From info at dhn.li Fri Mar 9 02:44:45 2012 From: info at dhn.li (info at dhn.li) Date: Fri, 9 Mar 2012 03:44:45 +0200 Subject: [anti-abuse-wg] Enough is enoug Message-ID: Dear sirs, i need help on people that every day try to hack our server for example this is just for to days log from fail2ban i made maximum try count 4 and 600 sec. than thay try later 600 sec again non stop please take control who they are and why they try endles, least 6 months our server IP 85.10.198.87 2012-03-08 11:40:24,591 fail2ban.actions: WARNING [ssh] Ban 61.188.179.27 2012-03-08 11:50:25,251 fail2ban.actions: WARNING [ssh] Unban 61.188.179.27 2012-03-08 12:24:17,438 fail2ban.actions: WARNING [ssh] Ban 175.45.42.26 2012-03-08 12:34:18,155 fail2ban.actions: WARNING [ssh] Unban 175.45.42.26 2012-03-08 16:05:56,897 fail2ban.actions: WARNING [ssh] Ban 80.13.90.126 2012-03-08 16:15:56,881 fail2ban.actions: WARNING [ssh] Unban 80.13.90.126 2012-03-08 16:18:51,182 fail2ban.actions: WARNING [ssh] Ban 80.13.90.126 2012-03-08 16:28:51,845 fail2ban.actions: WARNING [ssh] Unban 80.13.90.126 2012-03-08 16:31:53,052 fail2ban.actions: WARNING [ssh] Ban 80.13.90.126 2012-03-08 16:41:53,736 fail2ban.actions: WARNING [ssh] Unban 80.13.90.126 2012-03-08 16:44:58,987 fail2ban.actions: WARNING [ssh] Ban 80.13.90.126 2012-03-08 16:48:46,242 fail2ban.actions: WARNING [ssh] Ban 123.200.5.67 2012-03-08 16:54:59,662 fail2ban.actions: WARNING [ssh] Unban 80.13.90.126 2012-03-08 16:58:46,919 fail2ban.actions: WARNING [ssh] Unban 123.200.5.67 2012-03-08 17:07:23,488 fail2ban.actions: WARNING [ssh] Ban 80.13.90.126 2012-03-08 17:17:24,140 fail2ban.actions: WARNING [ssh] Unban 80.13.90.126 2012-03-08 17:19:59,319 fail2ban.actions: WARNING [ssh] Ban 80.13.90.126 2012-03-08 17:29:59,976 fail2ban.actions: WARNING [ssh] Unban 80.13.90.126 2012-03-08 17:36:36,416 fail2ban.actions: WARNING [ssh] Ban 80.13.90.126 2012-03-08 17:44:06,913 fail2ban.actions: WARNING [ssh] Ban 108.15.99.40 2012-03-08 17:46:37,111 fail2ban.actions: WARNING [ssh] Unban 80.13.90.126 2012-03-08 17:54:07,614 fail2ban.actions: WARNING [ssh] Unban 108.15.99.40 2012-03-08 18:14:54,932 fail2ban.actions: WARNING [ssh] Ban 80.13.90.126 2012-03-08 18:24:55,634 fail2ban.actions: WARNING [ssh] Unban 80.13.90.126 2012-03-08 18:32:08,092 fail2ban.actions: WARNING [ssh] Ban 175.45.42.26 2012-03-08 18:41:24,809 fail2ban.actions: WARNING [ssh] Ban 80.13.90.126 2012-03-08 18:42:08,870 fail2ban.actions: WARNING [ssh] Unban 175.45.42.26 2012-03-08 18:51:25,466 fail2ban.actions: WARNING [ssh] Unban 80.13.90.126 2012-03-08 22:45:58,511 fail2ban.actions: WARNING [ssh] Ban 113.108.103.11 2012-03-08 22:55:59,386 fail2ban.actions: WARNING [ssh] Unban 113.108.103.11 2012-03-09 01:03:14,565 fail2ban.actions: WARNING [ssh] Ban 175.45.42.26 2012-03-09 01:13:15,311 fail2ban.actions: WARNING [ssh] Unban 175.45.42.26 -------------- next part -------------- An HTML attachment was scrubbed... URL: From shane at time-travellers.org Fri Mar 9 08:46:15 2012 From: shane at time-travellers.org (Shane Kerr) Date: Fri, 9 Mar 2012 08:46:15 +0100 Subject: [anti-abuse-wg] Enough is enoug In-Reply-To: References: Message-ID: <20120309084615.33fecc96@shane-desktop> Dear anonymous Internet person, On Friday, 2012-03-09 03:44:45 +0200, wrote: > i need help on people that every day try to hack our server > for example this is just for to days log from fail2ban > i made maximum try count 4 and 600 sec. than thay try later 600 sec > again non stop please take control who they are and why they try > endles, least 