect "on my guard!" replies. Domains caught off guard deserve removal from whitelists... How about abuse-mailboxes related to inetnums? ARIN's web form doesn't apparently allow to report that, since it needs a domain name. Ciao Ale From tk at abusix.org Wed Oct 6 16:42:00 2010 From: tk at abusix.org (Tobias Knecht) Date: Wed, 06 Oct 2010 16:42:00 +0200 Subject: [anti-abuse-wg] Policy Proposal In-Reply-To: <20101001064709.GA6043@hydra.ck.polsl.pl> References: <4CA477D3.50803@hovland.cx> <5979.1285902340@tristatelogic.com> <20101001064709.GA6043@hydra.ck.polsl.pl> Message-ID: <4CAC8AB8.30301@abusix.org> Hello, I updated the 2 policy proposals in the way it was suggested by people on this list and sent it to the RIPE Secretary to start the official part. Please see latest version attached here. Thanks for all suggestions and ideas, If you still have some ideas, let me and all others know. Thanks, Tobias -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: RIPE:frequent-update-v002.txt URL: -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: RIPE:abuse-contact-v002.txt URL: From Piotr.Strzyzewski at polsl.pl Thu Oct 7 19:01:52 2010 From: Piotr.Strzyzewski at polsl.pl (Piotr Strzyzewski) Date: Thu, 7 Oct 2010 19:01:52 +0200 Subject: [anti-abuse-wg] Policy Proposal: Frequent Update Reminder In-Reply-To: <4CA590CA.90402@abusix.com> References: <4CA477D3.50803@hovland.cx> <5979.1285902340@tristatelogic.com> <20101001064709.GA6043@hydra.ck.polsl.pl> <4CA58647.9050506@abusix.com> <20101001071936.GC6043@hydra.ck.polsl.pl> <4CA590CA.90402@abusix.com> Message-ID: <20101007170152.GC14992@hydra.ck.polsl.pl> On Fri, Oct 01, 2010 at 09:42:02AM +0200, Tobias Knecht wrote: Hi Tobias > > Correct me if I am wrong, but this is more or less the same what RIPE > > NCC is doing right now. > > Allocations are maintained by RIPE-NCC-HM-MNT, organisation objects with > > org-type field set to LIR are maintained by RIPE-NCC-HM-MNT. Those > > objects are filled with date coming from both internal database (used > > also for accounting purposes) and LIR portal. Every year LIRs are paying > > their invoices, which proves that both email and snail mail addresses > > provided as billing contacts are working. > > But it does not mean that admin-c, tech-c, IRT and all other objects are > accurate. That's true. > Another idea could be, that once a year an email is sent to the email > address in the person object and person it self has to acknowledge that > the information is accurate and so on. If those mails bounce or the > customer is not replying within a few days the issue will be forwarded > to the maintainer of the netrange. > > By thinking about this approach I think this could at least work pretty > good as well. > > And the best would be a combination. Sending update request for > inet(6)num, aut-num, IRT, ..., Organization Objects to the maintainers > and send frequent requests for person objects to the person it self. > > Sounds more reasonable? A bit more. ;-) IMHO good API to this acknowledge mechanism will be more then necessary. Regards, Piotr Strzy?ewski -- gucio -> Piotr Strzy?ewski E-mail: Piotr.Strzyzewski at polsl.pl From brian.nisbet at heanet.ie Tue Oct 12 13:14:32 2010 From: brian.nisbet at heanet.ie (Brian Nisbet) Date: Tue, 12 Oct 2010 12:14:32 +0100 Subject: [anti-abuse-wg] RIPE 61 Agenda