From abuse at cloudhosting.lv Mon May 9 08:28:01 2011 From: abuse at cloudhosting.lv (Abuse CloudHost IT) Date: Mon, 9 May 2011 09:28:01 +0300 Subject: [anti-abuse-wg] [Ticket#2011050910000015] brute force attack detect from your network Message-ID: <1304922481.638302.50450999.101.2@yourhost.example.com> Hello, We have establishes brute force attack detect from your network! IP Address: "213.109.29.142" Date start: "May? 9 03:38:49" Date stop: "May? 9 04:01:11" IP Address "213.109.29.142" added to the blacklist. -- ?Dmitrijs Agijevics ?Cloud Hosting IT ?T?lrunis: +371 66 66 29 69 ?E-pasts: info at cloudhosting.lv ?[1]http://www.cloudhosting.lv -- [1] http://www.cloudhosting.lv -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: 213.109.29.142.log Type: application/octet-stream Size: 95703 bytes Desc: not available URL: From ops.lists at gmail.com Mon May 9 12:55:02 2011 From: ops.lists at gmail.com (Suresh Ramasubramanian) Date: Mon, 9 May 2011 16:25:02 +0530 Subject: [anti-abuse-wg] [Ticket#2011050910000015] brute force attack detect from your network In-Reply-To: <1304922481.638302.50450999.101.2@yourhost.example.com> References: <1304922481.638302.50450999.101.2@yourhost.example.com> Message-ID: Please note that this is not a list that collects abuse reports. It is a RIPE working group set up for a specific purpose. On Mon, May 9, 2011 at 11:58 AM, Abuse CloudHost IT wrote: > Hello, > > We have establishes brute force attack detect from your network! > IP Address: "213.109.29.142" > Date start: "May? 9 03:38:49" > Date stop: "May? 9 04:01:11" > IP Address "213.109.29.142" added to the blacklist. > > > -- > ?Dmitrijs Agijevics > ?Cloud Hosting IT > ?T?lrunis: +371 66 66 29 69 > ?E-pasts: info at cloudhosting.lv > ?http://www.cloudhosting.lv > > -- > -- Suresh Ramasubramanian (ops.lists at gmail.com) From aftab.siddiqui at gmail.com Mon May 9 12:55:43 2011 From: aftab.siddiqui at gmail.com (Aftab Siddiqui) Date: Mon, 9 May 2011 15:55:43 +0500 Subject: [anti-abuse-wg] [Ticket#2011050910000015] brute force attack detect from your network In-Reply-To: <1304922481.638302.50450999.101.2@yourhost.example.com> References: <1304922481.638302.50450999.101.2@yourhost.example.com> Message-ID: If this is an automated email notification than I think its good time for everyone to sign-off from the mailing list :) Regards, Aftab A. Siddiqui On Mon, May 9, 2011 at 11:28 AM, Abuse CloudHost IT wrote: > Hello, > > We have establishes brute force attack detect from your network! > IP Address: "213.109.29.142" > Date start: "May 9 03:38:49" > Date stop: "May 9 04:01:11" > IP Address "213.109.29.142" added to the blacklist. > > > -- > *Dmitrijs Agijevics* > Cloud Hosting IT > T?lrunis: +371 66 66 29 69 > E-pasts: info at cloudhosting.lv > http://www.cloudhosting.lv > > -- > -------------- next part -------------- An HTML attachment was scrubbed... URL: From fweimer at bfk.de Mon May 9 12:55:10 2011 From: fweimer at bfk.de (Florian Weimer) Date: Mon, 09 May 2011 10:55:10 +0000 Subject: [anti-abuse-wg] [Ticket#2011050910000015] brute force attack detect from your network In-Reply-To: <1304922481.638302.50450999.101.2@yourhost.example.com> (Abuse CloudHost's message of "Mon, 9 May 2011 09:28:01 +0300") References: <1304922481.638302.50450999.101.2@yourhost.example.com> Message-ID: <82liyg5ek1.fsf@mid.bfk.de> * Abuse CloudHost: > We have establishes brute force attack detect from your network! > IP Address: "213.109.29.142" > Date start: "May? 9 03:38:49" > Date stop: "May? 9 04:01:11" > IP Address "213.109.29.142" added to the blacklist. The