6 months our server IP 85.10.198.87 While it is possible that these are targeted attacks, most likely these are just automated systems doing scans of random systems on the Internet, looking for common vulnerabilities. Personally I use denyhosts on my machines, which puts the offenders in /etc/hosts.deny permanently. I just put up a machine 8 days ago, and it already has 32 entries. Basically this means that any host on the Internet that is listening on the SSH port is going to get constant attempts of someone to hack the machine. Question to the room - does anyone have a similar technology that works with IPv6? AFAIK both denyhosts and fail2ban only work for IPv4. :( Anyway, back to securing the boxes... You're already using fail2ban which makes brute force login attempts impractical, so you probably don't need to worry too much, unless you let users pick their own passwords in which case they may either pick very insecure passwords or use the same ones everywhere. Many web sites store their passwords unencrypted, and if they get hacked then your users' passwords can be compromised. If you control the passwords of all accounts, then you can pick practically safe ones, otherwise you may want to consider requiring public key authentication. If you're thinking about the larger issue of how to stop such attacks... I don't know. Surely some ISPs are better or worse than others, but in the end any compromised host on the Internet can be the source of such attacks. I kind of think it will require similar effort to anti-spam work, and it doesn't annoy people on a daily basis in the same way that spam does. Good luck sir, -- Shane From jogi at mur.at Fri Mar 9 09:50:49 2012 From: jogi at mur.at (Jogi =?utf-8?Q?Hofm=C3=BCller?=) Date: Fri, 9 Mar 2012 09:50:49 +0100 Subject: [anti-abuse-wg] Enough is enoug In-Reply-To: <20120309084615.33fecc96@shane-desktop> References: <20120309084615.33fecc96@shane-desktop> Message-ID: <20120309085049.GC4837@kathy> Dear all, On Fri, Mar 09, 2012 at 08:46:15AM +0100, Shane Kerr wrote: > Question to the room - does anyone have a similar technology that works > with IPv6? AFAIK both denyhosts and fail2ban only work for IPv4. :( We recently started using sshguard [1] that creates firewall (iptables) rules for offending IPv4 and IPv6 addresses. It's included in Debian (and probably other Linux distributions too). [1] http://www.sshguard.net/ Regards, j. -- j.hofm?ller http://users.mur.at/thesix/ -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: Digital signature URL: From corebug at corebug.net Fri Mar 9 12:36:13 2012 From: corebug at corebug.net (=?KOI8-R?B?98nUwczJyiD01dLP18XD?=) Date: Fri, 9 Mar 2012 13:36:13 +0200 Subject: [anti-abuse-wg] Enough is enoug In-Reply-To: <20120309085049.GC4837@kathy> References: <20120309084615.33fecc96@shane-desktop> <20120309085049.GC4837@kathy> Message-ID: Also in BSD's pf there is such thing as synproxy state, which is very usable with mechanism of tables. 09.03.2012 11:01 ???????????? "Jogi Hofm?ller" ???????: > Dear all, > > On Fri, Mar 09, 2012 at 08:46:15AM +0100, Shane Kerr wrote: > > > Question to the room - does anyone have a similar technology that works > > with IPv6? AFAIK both denyhosts and fail2ban only work for IPv4. :( > > We recently started using sshguard [1] that creates firewall (iptables) > rules for offending IPv4 and IPv6 addresses. It's included in Debian > (and probably other Linux distributions too). > > [1] http://www.sshguard.net/ > > Regards, > j. > -- > j.hofm?ller http://users.mur.at/thesix/ > -------------- next part -------------- An HTML attachment was scrubbed... URL: From russ at consumer.net Fri Mar 9 13:55:00 2012 From: russ at consumer.net (russ at consumer.net) Date: Fri, 09 Mar 2012 07:55:00 -0500 Subject: [anti-abuse-wg] Enough is enoug In-Reply-To: <20120309084615.33fecc96@shane-desktop> References: <20120309084615.33fecc96@shane-desktop> Message-ID: <4F59FDA4.8060400@consumer.net> >Dear anonymous Internet person, Why do people on this list keep trying to ridicule people who don't give their full identity? Is there something wrong with anonymous comments? I know I brought up a number of issues and many spend their time diverting attention from the issues I raised by trying to attack me personally (a common tactic used in politics but should not be acceptable for technical discussions) instead of addressing the issues at hand. Maybe all comments should be anonymous so we don't have to put up with the people who post just to run their ads in the signature? Thank You From niall at blacknight.com Fri Mar 9 14:18:20 2012 From: niall at blacknight.com (Niall Donegan) Date: Fri, 09 Mar 2012 13:18:20 +0000 Subject: [anti-abuse-wg] Enough is enoug In-Reply-To: <4F59FDA4.8060400@consumer.net> References: <20120309084615.33fecc96@shane-desktop> <4F59FDA4.8060400@consumer.net> Message-ID: <4F5A031C.40006@blacknight.com> Rest of list, sorry for feeding the trolls! On 09/03/12 12:55, russ at consumer.net wrote: > >Dear anonymous Internet person, > > Why do people on this list keep trying to ridicule people who don't > give their full identity? Is there something wrong with anonymous > comments? Russ, I think Penny Arcade says it best! http://www.penny-arcade.com/comic/2004/3/19/ When the commenter is anonymous, it's not possible to know what experience he or she may have. This means the comment is automatically rendered less authoritative than a comment from someone who's known to have enough experience to have a considered view of the subject at hand. You might not like this, but it is the way it works in a lot of walks of life, online and offline. Niall. -- Niall Donegan ---------------- http://www.blacknight.com Blacknight Internet Solutions Ltd, Unit 12A, Barrowside Business Park, Sleaty Road, Graiguecullen, Carlow, Ireland Company No.: 370845 From russ at consumer.net Fri Mar 9 15:10:11 2012 From: russ at consumer.net (russ at consumer.net) Date: Fri, 09 Mar 2012 09:10:11 -0500 Subject: [anti-abuse-wg] Enough is enoug In-Reply-To: <4F5A031C.40006@blacknight.com> References: <20120309084615.33fecc96@shane-desktop> <4F59FDA4.8060400@consumer.net> <4F5A031C.40006@blacknight.com> Message-ID: <4F5A0F43.3030900@consumer.net> >When the commenter is anonymous, it's not possible to know what experience he or she may have. This means the comment is automatically rendered less authoritative than a comment from >someone who's known to have enough experience to have a considered view of the subject at hand. What it means is that you look at the person rather than the comment. If Charles Manson were to wake up on Friday and say "it is Friday" some people would argue that is incorrect because it came from Charles Manson. For instance, from your use of the word "trolls" and your link to some childish cartoon that does not address the issue I can tell to disregard your comments without knowing anything more about you. Many of these abuse people have been acting that way for years and they would sit on a newsgroup all day and make these same stupid comments year after year after year. From jogi at mur.at Fri Mar 9 15:31:14 2012 From: jogi at mur.at (Jogi =?utf-8?Q?Hofm=C3=BCller?