[anti-abuse-wg] Hijacked netblocks - any SOP for these?
Wilfried Woeber, UniVie/ACOnet Woeber at CC.UniVie.ac.at
Tue Aug 9 17:09:22 CEST 2011
Hi Pepijn, Vissers, Pepijn wrote: >>So: I would like an additional abuse mailling-list only for >>RIPE members to get things going. >>And I also like to dedicate more money to RIPE NCC staff >>to stop abuse. > > > Agreed; does anyone have an overview of audits that has been conducted by RIPE NCC I don't have an overview, but personal experience, maybe this is useful, too. My LIR was subject to the audit process twice already (and passed successfully - so if a LIR has its act together, this is pretty easy to survive!). Plus the extended verification of existence and identity that was triggered (automatically, I presume) by some clerial inconsistencies. This involved the Service Contract stuff between the LIR and the NCC, and was again triggered by the request of Direct End-User Resources. > and their outcome? Or are those reports non-public? On a more general level, I am not aware from the top of my head, that I would have seen such a report. That doesn't imply that it doesn't exist, though! I am pretty sure that the NCC would be happy to point to or provide such a report, probably in some anonymised format. Brian - would you be willing to talk to the NCC and ask for help with this? Alternatively, I think we could equally well pass that to the NCC by way of the NCC Services WG Chairs. > Question: the audit procedure is documented in http://www.ripe.net/ripe/docs/ripe-423. > Are the audit criteria documented in http://www.ripe.net/lir-services/member-support/audit? This document lists the aspects of an audit as a checklist for both sides during an audit. I do agree, that the focus here is on the management of resources and the registration thereof. But I'd guess it would be very easy to amend that to actively include the formal and contractual aspects. > Because the latter document does not say anything about the presumed correctness > of most of the records? I think it does, indirectly, by way of the "Standard Service Agreement" and the "RIPE NCC Standard Terms and Conditions", list of relevant documents: "...making sure that assignment guidelines are applied equally." Similarly, in http://www.ripe.net/ripe/docs/ripe-452 please see towards the end of Section 2.0 I openly admit that I did not go through the full list of ref'd doc.s in the Std Terms&Conds document to find the equivalent provisions. As a last reminder, we have to keep in mind that the formal coverage and "power" of the NCC to enforce all of that stuff is limited to the resources that have been distributed by way of the RIR and LIR system hierarchy. Legacy Stuff, aka ERX (early registration xfer resources) are not covered - yet. The 2007-01 activities should be seen, imho, as the initial steps towards closing that gap, maybe in a similar way, for the legacy blocks. That's up for a nice PDP exercise, as soon as 2007-01-Phase3 is converging, and/or for progress with the "legacy resource registration service" (or whatever the name finally may be). > Kind regards, > Pepijn Best regards, Wilfried.