Items Reminder Message-ID: <4CB44318.30306@heanet.ie> Colleagues, After a lot of list discussion in the last couple of weeks it seems timely to remind people that there is still some space left on the agenda for the RIPE 61 meeting in Rome. The WG session will be taking place on Thursday 18th November at 14:00. If you have any topics you'd like to raise, please let me know. Thanks, Brian. From rfg at tristatelogic.com Tue Oct 12 22:48:38 2010 From: rfg at tristatelogic.com (Ronald F. Guilmette) Date: Tue, 12 Oct 2010 13:48:38 -0700 Subject: [anti-abuse-wg] Microsoft irony Message-ID: <24895.1286916518@tristatelogic.com> Shameless self-promotion? Yes. But nontheless, I do believe that some of you folks on this list in particular might find this story a bit... well... humorous. http://www.theregister.co.uk/2010/10/12/microsoft_ips_hijacked/ What I think makes this story even funnier is that there's some MS big shot named "Charney" going around telling everybody how infected PeeCees outght to be quarantined. Maybe we need to start with Microsoft. :-) A list of name servers and domain names served follows below: ===================================================================== 131.107.202.197 ns1.americasbestrxstore.net terriblepenguin.net travelerstransient.net themauvecouch.net dismembertab.net hardgraces.net fleesworld.net brewmasteronline.net babeswearinggirdles.net thataddplace.net allartshall.net hawksubtract.net smartheartcenter.net seasilversite.net thenothingbrothers.net beadfreepattern.net grillmastersweeps.net theglazes.net onegoodmonth.net americasbestrxstore.net brookstonesoftware.net bestmachineworks.net freshflowercart.net austinbrokenspoke.net theforwardcompanies.net knowtheneighbor.net earthquakeoccur.net themilliondollargame.net developmentooling.net onpressonline.net fractionintodecimals.net thecreateonline.net thefreepoll.net highcholesterolnews.net legalquestionhotline.net liquidcarrybags.net theambientcentury.net bluemountainpictures.net harveyperil.net thedangerkids.net justimagineshops.net thereany.net celebsmissingtheir.net educationdegreeworld.net multiplyfreedom.net buythewholeroom.net outlawbondsman.net franciscogold.net yourmonetaristworld.net theextratrail.net explicitnetworks.net sissiesemasculate.net damienricecannonball.net flaprudder.net thehugdr.net sylvandirect.net lickskillettreats.net stockexpresses.net compareanddecide.net therealmadonna.com greatattacks.com pitssite.com thebarrag.com hereinpreceding.com cubanartdepot.com hotelspecialottawa.com cosinetransform.com ratchetclanksite.com yourgloryhole.com ehinder.com greatbunkmate.com trotwoodohiohomes.com theconsciousstream.com yoursensation.com cabinetaccessoryguide.com printshopboy.com mercuryretrogradedirect.com retrogradea.com broodwarforever.com yourgraze.com greatremainsane.com collectorsnumismatist.com embryonicsoul.com makindreamshappen.com cuffspage.com chainswung.com innovexgelcorp.com nopointdirect.com surpassex.com buyliechtenstein.com jetspraytan.com marketaccident.com astrophysicalsoftware.com thehydrostatictesting.com indispensabletech.com sheathesite.com hirepossibility.com yourdeferentialworld.com nebraskafalconryclub.com wedreamlife.com wwwpoweroften.com kindheartedsite.com grandstandgifts.com altoreal.com thighcreme.com theseenher.com ailkicks.com yourfilename.com hotclothesline.com