[anti-abuse-wg] current business practices
- Previous message (by thread): [anti-abuse-wg] current business practices
- Next message (by thread): [anti-abuse-wg] current business practices
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Frank Gadegast
ripe-anti-spam-wg at powerweb.de
Wed Apr 11 15:48:02 CEST 2012
Vissers, Pepijn wrote: > Hi Frank, Hi, > > > > Interesting story. Here in NL, we act as LEA towards an ISP if the abuse we see is related to spam and/or malware (because that is our (OPTA) function as telco regulator). In most cases, abuse reports from a law enforcement agency tend to be picked up with a little more urgency so the strategy is quite effective. > > > > If the ISP is non-cooperative, we might choose to apply a little more pressure by a subpoena of some kind. Usually applying such pressure results in a positively correlated attitude towards handling said abuse tickets. The strategy is derived from the theory of 'responsive regulation' by Braithwait. > > > > Do you have such a regulator (with investigative capabilities) who you could team up with in DE? Surely not. Its the role of RIPE NCC (too my understanding) to keep their database up-to-date. subpoena by deleting the wrong AS object from the database ;o) Pretty simple ... Kind regards, Frank > > > > Kind regards, > > Pepijn > > > >> -----Oorspronkelijk bericht----- > >> Van: anti-abuse-wg-bounces at ripe.net [mailto:anti-abuse-wg- > >> bounces at ripe.net] Namens Frank Gadegast > >> Verzonden: woensdag 11 april 2012 15:18 > >> Aan: anti-abuse-wg at ripe.net > >> Onderwerp: Re: [anti-abuse-wg] current business practices > >> > >> Laura Cobley wrote: > >>> Dear Florian and all, > >> > >> Hi, > >> > >> (some details from our current experiences with RIPE NCC and accuracy > >> of the RIPE objects) > >> > >> we currently have one case where a really big German cablenet ISP is > >> having exacly one abuse-eMail address for their tech-c, abuse-mailbox > >> and admin-c, for all their objects. > >> > >> And this one email has a domain, what does not belong to the ISP > >> anymore, since November 2011, its currently owned by a domain grabber, > >> because the ISP deleted the domain on purpose (on behalf of a change in > >> the company name years ago). > >> There is no other working contact information (phone lets you end up at > >> their hotline where they have absolutly no idea about abuse), snail > >> mail is no option, fax number is not supplied. > >> > >> We tried mailing there peering contact, their normal customer email > >> from their website, filled their online feedback form and then opened a > >> normal ticket at RIPE NCC, were just told to open another ticket at > >> RIPE NCC and invested about 5 hours already describing the problem at > >> RIPE NCC. > >> Simply no chance, RIPE NCC is responding to tickets on a daily basis, > >> even during business hours (jesus, we will respond in about 5 minutes > >> if something serious like that will happen to our networks). > >> The interest at the RIPE NCC to fix database problems does not seem to > >> have any priority. > >> > >> Ah, I forgot: > >> the maillist server mamba.ripe.net has technical problems during the > >> last 3 weeks, we opened tickets for that as well and even got a > >> response once, still not fixed, the maillist server is probably not > >> reacheable for 90% of the members ... whoever will receives this could > >> please make a telnet mamba.ripe.net 25 from some IPs he own (best would > >> be not using his or her usual IP, if he or she likes, lets see how big > >> that problem really is, thats why I have to mail the most active people > >> directly). > >> > >> -------- > >> Little update: seems like RIPE NCC changed the maillist server to > >> postgirl.ripe.net and that one works. > >> Looks like they had to change this in a hurry, because the old server > >> did hang in the nameserver caches quite long (great, that I have to > >> find that out myself, instead that > >> somebody from the RIPE NCC is simply telling me that or posting > >> to the list). > >> -------- > >> Sorry, if nearly the same email comes twice now ... have to test it. > >> > >> So: abuse does not have priority in a lot of peoples heads those days, > >> even when they tell you that daily ... > >> > >> (we have about 100 abuse incidents with that ISP monthly and the ISP > >> even resides in the same country than we are, but its still, if they > >> reside on the other side of the moon, maybe I should demonstrate > >> if front of the office building with a big sign