From ops.lists at gmail.com Tue Feb 1 03:51:04 2011 From: ops.lists at gmail.com (Suresh Ramasubramanian) Date: Tue, 1 Feb 2011 08:21:04 +0530 Subject: [anti-abuse-wg] Draft Anti-Abuse WG Minutes - RIPE 61 Message-ID: I am rather late to this thread as it was just drawn to my attention elsewhere. 1. Richard Cox's concerns were entirely valid, and the abuse issues documented at http://www.spamhaus.org/sbl/listings.lasso?isp=RIPE - mostly PI / PA blocks, several as large as /15, can't be wished away by removing critics of this WG from a co-chair post. 2. I would echo Peter's concerns about this being brought up as AOB, discussed (or rather, not discussed) in overtime with very few people in the room, leading to the removal of a co-chair. A much wider consensus should have been obtained - at least by discussion on this list if not at the plenary. This was not consensus. WG participants (and I count several who are in the anti abuse community, engage regularly with RIRs at other fora, but don't typically have the budget to travel to RIPE) should have been consulted before this. Yes, nobody else had much to say about this removal, so I'll take this opportunity to comment. About Richard Cox's removal and about two other meta issues. First - the prevailing attitude I have seen from at least some participants (this is not "us vs them" in terms of routing / dns people vs abuse people .. you have colleagues in your own organizations who will disagree with your views - especially Shane, I won't speak for Paul Vixie but I am not at all sure he'd agree with you about your comment, even after its rephrase). Second - the mantra, meme, fallacy etc of the "we are not the XYZ police" that I keep hearing cited. It would be fun indeed if a bank manager sanctioned a loan for say a quarter of a million dollars (lets say comparable to an allocation for a /15) and then baldly state that he's not the document police .. That presentation about LIR deregistration is what I'd call partially shutting the barn door long after the horses, plural, have bolted. That damage's been done, a lot of IP space has been poisoned. It is high time to realize that shooting the messenger is not the best way to deal with such a situation. srs Peter Koch wrote: > > On Wed, Dec 15, 2010 at 03:47:42PM +0000, Brian Nisbet wrote: > > > Peter Koch said the session was already overrun by 15 minutes and this > delicate issue should be resolved at another time. > > I'd like to clarify that my point was that this topic was placed under AOB > _and_ mostly dealt with during overtime, which, absence of written process > and procedures nonwithstanding, did not meet my expectations and experiences > of appropriateness given delicacy. That said, I consider the issue closed. JD Falk wrote: > On Dec 15, 2010, at 3:15 PM, Shane Kerr wrote: > >> I think that my point was that there is a disconnect between people >> working on anti-abuse and the ISPs, not about the Anti-Abuse Working >> Group or its participants. I might not have said that of course... > > Many people who work for ISPs would agree. It's often simply a matter of scale > and imagination.... > From rfg at tristatelogic.com Tue Feb 1 04:42:15 2011 From: rfg at tristatelogic.com (Ronald F. Guilmette) Date: Mon, 31 Jan 2011 19:42:15 -0800 Subject: [anti-abuse-wg] Draft Anti-Abuse WG Minutes - RIPE 61 In-Reply-To: Message-ID: <8861.1296531735@tristatelogic.com> I personally have no position on this Richard Cox matter, because I have not been privvy to any of the interactions that led up to the current/ recent bruhaha, and also because my position, even if I had one, would be largely irrelevant to anything, because I neither own nor control any assets which fall within RIPE's jurisdiction (and thus I have no standing to have a position anyway). But I did feel compelled to make one brief comment about something my friend Suresh just said... In message , Suresh Ramasubramanian wrote: >Second - the mantra, meme, fallacy etc of the "we are not the XYZ >police" that I keep hearing cited. It would be fun indeed if a bank >manager sanctioned a loan for say a quarter of a million dollars (lets >say comparable to an allocation for a /15) and then baldly state that >he's not the document police .. Suresh did not include any emoticon which would help to clarify what he actually intended here (ironic humor perhaps?), but I just wanted to clarify, in case anybody hasn't been paying attention for the past two years, that Suresh's analogy about irresponsible bank managers making quarter-million-dollar loans (AND paying little attention to the niceties of the corresponding real estate title documentation) has indeed been rife of late. http://www.helium.com/items/1989991-what-is-robo-signing-foreclosure-mortgage Anyway, (and perhaps this was the point that Suresh was attempting to make) I am persuaded that missing and/or incomplete documentation of the title to _Internet_ (IP) real estate is no more likely to produce acceptable results than those produced by a zillion missing (meatspace) real estate title documents. Regards, rfg From suresh at hserus.net Tue Feb 1 03:38:26 2011 From: suresh at hserus.net (Suresh Ramasubramanian) Date: Tue, 01 Feb 2011 08:08:26 +0530 Subject: [anti-abuse-wg] Draft Anti-Abuse WG Minutes ? RIPE 61 Message-ID: <4D477222.8010900@hserus.net> I am rather late to this thread as it was just drawn to my attention elsewhere. 1. Richard Cox's concerns were entirely valid, and the abuse issues documented at http://www.spamhaus.org/Sbl/listings.lasso?isp=RIPE - mostly PI / PA blocks, several as large as /15, can't be wished away by removing critics of this WG from a co-chair post. 2. I would echo Peter's concerns about this being brought up as AOB, discussed (or rather, not discussed) in overtime with very few people in the room, leading to the removal of a co-chair. A much wider consensus should have been obtained - at least by discussion on this list if not at the plenary. This was not consensus. WG participants (and I count several who are in the anti abuse community, engage regularly with RIRs at other fora, but don't typically have the budget to travel to RIPE) should have been consulted before this. Yes, nobody else had much to say about this removal, so I'll take this opportunity to comment. About Richard Cox's removal and about two other meta issues. First - the prevailing attitude I have seen from at least some participants (this is not "us vs them" in terms of routing / dns people vs abuse people .. you have colleagues in your own organizations who will disagree with your views - especially Shane, I won't speak for Paul Vixie but I am not at all sure he'd agree with you about your comment, even after its rephrase). Second - the mantra, meme, fallacy etc of the "we are not the XYZ police" that I keep hearing cited. It would be fun indeed if a bank manager sanctioned a loan for say a quarter of a million dollars (lets say comparable to an allocation for a /15) and then baldly state that he's not the document police .. That presentation I saw discussed is what I'd call partially shutting the barn door long after the horses, plural, have bolted. That damage's been done, a lot of IP space has been poisoned. It is high time to realize that shooting the messenger is not the best way to deal with such a situation. srs Peter Koch wrote: > > On Wed, Dec 15, 2010 at 03:47:42PM +0000, Brian Nisbet wrote: > > > Peter Koch said the session was already overrun by 15 minutes and this > delicate issue should be resolved at another time. > > I'd like to clarify that my point was that this topic was placed under AOB > _and_ mostly dealt with during overtime, which, absence of written process > and procedures nonwithstanding, did not meet my expectations and experiences > of appropriateness given delicacy. That said, I consider the issue closed. JD Falk wrote: > On Dec 15, 2010, at 3:15 PM, Shane Kerr wrote: > >> I think that my point was that there is a disconnect between people >> working on anti-abuse and the ISPs, not about the Anti-Abuse Working >> Group or its participants. I might not have said that of course... > > Many people who work for ISPs would agree. It's often simply a matter of scale > and imagination.... > From brian.nisbet at heanet.ie Tue Feb 1 12:45:52 2011 From: brian.nisbet at heanet.ie (Brian Nisbet) Date: Tue, 01 Feb 2011 11:45:52 +0000 Subject: [anti-abuse-wg] Draft Anti-Abuse WG Minutes ? RIPE 61 In-Reply-To: <4D477222.8010900@hserus.net> References: <4D477222.8010900@hserus.net> Message-ID: <4D47F270.6010405@heanet.ie> Suresh, Thanks for your comments, I've responded below. If you would like to discuss this further, either on list or in private email, we can, of course, do so. "Suresh Ramasubramanian" wrote the following on 01/02/2011 02:38: > I am rather late to this thread as it was just drawn to my attention > elsewhere. > > 1. Richard Cox's concerns were entirely valid, and the abuse issues > documented at http://www.spamhaus.org/Sbl/listings.lasso?isp=RIPE - > mostly PI / PA blocks, several as large as /15, can't be wished away by > removing critics of this WG from a co-chair post. The actions taken in Rome were in no way an attempt to wish away problems by removing Richard from a co-chair post. Richard is still more than welcome to participate in the RIPE community, just as he did before he was a co-chair. I do not intend to re-paste sections of the minutes here where the reasons are detailed, but this action was not brought about by one blog post, or simply criticism of the RIPE NCC. > 2. I would echo Peter's concerns about this being brought up as AOB, > discussed (or rather, not discussed) in overtime with very few people in > the room, leading to the removal of a co-chair. A much wider consensus > should have been obtained - at least by discussion on this list if not > at the plenary. The timing was less than ideal, but again, I stand by what I said at the meeting. In addition, the room has far more than 'very few people' in it during these proceedings. Please note that nobody actually objected to the proposal, only the timing. > This was not consensus. WG participants (and I count several who are in > the anti abuse community, engage regularly with RIRs at other fora, but > don't typically have the budget to travel to RIPE) should have been > consulted before this. > > Yes, nobody else had much to say about this removal, so I'll take this > opportunity to comment. Remote participation was possible, with a live video feed. This comment, some two months after RIPE 61, is the first comment that has been made about this. And while I am not in any way ignoring it I don't think it's unfair to say that it suggests the WG were either in support or ambivalent towards what happened? > About Richard Cox's removal and about two other meta issues. > > First - the prevailing attitude I have seen from at least some > participants (this is not "us vs them" in terms of routing / dns people > vs abuse people .. you have colleagues in your own organizations who > will disagree with your views - especially Shane, I won't speak for Paul > Vixie but I am not at all sure he'd agree with you about your comment, > even after its rephrase). The AA-WG, like every WG, can only really work if participation comes from as many interested areas of the community as possible. Everyone has disagreements, as you say, but I never wish the impression to be given that people do not have a voice or are not wanted. As I said in Rome, I'm aware of the possible perception around what happened and I'm hoping the WG and I will be able to act to dispel them. > Second - the mantra, meme, fallacy etc of the "we are not the XYZ > police" that I keep hearing cited. It would be fun indeed if a bank > manager sanctioned a loan for say a quarter of a million dollars (lets > say comparable to an allocation for a /15) and then baldly state that > he's not the document police .. That presentation I saw discussed is > what I'd call partially shutting the barn door long after the horses, > plural, have bolted. Things are, truly, never as simple as they seem. There are many aspects to that particular line, and hoping that the community, along with the NCC, can and are working to improve the situation. > That damage's been done, a lot of IP space has been poisoned. It is > high time to realize that shooting the messenger is not the best way to > deal with such a situation. I will finish by restating that my reasons for this, and the reasons of those who discussed it with me, were not based on shooting the messenger, however it may look. I cannot, of course, empirically prove that, but I'm hoping that you may accept my word and that the actions of the WG both now and in the future will back that up. Brian. From ops.lists at gmail.com Tue Feb 1 14:50:35 2011 From: ops.lists at gmail.com (Suresh Ramasubramanian) Date: Tue, 1 Feb 2011 19:20:35 +0530 Subject: [anti-abuse-wg] Draft Anti-Abuse WG Minutes ? RIPE 61 In-Reply-To: <4D47F270.6010405@heanet.ie> References: <4D477222.8010900@hserus.net> <4D47F270.6010405@heanet.ie> Message-ID: Hi Brian Glad to continue this, and I respect your reasons that you state. But to be brief, Richard Cox has been a valued contributor at more than one anti abuse forum - and his comments were perhaps a sign of his frustration. As for his hiatus from the abuse WG - I do know he has had some health issues in the recent past, and so may not have been able to participate in the WG regularly. All the same, I would strongly repeat my request that the RIPE NCC as well as this WG work closely with anti abuse organizations including spamhaus (and of course MAAWG) to mitigate these problems. There's a maawg later this year (october 24-27) in Paris where I am sure a discussion of how to work together with the abuse teams at SPs to help mitigate the problem of scarce v4 resources being allocated to malicious actors (and perhaps a focus on what V6 netblocks are being acquired by them, and what to do about those). As for the internet police comment, it has a long and storied history - and the context in which it was made might not possibly be the same context in which we find ourselves. There is of course a balance to be struck between security and privacy, however we do have to consider, and guard against, the fact that the same measures that extend privacy to legitimate organizations will be abused by malicious actors. The problem is that all too often, I find it being treated as an article of faith. thanks [and sorry for the double post earlier] --srs On Tue, Feb 1, 2011 at 5:15 PM, Brian Nisbet wrote: > Suresh, > > Thanks for your comments, I've responded below. If you would like to discuss > this further, either on list or in private email, we can, of course, do so. > > "Suresh Ramasubramanian" wrote the following on 01/02/2011 02:38: >> >> I am rather late to this thread as it was just drawn to my attention >> elsewhere. >> >> 1. Richard Cox's concerns were entirely valid, and the abuse issues >> documented at http://www.spamhaus.org/Sbl/listings.lasso?isp=RIPE - >> mostly PI / PA blocks, several as large as /15, can't be wished away by >> removing critics of this WG from a co-chair post. > > The actions taken in Rome were in no way an attempt to wish away problems by > removing Richard from a co-chair post. Richard is still more than welcome to > participate in the RIPE community, just as he did before he was a co-chair. > I do not intend to re-paste sections of the minutes here where the reasons > are detailed, but this action was not brought about by one blog post, or > simply criticism of the RIPE NCC. > >> 2. I would echo Peter's concerns about this being brought up as AOB, >> discussed (or rather, not discussed) in overtime with very few people in >> the room, leading to the removal of a co-chair. ?A much wider consensus >> should have been obtained - at least by discussion on this list if not >> at the plenary. > > The timing was less than ideal, but again, I stand by what I said at the > meeting. In addition, the room has far more than 'very few people' in it > during these proceedings. Please note that nobody actually objected