anti-abuse mailing list is the wrong audience for this. To make your report more useful, you should include time zone information and the host and service on your network. Otherwise, it will be difficult for another operator to validate your claims. -- Florian Weimer BFK edv-consulting GmbH http://www.bfk.de/ Kriegsstra?e 100 tel: +49-721-96201-1 D-76133 Karlsruhe fax: +49-721-96201-99 From brian.nisbet at heanet.ie Mon May 9 13:12:25 2011 From: brian.nisbet at heanet.ie (Brian Nisbet) Date: Mon, 09 May 2011 12:12:25 +0100 Subject: [anti-abuse-wg] [Ticket#2011050910000015] brute force attack detect from your network In-Reply-To: References: <1304922481.638302.50450999.101.2@yourhost.example.com> Message-ID: <4DC7CC19.8030709@heanet.ie> Let's not be hasty. :) If it is automated, and obviously I'm very much hoping it isn't, then it will be sorted out, don't worry. Brian. "Aftab Siddiqui" wrote the following on 09/05/2011 11:55: > If this is an automated email notification than I think its good time > for everyone to sign-off from the mailing list :) > > Regards, > > Aftab A. Siddiqui > > > On Mon, May 9, 2011 at 11:28 AM, Abuse CloudHost IT > > wrote: > > Hello, > > We have establishes brute force attack detect from your network! > IP Address: "213.109.29.142" > Date start: "May 9 03:38:49" > Date stop: "May 9 04:01:11" > IP Address "213.109.29.142" added to the blacklist. > > > -- > *Dmitrijs Agijevics* > Cloud Hosting IT > T?lrunis: +371 66 66 29 69 > E-pasts: info at cloudhosting.lv > http://www.cloudhosting.lv > > -- > > From rezaf at mindspring.com Mon May 9 20:32:00 2011 From: rezaf at mindspring.com (Reza Farzan) Date: Mon, 9 May 2011 14:32:00 -0400 Subject: [anti-abuse-wg] inetnum: 212.86.64.0 - 212.86.79.255 Message-ID: Hello, Thank you for accepting me as a new member. Based on my research, I noticed that [inetnum: 212.86.64.0 - 212.86.79.255] does not have any valid contact e-mail listed. The two contact e-mail addresses that appear both have changed: changed: shakeri at gmail.com 20100605 changed: mohammadhaeri at gmail.com 20100521 Would it be possible to ask this network to provide valid contact e-mail address(s)? Please advise me. Thank you, Reza Farzan rezaf at mindspring.com _____ No virus found in this message. Checked by AVG - www.avg.com Version: 10.0.1325 / Virus Database: 1500/3626 - Release Date: 05/09/11 -------------- next part -------------- An HTML attachment was scrubbed... URL: From leo.vegoda at icann.org Mon May 9 20:47:32 2011 From: leo.vegoda at icann.org (Leo Vegoda) Date: Mon, 9 May 2011 11:47:32 -0700 Subject: [anti-abuse-wg] inetnum: 212.86.64.0 - 212.86.79.255 In-Reply-To: References: Message-ID: <05B243F724B2284986522B6ACD0504D7E5D676398B@EXVPMBX100-1.exc.icann.org> Hi Reza, You wrote: > Based on my research, I noticed that [inetnum: 212.86.64.0 - 212.86.79.255] > does not have any valid contact e-mail listed. The two contact e-mail > addresses that appear both have changed: > ? > changed: shakeri at gmail.com 20100605 > changed: mohammadhaeri at gmail.com 20100521 > ? > Would it be possible to ask this network to provide valid contact e-mail address(s)? ? You could call them and ask at the number provided. But it is worth noting that this is an assignment and there is plenty of contact information in the inetnum object for the allocation. You can look up the hierarchy using the -L query flag. Sadly, it doesn't appear to be available from the web whois interface. Hope this helps. Leo From Woeber at CC.UniVie.ac.at Mon May 9 21:45:38 2011 From: Woeber at CC.UniVie.ac.at (Wilfried