saying: > >> "you dont have a working abuse appartment") > >> > >> > >> Kind regards, Frank > >>> > >>> Over time, contact information in the RIPE Database can become > >>> outdated due to staffing changes, oversight and lack of knowledge on > >>> the part of the maintainer. Bringing the irregularity directly to the > >>> attention of this maintainer can be the quickest way to get it fixed. > >>> > >>> If you subsequently experience difficulties with this, we can help > >> you > >>> to get in touch with the maintainer by forwarding your report to the > >>> person responsible for the Internet number resource registration. > >>> Handling reports is a normal part of our operations within the RIPE > >>> NCC and the report form makes it easier to get in touch with us. > >>> > >>> We ask you to include information such as mail delivery failure > >>> notices and copies of emails with headers, which clearly show the > >>> problem and the subsequent difficulties you are having. These help to > >>> substantiate the report. Our aim is to work together with you to > >>> further improve the quality of the data in the Internet number > >> resource registry. > >>> > >>> Best regards, > >>> > >>> Laura Cobley > >>> RIPE NCC > >>> > >>> On 4/6/12 8:45 PM, Florian Weimer wrote: > >>>> * Laura Cobley: > >>>> > >>>>> Using this form, you can now easily report various issues, > >> including > >>>>> abnormalities in Internet number resource registrations, to us for > >>>>> further investigation. > >>>> > >>>> I looked at "Incorrect contact information in the RIPE Database", > >> and > >>>> "I confirm that I have reported the incorrect information to all of > >>>> the contacts listed in the relevant object" is a required checkbox. > >>>> > >>>> This seems to require that complainants try postal addresses, phone > >>>> and fax numbers before reporting errors in email addresses. Is this > >>>> really your goal? Isn't this a step backwards? > >>>> > >>> > >>> > >>> > >> > >> > >> -- > >> > >> Mit freundlichen Gruessen, > >> -- > >> MOTD: "have you enabled SSL on a website or mailbox today ?" > >> -- > >> PHADE Software - PowerWeb http://www.powerweb.de > >> Inh. Dipl.-Inform. Frank Gadegast mailto:frank at powerweb.de > >> Schinkelstrasse 17 fon: +49 33200 52920 > >> 14558 Nuthetal OT Rehbruecke, Germany fax: +49 33200 52921 > >> ====================================================================== > >> > >> > > > > +++++++++++++++++++++++++++++++++++++++++++++ > > Disclaimer > > Dit e-mailbericht kan vertrouwelijke informatie bevatten of informatie die is beschermd door een beroepsgeheim. > > Indien dit bericht niet voor u is bestemd, wijzen wij u erop dat elke vorm van verspreiding, vermenigvuldiging > > of ander gebruik ervan niet is toegestaan. > > Indien dit bericht blijkbaar bij vergissing bij u terecht is gekomen, verzoeken wij u ons daarvan > > direct op de hoogte te stellen via tel.nr 070 315 3500 of e-mail mailto:mail at opta.nl en het bericht te vernietigen. > > Dit e-mailbericht is uitsluitend gecontroleerd op virussen. > > OPTA aanvaardt geen enkele aansprakelijkheid voor de feitelijke inhoud en juistheid van dit bericht en er kunnen > > geen rechten aan worden ontleend. > > > > > > This e-mail message may contain confidential information or information protected by professional privilege. > > If it is not intended for you, you should be aware that any distribution, copying or other form of use of > > this message is not permitted. > > If it has apparently reached you by mistake, we urge you to notify us by phone +31 70 315 3500 > > or e-mail mailto:mail at opta.nl and destroy the message immediately. > > This e-mail message has only been checked for viruses. > > The accuracy, relevance, timeliness or completeness of the information provided cannot be guaranteed. > > OPTA expressly disclaims any responsibility in relation to the information in this e-mail message. > > No rights can be derived from this message. > > > > > -- Mit freundlichen Gruessen, -- MOTD: "have you enabled SSL on a website or mailbox today ?" -- PHADE Software - PowerWeb http://www.powerweb.de Inh. Dipl.-Inform. Frank Gadegast mailto:frank at powerweb.de Schinkelstrasse 17 fon: +49 33200 52920 14558 Nuthetal OT Rehbruecke, Germany fax: +49 33200 52921 ======================================================================
- Previous message (by thread): [anti-abuse-wg] current business practices
- Next message (by thread): [anti-abuse-wg] current business practices
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]