to the > proposal, only the timing. > >> This was not consensus. WG participants (and I count several who are in >> the anti abuse community, engage regularly with RIRs at other fora, but >> don't typically have the budget to travel to RIPE) should have been >> consulted before this. >> >> Yes, nobody else had much to say about this removal, so I'll take this >> opportunity to comment. > > Remote participation was possible, with a live video feed. This comment, > some two months after RIPE 61, is the first comment that has been made about > this. And while I am not in any way ignoring it I don't think it's unfair to > say that it suggests the WG were either in support or ambivalent towards > what happened? > >> About Richard Cox's removal and about two other meta issues. >> >> First - the prevailing attitude I have seen from at least some >> participants (this is not "us vs them" in terms of routing / dns people >> vs abuse people .. you have colleagues in your own organizations who >> will disagree with your views - especially Shane, I won't speak for Paul >> Vixie but I am not at all sure he'd agree with you about your comment, >> even after its rephrase). > > The AA-WG, like every WG, can only really work if participation comes from > as many interested areas of the community as possible. Everyone has > disagreements, as you say, but I never wish the impression to be given that > people do not have a voice or are not wanted. As I said in Rome, I'm aware > of the possible perception around what happened and I'm hoping the WG and I > will be able to act to dispel them. > >> Second - the mantra, meme, fallacy etc of the "we are not the XYZ >> police" that I keep hearing cited. ?It would be fun indeed if a bank >> manager sanctioned a loan for say a quarter of a million dollars (lets >> say comparable to an allocation for a /15) and then baldly state that >> he's not the document police .. That presentation I saw discussed is >> what I'd call partially shutting the barn door long after the horses, >> plural, have bolted. > > Things are, truly, never as simple as they seem. There are many aspects to > that particular line, and hoping that the community, along with the NCC, can > and are working to improve the situation. > >> That damage's been done, a lot of IP space has been poisoned. ?It is >> high time to realize that shooting the messenger is not the best way to >> deal with such a situation. > > I will finish by restating that my reasons for this, and the reasons of > those who discussed it with me, were not based on shooting the messenger, > however it may look. I cannot, of course, empirically prove that, but I'm > hoping that you may accept my word and that the actions of the WG both now > and in the future will back that up. > > Brian. > > -- Suresh Ramasubramanian (ops.lists at gmail.com) From balla at spin.it Tue Feb 1 15:33:29 2011 From: balla at spin.it (Emanuele Balla) Date: Tue, 01 Feb 2011 15:33:29 +0100 Subject: [anti-abuse-wg] Draft Anti-Abuse WG Minutes ? RIPE 61 In-Reply-To: <4D47F270.6010405@heanet.ie> References: <4D477222.8010900@hserus.net> <4D47F270.6010405@heanet.ie> Message-ID: <4D4819B9.8030305@spin.it> On 2/1/11 12:45 PM, Brian Nisbet wrote: > I will finish by restating that my reasons for this, and the reasons of > those who discussed it with me, were not based on shooting the > messenger, however it may look. I cannot, of course, empirically prove > that, but I'm hoping that you may accept my word and that the actions of > the WG both now and in the future will back that up. Hi Brian, a lot of people actually *do* things in the anti-abuse community, and Richard has been part of some of the most active and effective ones for years now. As well as Suresh, FWIW. In the meanwhile, almost all is being carried forth inside this same WG requires several months and rarely ends up in something useful to the community. Or -at least- this is my (strictly operational) perception: I might be proved wrong. All the criticism Richard raised about RIPE (both NCC *and* community, IMHO) behavior in rogue network assignments in http://www.spamhaus.org/news.lasso?article=663 could turn into an interesting discussion about what RIPE community could actually *do* in order to inhibit similar things to happen again. Instead, everything turned out in what we observe here. Unfortunate coincidence? Maybe. Or maybe not. Just let's look back at what happened here after something completely different like http://labs.ripe.net/Members/jsq/economic-incentives-for-internet-security was posted here. The discussion suddenly turned into how "Spam in general cannot be defined". A discussion the email industry had almost 10 years ago and moved forth. And about how "It doesn't make any sense in almost all cases". Proposals about how to add correctives to the paper? Zero. About how to use the idea in order to obtain better policies? Zero. I wonder if this is really the "Anti-Abuse Working Group" or turned into the "Anti-Anti-Abuse Working Group" instead. IMHO, the question is not whether "Richard?s comments unfairly damaged the reputation [...] the Anti-Abuse Working Group" -to quote an extract from your minutes from Rome meeting- but if this working group still has a reason to exist in its current shape and still has any reputation at all. I observe that a lot of work is being done on several aspects of spam and network abuse mitigation, in a lot of places. Only, it rarely happens here. We should all ask ourselves why, and -most important- how to change this. And possibly find the answers... -- # Emanuele Balla # # # System & Network Engineer # Cell: +39 348 7747907 # # Spin s.r.l. - AS6734 # Phone: +39 040 9869090 # # Trieste # Email: balla at staff.spin.it # From ops.lists at gmail.com Tue Feb 1 15:50:48 2011 From: ops.lists at gmail.com (Suresh Ramasubramanian) Date: Tue, 1 Feb 2011 20:20:48 +0530 Subject: [anti-abuse-wg] Draft Anti-Abuse WG Minutes ? RIPE 61 In-Reply-To: <4D4819B9.8030305@spin.it> References: <4D477222.8010900@hserus.net> <4D47F270.6010405@heanet.ie> <4D4819B9.8030305@spin.it> Message-ID: Emmanuelle, thank you for posting this. If this discussion you refer to did take place, I do agree that it is something the antispam community at large has moved on from over a decade back, and shifted its focus to operational mitigation - something that really should be relevant to this WG. I would urgently request that abuse-wg members please try to also involve their colleagues who work on abuse rather than routing / dns teams. The upcoming Paris maawg should provide ample opportunity for european SPs (several of whom are also maawg members) to attend and participate in these discussions from another perspective. thanks --srs On Tue, Feb 1, 2011 at 8:03 PM, Emanuele Balla wrote: > > > The discussion suddenly turned into how "Spam in general cannot be defined". > A discussion the email industry had almost 10 years ago and moved forth. > And about how "It doesn't make any sense in almost all cases". > > Proposals about how to add correctives to the paper? Zero. > About how to use the idea in order to obtain better policies? Zero. -- Suresh Ramasubramanian (ops.lists at gmail.com) From ops.lists at gmail.com Tue Feb 1 16:51:08 2011 From: ops.lists at gmail.com (Suresh Ramasubramanian) Date: Tue, 1 Feb 2011 21:21:08 +0530 Subject: [anti-abuse-wg] Draft Anti-Abuse WG Minutes - RIPE 61 In-Reply-To: <4D482B74.1040902@dcrocker.net> References: <4D482B74.1040902@dcrocker.net> Message-ID: I thought we were talking about IP allocation, detecting shell companies and fake paperwork here, dave. If there were registrar rather than RIR issues involved I'd probably phrase that differently On Tue, Feb 1, 2011 at 9:19 PM, Dave CROCKER wrote: > > The challenge in making comparative references like this is to make sure the > comparison has a reasonable basis. ?So, for example, banks are not expected > to give loans to everyone. They are in fact /required/ to discriminate. > ?(However even banks have limitations on the nature or extent of that > discrimination.) > > A core problem with calls for differential handling of "abusive" domain > registrations is that it opens the door to abuses by the authority. > -- Suresh Ramasubramanian (ops.lists at gmail.com) From ops.lists at gmail.com Tue Feb 1 17:16:59 2011 From: ops.lists at gmail.com (Suresh Ramasubramanian) Date: Tue, 1 Feb 2011 21:46:59 +0530 Subject: [anti-abuse-wg] Draft Anti-Abuse WG Minutes - RIPE 61 In-Reply-To: <4D482D73.80009@bbiw.net> References: <4D482B74.1040902@dcrocker.net> <4D482D73.80009@bbiw.net> Message-ID: On Tue, Feb 1, 2011 at 9:27 PM, Dave CROCKER wrote: > But note that Richard's note contained none of these particulars. I read it in the context of earlier articles he posted here and elsewhere such as on the spamhaus website. And also in the context of http://www.spamhaus.org/sbl/listings.lasso?isp=RIPE [and in advance to those that would like to point it out - yes please, I know ripe isnt an isp, and I guess so does richard] -- Suresh Ramasubramanian (ops.lists at gmail.com) From dhc at dcrocker.net Tue Feb 1 16:49:08 2011 From: dhc at dcrocker.net (Dave CROCKER) Date: Tue, 01 Feb 2011 07:49:08 -0800 Subject: [anti-abuse-wg] Draft Anti-Abuse WG Minutes - RIPE 61 In-Reply-To: References: Message-ID: <4D482B74.1040902@dcrocker.net> On 1/31/2011 6:51 PM, Suresh Ramasubramanian wrote: > Second - the mantra, meme, fallacy etc of the "we are not the XYZ > police" that I keep hearing cited. It would be fun indeed if a bank > manager sanctioned a loan for say a quarter of a million dollars (lets > say comparable to an allocation for a /15) and then baldly state that > he's not the document police .. That presentation about LIR > deregistration is what I'd call partially shutting the barn door long > after the horses, plural, have bolted. > > That damage's been done, a lot of IP space has been poisoned. It is > high time to realize that shooting the messenger is not the best way > to deal with such a situation. The challenge in making comparative references like this is to make sure the comparison has a reasonable basis. So, for example, banks are not expected to give loans to everyone. They are in fact /required/ to discriminate. (However even banks have limitations on the nature or extent of that discrimination.) A core problem with calls for differential handling of "abusive" domain registrations is that it opens the door to abuses by the authority. d/ -- Dave Crocker Brandenburg InternetWorking bbiw.net From dhc at dcrocker.net Tue Feb 1 17:49:53 2011 From: dhc at dcrocker.net (Dave CROCKER) Date: Tue, 01 Feb 2011 08:49:53 -0800 Subject: [anti-abuse-wg] Draft Anti-Abuse WG Minutes - RIPE 61 In-Reply-To: References: <4D482B74.1040902@dcrocker.net> Message-ID: <4D4839B1.8070806@dcrocker.net> On 2/1/2011 7:51 AM, Suresh Ramasubramanian wrote: > I thought we were talking about IP allocation, detecting shell > companies and fake paperwork here, dave. Fake paperwork is clearly unacceptable, of course. "Shell" companies get more subtle since there are benign scenarios that produce the same appearance. As for "IP allocation", that does not describe an abuse, nevermind make clear how it is obviously unacceptable without inviting its own abuse. But note that Richard's note contained none of these particulars. For discussions about policy changes by organizations with massive potential power, the calls for change need to be rather precise, IMO. The calls for change need to worry as much about the dangers of the change as they do about the need for it. d/ -- Dave Crocker Brandenburg InternetWorking bbiw.net From dhc at dcrocker.net Tue Feb 1 17:58:26 2011 From: dhc at dcrocker.net (Dave CROCKER) Date: Tue, 01 Feb 2011 08:58:26 -0800 Subject: [anti-abuse-wg] Draft Anti-Abuse WG Minutes - RIPE 61 In-Reply-To: References: <4D482B74.1040902@dcrocker.net> <4D482D73.80009@bbiw.net> Message-ID: <4D483BB2.8020503@dcrocker.net> On 2/1/2011 8:16 AM, Suresh Ramasubramanian wrote: > On Tue, Feb 1, 2011 at 9:27 PM, Dave CROCKER wrote: >> But note that Richard's note contained none of these particulars. > > I read it in the context of earlier articles he posted here and > elsewhere such as on the spamhaus website. If that larger context were part of the current, public exchange, that would make sense. But I haven't seen it and Richard did not provide it. > And also in the context of http://www.spamhaus.org/sbl/listings.lasso?isp=RIPE That citation is an example of the problem, IMO. An audit like that list can be useful for particular discussion, but as a standalone citation as it has been getting used, it's merely inflammatory. All it does is say that there is a problem and it creates an association of that problem with RIPE, implying that the responsibility is RIPE's. Whether that implication is valid is a core, controversial point. (The cliche, here, is that correlation is not the same as causation.) Example: Make a list of the communication services used by drug cartels. Publish it. Clearly that means we need to have communication services enforce rules against drug cartels. For extra credit, explain how the rules will only be used legally against drug cartels and not also bleed over to other, legitimate groups, such as an active group of old ladies who regularly plan getting together to play Mah Jong. Discussions concerning registration institutions tend to treat this topic simplistically. Richard's note did not even go into enough detail to be guilty of this. Worse, it didn't even cite the larger context of discussion and issues. It merely made a public, flat condemnation. I don't see how that's productive. d/ -- Dave Crocker Brandenburg InternetWorking bbiw.net From sander at steffann.nl Tue Feb 1 18:02:02 2011 From: sander at steffann.nl (Sander Steffann) Date: Tue, 1 Feb 2011 18:02:02 +0100 (CET) Subject: [anti-abuse-wg] Draft Anti-Abuse WG Minutes - RIPE 61 In-Reply-To: <4D4839B1.8070806@dcrocker.net> References: <4D482B74.1040902@dcrocker.net> <4D4839B1.8070806@dcrocker.net> Message-ID: <50626.62.163.206.215.1296579722.squirrel@webmail.sintact.nl> Hi, > For discussions about policy changes by organizations with massive > potential power, the calls for change need to be rather precise, IMO. > The calls for change need to worry as much about the dangers of the > change as they do about the need for it. Exactly. I am sure that any RIPE working group would accept a policy proposal that defines a policy to prevent abuse while taking these dangers into account. Many people have asked for policy to prevent abuse, but none have come up with a workable proposal. I wish there was an easy solution for this... Sander From brian.nisbet at heanet.ie Tue Feb 1 18:24:30 2011 From: brian.nisbet at heanet.ie (Brian Nisbet) Date: Tue, 01 Feb 2011 17:24:30 +0000 Subject: [anti-abuse-wg] Draft Anti-Abuse WG Minutes ? RIPE 61 In-Reply-To: References: <4D477222.8010900@hserus.net> <4D47F270.6010405@heanet.ie> Message-ID: <4D4841CE.2070109@heanet.ie> Suresh, I might be a little less brief than you, apologies. Again, I don't wish to rehash the discussion in the minutes (along with video and stenography if anyone would like to watch the full 30 minutes), but it was my impression, and the impression of the other WG chairs, the Chair of RIPE and the Chair of the NCC Executive Board that we had made multiple attempts to engage with Richard about these issues. The standard response to someone in the RIPE community saying "This thing should be changed," is to ask how they would like it to be changed. This is the start of the policy development process. Each time Richard said something should be changed he was asked that question and the process was explained, at no point was a policy presented. So, over time, Richard appeared to be getting more frustrated, while many people felt they were offering him at least a path to resolve those frustrations, but nothing ever happened. I'm not saying a policy proposal would have been a silver bullet, but it is, at least, a start, and something to hang a conversation off. And while this was going on comments from himself and others inside the CyberCrime Working Party, along with