Woeber, UniVie/ACOnet) Date: Mon, 09 May 2011 19:45:38 +0000 Subject: [anti-abuse-wg] inetnum: 212.86.64.0 - 212.86.79.255 In-Reply-To: <05B243F724B2284986522B6ACD0504D7E5D676398B@EXVPMBX100-1.exc.icann.org> References: <05B243F724B2284986522B6ACD0504D7E5D676398B@EXVPMBX100-1.exc.icann.org> Message-ID: <4DC84462.5040307@CC.UniVie.ac.at> Leo Vegoda wrote: > Hi Reza, > > You wrote: > > >>Based on my research, I noticed that [inetnum: 212.86.64.0 - 212.86.79.255] >>does not have any valid contact e-mail listed. The two contact e-mail >>addresses that appear both have changed: >> >>changed: shakeri at gmail.com 20100605 >>changed: mohammadhaeri at gmail.com 20100521 "changed: xxxx...." lines do NOT indicate that the email addresses have changed, but rather that an update has been submitted by an individual that can be reached by using *this* email address. Reza, may I suggest that you have a look at the RIPE-DB documentation? >>Would it be possible to ask this network to provide valid contact e-mail address(s)? > > > You could call them and ask at the number provided. But it is worth noting that this > is an assignment and there is plenty of contact information in the inetnum object > for the allocation. You can look up the hierarchy using the -L query flag. Sadly, it > doesn't appear to be available from the web whois interface. Actually, it is. The string to enter in the web interface, in the input box is: -BL 212.86.64.0 - 212.86.79.255 or alternatively, you should be able to select the -L or -l from the "Advanced Search Form" interface. But it looks like over there it is not offered on a simple point-n-click basis ;-) Nevertheless, each individual flag option can be requested explicitely in the input field of the web-inerface. > Hope this helps. > > Leo Regards, Wilfried (Co-Chair RIPE DB-WG) From shane at time-travellers.org Tue May 10 11:21:15 2011 From: shane at time-travellers.org (Shane Kerr) Date: Tue, 10 May 2011 11:21:15 +0200 Subject: [anti-abuse-wg] Abuse finder tweak? Re: inetnum: 212.86.64.0 - 212.86.79.255 In-Reply-To: <4DC84462.5040307@CC.UniVie.ac.at> References: <05B243F724B2284986522B6ACD0504D7E5D676398B@EXVPMBX100-1.exc.icann.org> <4DC84462.5040307@CC.UniVie.ac.at> Message-ID: <1305019275.2331.15.camel@shane-desktop> All, On Mon, 2011-05-09 at 19:45 +0000, Wilfried Woeber, UniVie/ACOnet wrote: > Actually, it is. The string to enter in the web interface, in the input box is: > > -BL 212.86.64.0 - 212.86.79.255 > > or alternatively, you should be able to select the -L or -l from the > "Advanced Search Form" interface. > > But it looks like over there it is not offered on a simple point-n-click basis ;-) > Nevertheless, each individual flag option can be requested explicitely in the > input field of the web-inerface. I tried the "Abuse Finder" tool for this and it didn't seem to help: http://lab.db.ripe.net/portal/abuse-finder.htm The heuristics are described here: http://labs.ripe.net/Members/Paul_P_/content-updated-heuristics-abuse-finder-service Maybe it makes sense to have some fallback to non-abuse-specific contacts (admin-c/tech-c) if no abuse contacts have been defined? Perhaps with a warning that no actual abuse contacts have been registered.... -- Shane From aftab.siddiqui at gmail.com Tue May 10 12:15:07 2011 From: aftab.siddiqui at gmail.com (Aftab Siddiqui) Date: Tue, 10 May 2011 15:15:07 +0500 Subject: [anti-abuse-wg] Abuse finder tweak? Re: inetnum: 212.86.64.0 - 212.86.79.255 In-Reply-To: <1305019275.2331.15.camel@shane-desktop> References: <05B243F724B2284986522B6ACD0504D7E5D676398B@EXVPMBX100-1.exc.icann.org> <4DC84462.5040307@CC.UniVie.ac.at> <1305019275.2331.15.camel@shane-desktop> Message-ID: isnt it a good test case for having IRT object in RIPE db as well. Regards, Aftab A. Siddiqui On Tue, May 10, 2011 at 2:21 PM, Shane Kerr wrote: > All, > > On Mon, 2011-05-09 at 19:45 +0000, Wilfried Woeber, UniVie/ACOnet wrote: > > Actually, it is. The string to enter in the web interface, in the input > box is: > > > > -BL 212.86.64.0 - 212.86.79.255 > > > > or alternatively, you should be able to select the -L or -l from the > > "Advanced Search Form" interface. > > > > But it looks like over there it is not offered on a simple point-n-click > basis ;-) > > Nevertheless, each individual flag option can be requested explicitely in > the > > input field of the web-inerface. > > I tried the "Abuse Finder" tool for this and it didn't seem to help: > > http://lab.db.ripe.net/portal/abuse-finder.htm > > The heuristics are described here: > > > http://labs.ripe.net/Members/Paul_P_/content-updated-heuristics-abuse-finder-service > > Maybe it makes sense to have some fallback to non-abuse-specific > contacts (admin-c/tech-c) if no abuse contacts have been defined? > Perhaps with a warning that no actual abuse contacts have been > registered.... > > -- > Shane > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From tk at abusix.com Tue May 10 13:20:37 2011 From: tk at abusix.com (Tobias Knecht) Date: Tue, 10 May 2011 13:20:37 +0200 Subject: [anti-abuse-wg] Abuse finder tweak? Re: inetnum: 212.86.64.0 - 212.86.79.255 In-Reply-To: References: <05B243F724B2284986522B6ACD0504D7E5D676398B@EXVPMBX100-1.exc.icann.org> <4DC84462.5040307@CC.UniVie.ac.at> <1305019275.2331.15.camel@shane-desktop> Message-ID: <4DC91F85.9020007@abusix.com> Am 10.05.11 12:15, schrieb Aftab Siddiqui: > isnt it a good test case for having IRT object in RIPE db as well. Absolutely right. There is already a TaskForce in place to discuss the possibilities. http://www.ripe.net/ripe/groups/tf/abuse-contact Thanks, Tobias -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 267 bytes Desc: OpenPGP digital signature URL: From aftab.siddiqui at gmail.com Tue May 10 13:53:21 2011 From: aftab.siddiqui at gmail.com (Aftab Siddiqui) Date: Tue, 10 May 2011 16:53:21 +0500 Subject: [anti-abuse-wg] Abuse finder tweak? Re: inetnum: 212.86.64.0 - 212.86.79.255 In-Reply-To: <4DC91F85.9020007@abusix.com> References: <05B243F724B2284986522B6ACD0504D7E5D676398B@EXVPMBX100-1.exc.icann.org> <4DC84462.5040307@CC.UniVie.ac.at> <1305019275.2331.15.camel@shane-desktop> <4DC91F85.9020007@abusix.com> Message-ID: Hi Tobias, Nice to see that. I wasn't following the task force working (my bad). IRT is not a perfect solution because you can't guarantee if the address provided is active or not. Most of the times the email boxes are full and we get bounce response. But anyhow most of the times if works. anyways, best of luck. Regards, Aftab A. Siddiqui On Tue, May 10, 2011 at 4:20 PM, Tobias Knecht wrote: > Am 10.05.11 12:15, schrieb Aftab Siddiqui: > > isnt it a good test case for having IRT object in RIPE db as well. > > Absolutely right. There is already a TaskForce in place to discuss the > possibilities. http://www.ripe.net/ripe/groups/tf/abuse-contact > > Thanks, > > Tobias > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From emadaio at ripe.net Tue May 10 17:00:34 2011 From: emadaio at ripe.net (Emilio Madaio) Date: Tue, 10 May 2011 17:00:34 +0200 Subject: [anti-abuse-wg] 2010-08 Policy Proposal Withdrawn (Abuse Contact Information) Message-ID: <20110510155259.169EA6A017@postboy.ripe.net> Dear