grizzlemope.com theamericanphysician.com themacaoresort.com yourmalformed.com abstractartarts.com onelingeriestore.com portcullistechnology.com hospitableorganization.com besthandwrite.com impresariotheatre.com liberotaliklar.com windbagenterprises.com pulloverfinder.com naziwarcrime.com thewouldst.com bodylanguagetalent.com thoughtbridgelinks.com publicenemydirect.com startherenetwork.com figuressubtract.com keentoner.com culledsomes.com broadstonetrading.com agingquotient.com bloodboughtsurf.com watermoleculepictures.com miketartwork.com yourprognosticate.com shopchevrondirect.com theblackmermaid.com theplausiblyguide.com addtw.com astonmatins.com theprotract.com thediscomfit.com ns1.masterssubjugate.com masterssubjugate.com ns1.methanee.com methanee.com ns1.bingohavanaclub.com bingohavanaclub.com ns1.incubatetexas.com incubatetexas.com ns1.vocalvocation.com vocalvocation.com ns1.sellcostprice.com sellcostprice.com ns2.citrusburg.com citrusburg.com ns1.reducessite.com reducessite.com ns1.macromediaweb.com macromediaweb.com ns2.dsltransceiver.com dsltransceiver.com ns1.incubatethere.com incubatethere.com ns2.eaglepresidentialbrooch.com eaglepresidentialbrooch.com ns1.nationalshuttleexpress.com nationalshuttleexpress.com ns2.clubhousekidsproduction.com clubhousekidsproduction.com ns1.greatstableman.com greatstableman.com ns1.monvenge.com monvenge.com ns1.mapancientmesopotamia.com mapancientmesopotamia.com ns1.gambletheworld.com gambletheworld.com ns1.refusesite.com refusesite.com ns1.greenwatchusa.com greenwatchusa.com ns1.myboomerangtalk.com myboomerangtalk.com ns1.artificiallegprostheses.com artificiallegprostheses.com ns1.yoursoutheasterlyguide.com yoursoutheasterlyguide.com ns1.verbotendirect.com verbotendirect.com ns1.greatveracious.com greatveracious.com ns1.yourabovesea.com yourabovesea.com ns1.youralveolarbone.com youralveolarbone.com ns1.luteranwomen.com luteranwomen.com ns2.cowbellproject.com cowbellproject.com ns1.hotstickytits.com hotstickytits.com ns1.paststoy.com paststoy.com ns1.onerealtruth.com onerealtruth.com ns1.greatstickystu.com greatstickystu.com ns1.qualitaetbonzeprojekt.com qualitaetbonzeprojekt.com ns1.allebonze.com allebonze.com ns2.coolanalsex.com coolanalsex.com ns1.sounddesignsite.com sounddesignsite.com ns1.barnaclebillsmarina.com barnaclebillsmarina.com ns1.barnacleez.com barnacleez.com ns1.greatcatatoniadirect.com theyachtpro.net picksblame.net selfmortification.net theacrimonyguide.net krind.net projectrowhouse.net yourservewizard.com showballadpoems.com gayanalsites.com excisenotification.com kenbarberdirect.com itserveusa.com inevitablerecords.com sonoritywithalberta.com willowcreekresources.com cognitivecatalysis.com greatwrences.com thealternatefuel.com thecelestialsun.com thegratifyguide.com greatmimickedsite.com watercandies.com proskatworld.com greattuitionplan.com weeklywatchout.com projectionsexpulsion.com freedishdirect.com mallsmimicked.com tastefullfood.com pulpexchange.com thehousebroke.com infirmarysquad.com rawsewageworld.com globalinsightmedia.com innerworldstores.com infusionretrograde.com yourstriven.com ourbusinessforecast.com cheapestvivify.com continueseated.com madridextremasite.com theseahorsefoundation.com imperfectdirect.com cedrictheseahorse.com birdskeletalsystem.com todosaha.com dribbledrool.com johnsonseahorsemarine.com highvoltagewomen.com cupboarddoorhinges.com bracestoothorthodontics.com dullnesses.com opinionsiteresearch.com lullos.com servicemansite.com theblinkeye.com thegabledguide.com glimpsemusic.com funkyghoul.com dotcommonroom.com theanglicansingers.com ganglionsite.com thedevildisciple.com lightningspeedsorority.com homemadespaghettii.com golfvillaguide.com californiapsychesite.com thesprayequipment.com stonesics.com lipcolorlipstick.com wordsysite.com pureinnocencehotties.com containerscannister.com windowcasingsite.com peoplescards.com crippledmongoloid.com parenthesizedirect.com therowdybunch.com greatcatatoniadirect.com thejalapenotree.com ns1.justvplanet.com housingsabode.net thinkagrees.net tenaciouscharm.net searchcarsdirect.net skilletworld.net thepesoahora.net thechelate.net modests.net servepropc.com inevitablebiz.com groomsdirect.com greatspreenew.com thereforfun.com thecyberclubhouse.com eboomerangtalk.com eyieldcurve.com pockmarkworld.com cheapestxenonbulbs.com neofloorcare.com all7store.com spoiltip.com thefloorcovering.com bargainracewaypark.com jumpgirlsaloud.com sonoritydirect.com clawsworld.com yourgratify.com bugaboonews.com thewige.com yoursurfcam.com hurtwan.com achesetts.com familycowling.com abridaltrousseau.com distaffworld.com trousseautreasures.com jovialcohort.com limpworld.com selftaughtzero.com reluctancedirect.com shinsplintprevention.com aberdeenroyalinfirmary.com hospitalssite.com jurytrialwarrior.com sewageholdingtank.com scarboroughontariojobs.com thelacunaeworld.com yourhousebrokeguide.com crampingwhilepregnant.com pahrumpmobilehome.com housingsfire.com princetonarearentals.com jetsres.com whichmatrimonialsite.com youranthracite.com greatcaliforniachard.com mopemansions.com fortuneforesee.com stickmenstudio.com seasprysite.com dunsworld.com greatbonfirebeach.com theseadrift.com greatadriftworld.com weightcontrolaid.com usedautospa.com theoriesstructuralism.com robinactions.com seewhynow.com theperceptionsgroup.com totaltouristcare.com awryhandoutdeplore.com altosaxlessons.com visualdesignlink.com thelexiconmedia.com thesanatariaguide.com globalmarksite.com elkhornhandauger.com railsrailing.com yourcontend.com everychatter.com jeepwranglerrenegade.com twosassygirls.com greatmummify.com divulgeworld.com summitgrandview.com greatdeferentialsite.com foglightministries.com productionchoices.com thefissionbomb.com recantsite.com justvplanet.com 131.107.202.198 ns1.firstbornacademy.com firstbornacademy.com ns1.ebaystaticdirect.com ebaystaticdirect.com ns1.frightssite.com frightssite.com ns1.earwigdamage.com earwigdamage.com ns1.festivalfringetickets.com festivalfringetickets.com ns1.fingerhereinabove.com fingerhereinabove.com ns1.hippopotamusskeletons.com hippopotamusskeletons.com ns1.flailsite.com flailsite.com From mir at ripe.net Fri Oct 29 10:35:46 2010 From: mir at ripe.net (Mirjam Kuehne) Date: Fri, 29 Oct 2010 10:35:46 +0200 Subject: [anti-abuse-wg] Additional Layers for Economic Incentives to improve Internet Security Message-ID: <4CCA8762.3020605@ripe.net> Dear colleagues, Following up from an earlier article published on RIPE Labs, John S. Quarterman and his team at the University of Texas are suggesting additional organisational layers and economic incentives (such as a reputation system, certification and insurance) to improve security on the Internet. Read