=) Date: Fri, 9 Mar 2012 15:31:14 +0100 Subject: [anti-abuse-wg] Enough is enoug In-Reply-To: <4F5A0F43.3030900@consumer.net> References: <20120309084615.33fecc96@shane-desktop> <4F59FDA4.8060400@consumer.net> <4F5A031C.40006@blacknight.com> <4F5A0F43.3030900@consumer.net> Message-ID: <20120309143113.GI4837@kathy> Russ, Don't you see that you are diverting from the original question now? This is completely pointless, so please stop! Regards, j. -- j.hofm?ller http://users.mur.at/thesix/ -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: Digital signature URL: From erik at bais.name Fri Mar 9 15:38:31 2012 From: erik at bais.name (Erik Bais) Date: Fri, 9 Mar 2012 15:38:31 +0100 Subject: [anti-abuse-wg] Enough is enoug In-Reply-To: <4F5A0F43.3030900@consumer.net> References: <20120309084615.33fecc96@shane-desktop> <4F59FDA4.8060400@consumer.net> <4F5A031C.40006@blacknight.com> <4F5A0F43.3030900@consumer.net> Message-ID: <3D7F7C92CA8EEF458B7AC7BACD7D619102F1946D54B3@EXVS002.netsourcing.lan> > Many of these abuse people have been acting that way for years and they would sit on a newsgroup all day and make these same stupid comments year after year after year. As with most of the abuse that is still discussed here, the same stupid people keep abusing it. Lots of the people here keep slapping abusers for the same things others do, over and over and over again. If that abusive behavior doesn't change, expect to be slapped. Don't expect different treatment for the same behavior on your end. So deal with it in the matter as it is (anonymously) or get on with the subject and participate on the list under your own name, Proby. Erik Bais From security at mutluit.com Fri Mar 9 15:49:24 2012 From: security at mutluit.com (U.Mutlu) Date: Fri, 09 Mar 2012 15:49:24 +0100 Subject: [anti-abuse-wg] Enough is enoug In-Reply-To: References: Message-ID: <4F5A1874.30305@mutluit.com> Hello, what you can do, besides such temporary banning, is generating an abuse report to the ISP of the said IP. But writing an AR manually takes much time, one must automate it. I have written a commercial software (ipb) which does the banning/unbanning and generating and posting the abuse report. If interested email me. Regards, U.Mutlu security at mutluit.com info at dhn.li wrote, On 2012-03-09 02:44: > Dear sirs, > i need help on people that every day try to hack our server > for example this is just for to days log from fail2ban > i made maximum try count 4 and 600 sec. than thay try later 600 sec again non stop > please take control who they are and why they try endles, least 6 months > our server IP 85.10.198.87 > > 2012-03-08 11:40:24,591 fail2ban.actions: WARNING [ssh] Ban 61.188.179.27 > 2012-03-08 11:50:25,251 fail2ban.actions: WARNING [ssh] Unban 61.188.179.27 > 2012-03-08 12:24:17,438 fail2ban.actions: WARNING [ssh] Ban 175.45.42.26 > 2012-03-08 12:34:18,155 fail2ban.actions: WARNING [ssh] Unban 175.45.42.26 > 2012-03-08 16:05:56,897 fail2ban.actions: WARNING [ssh] Ban 80.13.90.126 > 2012-03-08 16:15:56,881 fail2ban.actions: WARNING [ssh] Unban 80.13.90.126 > 2012-03-08 16:18:51,182 fail2ban.actions: WARNING [ssh] Ban 80.13.90.126 > 2012-03-08 16:28:51,845 fail2ban.actions: WARNING [ssh] Unban 80.13.90.126 > 2012-03-08 16:31:53,052 fail2ban.actions: WARNING [ssh] Ban 80.13.90.126 > 2012-03-08 16:41:53,736 fail2ban.actions: WARNING [ssh] Unban 80.13.90.126 > 2012-03-08 16:44:58,987 fail2ban.actions: WARNING [ssh] Ban 80.13.90.126 > 2012-03-08 16:48:46,242 fail2ban.actions: WARNING [ssh] Ban 123.200.5.67 > 2012-03-08 16:54:59,662 fail2ban.actions: WARNING [ssh] Unban 80.13.90.126 > 2012-03-08 16:58:46,919 fail2ban.actions: WARNING [ssh] Unban 123.200.5.67 > 2012-03-08 17:07:23,488 fail2ban.actions: WARNING [ssh] Ban 80.13.90.126 > 2012-03-08 17:17:24,140 fail2ban.actions: WARNING [ssh] Unban 80.13.90.126 > 2012-03-08 17:19:59,319 fail2ban.actions: WARNING [ssh] Ban 80.13.90.126 > 2012-03-08 17:29:59,976 fail2ban.actions: WARNING [ssh] Unban 80.13.90.126 > 2012-03-08 17:36:36,416 fail2ban.actions: WARNING [ssh] Ban 80.13.90.126 > 2012-03-08 17:44:06,913 fail2ban.actions: WARNING [ssh] Ban 108.15.99.40 > 2012-03-08 17:46:37,111 fail2ban.actions: WARNING [ssh] Unban 80.13.90.126 > 2012-03-08 17:54:07,614 fail2ban.actions: WARNING [ssh] Unban 108.15.99.40 > 2012-03-08 18:14:54,932 fail2ban.actions: WARNING [ssh] Ban 80.13.90.126 > 2012-03-08 18:24:55,634 fail2ban.actions: WARNING [ssh] Unban 80.13.90.126 > 2012-03-08 18:32:08,092 fail2ban.actions: WARNING [ssh] Ban 175.45.42.26 > 2012-03-08 18:41:24,809 fail2ban.actions: WARNING [ssh] Ban 80.13.90.126 > 2012-03-08 18:42:08,870 fail2ban.actions: WARNING [ssh] Unban 175.45.42.26 > 2012-03-08 18:51:25,466 fail2ban.actions: WARNING [ssh] Unban 80.13.90.126 > 2012-03-08 22:45:58,511 fail2ban.actions: WARNING [ssh] Ban 113.108.103.11 > 2012-03-08 22:55:59,386 fail2ban.actions: WARNING [ssh] Unban 113.108.103.11 > 2012-03-09 01:03:14,565 fail2ban.actions: WARNING [ssh] Ban 175.45.42.26 > 2012-03-09 01:13:15,311 fail2ban.actions: WARNING [ssh] Unban 175.45.42.26 From russ at consumer.net Fri Mar 9 19:17:15 2012 From: russ at consumer.net (russ at consumer.net) Date: Fri, 09 Mar 2012 13:17:15 -0500 Subject: [anti-abuse-wg] Enough is enoug In-Reply-To: <4F5A0F43.3030900@consumer.net> References: <20120309084615.33fecc96@shane-desktop> <4F59FDA4.8060400@consumer.net> <4F5A031C.40006@blacknight.com> <4F5A0F43.3030900@consumer.net> Message-ID: <4F5A492B.80805@consumer.net> The original question was answered and the answered raised another issue. this is a discussion list and the point is to have a discussion and different issues often get raised along the way. As far as I can tell nobody on this list was anointed as the decider over what is abuse and what is not. Further, nobody has appointed a worldwide "spanking" authority as far as I know. Some people think otherwise and they go around (sometimes arbitrarily) disrupting Internet resources because of their own personal beliefs and point of view rather than the needs of the users of the system. From corebug at corebug.net Fri Mar 9 20:05:55 2012 From: corebug at corebug.net (=?KOI8-R?B?98nUwczJyiD01dLP18XD?=) Date: Fri, 9 Mar 2012 21:05:55 +0200 Subject: [anti-abuse-wg] Enough is enoug In-Reply-To: <4F5A492B.80805@consumer.net> References: <20120309084615.33fecc96@shane-desktop> <4F59FDA4.8060400@consumer.net> <4F5A031C.40006@blacknight.com> <4F5A0F43.3030900@consumer.net> <4F5A492B.80805@consumer.net> Message-ID: Uhmm. Would you please describe what RIPE can do on this particular issue? We are unable to control all the botnets. The only way to secure your network is to secure the boxes with technical, not administrative way. 09.03.2012 20:17 ???????????? "russ at consumer.net" ???????: > The original question was answered and the answered raised another issue. > this is a discussion list and the point is to have a discussion and > different issues often get raised along the way. > > As far