Colleagues, The proposal 2010-08, "Abuse Contact Information", has been withdrawn. It is now archived and can be found at: http://www.ripe.net/ripe/policies/proposals/2010-08 Reason for withdrawal: a task force is working to solve the implementation issues pointed out by the proposal discussion. The possible policy consequences will be considered with a new proposal in the future. Regards Emilio Madaio Policy Development Officer RIPE NCC From noreply at ripe.net Mon May 30 16:15:14 2011 From: noreply at ripe.net (Axel Pawlik) Date: Mon, 30 May 2011 16:15:14 +0200 Subject: [anti-abuse-wg] First iPad Winner: RIPE NCC Membership and Stakeholder Survey 2011 Message-ID: <4DE3A672.2070500@ripe.net> [Apologies for duplicate emails] Dear colleagues, You still have time to take part in the RIPE NCC Membership and Stakeholder Survey 2011. The survey can be found at: https://www.ripe.net/survey2011 ================= First iPad Winner ================= Congratulations to James Blessing, who was chosen at random by the Oxford Internet Institute (OII) as the winner of the "early bird" prize. The RIPE NCC will give four more iPads to respondents chosen at random by the OII. The prize winners will be drawn from all respondents who complete the survey by the closing date of 10 June. ========== The Survey ========== The results of this survey will be crucial for the RIPE NCC in determining its strategy for the years ahead. Analysis of the survey results will be conducted by the OII, and all identifying information will be removed before the data is given to the RIPE NCC. For the first time, the survey is open to all stakeholders in the RIPE community in addition to RIPE NCC members. We aim to receive 1,000 responses by 10 June, so we encourage you to take 10-15 minutes to complete the survey. We look forward to receiving your input. Best regards, Axel Pawlik Managing Director RIPE NCC From support at netlogics.nl Tue May 31 10:01:04 2011 From: support at netlogics.nl (=?UTF-8?B?R2VydCBEb2VyaW5n?=) Date: Tue, 31 May 2011 10:01:04 +0200 Subject: [anti-abuse-wg] =?UTF-8?B?W1NVUFBPUlQgI1NSSS0xMzYtMTkyMzNdOiBbbmM=?= =?UTF-8?B?Yy1hbm5vdW5jZV0gRmlyc3QgaVBhZCBXaW5uZXI=?= =?UTF-8?B?OiBSSVBFIE5DQyBNZW1iZXJzaGlwIGFuZCBTdGE=?= =?UTF-8?B?a2Vob2xkZXIgU3VydmV5IDIwMTE=?= Message-ID: Hi, On Tue, May 31, 2011 at 08:40:21AM +0200, Per Heldal wrote: > Please configure your Kayoko system so that it doesn't send automated > responses to mailinglist messages. Over in the address policy WG, we just unsubscribe everyone who sends back autoreplies to mailing list articles. Works wonders. Gert Doering -- APWG chair -- did you enable IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (89) 32356-444 USt-IdNr.: DE813185279 Ticket Details --------------------------------- Ticket ID: SRI-136-19233 Department: Support Type: Issue Status: Open Priority: Medium Support Center: http://support.netlogics.nl/index.php?/default_import -------------- next part -------------- An HTML attachment was scrubbed... URL: From tk at abusix.com Tue May 31 10:21:04 2011 From: tk at abusix.com (Tobias Knecht) Date: Tue, 31 May 2011 10:21:04 +0200 Subject: [anti-abuse-wg] [SUPPORT #SRI-136-19233]: [ncc-announce] First iPad Winner: RIPE NCC Membership and Stakeholder Survey 2011 In-Reply-To: References: Message-ID: <4DE4A4F0.2080207@abusix.com> > Over in the address policy WG, we just unsubscribe everyone who sends back > autoreplies to mailing list articles. Works wonders. +1 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 267 bytes Desc: OpenPGP digital signature URL: From support at netlogics.nl Tue May 31 10:18:39 2011 From: support at netlogics.nl (=?UTF-8?B?cm9kb2xmby5nYXJjaWFwZW5hc0B0ZWxlZm9uaWM=?