internal RIPE NCC discussions and other catalysts were having a direct effect, leading to the RIPE NCC closure and deregistration procedure as presented at RIPE 61 in Rome (see http://www.ripe.net/legal/Closure-of-LIR-and-deregistration-of-INRs_final-draft.pdf). I should also say that Richard's occasional absenses from RIPE meetings due to his health was not a factor in the decision, despite being raised from the floor. The RIPE NCC, along with the RIPE community, has been taking steps to work more closely with the organisations like MAAWG and the NCC presented at the Barcelona meeting. That cooperation will continue. The Paris meeting is directly before the RIPE 63 meeting in Vienna, so I'm not sure who will be able to attend, but such events are more clearly on the radar at this point. As a final note on the notion of Internet Police and other such terms, it is a cloudy and much bandied phrase, but there is an important point to make. The RIPE NCC service region, and the region from which most of the community originates, comprises of some 78 countries with widely varying laws and cultures. It is an extremely interesting region in which to work and while I would not for one moment suggest that we can do nothing, not even close, it is a very important point to remember in any anti-abuse conversation. Brian. "Suresh Ramasubramanian" wrote the following on 01/02/2011 13:50: > Hi Brian > > Glad to continue this, and I respect your reasons that you state. > > But to be brief, Richard Cox has been a valued contributor at more > than one anti abuse forum - and his comments were perhaps a sign of > his frustration. > > As for his hiatus from the abuse WG - I do know he has had some health > issues in the recent past, and so may not have been able to > participate in the WG regularly. > > All the same, I would strongly repeat my request that the RIPE NCC as > well as this WG work closely with anti abuse organizations including > spamhaus (and of course MAAWG) to mitigate these problems. There's a > maawg later this year (october 24-27) in Paris where I am sure a > discussion of how to work together with the abuse teams at SPs to help > mitigate the problem of scarce v4 resources being allocated to > malicious actors (and perhaps a focus on what V6 netblocks are being > acquired by them, and what to do about those). > > As for the internet police comment, it has a long and storied history > - and the context in which it was made might not possibly be the same > context in which we find ourselves. There is of course a balance to > be struck between security and privacy, however we do have to > consider, and guard against, the fact that the same measures that > extend privacy to legitimate organizations will be abused by malicious > actors. The problem is that all too often, I find it being treated as > an article of faith. > > thanks [and sorry for the double post earlier] > > --srs > > On Tue, Feb 1, 2011 at 5:15 PM, Brian Nisbet wrote: >> Suresh, >> >> Thanks for your comments, I've responded below. If you would like to discuss >> this further, either on list or in private email, we can, of course, do so. >> >> "Suresh Ramasubramanian" wrote the following on 01/02/2011 02:38: >>> >>> I am rather late to this thread as it was just drawn to my attention >>> elsewhere. >>> >>> 1. Richard Cox's concerns were entirely valid, and the abuse issues >>> documented at http://www.spamhaus.org/Sbl/listings.lasso?isp=RIPE - >>> mostly PI / PA blocks, several as large as /15, can't be wished away by >>> removing critics of this WG from a co-chair post. >> >> The actions taken in Rome were in no way an attempt to wish away problems by >> removing Richard from a co-chair post. Richard is still more than welcome to >> participate in the RIPE community, just as he did before he was a co-chair. >> I do not intend to re-paste sections of the minutes here where the reasons >> are detailed, but this action was not brought about by one blog post, or >> simply criticism of the RIPE NCC. >> >>> 2. I would echo Peter's concerns about this being brought up as AOB, >>> discussed (or rather, not discussed) in overtime with very few people in >>> the room, leading to the removal of a co-chair. A much wider consensus >>> should have been obtained - at least by discussion on this list if not >>> at the plenary. >> >> The timing was less than ideal, but again, I stand by what I said at the >> meeting. In addition, the room has far more than 'very few people' in it >> during these proceedings. Please note that nobody actually objected to the >> proposal, only the timing. >> >>> This was not consensus. WG participants (and I count several who are in >>> the anti abuse community, engage regularly with RIRs at other fora, but >>> don't typically have the budget to travel to RIPE) should have been >>> consulted before this. >>> >>> Yes, nobody else had much to say about this removal, so I'll take this >>> opportunity to comment. >> >> Remote participation was possible, with a live video feed. This comment, >> some two months after RIPE 61, is the first comment that has been made about >> this. And while I am not in any way ignoring it I don't think it's unfair to >> say that it suggests the WG were either in support or ambivalent towards >> what happened? >> >>> About Richard Cox's removal and about two other meta issues. >>> >>> First - the prevailing attitude I have seen from at least some >>> participants (this is not "us vs them" in terms of routing / dns people >>> vs abuse people .. you have colleagues in your own organizations who >>> will disagree with your views - especially Shane, I won't speak for Paul >>> Vixie but I am not at all sure he'd agree with you about your comment, >>> even after its rephrase). >> >> The AA-WG, like every WG, can only really work if participation comes from >> as many interested areas of the community as possible. Everyone has >> disagreements, as you say, but I never wish the impression to be given that >> people do not have a voice or are not wanted. As I said in Rome, I'm aware >> of the possible perception around what happened and I'm hoping the WG and I >> will be able to act to dispel them. >> >>> Second - the mantra, meme, fallacy etc of the "we are not the XYZ >>> police" that I keep hearing cited. It would be fun indeed if a bank >>> manager sanctioned a loan for say a quarter of a million dollars (lets >>> say comparable to an allocation for a /15) and then baldly state that >>> he's not the document police .. That presentation I saw discussed is >>> what I'd call partially shutting the barn door long after the horses, >>> plural, have bolted. >> >> Things are, truly, never as simple as they seem. There are many aspects to >> that particular line, and hoping that the community, along with the NCC, can >> and are working to improve the situation. >> >>> That damage's been done, a lot of IP space has been poisoned. It is >>> high time to realize that shooting the messenger is not the best way to >>> deal with such a situation. >> >> I will finish by restating that my reasons for this, and the reasons of >> those who discussed it with me, were not based on shooting the messenger, >> however it may look. I cannot, of course, empirically prove that, but I'm >> hoping that you may accept my word and that the actions of the WG both now >> and in the future will back that up. >> >> Brian. >> >> > > > From shane at time-travellers.org Tue Feb 1 20:40:02 2011 From: shane at time-travellers.org (Shane Kerr) Date: Tue, 01 Feb 2011 20:40:02 +0100 Subject: [anti-abuse-wg] Interaction between the RIPE and anti-abuse communities, was Draft Anti-Abuse WG Minutes ? RIPE 61 In-Reply-To: References: <4D477222.8010900@hserus.net> <4D47F270.6010405@heanet.ie> Message-ID: <1296589202.20168.44.camel@shane-desktop> Suresh, On Tue, 2011-02-01 at 19:20 +0530, Suresh Ramasubramanian wrote: > All the same, I would strongly repeat my request that the RIPE NCC as > well as this WG work closely with anti abuse organizations including > spamhaus (and of course MAAWG) to mitigate these problems. There's a > maawg later this year (october 24-27) in Paris where I am sure a > discussion of how to work together with the abuse teams at SPs to help > mitigate the problem of scarce v4 resources being allocated to > malicious actors (and perhaps a focus on what V6 netblocks are being > acquired by them, and what to do about those). My own take on the interaction between the anti-abuse communities and the rest of the networking community in general goes something like this: It is in the best interests of ISPs and other network operators to keep network abuse to a minimum. However, they also have other priorities other than simply handling abuse - hopefully these priorities align very closely with their users. The anti-spam community is by necessity narrowly focused on a small subset of issues. For them, all of the other things that ISPs bring up when talking about dealing with abuse seem like hand-waving, avoiding responsibility, and otherwise trying to avoid doing the Right Thing. I encourage ANYONE with interest in the Internet to participate in the RIPE community and also to attend RIPE meetings, I do not think that this will actually resolve the problems of tensions between communities. The people involved want different things. (Plus it's hard to normalize relations when Spamhaus representatives basically accuse the entire RIPE community of being irresponsible.) One possible source of additional upset is that people confuse the RIPE NCC and RIPE. They go to the RIPE NCC, and the RIPE NCC says "we do not make policy", and they think that they are just saying "nothing to be done, sorry!" There *is* something to be done - engage the RIPE community. This is where policies are made. Ultimately this means putting specific policy proposals forward to the working groups, but it is probably best to start by chatting with people about ideas on list or off. Stating a problem often gets better results than proposing a solution. -- Shane From ops.lists at gmail.com Wed Feb 2 02:51:36 2011 From: ops.lists at gmail.com (Suresh Ramasubramanian) Date: Wed, 2 Feb 2011 07:21:36 +0530 Subject: [anti-abuse-wg] Re: Interaction between the RIPE and anti-abuse communities, was Draft Anti-Abuse WG Minutes ? RIPE 61 In-Reply-To: <1296589202.20168.44.camel@shane-desktop> References: <4D477222.8010900@hserus.net> <4D47F270.6010405@heanet.ie> <1296589202.20168.44.camel@shane-desktop> Message-ID: On Wed, Feb 2, 2011 at 1:10 AM, Shane Kerr wrote: > The anti-spam community is by necessity narrowly focused on a small > subset of issues. For them, all of the other things that ISPs bring up > when talking about dealing with abuse seem like hand-waving, avoiding > responsibility, and otherwise trying to avoid doing the Right Thing. Shane, the antispam community at MAAWG is the abuse and security teams at ISPs and big operators of email (webmail services). The same organizations that send their network and DNS people to ARIN, RIPE and APRICOT. The focus on operational issues is just the same. I would ask that you not point to, say, news.admin.net-abuse.email and let your comments be colored by that. The antispam community has evolved rather a lot from a decade back. > The people involved want different things. (Plus it's hard to normalize > relations when Spamhaus representatives basically accuse the entire RIPE > community of being irresponsible.) They are highlighting a long standing issue with multiple PI / PA netblocks being used for abuse (malware propagation etc, not just spam), assigned to organizations that they see as fronts for online crime rather than legitimate entities. They appear to feel - and probably with some reason - that neither RIPE NCC nor the RIPE community has been sufficiently responsive to these concerns. > One possible source of additional upset is that people confuse the RIPE > NCC and RIPE. They go to the RIPE NCC, and the RIPE NCC says "we do not > make policy", and they think that they are just saying "nothing to be > done, sorry!" That won't fly unfortunately. The difference between the regional RIR and the internet community in the region is obvious - and here, what blame needs to be shared around is entirely collective. RIPE NCC should have, long ago, worked to crack down on gross abuse and gaming of the IP allocation process. To be fair, they are taking several steps in this direction. The RIPE community should, as a whole, be more operationally focused on this loss of a scarce shared resource by allocating large parts of it to entities that use these for a very short time before blocklisting, ISP nullroutes etc kick in, and then abandon them to be recovered by the RIR and potentially reallocated. Yes, the IP space involved may be collectively less than a /8, small potatoes at an RIR level, but still non trivial amounts of IP space. > There *is* something to be done - engage the RIPE community. This is > where policies are made. Ultimately this means putting specific policy > proposals forward to the working groups, but it is probably best to > start by chatting with people about ideas on list or off. Stating a By the same token, I'd encourage the community here to actively reach out. A substantial amount of antispam and security operational work goes on in other forums (some open like maawg, some closed and vetted etc). However this operational work tends to run into a brick wall where issues such as serial IP allocations to malicious entities goes on relatively unchecked, and outreach efforts / policy proposals submitted so far haven't received an adequate level of understanding and response. Specific policy proposals have been made in the past by others focused on this issue. Tobias Knecht, Uwe Rasmussen of Microsoft are two that I can think of. --srs -- Suresh Ramasubramanian (ops.lists at gmail.com) From ops.lists at gmail.com Wed Feb 2 02:56:58 2011 From: ops.lists at gmail.com (Suresh Ramasubramanian) Date: Wed, 2 Feb 2011 07:26:58 +0530 Subject: [anti-abuse-wg] Draft Anti-Abuse WG Minutes - RIPE 61 In-Reply-To: <50626.62.163.206.215.1296579722.squirrel@webmail.sintact.nl> References: <4D482B74.1040902@dcrocker.net> <4D4839B1.8070806@dcrocker.net> <50626.62.163.206.215.1296579722.squirrel@webmail.sintact.nl> Message-ID: On Tue, Feb 1, 2011 at 10:32 PM, Sander Steffann wrote: > Exactly. I am sure that any RIPE working group would accept a policy > proposal that defines a policy to prevent abuse while taking these dangers > into account. Many people have asked for policy to prevent abuse, but none > have come up with a workable proposal. this is what I'm waiting for, among others http://ripe.net/ripe/wg/ncc-services/r59-minutes.html And nick hilliard's comment below was what I was remembering when I talked about the "internet police" meme. --srs ----------------------- H. Recovering resources assigned to non-existing entities http://www.ripe.net/ripe/meetings/ripe-59/presentations/rasmussen-recovering-resources.pdf Uwe Manuel Rasmussen, Microsoft Ruediger pointed out the importance of distinguishing between actual criminal activity on the net and the ways to fight this from the administrative procedures. It is not related to the RIPE administration processes. Uwe agreed with this, but mentioned that this didn't lead to the entity with the real responsibility. Ruediger stated again that the registration is not the point, and that you must get to the "box" and that this may be a botnet. The administrative data in the RIPE Database is irrelevant to this. Uwe stated that there should be a check that organisations requesting resources actually exist before assigning to them. Nick Hilliard (INEX) pointed out that this check is already done by the RIPE NCC. However, there is little the RIPE NCC can do if documents are fake. The RIPE NCC is not the routing police. Uwe agreed but would still like a way to be able to challenge an assignment. Carsten Schiefner (DENIC) commented that there is a similarity with TLDs. There is still no solution to guarantee WHOIS accuracy. Uwe explained that he was not looking for WHOIS accuracy, but for a solution to remove the people