more on RIPE Labs: http://labs.ripe.net/Members/jsq/economic-incentives-for-internet-security John will publish more about this topic on RIPE Labs shortly. He will also present this during the plenary session at RIPE 61 in Rome. Kind Regards, Mirjam K?hne RIPE NCC From rfg at tristatelogic.com Sun Oct 31 20:18:52 2010 From: rfg at tristatelogic.com (Ronald F. Guilmette) Date: Sun, 31 Oct 2010 12:18:52 -0700 Subject: [anti-abuse-wg] Finally, a Canadian Pharmacy in... Canada! Message-ID: <56420.1288552732@tristatelogic.com> Had to happen eventually... Canadian Health&Care Mall web site that's the WHOIS records indicate is actually hosted in... Canada! Of course, it _is_ the part of Canada that was annexed by the Ukraine, so there's that. www.canadianhealthcaremall.net == 109.72.146.38 TRACEROUTE (using port 80/tcp) HOP RTT ADDRESS 1 51.06 ms 3.255-62-69.res.dyn.surewest.net (69.62.255.3) 2 50.80 ms 172.21.2.57 3 49.56 ms 172.21.0.250 4 48.60 ms 245.98-30-64.ftth.swbr.surewest.net (64.30.98.245) 5 47.86 ms te-4-1.car1.Sacramento1.Level3.net (4.53.200.9) 6 46.40 ms ae-11-11.car2.Sacramento1.Level3.net (4.69.132.150) 7 52.54 ms ae-4-4.ebr2.SanJose1.Level3.net (4.69.132.158) 8 58.01 ms ae-82-82.csw3.SanJose1.Level3.net (4.69.134.218) 9 47.39 ms ae-74-74.ebr4.SanJose1.Level3.net (4.69.134.245) 10 112.23 ms ae-2-2.ebr2.NewYork1.Level3.net (4.69.135.186) 11 113.03 ms ae-6-6.ebr2.NewYork2.Level3.net (4.69.141.22) 12 114.43 ms ae-1-100.ebr1.NewYork2.Level3.net (4.69.135.253) 13 121.82 ms ae-3-3.ebr2.Washington1.Level3.net (4.69.132.89) 14 211.52 ms ae-43-43.ebr2.Frankfurt1.Level3.net (4.69.137.57) 15 217.17 ms ae-72-72.csw2.Frankfurt1.Level3.net (4.69.140.22) 16 212.96 ms ae-71-71.ebr1.Frankfurt1.Level3.net (4.69.140.5) 17 229.44 ms ae-1-12.bar1.Budapest1.Level3.net (4.69.141.249) 18 284.67 ms UKRTELECOM.bar1.Budapest1.Level3.net (212.162.26.6) 19 ... 20 241.85 ms 213.186.119.74.utel.net.ua (213.186.119.74) 21 246.26 ms 109.72.146.38 ========================================================================= % This is the RIPE Database query service. % The objects are in RPSL format. % % The RIPE Database is subject to Terms and Conditions. % See http://www.ripe.net/db/support/db-terms-conditions.pdf % Information related to '109.72.144.0 - 109.72.151.255' inetnum: 109.72.144.0 - 109.72.151.255 netname: TANGRAM-CA descr: Main colocation pool country: EU admin-c: tang2-ripe tech-c: tcnc-ripe status: ASSIGNED PA mnt-by: TANGRAM-MNT mnt-routes: TANGRAM-MNT mnt-routes: AS6849-MNT changed: taras at tangramltd.com 20100825 source: RIPE role: Tangram NOC address: Canada, Etobicoke, Ontario M9A 4X7 address: 24 Mabelle ave. e-mail: noc at tangram.ws remarks: Contact information: remarks: Network security issues: abuse at tangram.ws remarks: Routing and peering issues: noc at tangram.ws remarks: Domain name system questions: noc at tangram.ws remarks: Mail system issues: postmaster at tangram.ws abuse-mailbox: abuse at tangram.ws admin-c: tang2-ripe tech-c: nale-ripe tech-c: SAP69-RIPE nic-hdl: tcnc-ripe mnt-by: TANGRAM-MNT changed: taras at tangramltd.com 20091027 source: RIPE person: Tsebro Oleksandr address: Canada, Etobicoke, Ontario M9A 4X7 address: 24 Mabelle ave. phone: +1 877 5319597 e-mail: alex at tangram.ws nic-hdl: tang2-ripe mnt-by: TANGRAM-MNT changed: yuriy at tangramltd.com 20090914 source: RIPE