= =?UTF-8?B?YS5lcw==?=) Date: Tue, 31 May 2011 10:18:39 +0200 Subject: [anti-abuse-wg] =?UTF-8?B?W1NVUFBPUlQgI1NSSS0xMzYtMTkyMzNdOiBbbmM=?= =?UTF-8?B?Yy1hbm5vdW5jZV0gRmlyc3QgaVBhZCBXaW5uZXI=?= =?UTF-8?B?OiBSSVBFIE5DQyBNZW1iZXJzaGlwIGFuZCBTdGE=?= =?UTF-8?B?a2Vob2xkZXIgU3VydmV5IDIwMTE=?= Message-ID: <39e31f5842b92353f1bc9e5052535219@support.netlogics.nl> Per, is a M2M conversation, do not interrupt it ;-) Per Heldal Para Enviado por: db-wg at ripe.net db-wg-admin at ri cc pe.net Asunto [db-wg] [SUPPORT 31/05/2011 #SRI-136-19233]: 09:59 [ncc-announce] First iPad Winner: RIPE NCC Membership and Stakeholder Survey 2011 Por favor, Clasificaci?n responda a support at net logics.nl Hi there! Please configure your Kayoko system so that it doesn't send automated responses to mailinglist messages. //per On 30/05/11 16:29, Support Netlogics wrote: > Axel Pawlik, > > Thank you for contacting us. This is an automated response confirming the receipt of your ticket. One of our agents will get back to you as soon as possible. For your records, the details of the ticket are listed below. When replying, please make sure that the ticket ID is kept in the subject line to ensure that your replies are tracked appropriately. > > Ticket ID: SRI-136-19233 > Subject: [ncc-announce] First iPad Winner: RIPE NCC Membership and Stakeholder Survey 2011 > Department: Support > Type: Issue > Status: Open > Priority: Medium > > You can check the status of or reply to this ticket online at: http://support.netlogics.nl/index.php?/default_import/Tickets/Ticket/View/SRI-136-19233 > > Kind regards, > > PE NetLogics BV > > ------------------------------------------------------ > Support Center: http://support.netlogics.nl/index.php?/default_import Ticket Details Ticket ID: SRI-136-19233 Department: Support Type: Issue Status: Open Priority: Medium Support Center: http://support.netlogics.nl/index.php?/default_import Ticket Details --------------------------------- Ticket ID: SRI-136-19233 Department: Support Type: Issue Status: Open Priority: Medium Support Center: http://support.netlogics.nl/index.php?/default_import -------------- next part -------------- An HTML attachment was scrubbed... URL: From support at netlogics.nl Tue May 31 10:18:38 2011 From: support at netlogics.nl (=?UTF-8?B?R2VydCBEb2VyaW5n?=) Date: Tue, 31 May 2011 10:18:38 +0200 Subject: [anti-abuse-wg] =?UTF-8?B?W1NVUFBPUlQgI1NSSS0xMzYtMTkyMzNdOiBbbmM=?= =?UTF-8?B?Yy1hbm5vdW5jZV0gRmlyc3QgaVBhZCBXaW5uZXI=?= =?UTF-8?B?OiBSSVBFIE5DQyBNZW1iZXJzaGlwIGFuZCBTdGE=?= =?UTF-8?B?a2Vob2xkZXIgU3VydmV5IDIwMTE=?= Message-ID: Hi, > From: Gert Doering one night, I'd really like to meet the person who thought that ticket systems should be allowed to re-mail incoming mails to "every mail address that ever came near this ticket" *WITH A FORGED FROM: HEADER* in a dark alley... I am not support at netlogics.nl, and I take offense in seeing my mails being redistributed to *different* lists, with a faked header, HTML body added, and my name left on top of it. Gert Doering -- APWG chair -- did you enable IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (89) 32356-444 USt-IdNr.: DE813185279 Ticket Details --------------------------------- Ticket ID: SRI-136-19233 Department: Support Type: Issue Status: Open Priority: Medium Support Center: http://support.netlogics.nl/index.php?/default_import -------------- next part -------------- An HTML attachment was scrubbed... URL: