[anti-abuse-wg] Hijacked netblocks - any SOP for these?
email@example.com world.antispam.report at inbox.com
Sun Aug 7 22:54:30 CEST 2011
Hijacked or not, does everyone (Every network on planet earth) care? RIPE's regulation simply state that the registation needs to be exact and accurate. Does anybody has a problem with this? 'Coze the only logical reason there would be to condemn this is that the individual who wants keep his or her indentification concealed is to perpetrate abuses, frauds and who knows some terrorism. If anyone cannot be recognized as part of the humankind on this planet, there's gotta be a reason to this! Anyhow, in do time, as a network is reconized as an abuser, the best that can be done is to blacklist the whole IP# block numbers. Refuse connection! And don't count on either ARIN, RIPE of the other registry bases. It would be too costly to ask them to do that. There are many, many other means to shut down or bare an IP Block number. As long as RIPE, ARIN and the other registry data bases gives us the right registry for a given IP# allocation, the abusing network can be track down. That's what's the RIPE authority is for? I'll cope with that! > -----Original Message----- > From: ripe-anti-spam-wg at powerweb.de > Sent: Thu, 28 Jul 2011 12:33:59 +0200 > To: anti-abuse-wg at ripe.net > Subject: Re: [anti-abuse-wg] Hijacked netblocks - any SOP for these? > > Michele Neylon :: Blacknight wrote: >> >> On 28 Jul 2011, at 09:48, Frank Gadegast wrote: >>>> >>> >>> Not at all out of scope. >> >> I think it is out of scope >> >> It is a slippery slope >> >> Next you'll have people demanding that RIPE check what content is >> published on IP blocks .. > > Good idea. > > Other organisations are monitoring content too to prevent abuse, like > search engines that do not even want results from hacked sites > in their index. > > RIPE is defny responsible for any abuse, whatever it is. > > Lets have an example: > A highjacker is using some netblocks to attack a big bank. > They are flodded from this IP block and the attacker also > sets up a lot of pishing servers using these IPs. > > Will RIPE ask the LIR about whats going on with his assignment ? > Will RIPE deroute this netblock at all ? > Just after the bank complaints ? > After somebody complains to RIPE that there are pishing servers on this > netblock ? > > What will happen ? > > Cant be, that RIPE is doing nothing (to my opinion). > And it would be very interesting what RIPE would do right now > in this scenario. > Who knows more ? > > > Kind regards, Frank > >> >> >> >>> >>> You are right saying, that a listing does not proof anything, >>> but its a good indication (like I sayd above). >> >> Not necessarily. >> >> There are a multitude of reasons why an IP block can get listed - while >> it *might* be an indicator that you or I can use for our own *private* >> networks, it is not something that an organization like RIPE should be >> doing, as there is absolutely no standard or certification of DNS >> blacklists. >> >> >>> >>> RIPE NCC could ask the member, whats going on with that netblock, >>> if they see a listing. I guess a lot of members do not >>> even realize, that their old netblocks are routed >>> somewhere else. >>> >>> RIPE NCC has to check the use of assigned netblocks anyway >>> (if I understand some rules right). >> >> No - the "usage" is related to the assignment rules >> >> >>> It cannot be that >>> assigned netblocks are used by non-members or members >>> the netblock wasnt assigned to … >> >> Sorry, but I don't understand what you mean here >> >> regards >> >> Michele >> >> Mr Michele Neylon >> Blacknight Solutions >> Hosting& Colocation, Brand Protection >> ICANN Accredited Registrar >> http://www.blacknight.com/ >> http://blog.blacknight.com/ >> http://blacknight.mobi/ >> http://mneylon.tel >> Intl. +353 (0) 59 9183072 >> US: 213-233-1612 >> UK: 0844 484 9361 >> Locall: 1850 929 929 >> Direct Dial: +353 (0)59 9183090 >> Twitter: http://twitter.com/mneylon >> ------------------------------- >> Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business >> Park,Sleaty >> Road,Graiguecullen,Carlow,Ireland Company No.: 370845 >> >> >> >> > > > -- > > Mit freundlichen Gruessen, > -- > PHADE Software - PowerWeb http://www.powerweb.de > Inh. Dipl.-Inform. Frank Gadegast mailto:frank at powerweb.de > Schinkelstrasse 17 fon: +49 33200 52920 > 14558 Nuthetal OT Rehbruecke, Germany fax: +49 33200 52921 > ====================================================================== > Public PGP Key available for frank at powerweb.de ____________________________________________________________ Share photos & screenshots in seconds... TRY FREE IM TOOLPACK at http://www.imtoolpack.com/default.aspx?rc=if1 Works in all emails, instant messengers, blogs, forums and social networks.