that don't exist. John Curran (ARIN) explained how this is done in the ARIN region. He said that ARIN does verification, but when a fraud is uncovered, ARIN does act to revoke resources. This is not related directly to the criminal activities, but due to a violation of the policy. Uwe agreed that it is not the RIPE NCC's job to determine what is legal or not, but pointed out that allowing somebody that obtained resources to use these resources for illegal purposes leaves him outside the law. He said that he will present propositions to the mailing list to reformulate the text in RIPE Document ripe-452 to revoke resources if an organisation if found not to actually exist. -- Suresh Ramasubramanian (ops.lists at gmail.com) From ops.lists at gmail.com Wed Feb 2 03:08:23 2011 From: ops.lists at gmail.com (Suresh Ramasubramanian) Date: Wed, 2 Feb 2011 07:38:23 +0530 Subject: [anti-abuse-wg] Draft Anti-Abuse WG Minutes ? RIPE 61 In-Reply-To: <4D4841CE.2070109@heanet.ie> References: <4D477222.8010900@hserus.net> <4D47F270.6010405@heanet.ie> <4D4841CE.2070109@heanet.ie> Message-ID: On Tue, Feb 1, 2011 at 10:54 PM, Brian Nisbet wrote: > The RIPE NCC service region, and the region from which most of the community > originates, comprises of some 78 countries with widely varying laws and > cultures. ?It is an extremely interesting region in which to work and while > I would not for one moment suggest that we can do nothing, not even close, > it is a very important point to remember in any anti-abuse conversation. This is a valid point and that's why I'm glad to see Wout de Natris, Uwe Rasmussen and others who do have a background in international regulatory policy and law enforcement involved in this and related RIPE WGs. My only point is that far more could be done - and this should have been done far earlier to avoid the tensions generated so far, with active and informed people from other groups with the same focus having to vent their frustration in this manner. Richard, and before that Andy Auld of SOCA, who I admit could have made his point more diplomatically. Auld said - > ""If we were being harsh, we could say that Ripe has received criminal > funds and was involved in money-laundering offences. We are not treating > it that way, but you could see it like that." Correct in that the the front organization was the RBN, and that the funds were criminal. Also correct that RIPE the RIR did not know either of these facts and had clean hands. And correct that in a different situation than this, the organization receiving the funds would be liable to prosecution. I still can't help wondering what effect believing a bit less in the "we are not the (routing|internet|document) police" mantra would have had on policy enforcement. -- Suresh Ramasubramanian (ops.lists at gmail.com) From dcrocker at bbiw.net Tue Feb 1 16:57:39 2011 From: dcrocker at bbiw.net (Dave CROCKER) Date: Tue, 01 Feb 2011 07:57:39 -0800 Subject: [anti-abuse-wg] Draft Anti-Abuse WG Minutes - RIPE 61 In-Reply-To: References: <4D482B74.1040902@dcrocker.net> Message-ID: <4D482D73.80009@bbiw.net> On 2/1/2011 7:51 AM, Suresh Ramasubramanian wrote: > I thought we were talking about IP allocation, detecting shell > companies and fake paperwork here, dave. Fake paperwork is clearly unacceptable, of course. "Shell" companies get more subtle since there are benign scenarios that produce the same appearance. As for "IP allocation", that does not describe an abuse, nevermind make clear how it is obviously unacceptable without inviting its own abuse. But note that Richard's note contained none of these particulars. For discussions about policy changes by organizations with massive potential power, the calls for change need to be rather precise, IMO. The calls for change need to worry as much about the dangers of the change as they do about the need for it. d/ -- Dave Crocker Brandenburg InternetWorking bbiw.net From kauto.huopio at ficora.fi Wed Feb 2 11:25:16 2011 From: kauto.huopio at ficora.fi (Kauto Huopio) Date: Wed, 02 Feb 2011 12:25:16 +0200 Subject: [anti-abuse-wg] Re: Interaction between the RIPE and anti-abuse communities In-Reply-To: References: <4D477222.8010900@hserus.net> <4D47F270.6010405@heanet.ie> <1296589202.20168.44.camel@shane-desktop> Message-ID: <4D49310C.3000404@ficora.fi> Greetings all, I am a relative newcomer within RIPE community - but been working for some 10 years with CERT-FI, the national CERT team in Finland. During this period I have got a feeling (no statistics - yet) that the majority of cases where the validity of ipv4 / AS resource registration details can be questioned are within RIPE service area. APNIC, AFRINIC, LACNIC, ARIN -provided resources with this suspicion are quite rare on my radar. I have a couple of questions on my mind: 1) What is the current procedure to initiate an investigation with RIPE NCC on resource registration data consistency? 2) Are there any spesific requirements to be filled to trigger investiation procedures - what proof of suspicious registration data is needed? 3) Where I can find the current RIPE policies applied on this type of investigation request? 4) What kind of reply time one could expect from RIPE NCC for this type of request? 5) What methods I could use to extract -sponsoring LIR data of a inetnum / autnum object -all inetnum/autnum objects delegated by a spesified LIR from RIPE NCC WHOIS database? (personally I think there is no need to hide this information - all customer networks of an ISP can be easily extracted from BGP routing data, business protection needs IMHO do not warrant blocking this information) I have a couple of examples that could perhaps warrant a concentrated look. First is a recent and public one, documented here: http://www.abuse.ch/?p=3130 Could regisgtry consistency procedures be initiated on the suspicious resources mentioned in the blog post? A second case I would like to work with appropriate RIPE NCC staff directly. --Kauto -- Kauto Huopio - kauto.huopio at ficora.fi Senior information security adviser Finnish Communications Regulatory Authority / CERT-FI tel. +358-9-6966772, fax +358-9-6966515, mobile +358-50-5826131 CERT-FI watch desk daytime: +358-9-6966510 / http://www.cert.fi From fweimer at bfk.de Wed Feb 2 11:57:51 2011 From: fweimer at bfk.de (Florian Weimer) Date: Wed, 02 Feb 2011 10:57:51 +0000 Subject: [anti-abuse-wg] Draft Anti-Abuse WG Minutes ? RIPE 61 In-Reply-To: <4D47F270.6010405@heanet.ie> (Brian Nisbet's message of "Tue\, 01 Feb 2011 11\:45\:52 +0000") References: <4D477222.8010900@hserus.net> <4D47F270.6010405@heanet.ie> Message-ID: <82tygmya8g.fsf@mid.bfk.de> * Brian Nisbet: > Remote participation was possible, with a live video feed. This > comment, some two months after RIPE 61, is the first comment that has > been made about this. And while I am not in any way ignoring it I > don't think it's unfair to say that it suggests the WG were either in > support or ambivalent towards what happened? It was quite different to figure out, based on the transcript, what was going on. It would have been nice to announce the intention of removing the WG chair beforehand, on the mailing list. I think the whole thing is quite odd and unnecessary, but it's happened. The main lesson to me seems that RIPE needs a clear procedure for removing WG chairs before their term ends. Beyond that, it's probably time to move on. That being said, so far, I've refrained from commenting on the WG session because I wanted to give the task force a chance to produce results. What's the status with that? Will the task force conduct its business mostly on a public mailing list, or behind closed doors? -- Florian Weimer BFK edv-consulting GmbH http://www.bfk.de/ Kriegsstra?e 100 tel: +49-721-96201-1 D-76133 Karlsruhe fax: +49-721-96201-99 From fweimer at bfk.de Wed Feb 2 11:56:20 2011 From: fweimer at bfk.de (Florian Weimer) Date: Wed, 02 Feb 2011 10:56:20 +0000 Subject: [anti-abuse-wg] Draft Anti-Abuse WG Minutes - RIPE 61 In-Reply-To: (Suresh Ramasubramanian's message of "Tue\, 1 Feb 2011 21\:21\:08 +0530") References: <4D482B74.1040902@dcrocker.net> Message-ID: <82vd12yaaz.fsf@mid.bfk.de> * Suresh Ramasubramanian: > I thought we were talking about IP allocation, detecting shell > companies and fake paperwork here, dave. LLCs are so cheap to create in parts of the RIPE region that it's not worth bothering with forgeries. RIPE cannot discriminate against newcomers too much, that would be the end of self-regulation. (The current charging scheme, grossly favoring owners of older resources, is already quite problematic.) RIPE has to hand out the initial package of resources to any new LIR. Of course, the LIR might not exist past the first year, but that's plenty of time to recoup the (rather small) investment. Based on that, I think that any form of remediation has to come after the allocation, and RIPE NCC has to gather and evaluate intelligence on its own because trusting external sources opens the door to abuse. (There is precedent for that because some TLDs/registry providers do something like this.) Therefore, I think Kauto's questions about RIPE NCC processes in this area are very relevant. -- Florian Weimer BFK edv-consulting GmbH http://www.bfk.de/ Kriegsstra?e 100 tel: +49-721-96201-1 D-76133 Karlsruhe fax: +49-721-96201-99 From ops.lists at gmail.com Wed Feb 2 12:01:00 2011 From: ops.lists at gmail.com (Suresh Ramasubramanian) Date: Wed, 2 Feb 2011 16:31:00 +0530 Subject: [anti-abuse-wg] Draft Anti-Abuse WG Minutes - RIPE 61 In-Reply-To: <82vd12yaaz.fsf@mid.bfk.de> References: <4D482B74.1040902@dcrocker.net> <82vd12yaaz.fsf@mid.bfk.de> Message-ID: On Wed, Feb 2, 2011 at 4:26 PM, Florian Weimer wrote: > Therefore, I think Kauto's questions about RIPE > NCC processes in this area are very relevant. +1 -- Suresh Ramasubramanian (ops.lists at gmail.com) From kzorba at otenet.gr Wed Feb 2 13:23:33 2011 From: kzorba at otenet.gr (Kostas Zorbadelos) Date: Wed, 2 Feb 2011 14:23:33 +0200 Subject: [anti-abuse-wg] Draft Anti-Abuse WG Minutes ? RIPE 61 In-Reply-To: <4D4819B9.8030305@spin.it> References: <4D477222.8010900@hserus.net> <4D47F270.6010405@heanet.ie> <4D4819B9.8030305@spin.it> Message-ID: <201102021423.33626.kzorba@otenet.gr> On Tuesday, February 01, 2011 04:33:29 pm Emanuele Balla wrote: > I wonder if this is really the "Anti-Abuse Working Group" or turned into > the "Anti-Anti-Abuse Working Group" instead. > > > IMHO, the question is not whether "Richard?s comments unfairly damaged > the reputation [...] the Anti-Abuse Working Group" -to quote an extract > from your minutes from Rome meeting- but if this working group still has > a reason to exist in its current shape and still has any reputation at all. > > > I observe that a lot of work is being done on several aspects of spam > and network abuse mitigation, in a lot of places. > > Only, it rarely happens here. > > > We should all ask ourselves why, and -most important- how to change > this. And possibly find the answers... I really wish to thank the author of these comments. To be honest, I wanted to raise these concerns at the RIPE 61 Meeting, as I was a participant, but the issues with Richard made the timing inappropriate. I am a relative newcomer both to the RIPE community and the AAWG (RIPE 59 was my first meeting). I got interested in this WG as an operator of Internet Services, mainly mail services. During this time I found very little useful stuff in this group from a technical operator's point of view. I must say Tobias' proposals were the most useful actual work that I saw here and remains to be seen what will eventually happen with them. Having said this, I think there is a lot of room for improvement and it is never late to produce useful work, collaborating also with other relevant Groups. But, in my opinion this Group has to either reform and reorganize itself or stop to exist with its current form. Regards, Kostas Zorbadelos From gert at space.net Wed Feb 2 13:23:41 2011 From: gert at space.net (Gert Doering) Date: Wed, 2 Feb 2011 13:23:41 +0100 Subject: [anti-abuse-wg] Re: Interaction between the RIPE and anti-abuse communities, was Draft Anti-Abuse WG Minutes ? RIPE 61 In-Reply-To: References: <4D477222.8010900@hserus.net> <4D47F270.6010405@heanet.ie> <1296589202.20168.44.camel@shane-desktop> Message-ID: <20110202122341.GO47277@Space.Net> Hi, On Wed, Feb 02, 2011 at 07:21:36AM +0530, Suresh Ramasubramanian wrote: > The RIPE community should, as a whole, be more operationally focused > on this loss of a scarce shared resource by allocating large parts of > it to entities that use these for a very short time before Since IPv4 is going to run out anyway, what difference does "extend lots of effort to gain a few month" make here? I can see and share the desire to stop criminals using network resources, but the argument about "the big problem is waste of scarce resources" just doesn't fly with me - as it will not make a big difference one way or the other. Gert Doering - speaking as someone who is happy when people finally stop clinging to IPv4 and accept that it's done with -- did you enable IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (89) 32356-444 USt-IdNr.: DE813185279 From ops.lists at gmail.com Wed Feb 2 13:29:29 2011 From: ops.lists at gmail.com (Suresh Ramasubramanian) Date: Wed, 2 Feb 2011 17:59:29 +0530 Subject: [anti-abuse-wg] Re: Interaction between the RIPE and anti-abuse communities, was Draft Anti-Abuse WG Minutes ? RIPE 61 In-Reply-To: <20110202122341.GO47277@Space.Net> References: <4D477222.8010900@hserus.net> <4D47F270.6010405@heanet.ie> <1296589202.20168.44.camel@shane-desktop> <20110202122341.GO47277@Space.Net> Message-ID: 1. As a post mortem 2. To possibly stop those same entities from acquiring v6 blocks? On Wed, Feb 2, 2011 at 5:53 PM, Gert Doering wrote: > > Since IPv4 is going to run out anyway, what difference does "extend lots > of effort to gain a few month" make here? > > I can see and share the desire to stop criminals using network resources, > but the argument about "the big problem is waste of scarce resources" > just doesn't fly with me - as it will not make a big difference one > way or the other. -- Suresh Ramasubramanian (ops.lists at gmail.com) From vesely at tana.it Wed Feb 2 14:01:29 2011 From: vesely at tana.it (Alessandro Vesely) Date: Wed, 02 Feb 2011 14:01:29 +0100 Subject: [anti-abuse-wg] Re: Interaction between the RIPE and anti-abuse communities, was Draft Anti-Abuse WG Minutes ? RIPE 61 In-Reply-To: <20110202122341.GO47277@Space.Net> References: <4D477222.8010900@hserus.net> <4D47F270.6010405@heanet.ie> <1296589202.20168.44.camel@shane-desktop> <20110202122341.GO47277@Space.Net> Message-ID: <4D4955A9.6040001@tana.it> On 02/Feb/11 13:23, Gert Doering wrote: > On Wed, Feb 02, 2011 at 07:21:36AM +0530, Suresh Ramasubramanian wrote: >> The RIPE community should, as a whole, be more operationally focused >> on this loss of a scarce shared resource by allocating large parts of >> it to entities that use these for a very short time before > > Since IPv4 is going to run out anyway, what difference does "extend lots > of effort to gain a few month" make here? IPv4 will run out when we'll either be able to vet peers without using IP addresses, or have found how to effectively run IPv6 DNSBLs. > I can see and share the desire to stop criminals using network resources, > but the argument about "the big problem is waste of scarce resources" > just doesn't fly with me - as it will not make a big difference one > way or the other. Scarceness makes a resource more precious. For example, comparing a /15 allocation to 250K$ implies a US monetary supply of 8G$. Using figures in http://en.wikipedia.org/wiki/Money_supply#United_States (8000G$) I'd guess Suresh meant a quarter of a *billion* dollars. From ops.lists at gmail.com Wed Feb 2 14:06:22 2011 From: ops.lists at gmail.com (Suresh Ramasubramanian) Date: Wed, 2 Feb 2011 18:36:22 +0530 Subject: [anti-abuse-wg] Re: Interaction between the RIPE and anti-abuse communities, was Draft Anti-Abuse WG Minutes ? RIPE 61 In-Reply-To: <4D4955A9.6040001@tana.it> References: <4D477222.8010900@hserus.net> <4D47F270.6010405@heanet.ie> <1296589202.20168.44.camel@shane-desktop> <20110202122341.GO47277@Space.Net> <4D4955A9.6040001@tana.it> Message-ID: On Wed, Feb 2, 2011 at 6:31 PM, Alessandro Vesely wrote: > Scarceness makes a resource more precious. ?For example, comparing a > /15 allocation to 250K$ implies a US monetary supply of 8G$. ?Using > figures in http://en.wikipedia.org/wiki/Money_supply#United_States > (8000G$) I'd guess Suresh meant a quarter of a *billion* dollars. Thank you, I was never too good at math. But the document police had better be very much active for a loan that size :) -- Suresh Ramasubramanian (ops.lists at gmail.com) From gert at space.net Wed Feb 2 14:07:57 2011 From: gert at space.net (Gert Doering) Date: Wed, 2 Feb 2011 14:07:57 +0100 Subject: [anti-abuse-wg] Re: Interaction between the RIPE and anti-abuse communities, was Draft Anti-Abuse WG Minutes ? RIPE 61 In-Reply-To: References: <4D477222.8010900@hserus.net> <4D47F270.6010405@heanet.ie> <1296589202.20168.44.camel@shane-desktop> <20110202122341.GO47277@Space.Net> Message-ID: <20110202130757.GP47277@Space.Net> Hi, On Wed, Feb 02, 2011 at 05:59:29PM +0530, Suresh Ramasubramanian wrote: > 1. As a post mortem So how much effort do we want to make (read: should the LIRs pay) on a dead horse? > 2. To possibly stop those same entities from acquiring v6 blocks? If these entities are legitimate businesses according to their national law, if the RIPE NCC will *not* give them addresses, we're going to have large problems (anti-monopoly laws, etc.). The situation is quite clear if a LEA shows up and states "these are criminals", and the RIPE policy takes that into account (withdraw addresses). Now, how do you know upfront that a new business is criminal, as defined by applicable law? "Is run by a well-known spammer" might be clear to you and me, but is it clear enough from a *legal* perspective? Gert Doering -- did you enable IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (89) 32356-444 USt-IdNr.: DE813185279 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 306 bytes Desc: not available URL: From ops.lists at gmail.com Wed Feb 2 14:14:17 2011 From: ops.lists at gmail.com (Suresh Ramasubramanian) Date: Wed, 2 Feb 2011 18:44:17 +0530 Subject: [anti-abuse-wg] Re: Interaction between the RIPE and anti-abuse communities, was Draft Anti-Abuse WG Minutes ? RIPE 61 In-Reply-To: <20110202130757.GP47277@Space.Net> References: <4D477222.8010900@hserus.net> <4D47F270.6010405@heanet.ie> <1296589202.20168.44.camel@shane-desktop> <20110202122341.GO47277@Space.Net> <20110202130757.GP47277@Space.Net> Message-ID: http://www.ripe.net/ripe/wg/ncc-services/r59-minutes.html has an interesting quote - probably the one useful nugget in that discussion. --- and i quote --- John Curran (ARIN) explained how this is done in the ARIN region. He said that ARIN does verification, but when a fraud is uncovered, ARIN does act to revoke resources. This is not related directly to the criminal activities, but due to a violation of the policy. Uwe agreed that it is not the RIPE NCC's job to determine what is legal or not, but pointed out that allowing somebody that obtained resources to use these resources for illegal purposes leaves him outside the law. He said that he will present propositions to the mailing list to reformulate the text in RIPE Document ripe-452 to revoke resources if an organisation if found not to actually exist. -------- So - if you wouldn't want to ask a microsoft lawyer, please feel free to ask ARIN what they do to verify paperwork, and to reclaim fraudulently registered address space. On Wed, Feb 2, 2011 at 6:37 PM, Gert Doering wrote: > Hi, > > On Wed, Feb 02, 2011 at 05:59:29PM +0530, Suresh Ramasubramanian wrote: >> 1. As a post mortem > > So how much effort do we want to make (read: should the LIRs pay) on > a dead horse? > >> 2. To possibly stop those same entities from acquiring v6 blocks? > > If these entities are legitimate businesses according to their national > law, if the RIPE NCC will *not* give them addresses, we're going to > have large problems (anti-monopoly laws, etc.). > > The situation is quite clear if a LEA shows up and states "these are > criminals", and the RIPE policy takes that into account (withdraw addresses). > > Now, how do you know upfront that a new business is criminal, as defined > by applicable law? ?"Is run by a well-known spammer" might be clear to > you and me, but is it clear enough from a *legal* perspective? > > Gert Doering > -- > did you enable IPv6 on something today...? > > SpaceNet AG ? ? ? ? ? ? ? ? ? ? ? ?Vorstand: Sebastian v. Bomhard > Joseph-Dollinger-Bogen 14 ? ? ? ? ?Aufsichtsratsvors.: A. Grundner-Culemann > D-80807 Muenchen ? ? ? ? ? ? ? ? ? HRB: 136055 (AG Muenchen) > Tel: +49 (89) 32356-444 ? ? ? ? ? ?USt-IdNr.: DE813185279 > -- Suresh Ramasubramanian (ops.lists at gmail.com) From gert at space.net Wed Feb 2 14:12:19 2011 From: gert at space.net (Gert Doering) Date: Wed, 2 Feb 2011 14:12:19 +0100 Subject: [anti-abuse-wg] Re: Interaction between the RIPE and anti-abuse communities, was Draft Anti-Abuse WG Minutes ? RIPE 61 In-Reply-To: <4D4955A9.6040001@tana.it> References: <4D477222.8010900@hserus.net> <4D47F270.6010405@heanet.ie> <1296589202.20168.44.camel@shane-desktop> <20110202122341.GO47277@Space.Net> <4D4955A9.6040001@tana.it> Message-ID: <20110202131219.GQ47277@Space.Net> Hi, On Wed, Feb 02, 2011 at 02:01:29PM +0100, Alessandro Vesely wrote: > IPv4 will run out when we'll either be able to vet peers without using > IP addresses, or have found how to effectively run IPv6 DNSBLs. Let me give you a hint: IPv4 will run out this year. So what ever you do, you better get prepared for that. [..] > Scarceness makes a resource more precious. ... until the price goes up far enough that alternatives become viable. IPv4 is dead, and the economics will make sure people will understand that before long :-) Gert Doering -- did you enable IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (89) 32356-444 USt-IdNr.: DE813185279 From gert at space.net Wed Feb 2 14:18:25 2011 From: gert at space.net (Gert Doering) Date: Wed, 2 Feb 2011 14:18:25 +0100 Subject: [anti-abuse-wg] Re: Interaction between the RIPE and anti-abuse communities, was Draft Anti-Abuse WG Minutes ? RIPE 61 In-Reply-To: References: <4D477222.8010900@hserus.net> <4D47F270.6010405@heanet.ie> <1296589202.20168.44.camel@shane-desktop> <20110202122341.GO47277@Space.Net> <20110202130757.GP47277@Space.Net> Message-ID: <20110202131825.GR47277@Space.Net> Hi, On Wed, Feb 02, 2011 at 06:44:17PM +0530, Suresh Ramasubramanian wrote: > So - if you wouldn't want to ask a microsoft lawyer, please feel free > to ask ARIN what they do to verify paperwork, and to reclaim > fraudulently registered address space. That's what the RIPE NCC already *does*. Gert Doering -- NetMaster -- did you enable IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (89) 32356-444 USt-IdNr.: DE813185279 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 306 bytes Desc: not available URL: From brian.nisbet at heanet.ie Wed Feb 2 14:21:58 2011 From: brian.nisbet at heanet.ie (Brian Nisbet) Date: Wed, 02 Feb 2011 13:21:58 +0000 Subject: [anti-abuse-wg] Re: Interaction between the RIPE and anti-abuse communities, was Draft Anti-Abuse WG Minutes ? RIPE 61 In-Reply-To: References: <4D477222.8010900@hserus.net> <4D47F270.6010405@heanet.ie> <1296589202.20168.44.camel@shane-desktop> <20110202122341.GO47277@Space.Net> <20110202130757.GP47277@Space.Net> Message-ID: <4D495A76.3030904@heanet.ie> "Suresh Ramasubramanian" wrote the following on 02/02/2011 13:14: > http://www.ripe.net/ripe/wg/ncc-services/r59-minutes.html has an > interesting quote - probably the one useful nugget in that discussion. > > --- and i quote --- > > John Curran (ARIN) explained how this is done in the ARIN region. He > said that ARIN does verification, but when a fraud is uncovered, ARIN > does act to revoke resources. This is not related directly to the > criminal activities, but due to a violation of the policy. > > Uwe agreed that it is not the RIPE NCC's job to determine what is > legal or not, but pointed out that allowing somebody that obtained > resources to use these resources for illegal purposes leaves him > outside the law. He said that he will present propositions to the > mailing list to reformulate the text in RIPE Document ripe-452 to > revoke resources if an organisation if found not to actually exist. > > -------- > > So - if you wouldn't want to ask a microsoft lawyer, please feel free > to ask ARIN what they do to verify paperwork, and to reclaim > fraudulently registered address space. The various RIRs all cooperate and discuss these matters. The ARIN region is very different to that of RIPE NCC, but in short, yes, these discussions have taken place and will continue to do so. Brian. From ops.lists at gmail.com Wed Feb 2 14:24:40 2011 From: ops.lists at gmail.com (Suresh Ramasubramanian) Date: Wed, 2 Feb 2011 18:54:40 +0530 Subject: [anti-abuse-wg] Re: Interaction between the RIPE and anti-abuse communities, was Draft Anti-Abuse WG Minutes ? RIPE 61 In-Reply-To: <20110202131219.GQ47277@Space.Net> References: <4D477222.8010900@hserus.net> <4D47F270.6010405@heanet.ie> <1296589202.20168.44.camel@shane-desktop> <20110202122341.GO47277@Space.Net> <4D4955A9.6040001@tana.it> <20110202131219.GQ47277@Space.Net> Message-ID: On Wed, Feb 2, 2011 at 6:42 PM, Gert Doering wrote: > Let me give you a hint: IPv4 will run out this year. ?So what ever you > do, you better get prepared for that. Right. And future generations wont thank us if the same lackadaisical policy enforcement means large swathes of v6 space get glommed on, and we repeat this conversation a couple of decades later. -- Suresh Ramasubramanian (ops.lists at gmail.com) From kauto.huopio at ficora.fi Wed Feb 2 14:25:45 2011 From: kauto.huopio at ficora.fi (Kauto Huopio) Date: Wed, 02 Feb 2011 15:25:45 +0200 Subject: [anti-abuse-wg] Re: Interaction between the RIPE and anti-abuse communities, was Draft Anti-Abuse WG Minutes ? RIPE 61 In-Reply-To: <20110202122341.GO47277@Space.Net> References: <4D477222.8010900@hserus.net> <4D47F270.6010405@heanet.ie> <1296589202.20168.44.camel@shane-desktop> <20110202122341.GO47277@Space.Net> Message-ID: <4D495B59.6030500@ficora.fi> Gert Doering wrote: > Hi, > > On Wed, Feb 02, 2011 at 07:21:36AM +0530, Suresh Ramasubramanian wrote: >> The RIPE community should, as a whole, be more operationally focused >> on this loss of a scarce shared resource by allocating large parts of >> it to entities that use these for a very short time before > > Since IPv4 is going to run out anyway, what difference does "extend lots > of effort to gain a few month" make here? > > I can see and share the desire to stop criminals using network resources, > but the argument about "the big problem is waste of scarce resources" > just doesn't fly with me - as it will not make a big difference one > way or the other. IPv4 is to be used for quite some time. The miscreant community will turn their focus to allocated but unused address space and AS resources. We just handled an incident where an AS belonging to a finnish telco was advertised via an AS in Russia. The /24 had a valid route object for this AS - this had been left to the DB by accident. We should look on more strict policies on appropriate registration of address space delegations in use and deregistration when the resources are taken out of service. Needless to say, the finnish provider in question was slightly surprised to see a resource delegated to them appear behind a RU provider. RIPE NCC could have a role in looking after disrepancies between routing database and live global BGP routing table.. --Kauto -- Kauto Huopio - kauto.huopio at ficora.fi Senior information security adviser Finnish Communications Regulatory Authority / CERT-FI tel. +358-9-6966772, fax +358-9-6966515, mobile +358-50-5826131 CERT-FI watch desk daytime: +358-9-6966510 / http://www.cert.fi From kauto.huopio at ficora.fi Wed Feb 2 14:32:06 2011 From: kauto.huopio at ficora.fi (Kauto Huopio) Date: Wed, 02 Feb 2011 15:32:06 +0200 Subject: [anti-abuse-wg] Re: Interaction between the RIPE and anti-abuse communities, was Draft Anti-Abuse WG Minutes ? RIPE 61 In-Reply-To: <4D495B59.6030500@ficora.fi> References: <4D477222.8010900@hserus.net> <4D47F270.6010405@heanet.ie> <1296589202.20168.44.camel@shane-desktop> <20110202122341.GO47277@Space.Net> <4D495B59.6030500@ficora.fi> Message-ID: <4D495CD6.6050802@ficora.fi> Kauto Huopio wrote: > IPv4 is to be used for quite some time. The miscreant community will turn > their focus to allocated but unused address space and AS resources. We just > handled an incident where an AS belonging to a finnish telco was advertised > via an AS in Russia. The /24 had a valid route object for this AS - this had > been left to the DB by accident. Just to reclarify: the AS in question was made redundand by a merger of ISP:s. The /24 in question was unused for quite some time - apparently because of a customer changing providers. --kauto -- Kauto Huopio - kauto.huopio at ficora.fi Senior information security adviser Finnish Communications Regulatory Authority / CERT-FI tel. +358-9-6966772, fax +358-9-6966515, mobile +358-50-5826131 CERT-FI watch desk daytime: +358-9-6966510 / http://www.cert.fi From gert at space.net Wed Feb 2 16:08:03 2011 From: gert at space.net (Gert Doering) Date: Wed, 2 Feb 2011 16:08:03 +0100 Subject: [anti-abuse-wg] Re: Interaction between the RIPE and anti-abuse communities, was Draft Anti-Abuse WG Minutes ? RIPE 61 In-Reply-To: References: <4D477222.8010900@hserus.net> <4D47F270.6010405@heanet.ie> <1296589202.20168.44.camel@shane-desktop> <20110202122341.GO47277@Space.Net> <4D4955A9.6040001@tana.it> <20110202131219.GQ47277@Space.Net> Message-ID: <20110202150803.GS47277@Space.Net> Hi, On Wed, Feb 02, 2011 at 06:54:40PM +0530, Suresh Ramasubramanian wrote: > On Wed, Feb 2, 2011 at 6:42 PM, Gert Doering wrote: > > Let me give you a hint: IPv4 will run out this year. ?So what ever you > > do, you better get prepared for that. > > Right. And future generations wont thank us if the same lackadaisical > policy enforcement means large swathes of v6 space get glommed on, and > we repeat this conversation a couple of decades later. Please apply basic math 101 here. There's 4 billion times the amount of *networks* in IPv6 than the amount of single IP addresses in IPv4. Normal LIRs in IPv6 get a /32 - so to "glomm" (whatever that means) "large swathes", to have a significant impact on the 4 billion /32s out there (maybe only 500 million if you only count FP001), they will have to come back *fairly* often for new /32s. Size does matter. Gert Doering -- did you enable IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (89) 32356-444 USt-IdNr.: DE813185279 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 306 bytes Desc: not available URL: From ops.lists at gmail.com Wed Feb 2 16:23:41 2011 From: ops.lists at gmail.com (Suresh Ramasubramanian) Date: Wed, 2 Feb 2011 20:53:41 +0530 Subject: [anti-abuse-wg] Re: Interaction between the RIPE and anti-abuse communities, was Draft Anti-Abuse WG Minutes ? RIPE 61 In-Reply-To: <20110202150803.GS47277@Space.Net> References: <4D477222.8010900@hserus.net> <4D47F270.6010405@heanet.ie> <1296589202.20168.44.camel@shane-desktop> <20110202122341.GO47277@Space.Net> <4D4955A9.6040001@tana.it> <20110202131219.GQ47277@Space.Net> <20110202150803.GS47277@Space.Net> Message-ID: 2^128 IP addresses should be enough for anybody, eh? On Wed, Feb 2, 2011 at 8:38 PM, Gert Doering wrote: > Hi, > > On Wed, Feb 02, 2011 at 06:54:40PM +0530, Suresh Ramasubramanian wrote: >> On Wed, Feb 2, 2011 at 6:42 PM, Gert Doering wrote: >> > Let me give you a hint: IPv4 will run out this year. ?So what ever you >> > do, you better get prepared for that. >> >> Right. And future generations wont thank us if the same lackadaisical >> policy enforcement means large swathes of v6 space get glommed on, and >> we repeat this conversation a couple of decades later. > > Please apply basic math 101 here. ?There's 4 billion times the amount > of *networks* in IPv6 than the amount of single IP addresses in IPv4. > > Normal LIRs in IPv6 get a /32 - so to "glomm" (whatever that means) > "large swathes", to have a significant impact on the 4 billion /32s > out there (maybe only 500 million if you only count FP001), they will > have to come back *fairly* often for new /32s. > > Size does matter. > > Gert Doering > -- > did you enable IPv6 on something today...? > > SpaceNet AG ? ? ? ? ? ? ? ? ? ? ? ?Vorstand: Sebastian v. Bomhard > Joseph-Dollinger-Bogen 14 ? ? ? ? ?Aufsichtsratsvors.: A. Grundner-Culemann > D-80807 Muenchen ? ? ? ? ? ? ? ? ? HRB: 136055 (AG Muenchen) > Tel: +49 (89) 32356-444 ? ? ? ? ? ?USt-IdNr.: DE813185279 > -- Suresh Ramasubramanian (ops.lists at gmail.com) From sander at steffann.nl Wed Feb 2 16:45:16 2011 From: sander at steffann.nl (Sander Steffann) Date: Wed, 2 Feb 2011 16:45:16 +0100 Subject: [anti-abuse-wg] Re: Interaction between the RIPE and anti-abuse communities, was Draft Anti-Abuse WG Minutes ? RIPE 61 In-Reply-To: References: <4D477222.8010900@hserus.net> <4D47F270.6010405@heanet.ie> <1296589202.20168.44.camel@shane-desktop> <20110202122341.GO47277@Space.Net> <4D4955A9.6040001@tana.it> <20110202131219.GQ47277@Space.Net> <20110202150803.GS47277@Space.Net> Message-ID: <72BDD40C-A485-43E1-B90F-01C65DEEF7DF@steffann.nl> > 2^128 IP addresses should be enough for anybody, eh? Let's be realistic and look at the number of ISPs/customers/users instead of the full 128 bits: 536.870.912 ISPs with each enough space for 16.777.216 customers with 256 networks each, or 65.536 customers with 65.536 networks each... ... Yes ... That should be enough for everybody :) Sander PS: I think the problem here will be to fit those 536.870.912 ISPs in the routing table... From ops.lists at gmail.com Wed Feb 2 16:49:17 2011 From: ops.lists at gmail.com (Suresh Ramasubramanian) Date: Wed, 2 Feb 2011 21:19:17 +0530 Subject: [anti-abuse-wg] Re: Interaction between the RIPE and anti-abuse communities, was Draft Anti-Abuse WG Minutes ? RIPE 61 In-Reply-To: <72BDD40C-A485-43E1-B90F-01C65DEEF7DF@steffann.nl> References: <4D477222.8010900@hserus.net> <4D47F270.6010405@heanet.ie> <1296589202.20168.44.camel@shane-desktop> <20110202122341.GO47277@Space.Net> <4D4955A9.6040001@tana.it> <20110202131219.GQ47277@Space.Net> <20110202150803.GS47277@Space.Net> <72BDD40C-A485-43E1-B90F-01C65DEEF7DF@steffann.nl> Message-ID: See there's a lot of stuff out there - currently only in vendor documents / IPv6 forum publicity material .. Toasters, phones, cars etc with v6 stacks. Which might exist. Let's not even count what happens if someone decides to fit v6 somewhere into vint cerf's "internet over outer space" idea [what next, an intergalactic governance federation where tentacled aliens attend RIPE meetings?] The old allocations of class A, class B and class C were realistic too. Fuel growth by handing out IPs for the asking, there's plenty to go around. --srs On Wed, Feb 2, 2011 at 9:15 PM, Sander Steffann wrote: > Let's be realistic and look at the number of ISPs/customers/users instead of the full 128 bits: 536.870.912 ISPs with each enough space for 16.777.216 customers with 256 networks each, or 65.536 customers with 65.536 networks each... > > ... Yes ... That should be enough for everybody :) -- Suresh Ramasubramanian (ops.lists at gmail.com) From gert at space.net Wed Feb 2 17:38:28 2011 From: gert at space.net (Gert Doering) Date: Wed, 2 Feb 2011 17:38:28 +0100 Subject: [anti-abuse-wg] Re: Interaction between the RIPE and anti-abuse communities, was Draft Anti-Abuse WG Minutes ? RIPE 61 In-Reply-To: References: <4D47F270.6010405@heanet.ie> <1296589202.20168.44.camel@shane-desktop> <20110202122341.GO47277@Space.Net> <4D4955A9.6040001@tana.it> <20110202131219.GQ47277@Space.Net> <20110202150803.GS47277@Space.Net> Message-ID: <20110202163828.GT47277@Space.Net> Hi, On Wed, Feb 02, 2011 at 08:53:41PM +0530, Suresh Ramasubramanian wrote: > 2^128 IP addresses should be enough for anybody, eh? As I said, please apply math 101. Over the last 15 years, I've heard the phrase "and 640k is enough for everybody" a *lot* of times, but usually not by people that have actually *done* the math. 64 bits for numbering networks is a *lot*. 32 bits (or even just 29) for numbering ISPs is a *lot*. Of course it's not infinite, and it won't last for numbering lots of other galaxies, but this is not the problem we're going to be faced for the next few generations - if compared to the number of people the earth can sustain, and to the number of enterprises of a certain category that are likely to exist in the next 50 years, the IPv6 space is "big enough". If I'm wrong, I'll buy you a beer in 20 years. Gert Doering -- did you enable IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (89) 32356-444 USt-IdNr.: DE813185279 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 306 bytes Desc: not available URL: From gert at space.net Wed Feb 2 17:44:14 2011 From: gert at space.net (Gert Doering) Date: Wed, 2 Feb 2011 17:44:14 +0100 Subject: [anti-abuse-wg] Re: Interaction between the RIPE and anti-abuse communities, was Draft Anti-Abuse WG Minutes ? RIPE 61 In-Reply-To: References: <1296589202.20168.44.camel@shane-desktop> <20110202122341.GO47277@Space.Net> <4D4955A9.6040001@tana.it> <20110202131219.GQ47277@Space.Net> <20110202150803.GS47277@Space.Net> <72BDD40C-A485-43E1-B90F-01C65DEEF7DF@steffann.nl> Message-ID: <20110202164414.GU47277@Space.Net> Hi, On Wed, Feb 02, 2011 at 09:19:17PM +0530, Suresh Ramasubramanian wrote: > See there's a lot of stuff out there - currently only in vendor > documents / IPv6 forum publicity material .. Toasters, phones, cars > etc with v6 stacks. Which might exist. The number of devices inside a /64 is fully irrelevant to the discussion, because there is no way to exhaust a /64 with physical devices. The only interesting question here is - are there enough "ISP sized chunks" to number each company that could reasonably show up at a RIR and declare to be an ISP - are there enough "end site sized chunks" to number each possible end site (home user or corporate customer) and if you do the math, and look up a few things in Wikipedia, like "population on earth", you'll see that indeed, 64 bits of prefix space is a lot. It's not enough to give ISPs a "class A" (/8), "class B" (/16) - but giving ISPs a "class C" (/24) each should even work out. But we're not doing that, we give whole ISPs the equivalent of a single IPv4 address (/32). Gert Doering -- NetMaster -- did you enable IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (89) 32356-444 USt-IdNr.: DE813185279 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 306 bytes Desc: not available URL: From leo.vegoda at icann.org Wed Feb 2 18:31:20 2011 From: leo.vegoda at icann.org (Leo Vegoda) Date: Wed, 2 Feb 2011 09:31:20 -0800 Subject: [anti-abuse-wg] Draft Anti-Abuse WG Minutes ? RIPE 61 In-Reply-To: <82tygmya8g.fsf@mid.bfk.de> References: <4D477222.8010900@hserus.net> <4D47F270.6010405@heanet.ie> <82tygmya8g.fsf@mid.bfk.de> Message-ID: <9949E83A-E8EA-42D4-9C64-C3D3B144819C@icann.org> Hi, On 2 Feb 2011, at 2:57, Florian Weimer wrote: [...] > It was quite different to figure out, based on the transcript, what > was going on. It would have been nice to announce the intention of > removing the WG chair beforehand, on the mailing list. I am a bit surprised by this whole discussion because other than the politeness issue I am really not sure why who the chair of a WG is makes all the much difference. From my perspective, the chair has made a commitment to dedicate extra time and attention that other participants have not. But who the chair is should never have a significant impact on the WG's output and the output should be the consensus of the participants and not the decisions of some benevolent dictator. If some people want particular individuals or companies to be blacklisted by the RIPE NCC then they need to make a formal proposal along those lines. I have not seen a proposal for a RIPE NCC operated blacklist of known blaggards who must not be allowed access to IP addresses but would be interested in reviewing a proposal if it is forthcoming. Regards, Leo Vegoda From peter at hk.ipsec.se Wed Feb 2 18:59:09 2011 From: peter at hk.ipsec.se (peter h) Date: Wed, 2 Feb 2011 18:59:09 +0100 Subject: [anti-abuse-wg] Re: Interaction between the RIPE and anti-abuse communities, was Draft Anti-Abuse WG Minutes ? RIPE 61 In-Reply-To: References: <4D477222.8010900@hserus.net> <20110202150803.GS47277@Space.Net> Message-ID: <201102021859.10260.peter@hk.ipsec.se> On Wednesday 02 February 2011 16.23, Suresh Ramasubramanian wrote: > 2^128 IP addresses should be enough for anybody, eh? If it was so. But in real life it more like 2^48 due to waste at both ends ( 64 bits off at lower end , used as "host identifier", 16 bits used to separate which registrar, typoe of address etc ) -- Peter H?kanson There's never money to do it right, but always money to do it again ... and again ... and again ... and again. ( Det ?r billigare att g?ra r?tt. Det ?r dyrt att laga fel. ) From vesely at tana.it Wed Feb 2 19:07:53 2011 From: vesely at tana.it (Alessandro Vesely) Date: Wed, 02 Feb 2011 19:07:53 +0100 Subject: [anti-abuse-wg] blacklisted by the RIPE NCC --was Draft Anti-Abuse WG Minutes ? RIPE 61 In-Reply-To: <9949E83A-E8EA-42D4-9C64-C3D3B144819C@icann.org> References: <4D477222.8010900@hserus.net> <4D47F270.6010405@heanet.ie> <82tygmya8g.fsf@mid.bfk.de> <9949E83A-E8EA-42D4-9C64-C3D3B144819C@icann.org> Message-ID: <4D499D79.8070006@tana.it> On 02/Feb/11 18:31, Leo Vegoda wrote: > If some people want particular individuals or companies to be > blacklisted by the RIPE NCC then they need to make a formal > proposal along those lines. I have not seen a proposal for a RIPE > NCC operated blacklist of known blaggards who must not be allowed > access to IP addresses but would be interested in reviewing a > proposal if it is forthcoming. Yes, I would want that individuals or companies who cannot comply with a minimal policy be blacklisted. The minimal policy would be to provide the email address of an abuse team who at least tries to investigate on abuse issues related to their IPs. This may sound similar to proposals withdrawn at RIPE 61... What does it mean "A task force will be organised to solve the implementation issues pointed out by the proposal discussion"? Is it something that is going to land on this mailing list, sometimes? From jdfalk-lists at cybernothing.org Wed Feb 2 20:09:56 2011 From: jdfalk-lists at cybernothing.org (J.D. Falk) Date: Wed, 2 Feb 2011 11:09:56 -0800 Subject: [anti-abuse-wg] Draft Anti-Abuse WG Minutes ? RIPE 61 In-Reply-To: <82tygmya8g.fsf@mid.bfk.de> References: <4D477222.8010900@hserus.net> <4D47F270.6010405@heanet.ie> <82tygmya8g.fsf@mid.bfk.de> Message-ID: <653CA2E2-2238-4AFD-87C5-5F7496185128@cybernothing.org> On Feb 2, 2011, at 2:57 AM, Florian Weimer wrote: > It was quite different to figure out, based on the transcript, what > was going on. Agreed. > That being said, so far, I've refrained from commenting on the WG > session because I wanted to give the task force a chance to produce > results. What's the status with that? I've been looking forward to these results as well. From rfg at tristatelogic.com Wed Feb 2 23:32:24 2011 From: rfg at tristatelogic.com (Ronald F. Guilmette) Date: Wed, 02 Feb 2011 14:32:24 -0800 Subject: [anti-abuse-wg] Re: Interaction between the RIPE and anti-abuse communities, was Draft Anti-Abuse WG Minutes ? RIPE 61 In-Reply-To: <20110202131219.GQ47277@Space.Net> Message-ID: <10403.1296685944@tristatelogic.com> In message <20110202131219.GQ47277 at Space.Net>, Gert Doering wrote: >IPv4 is dead, and the economics will make sure people will understand >that before long :-) I feel quite sure that many said that same thing about the internal combustion engine after the first Arab Oil Embargo in 1973. Never underestimate the power of inertia and/or the costs associated with a mass changeover to a new technology. From rfg at tristatelogic.com Wed Feb 2 23:52:57 2011 From: rfg at tristatelogic.com (Ronald F. Guilmette) Date: Wed, 02 Feb 2011 14:52:57 -0800 Subject: [anti-abuse-wg] Re: Interaction between the RIPE and anti-abuse communities, was Draft Anti-Abuse WG Minutes ? RIPE 61 In-Reply-To: <20110202150803.GS47277@Space.Net> Message-ID: <10589.1296687177@tristatelogic.com> In message <20110202150803.GS47277 at Space.Net>, Gert Doering wrote: >... so to "glomm" (whatever that means)... American vernacular. glom (v.) -- To attach to one's self in a more or less greedy, selfish, or unseamly manner. Examples: We watched him glom onto the last piece of pizza. The robber backed up his pick-up truck so that he could more easily glom onto the uprooted ATM machine. From ops.lists at gmail.com Thu Feb 3 02:30:13 2011 From: ops.lists at gmail.com (Suresh Ramasubramanian) Date: Thu, 3 Feb 2011 07:00:13 +0530 Subject: [anti-abuse-wg] Re: Interaction between the RIPE and anti-abuse communities, was Draft Anti-Abuse WG Minutes ? RIPE 61 In-Reply-To: <20110202163828.GT47277@Space.Net> References: <4D47F270.6010405@heanet.ie> <1296589202.20168.44.camel@shane-desktop> <20110202122341.GO47277@Space.Net> <4D4955A9.6040001@tana.it> <20110202131219.GQ47277@Space.Net> <20110202150803.GS47277@Space.Net> <20110202163828.GT47277@Space.Net> Message-ID: On Wed, Feb 2, 2011 at 10:08 PM, Gert Doering wrote: > If I'm wrong, I'll buy you a beer in 20 years. I'll take you up on that then. It'll still make lots more sense to avoid v6 being polluted right from the start. -- Suresh Ramasubramanian (ops.lists at gmail.com) From ops.lists at gmail.com Thu Feb 3 02:31:35 2011 From: ops.lists at gmail.com (Suresh Ramasubramanian) Date: Thu, 3 Feb 2011 07:01:35 +0530 Subject: [anti-abuse-wg] Draft Anti-Abuse WG Minutes ? RIPE 61 In-Reply-To: <9949E83A-E8EA-42D4-9C64-C3D3B144819C@icann.org> References: <4D477222.8010900@hserus.net> <4D47F270.6010405@heanet.ie> <82tygmya8g.fsf@mid.bfk.de> <9949E83A-E8EA-42D4-9C64-C3D3B144819C@icann.org> Message-ID: That's not what we are driving at, at all. I would be interested in seeing the status of the Rasmussen and Knecht proposals once they go forward. On Wed, Feb 2, 2011 at 11:01 PM, Leo Vegoda wrote: > > If some people want particular individuals or companies to be blacklisted by the RIPE NCC then they need to make a formal proposal along those lines. I have not seen a proposal for a RIPE NCC operated blacklist of known blaggards who must not be allowed access to IP addresses but would be interested in reviewing a proposal if it is forthcoming. -- Suresh Ramasubramanian (ops.lists at gmail.com) From kzorba at otenet.gr Thu Feb 3 10:15:54 2011 From: kzorba at otenet.gr (Kostas Zorbadelos) Date: Thu, 03 Feb 2011 11:15:54 +0200 Subject: [anti-abuse-wg] blacklisted by the RIPE NCC --was Draft Anti-Abuse WG Minutes ? RIPE 61 In-Reply-To: <4D499D79.8070006@tana.it> References: <4D477222.8010900@hserus.net> <4D47F270.6010405@heanet.ie> <82tygmya8g.fsf@mid.bfk.de> <9949E83A-E8EA-42D4-9C64-C3D3B144819C@icann.org> <4D499D79.8070006@tana.it> Message-ID: <4D4A724A.3070905@otenet.gr> On 02/02/2011 08:07 PM, Alessandro Vesely wrote: > What does it mean "A task force will be organised to solve the > implementation issues pointed out by the proposal discussion"? Is it > something that is going to land on this mailing list, sometimes? I don't mind a few talks in a more closed circle to avoid a possible noise in discussions, but I certainly expect the outcome in this public list to be discussed openly. Otherwise, what is the meaning of an "open" Working Group? Regards, Kostas From brian.nisbet at heanet.ie Thu Feb 3 10:56:21 2011 From: brian.nisbet at heanet.ie (Brian Nisbet) Date: Thu, 03 Feb 2011 09:56:21 +0000 Subject: [anti-abuse-wg] Recent Proposals, the Taskforce & v6 Discussion Message-ID: <4D4A7BC5.70306@heanet.ie> Morning, It seemed easier to bring all of these things into one post. First off, the proposals. Suresh, I'm not sure which proposal from Uwe you're talking about, sorry, but Tobias & Piotr's proposals, or at least the addressing of the issues they identified are progressing. Tobias has been in discussion with the NCC DB group and the other proposals are, well, proposed to be dealt with by the task force. So, that task force... We've agreed the basic structure and aims and I'd expect an announcement to go out either this week or early next week. The TF will be an open, although in an attempt to focus the work, there will be some limits on the membership, however the ongoings and results will be public and discussed. I'm no fan of secrecy and while I appreciate it is required in some areas of anti-abuse, I strongly prefer to avoid it where possible. Finally, while discussion about and awareness of v6 is a very important thing, including how it will impact on anti-abuse, I think the current discussions have been veering more than a little off topic. Thanks, Brian. From sascha.wilms at eco.de Thu Feb 3 13:34:21 2011 From: sascha.wilms at eco.de (Sascha Wilms) Date: Thu, 3 Feb 2011 13:34:21 +0100 Subject: AW: [anti-abuse-wg] Recent Proposals, the Taskforce & v6 Discussion In-Reply-To: <4D4A7BC5.70306@heanet.ie> References: <4D4A7BC5.70306@heanet.ie> Message-ID: Hi, On 02/03/2011 Brian wrote: > The TF will be an open, although in an attempt to focus the > work, there will be some limits on the membership, however > the ongoings and results will be public and discussed. I'm no > fan of secrecy and while I appreciate it is required in some > areas of anti-abuse, I strongly prefer to avoid it where possible. I think that is the right approach. At the same time, I hope that the justifiable level of secrecy will not mute the ongoing discussion in this mailing group. > Finally, while discussion about and awareness of v6 is a very > important thing, including how it will impact on anti-abuse, > I think the current discussions have been veering more than a > little off topic. Full Ack. Sascha From ops.lists at gmail.com Thu Feb 3 15:33:43 2011 From: ops.lists at gmail.com (Suresh Ramasubramanian) Date: Thu, 3 Feb 2011 20:03:43 +0530 Subject: [anti-abuse-wg] Recent Proposals, the Taskforce & v6 Discussion In-Reply-To: <4D4A7BC5.70306@heanet.ie> References: <4D4A7BC5.70306@heanet.ie> Message-ID: As for Uwe I was thinking of the proposals he submitted at ripe 59. I'll ping him for a followup H. Recovering resources assigned to non-existing entities http://www.ripe.net/ripe/meetings/ripe-59/presentations/rasmussen-recovering-resources.pdf Uwe Manuel Rasmussen, Microsoft On Thu, Feb 3, 2011 at 3:26 PM, Brian Nisbet wrote: > > First off, the proposals. Suresh, I'm not sure which proposal from Uwe > you're talking about, sorry, but Tobias & Piotr's proposals, or at least the > addressing of the issues they identified are progressing. Tobias has been in > discussion with the NCC DB group and the other proposals are, well, proposed > to be dealt with by the task force. -- Suresh Ramasubramanian (ops.lists at gmail.com) From brian.nisbet at heanet.ie Thu Feb 3 15:49:16 2011 From: brian.nisbet at heanet.ie (Brian Nisbet) Date: Thu, 03 Feb 2011 14:49:16 +0000 Subject: [anti-abuse-wg] Recent Proposals, the Taskforce & v6 Discussion In-Reply-To: References: <4D4A7BC5.70306@heanet.ie> Message-ID: <4D4AC06C.6050008@heanet.ie> Ah, right, yes, there was no actual policy proposal following that presentation and when thinking in RIPE terms proposal has a very particular term, hence the confusion. A lot of work has been done on this by the NCC, did you get a chance to read the NCC document on closure and deregistration procedure as presented at RIPE 61 in Rome (see http://www.ripe.net/legal/Closure-of-LIR-and-deregistration-of-INRs_final-draft.pdf). I linked that a couple of days ago, but it's worth repeating. Brian. "Suresh Ramasubramanian" wrote the following on 03/02/2011 14:33: > As for Uwe I was thinking of the proposals he submitted at ripe 59. > I'll ping him for a followup > > H. Recovering resources assigned to non-existing entities > http://www.ripe.net/ripe/meetings/ripe-59/presentations/rasmussen-recovering-resources.pdf > Uwe Manuel Rasmussen, Microsoft > > On Thu, Feb 3, 2011 at 3:26 PM, Brian Nisbet wrote: >> >> First off, the proposals. Suresh, I'm not sure which proposal from Uwe >> you're talking about, sorry, but Tobias& Piotr's proposals, or at least the >> addressing of the issues they identified are progressing. Tobias has been in >> discussion with the NCC DB group and the other proposals are, well, proposed >> to be dealt with by the task force. > > > From ops.lists at gmail.com Thu Feb 3 15:56:03 2011 From: ops.lists at gmail.com (Suresh Ramasubramanian) Date: Thu, 3 Feb 2011 20:26:03 +0530 Subject: [anti-abuse-wg] Recent Proposals, the Taskforce & v6 Discussion In-Reply-To: <4D4AC06C.6050008@heanet.ie> References: <4D4A7BC5.70306@heanet.ie> <4D4AC06C.6050008@heanet.ie> Message-ID: On Thu, Feb 3, 2011 at 8:19 PM, Brian Nisbet wrote: > A lot of work has been done on this by the NCC, did you get a chance to read > the NCC document on closure and deregistration procedure as presented at > RIPE 61 in Rome (see > http://www.ripe.net/legal/Closure-of-LIR-and-deregistration-of-INRs_final-draft.pdf). > I linked that a couple of days ago, but it's worth repeating. I actually read that and am glad to see this finally being implemented. I will follow up with Uwe to see if he had any other proposal in mind and if so to contribute to this process -- Suresh Ramasubramanian (ops.lists at gmail.com) From Woeber at CC.UniVie.ac.at Thu Feb 3 14:00:55 2011 From: Woeber at CC.UniVie.ac.at (Wilfried Woeber, UniVie/ACOnet) Date: Thu, 03 Feb 2011 13:00:55 +0000 Subject: [anti-abuse-wg] Invitation to particpate in a RIPE Task-Force Message-ID: <4D4AA707.2080805@CC.UniVie.ac.at> Invitation to join and actively contribute to a RIPE Taskforce on "Abuse Contact Management in the RIPE Database" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Background: The RIPE Database serves as a data repository for Internet resource assignments and allocations in the RIPE NCC's service region. Among other purposes, it serves as a contact repository for administrative, technical and operational matters regarding IP address ranges and autonomous system numbers. Over time, some mechanisms became available, such as the Incident Response Team (IRT) object and an abuse-mailbox: attribute. Different communities seem to have developed varying expectations and understanding of how the data quality for such contact information can be maintained at a high level, and how and when a report sent to such a contact mechanism will be responded to or otherwise acted upon. Recently, some RIPE Policy Proposals were submitted for consideration and these proposals (2010-08, 2010-09 and 2010-10) were discussed in the Address Policy Working Group, the Anti-Abuse Working Group and briefly in the Database Working Group during the RIPE 61 Meeting in Rome. Deliberations among the responsible working group chairs and senior policy experts suggested that investigation be carried out to get a deeper understanding of the motivations behind the policy proposals, the expected outcomes, the operational and maintenance implications and the role the RIPE Database could perform to support the desired results. It was then suggested to the community and the policy proponents that the most efficient way to progress the issue would be the creation of a RIPE Task Force. There was no objection raised by the members of the community present at the meeting. Call for Participation ----------------------- We invite members of the RIPE community, from the security as well as from the anti-abuse areas, to volunteer and contribute to the proposed task force. Ideally, we would like to bring together the security and anti-abuse communities and the IP resource management and network operations communities to jointly analyse and refine the issue. *Draft* Mandate for the Task Force ---------------------------------- [This draft mandate is for consideration, modification and refinement by the task force] The task force is mandated to: - Agree on a useful name for the task force and, with the help of the RIPE NCC, arrange the logistics and report back to the community about the establishment of the task force - Collect all relevant input that is readily available, in particular policy proposals, information from presentations given recently by the RIPE NCC regarding ideas on the future structure, credibility and quality of data, and the maintenance mechanisms for entries in the RIPE Database - Collect and document comparable mechanisms and proposals in the other RIR Regions (APNIC, AfriNIC, ARIN and LACNIC) - Work with the interested community and the RIPE NCC to understand the problem at hand and the environment in which to develop a proposal. This analysis of the environment should include legal aspects, formal responsibilities for the use of resources on the Internet, well-established operating procedures and relevant operational aspects. - Develop one or more (policy) proposals and/or general recommendations on how collection and maintainace of relevant information in the Registry Database should be organised, including a description of potentially alternative implementations or approaches and the related impact on all parties involved *Draft* Timeline ----------------- The Taskforce should: - Try to collect the core group of participants before end of February 2010 - Start work on the dedicated mailing list as soon as possible, with a view to meet for a face-to-face meeting in advance of RIPE 62 (May 2011) - Report on the task force's progress during RIPE 62 (May 2011) and collect regular input from the RIPE community - Submit a first draft of a recommendation(s) and/or policy proposal(s) before RIPE 63 - Agree on the proposal(s) and agree on the expected implementation deadline Submitting statements of intent to actively participate -------------------------------------------------------- If you would like to participate in the task force, please email the RIPE NCC's Database Manager, Paul Palse, at . ________________________________________________________________________ Best regards, Wilfried, circulating this invitation on behalf of the group of the proponents, with kudos to the colleagues at the RIPE NCC for their help with wording! From athina.fragkouli at ripe.net Thu Feb 3 17:22:34 2011 From: athina.fragkouli at ripe.net (Athina Fragkouli) Date: Thu, 03 Feb 2011 17:22:34 +0100 Subject: [anti-abuse-wg] Re: Interaction between the RIPE and anti-abuse communities] Message-ID: <4D4AD64A.5000006@ripe.net> Dear Kauto, all, In response to your email, here is some general information on abuse handling at the RIPE NCC. The RIPE NCC has a procedure for handling abuse complaints. Anyone can send a complaint to the email address abuse at ripe.net. All complaints are replied to in an appropriate manner. The timeline for the handling of a complaint varies depending on the type of abuse reported and the investigation/actions needed from our side. This procedure is currently not published. The RIPE NCC has realised the need for a publicly available procedural document in which all aspects of this procedure will be described in detail. The drafting of this document is in progress. To reply to your last question, there are some RIPE Database queries that will provide the information you require. Registration of an AS Number also requires this reference. The command: whois -r -Tinetnum,inet6num,aut-num -i org will give a list of all allocations and AS numbers for this LIR. It may also return assignments where the "org:" object is referenced. Using the command: whois -rM -Tinetnum,inet6num for each allocation will give a list of all the assignments below the allocation. Please bear in mind, this may be a very long list and such a query may take time. These queries can be carried out from our web interfaces. But you might not get a full list as some of our web services have limits on the number of objects returned. Information about the sponsoring LIR is not publicly available. However, this issue has been raised by the RIPE community and a RIPE Task Force will be organised to discuss this and other relevant issues. Please see: http://www.ripe.net/ripe/policies/proposals/2010-10.html http://www.ripe.net/ripe/maillists/archives/db-wg/2011/msg00032.html Kind regards, Athina Fragkouli RIPE NCC -------- Original Message -------- Subject: Re: [anti-abuse-wg] Re: Interaction between the RIPE and anti-abuse communities Date: Wed, 02 Feb 2011 12:25:16 +0200 From: Kauto Huopio To: anti-abuse-wg at ripe.net Greetings all, I am a relative newcomer within RIPE community - but been working for some 10 years with CERT-FI, the national CERT team in Finland. During this period I have got a feeling (no statistics - yet) that the majority of cases where the validity of ipv4 / AS resource registration details can be questioned are within RIPE service area. APNIC, AFRINIC, LACNIC, ARIN -provided resources with this suspicion are quite rare on my radar. I have a couple of questions on my mind: 1) What is the current procedure to initiate an investigation with RIPE NCC on resource registration data consistency? 2) Are there any spesific requirements to be filled to trigger investiation procedures - what proof of suspicious registration data is needed? 3) Where I can find the current RIPE policies applied on this type of investigation request? 4) What kind of reply time one could expect from RIPE NCC for this type of request? 5) What methods I could use to extract -sponsoring LIR data of a inetnum / autnum object -all inetnum/autnum objects delegated by a spesified LIR from RIPE NCC WHOIS database? (personally I think there is no need to hide this information - all customer networks of an ISP can be easily extracted from BGP routing data, business protection needs IMHO do not warrant blocking this information) I have a couple of examples that could perhaps warrant a concentrated look. First is a recent and public one, documented here: http://www.abuse.ch/?p=3130 Could regisgtry consistency procedures be initiated on the suspicious resources mentioned in the blog post? A second case I would like to work with appropriate RIPE NCC staff directly. --Kauto -- Kauto Huopio - kauto.huopio at ficora.fi Senior information security adviser Finnish Communications Regulatory Authority / CERT-FI tel. +358-9-6966772, fax +358-9-6966515, mobile +358-50-5826131 CERT-FI watch desk daytime: +358-9-6966510 / http://www.cert.fi From rfg at tristatelogic.com Fri Feb 4 00:39:08 2011 From: rfg at tristatelogic.com (Ronald F. Guilmette) Date: Thu, 03 Feb 2011 15:39:08 -0800 Subject: [anti-abuse-wg] Re: Interaction between the RIPE and anti-abuse communities] In-Reply-To: <4D4AD64A.5000006@ripe.net> Message-ID: <47332.1296776348@tristatelogic.com> In message <4D4AD64A.5000006 at ripe.net>, Athina Fragkouli wrote: >The RIPE NCC has a procedure for handling abuse complaints. Anyone can >send a complaint to the email address abuse at ripe.net. All complaints are >replied to in an appropriate manner. The timeline for the handling of a >complaint varies depending on the type of abuse reported and the >investigation/actions needed from our side. > >This procedure is currently not published. The RIPE NCC has realised the >need for a publicly available procedural document in which all aspects >of this procedure will be described in detail. The drafting of this >document is in progress. Speaking only for myself, let me just say that I, for one, very much look forward to this document. I feel sure that it will bring clarity and consistancy into what is, from the outside, currently an entirely murky black box. Perhaps just as importantly, the publication of this document may itself serve to spur other RiRs to provide a similar level of clarity for their abuse handling processes... which is sorely needed. I do have one small suggestion for the drafters of this document... I suspect that it will be quite helpful and illuminating if the final document contains a flowchart of the abuse handling process. One picture is indeed sometimes worth a thousand words. Regards, rfg From vesely at tana.it Fri Feb 4 09:46:36 2011 From: vesely at tana.it (Alessandro Vesely) Date: Fri, 04 Feb 2011 09:46:36 +0100 Subject: [anti-abuse-wg] Re: Interaction between the RIPE and anti-abuse communities] In-Reply-To: <47332.1296776348@tristatelogic.com> References: <47332.1296776348@tristatelogic.com> Message-ID: <4D4BBCEC.3060909@tana.it> On 04/Feb/11 00:39, Ronald F. Guilmette wrote: > In message <4D4AD64A.5000006 at ripe.net>, > Athina Fragkouli wrote: > >>The RIPE NCC has a procedure for handling abuse complaints. Anyone can >>send a complaint to the email address abuse at ripe.net. All complaints are >>replied to in an appropriate manner. The timeline for the handling of a >>complaint varies depending on the type of abuse reported and the >>investigation/actions needed from our side. To be effective, it is necessary that the procedure can handle, on average, the number of complaints that arrive in the meanwhile. The number of complaints may rise significantly if the procedure is published and the address advertised. > I do have one small suggestion for the drafters of this document... I > suspect that it will be quite helpful and illuminating if the final > document contains a flowchart of the abuse handling process. One picture > is indeed sometimes worth a thousand words. Agreed, especially if the procedure provides for handing complaints to external abuse teams, e.g. according to IP allocations. From ops.lists at gmail.com Fri Feb 4 09:50:17 2011 From: ops.lists at gmail.com (Suresh Ramasubramanian) Date: Fri, 4 Feb 2011 14:20:17 +0530 Subject: [anti-abuse-wg] Re: Interaction between the RIPE and anti-abuse communities] In-Reply-To: <4D4BBCEC.3060909@tana.it> References: <47332.1296776348@tristatelogic.com> <4D4BBCEC.3060909@tana.it> Message-ID: That is only useful if the organization doing so has some sort of oversight or escalation power over what the receiver of those complaints is supposed to do. It might actually make sense to involve the dutch CERT in this. On Fri, Feb 4, 2011 at 2:16 PM, Alessandro Vesely wrote: > > Agreed, especially if the procedure provides for handing complaints to > external abuse teams, e.g. according to IP allocations. -- Suresh Ramasubramanian (ops.lists at gmail.com) From ops.lists at gmail.com Fri Feb 11 04:51:11 2011 From: ops.lists at gmail.com (Suresh Ramasubramanian) Date: Fri, 11 Feb 2011 09:21:11 +0530 Subject: [anti-abuse-wg] RIPE assignment-size attribute Message-ID: Forwarded from another list with the poster's consent Marco makes sense as usual. And this is something that any whois client should have no problem getting. One of the major problems in v6 related blocking is figuring out just how large a cidr to block - this helps. -- Suresh Ramasubramanian (ops.lists at gmail.com) -----Original Message----- From: Marco d'Itri [mailto:md at Linux.IT] Sent: 11 February 2011 08:35 To: [REMOVED] Subject: RIPE assignment-size attribute This new value allows for the creation of inet6num objects indicating these are aggregated End User assignments, using the "assignment-size" attribute to indicate the size of the individual End User assignments in this aggregate. IOW, this DB feature allows to know how large a user-wide blacklisting should be. ----- Forwarded message from emadaio at ripe.net ----- From: emadaio at ripe.net To: policy-announce at ripe.net Cc: ipv6-wg at ripe.net, address-policy-wg at ripe.net, db-wg at ripe.net Reply-To: ipv6-wg at ripe.net Subject: [ipv6-wg] 2010-06 Proposal Accepted (Registration Requirements for IPv6 End User Assignments) Dear Colleagues, Consensus has been reached, and the proposal described in 2010-06 has been accepted by the RIPE community. The updated policy "IPv6 Address Allocation and Assignment Policy" is available at: http://www.ripe.net/ripe/docs/ripe-512 The new policy "Value of the "status:" and "assignment-size:" attributes in inet6num objects for sub-assigned PA space" is available at: http://www.ripe.net/ripe/docs/ripe-513 You can find the full proposal at: http://www.ripe.net/ripe/policies/proposals/2010-06 Thank you for your input. Regards Emilio Madaio Policy Development Officer RIPE NCC ----- End forwarded message ----- -- ciao, Marco From ops.lists at gmail.com Fri Feb 11 04:54:41 2011 From: ops.lists at gmail.com (Suresh Ramasubramanian) Date: Fri, 11 Feb 2011 09:24:41 +0530 Subject: [anti-abuse-wg] Yay. More /14s in spamhaus. Message-ID: v4 netblocks are not candy to be handed around for the asking, are they? Not sure. 2/8 and 46/8 are relatively new too .. http://www.spamhaus.org/sbl/listings.lasso?isp=ripe SBL103318 46.42.192.0/20 RIPE 11-Feb-2011 01:46 GMT SC Netclass Srl (dirty block) (AS48838) SBL102988 2.56.0.0/14 RIPE 06-Feb-2011 02:46 GMT Michael Lindsay / iMedia Networks AS44559 spammer blocks SBL102994 94.154.64.0/18 RIPE 06-Feb-2011 09:44 GMT Michael Lindsay / iMedia Networks E-Rent LLC - dirty block -- Suresh Ramasubramanian (ops.lists at gmail.com) From shane at time-travellers.org Fri Feb 11 09:58:24 2011 From: shane at time-travellers.org (Shane Kerr) Date: Fri, 11 Feb 2011 09:58:24 +0100 Subject: [anti-abuse-wg] Yay. More /14s in spamhaus. In-Reply-To: References: Message-ID: <1297414704.2424.27.camel@shane-desktop> Suresh, On Fri, 2011-02-11 at 09:24 +0530, Suresh Ramasubramanian wrote: > v4 netblocks are not candy to be handed around for the asking, are > they? Not sure. I don't understand what you are trying to say. Can you please say what you mean in simple English? Perhaps you are implying that the RIPE community or the RIPE NCC should do something to revoke address space from networks used for certain activities? If that's what you mean, please just say it, then we can discuss the basic idea as well as details. > 2/8 and 46/8 are relatively new too .. > > http://www.spamhaus.org/sbl/listings.lasso?isp=ripe Looking at the /14 that you referenced: > SBL102988 > 2.56.0.0/14 RIPE > 06-Feb-2011 02:46 GMT > Michael Lindsay / iMedia Networks > AS44559 spammer blocks Looking at the latest record in the database it seems like the block is about to be pulled for non-payment: remarks: The RIPE NCC will reclaim this allocation remarks: Please email billing at ripe.net changed: hostmaster at ripe.net 20100927 changed: hostmaster at ripe.net 20110118 Perhaps you think this should happen faster. In which case, please go ahead and propose such a change. Thanks! -- Shane From ops.lists at gmail.com Fri Feb 11 10:13:32 2011 From: ops.lists at gmail.com (Suresh Ramasubramanian) Date: Fri, 11 Feb 2011 14:43:32 +0530 Subject: [anti-abuse-wg] Yay. More /14s in spamhaus. In-Reply-To: <1297414704.2424.27.camel@shane-desktop> References: <1297414704.2424.27.camel@shane-desktop> Message-ID: The whois already says they are reclaiming the /14 - but I think it'd have been better to improve their vetting procedures to ensure that such allocations never did take place. They do scrutinize paperwork for IP justification, hardware etc so it would be interesting to see what justification needs to be done to get a /14, and what is done to verify the accuracy of said paperwork. On Fri, Feb 11, 2011 at 2:28 PM, Shane Kerr wrote: > > Perhaps you are implying that the RIPE community or the RIPE NCC should > do something to revoke address space from networks used for certain > activities? -- Suresh Ramasubramanian (ops.lists at gmail.com) From sander at steffann.nl Fri Feb 11 12:29:14 2011 From: sander at steffann.nl (Sander Steffann) Date: Fri, 11 Feb 2011 12:29:14 +0100 Subject: [anti-abuse-wg] Yay. More /14s in spamhaus. In-Reply-To: References: <1297414704.2424.27.camel@shane-desktop> Message-ID: Hi, > The whois already says they are reclaiming the /14 - but I think it'd > have been better to improve their vetting procedures to ensure that > such allocations never did take place. > > They do scrutinize paperwork for IP justification, hardware etc so it > would be interesting to see what justification needs to be done to get > a /14, and what is done to verify the accuracy of said paperwork. To quote from Andrea Cima, who said the following at the last RIPE meeting (taken from stenography report at http://ripe61.ripe.net/archives/steno/13/): "Now, with regards to transparency, what our intention is, is to publish all the RIPE NCC Registration Services procedures on?line, and in this way, it will be very clear to everyone that is requesting some resources, what is expected from them, what kind of information, we will ask or we may ask and what kind of documentation we will need. We will do this per type of ? request, per type of service and, of course, we will start with IPv4 address space resources because of the run?out situation. So this will be up on?line pretty soon from now. " So the procedure documentation you ask for should be available soon. Andrea: can you provide further information here? Thanks, Sander From ops.lists at gmail.com Fri Feb 11 12:51:00 2011 From: ops.lists at gmail.com (Suresh Ramasubramanian) Date: Fri, 11 Feb 2011 17:21:00 +0530 Subject: [anti-abuse-wg] Yay. More /14s in spamhaus. In-Reply-To: References: <1297414704.2424.27.camel@shane-desktop> Message-ID: Wonderful. And will this be updated to deal with specific aspects of v6 allocation? thanks suresh On Fri, Feb 11, 2011 at 4:59 PM, Sander Steffann wrote: > > To quote from Andrea Cima, who said the following at the last RIPE meeting (taken from stenography report at http://ripe61.ripe.net/archives/steno/13/): > > "Now, with regards to transparency, what our intention is, is to publish all the RIPE NCC Registration Services procedures on?line, and in this way, it will be very clear to everyone that is requesting some resources, what is expected from them, what kind of information, we will ask or we may ask and what kind of documentation we will need. We will do this per type of ? request, per type of service and, of course, we will start with IPv4 address space resources because of the run?out situation. So this will be up on?line pretty soon from now. " > > So the procedure documentation you ask for should be available soon. -- Suresh Ramasubramanian (ops.lists at gmail.com) From sander at steffann.nl Fri Feb 11 13:01:08 2011 From: sander at steffann.nl (Sander Steffann) Date: Fri, 11 Feb 2011 13:01:08 +0100 Subject: [anti-abuse-wg] Yay. More /14s in spamhaus. In-Reply-To: References: <1297414704.2424.27.camel@shane-desktop> Message-ID: Hi, > Wonderful. And will this be updated to deal with specific aspects of > v6 allocation? Andrea said it would be done per type of request, so I assume: yes Sander From ops.lists at gmail.com Fri Feb 11 14:17:32 2011 From: ops.lists at gmail.com (Suresh Ramasubramanian) Date: Fri, 11 Feb 2011 18:47:32 +0530 Subject: [anti-abuse-wg] Yay. More /14s in spamhaus. In-Reply-To: <4D5532CC.3020107@ripe.net> References: <1297414704.2424.27.camel@shane-desktop> <4D5532CC.3020107@ripe.net> Message-ID: Excellent, Thank you. On Fri, Feb 11, 2011 at 6:29 PM, Andrea Cima wrote: > We are currently working on the IPv4 allocation and assignment procedure > and expect it to be finalised and published in March. > > If the IPv4 allocation and assignment procedure is considered useful by > the RIPE NCC membership, we will then publish procedure documents for > IPv6 and AS Numbers. -- Suresh Ramasubramanian (ops.lists at gmail.com) From andrea at ripe.net Fri Feb 11 13:59:56 2011 From: andrea at ripe.net (Andrea Cima) Date: Fri, 11 Feb 2011 13:59:56 +0100 Subject: [anti-abuse-wg] Yay. More /14s in spamhaus. In-Reply-To: References: <1297414704.2424.27.camel@shane-desktop> Message-ID: <4D5532CC.3020107@ripe.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Sander, Sander Steffann wrote: > Hi, > >> The whois already says they are reclaiming the /14 - but I think it'd >> have been better to improve their vetting procedures to ensure that >> such allocations never did take place. >> >> They do scrutinize paperwork for IP justification, hardware etc so it >> would be interesting to see what justification needs to be done to get >> a /14, and what is done to verify the accuracy of said paperwork. > > To quote from Andrea Cima, who said the following at the last RIPE meeting (taken from stenography report at http://ripe61.ripe.net/archives/steno/13/): > > "Now, with regards to transparency, what our intention is, is to publish all the RIPE NCC Registration Services procedures on?line, and in this way, it will be very clear to everyone that is requesting some resources, what is expected from them, what kind of information, we will ask or we may ask and what kind of documentation we will need. We will do this per type of ? request, per type of service and, of course, we will start with IPv4 address space resources because of the run?out situation. So this will be up on?line pretty soon from now. " > > So the procedure documentation you ask for should be available soon. > > Andrea: can you provide further information here? We are currently working on the IPv4 allocation and assignment procedure and expect it to be finalised and published in March. If the IPv4 allocation and assignment procedure is considered useful by the RIPE NCC membership, we will then publish procedure documents for IPv6 and AS Numbers. Best regards, Andrea Cima RIPE NCC > Thanks, > Sander > -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.11 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAk1VMswACgkQXOgsmPkFrjPCHACg01H/3RVkKcH+eZC+JslS6C5N 1i4AoJMm93myDaZ40F1/+diMQawueQ5j =xzVc -----END PGP SIGNATURE----- From esteveclara at gmail.com Sat Feb 12 01:31:41 2011 From: esteveclara at gmail.com (Clara Esteve) Date: Sat, 12 Feb 2011 01:31:41 +0100 Subject: [anti-abuse-wg] Swindle In-Reply-To: References: Message-ID: Hello, I write you because some people swindled me out of money, and I want to find who are they. I think that it could be a quite well organisated team... They asked me money in advance via cash payment to rent a flat. I received quite a lot of emails that were going through the RIPE Network Coordination Centre . Could you tell me if this is to you that I have to send the headers of the emails received? I would be grateful if you could answer me as soon as possible. Thank you very much! Best regards, Clara Esteve -------------- next part -------------- An HTML attachment was scrubbed... URL: From ops.lists at gmail.com Sat Feb 12 03:24:06 2011 From: ops.lists at gmail.com (Suresh Ramasubramanian) Date: Sat, 12 Feb 2011 07:54:06 +0530 Subject: [anti-abuse-wg] Swindle In-Reply-To: References: Message-ID: That means you simply received email through an IP in Europe Please use for example www.spamcop.net to figure out where this spam came from. On Sat, Feb 12, 2011 at 6:01 AM, Clara Esteve wrote: > Hello, > > I write you because some people swindled me out of money, and I want to find > who are they. > I think that it could be a quite well organisated team... > They asked me money in advance via cash payment to rent a flat. > I received quite a lot of emails that were going through the RIPE Network > Coordination Centre . > Could you tell me if this is to you that I have to send the headers of the > emails received? > I would be grateful if you could answer me as soon as possible. > > Thank you very much! > > Best regards, > Clara Esteve > -- Suresh Ramasubramanian (ops.lists at gmail.com) From brian.nisbet at heanet.ie Mon Feb 14 13:50:21 2011 From: brian.nisbet at heanet.ie (Brian Nisbet) Date: Mon, 14 Feb 2011 12:50:21 +0000 Subject: [anti-abuse-wg] Swindle In-Reply-To: References: Message-ID: <4D59250D.7020308@heanet.ie> Clara, Unfortunately this list is not suitable for reporting spam or phishing. You should speak to your ISP or email provider, or, if you have been swindled, your local law enforcement. Regards, Brian. "Clara Esteve" wrote the following on 12/02/2011 00:31: > Hello, > > I write you because some people swindled me out of money, and I want to > find who are they. > I think that it could be a quite well organisated team... > They asked me money in advance via cash payment to rent a flat. > I received quite a lot of emails that were going through the RIPE > Network Coordination Centre . > Could you tell me if this is to you that I have to send the headers of > the emails received? > I would be grateful if you could answer me as soon as possible. > > Thank you very much! > > Best regards, > Clara Esteve >