as I can tell nobody on this list was anointed as the decider over > what is abuse and what is not. Further, nobody has appointed a worldwide > "spanking" authority as far as I know. Some people think otherwise and > they go around (sometimes arbitrarily) disrupting Internet resources > because of their own personal beliefs and point of view rather than the > needs of the users of the system. > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From brian.nisbet at heanet.ie Tue Mar 20 09:32:38 2012 From: brian.nisbet at heanet.ie (Brian Nisbet) Date: Tue, 20 Mar 2012 08:32:38 +0000 Subject: [anti-abuse-wg] Draft Agenda: RIPE 64 AA-WG Meeting Message-ID: <4F6840A6.1060703@heanet.ie> Colleagues, This is the first draft agenda for the AA-WG meeting at RIPE 64. The meeting will take place at 11:00 CEST on Thursday 19th April. There is still some room on the agenda if anyone would like to bring any items to the attention of the WG. Please let me know if this is the case - aa-wg-chairs at ripe.net A. Administrative Matters * Welcome * Scribe, Jabber, Stenography * Microphone Etiquette * Approve Minutes from RIPE 63 * Finalise agenda B. Update * B1. Recent List Discussion * B2. CleanIT Project C. Policies * RIPE Policy 2011-06 D. Interactions * D1. Working Groups * D3. RIPE NCC Gov/LEA Interactions Update X. A.O.B. Z. Agenda for RIPE 65 From russ at consumer.net Tue Mar 20 12:33:26 2012 From: russ at consumer.net (russ at consumer.net) Date: Tue, 20 Mar 2012 07:33:26 -0400 Subject: [anti-abuse-wg] Draft Agenda: RIPE 64 AA-WG Meeting In-Reply-To: <4F6840A6.1060703@heanet.ie> References: <4F6840A6.1060703@heanet.ie> Message-ID: <4F686B06.4010604@consumer.net> Is RIPE going to release their legal opinions they have concerning the privacy aspects of the whois database so the community can see them before the meeting? On 3/20/2012 4:32 AM, Brian Nisbet wrote: > Colleagues, > > This is the first draft agenda for the AA-WG meeting at RIPE 64. The > meeting will take place at 11:00 CEST on Thursday 19th April. There is > still some room on the agenda if anyone would like to bring any items > to the attention of the WG. Please let me know if this is the case - > aa-wg-chairs at ripe.net > > A. Administrative Matters > > * Welcome > * Scribe, Jabber, Stenography > * Microphone Etiquette > * Approve Minutes from RIPE 63 > * Finalise agenda > > B. Update > > * B1. Recent List Discussion > * B2. CleanIT Project > > C. Policies > > * RIPE Policy 2011-06 > > D. Interactions > > * D1. Working Groups > * D3. RIPE NCC Gov/LEA Interactions Update > > X. A.O.B. > > Z. Agenda for RIPE 65 > > > > From rezaf at mindspring.com Sun Mar 25 15:19:19 2012 From: rezaf at mindspring.com (Reza Farzan) Date: Sun, 25 Mar 2012 09:19:19 -0400 Subject: [anti-abuse-wg] National PSDN "UZPAK" In-Reply-To: <4EEB41DF.6090101@ripe.net> References: <20111123134719.EDB3516738D@smtpgate1.restena.lu> <4ECE0666.8010502@restena.lu> <20111129075105.GM9075@x27.adm.denic.de> <4ED49593.4030504@powerweb.de> <20111129084900.GB8460@core.kyubu.de> <4ED4C0DA.5000808@abusix.com> <20111129114133.GA9081@core.kyubu.de> <4ED4C7ED.3070305@abusix.com> <4ED4FBBC.7040101@ripe.net> <4ED4FEEE.9080307@abusix.com> <4ED64AED.7030503@ripe.net> <4ED66A6E.4000404@abusix.com> <87vcq05yr7.fsf@enigma.otenet.gr> <4ED780EB.7040209@abusix.com> <8811B64A-CFB3-4F83-8031-57C4D08172B9@icann.org> <4ED797D2.9040302@abusix.com> <41F6C547EA49EC46B4EE1EB2BC2F341849F85A460A@EXVPMBX100-1.exc.icann.org> <4EE5DAF9.5030505@tana.it><4EE7397F.4020908@ripe.net> <4EEB41DF.6090101@ripe.net> Message-ID: Hello Laura, While processing and reporting Spam e-mails that I receive occasionally, I come across networks like National PSDN "UZPAK" that do not have any contact e-mail for reporting. The only address listed, ripeadmin at uzpak.uz, appears to have been Changed. What is the RIPE policy regarding listing contact e-mails, especially about reporting abuse? If RIPE has such a policy, then why networks like this fail to list such contacts? Moreover, how come no one at RIPE reviews such incomplete listing and advise the network administrators? I hope to hear from you and others about this important matter. Thank you, Reza Farzan rezaf at mindspring.com --------- inetnum: 213.230.122.0 - 213.230.122.255 netname: UzPAK descr: National PSDN "UZPAK" descr: DSL Customers by New Plan country: UZ admin-c: HUS14-RIPE tech-c: HUS14-RIPE status: ASSIGNED PA mnt-by: AS8193-MNT changed: mazgarov at uznet.net 20090216 source: RIPE person: Husniddin D. Tuychiev address: National Data Network Company "UzPAK" address: 8,8-fl., Druzhba Narodov Street address: Tashkent, Republic of Uzbekistan, 700043 mnt-by: AS8193-MNT phone: +99871 114-6161 nic-hdl: HUS14-RIPE org: ORG-UNCN1-RIPE changed: ripeadmin at uzpak.uz 20030707 changed: ripeadmin at uzpak.uz 20040419 source: RIPE route: 213.230.64.0/18 descr: National Data Network Company "UzPAK" descr: 8, 8-fl., Druzhba Narodov Prospekt, descr: Tashkent, Republic of Uzbekistan, 700043 origin: AS8193 mnt-by: AS8193-MNT changed: ripeadmin at uzpak.uz 20090216 source: RIPE route: 213.230.122.0/24 descr: National Data Network Company "UzNet" descr: IP Pool for Satellite Channel origin: AS8193 mnt-by: AS8193-MNT changed: mazgarov at uznet.net 20100114 source: RIPE From fw at deneb.enyo.de Sun Mar 25 18:49:39 2012 From: fw at deneb.enyo.de (Florian Weimer) Date: Sun, 25 Mar 2012 18:49:39 +0200 Subject: [anti-abuse-wg] National PSDN "UZPAK" In-Reply-To: (Reza Farzan's message of "Sun, 25 Mar 2012 09:19:19 -0400") References: <20111123134719.EDB3516738D@smtpgate1.restena.lu> <4ECE0666.8010502@restena.lu> <20111129075105.GM9075@x27.adm.denic.de> <4ED49593.4030504@powerweb.de> <20111129084900.GB8460@core.kyubu.de> <4ED4C0DA.5000808@abusix.com> <20111129114133.GA9081@core.kyubu.de> <4ED4C7ED.3070305@abusix.com> <4ED4FBBC.7040101@ripe.net> <4ED4FEEE.9080307@abusix.com> <4ED64AED.7030503@ripe.net> <4ED66A6E.4000404@abusix.com> <87vcq05yr7.fsf@enigma.otenet.gr> <4ED780EB.7040209@abusix.com> <8811B64A-CFB3-4F83-8031-57C4D08172B9@icann.org> <4ED797D2.9040302@abusix.com> <41F6C547EA49EC46B4EE1EB2BC2F341849F85A460A@EXVPMBX100-1.exc.icann.org> <4EE5DAF9.5030505@tana.it> <4EE7397F.4020908@ripe.net> <4EEB41DF.6090101@ripe.net> Message-ID: <87d380iq1o.fsf@mid.deneb.enyo.de> * Reza Farzan: > What is the RIPE policy regarding listing contact e-mails, especially about > reporting abuse? Email contact information is optional. From ian.cleary at gmail.com Sun Mar 25 20:24:43 2012 From: ian.cleary at gmail.com (Ian.Cleary ) Date: Sun, 25 Mar 2012 19:24:43 +0100 Subject: [anti-abuse-wg] Unsubscribe! In-Reply-To: References: <20111123134719.EDB3516738D@smtpgate1.restena.lu> <4ECE0666.8010502@restena.lu> <20111129075105.GM9075@x27.adm.denic.de> <4ED49593.4030504@powerweb.de> <20111129084900.GB8460@core.kyubu.de> <4ED4C0DA.5000808@abusix.com> <20111129114133.GA9081@core.kyubu.de> <4ED4C7ED.3070305@abusix.com> <4ED4FBBC.7040101@ripe.net> <4ED4FEEE.9080307@abusix.com> <4ED64AED.7030503@ripe.net> <4ED66A6E.4000404@abusix.com> <87vcq05yr7.fsf@enigma.otenet.gr> <4ED780EB.7040209@abusix.com> <8811B64A-CFB3-4F83-8031-57C4D08172B9@icann.org> <4ED797D2.9040302@abusix.com> <41F6C547EA49EC46B4EE1EB2BC2F341849F85A460A@EXVPMBX100-1.exc.icann.org> <4EE5DAF9.5030505@tana.it> <4EE7397F.4020908@ripe.net> <4EEB41DF.6090101@ripe.net> Message-ID: <8E28C0DD-A4C4-460B-A39B-6C05A70D9292@gmail.com> Can I get off this list? On 25 Mar 2012, at 14:19, "Reza Farzan" wrote: > Hello Laura, > > While processing and reporting Spam e-mails that I receive occasionally, I > come across networks like National PSDN "UZPAK" that do not have any contact > e-mail for reporting. The only address listed, ripeadmin at uzpak.uz, appears > to have been Changed. > > What is the RIPE policy regarding listing contact e-mails, especially about > reporting abuse? > > If RIPE has such a policy, then why networks like this fail to list such > contacts? Moreover, how come no one at RIPE reviews such incomplete listing > and advise the network administrators? > > I hope to hear from you and others about this important matter. > > Thank you, > > > > > Reza Farzan > rezaf at mindspring.com > > > --------- > > > inetnum: 213.230.122.0 - 213.230.122.255 > netname: UzPAK > descr: National PSDN "UZPAK" > descr: DSL Customers by New Plan > country: UZ > admin-c: HUS14-RIPE > tech-c: HUS14-RIPE > status: ASSIGNED PA > mnt-by: AS8193-MNT > changed: mazgarov at uznet.net 20090216 > source: RIPE > > person: Husniddin D. Tuychiev > address: National Data Network Company "UzPAK" > address: 8,8-fl., Druzhba Narodov Street > address: Tashkent, Republic of Uzbekistan, 700043 > mnt-by: AS8193-MNT > phone: +99871 114-6161 > nic-hdl: HUS14-RIPE > org: ORG-UNCN1-RIPE > changed: ripeadmin at uzpak.uz 20030707 > changed: ripeadmin at uzpak.uz 20040419 > source: RIPE > > route: 213.230.64.0/18 > descr: National Data Network Company "UzPAK" > descr: 8, 8-fl., Druzhba Narodov Prospekt, > descr: Tashkent, Republic of Uzbekistan, 700043 > origin: AS8193 > mnt-by: AS8193-MNT > changed: ripeadmin at uzpak.uz 20090216 > source: RIPE > > route: 213.230.122.0/24 > descr: National Data Network Company "UzNet" > descr: IP Pool for Satellite Channel > origin: AS8193 > mnt-by: AS8193-MNT > changed: mazgarov at uznet.net 20100114 > source: RIPE > > From gert at space.net Sun Mar 25 20:51:08 2012 From: gert at space.net (Gert Doering) Date: Sun, 25 Mar 2012 20:51:08 +0200 Subject: [anti-abuse-wg] Unsubscribe! In-Reply-To: <8E28C0DD-A4C4-460B-A39B-6C05A70D9292@gmail.com> References: <87vcq05yr7.fsf@enigma.otenet.gr> <4ED780EB.7040209@abusix.com> <8811B64A-CFB3-4F83-8031-57C4D08172B9@icann.org> <4ED797D2.9040302@abusix.com> <41F6C547EA49EC46B4EE1EB2BC2F341849F85A460A@EXVPMBX100-1.exc.icann.org> <4EE5DAF9.5030505@tana.it> <4EE7397F.4020908@ripe.net> <4EEB41DF.6090101@ripe.net> <8E28C0DD-A4C4-460B-A39B-6C05A70D9292@gmail.com> Message-ID: <20120325185108.GC84425@Space.Net> Hi, On Sun, Mar 25, 2012 at 07:24:43PM +0100, Ian.Cleary wrote: > Can I get off this list? Doesn't look like it. But with a little help... http://lmgtfy.com/?q=unsubscribe+anti-abuse-wg%40ripe.net Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (89) 32356-444 USt-IdNr.: DE813185279 From thor.kottelin at turvasana.com Sun Mar 25 21:04:19 2012 From: thor.kottelin at turvasana.com (Thor Kottelin) Date: Sun, 25 Mar 2012 22:04:19 +0300 Subject: [anti-abuse-wg] Unsubscribe! In-Reply-To: <8E28C0DD-A4C4-460B-A39B-6C05A70D9292@gmail.com> References: <20111123134719.EDB3516738D@smtpgate1.restena.lu> <4ECE0666.8010502@restena.lu> <20111129075105.GM9075@x27.adm.denic.de> <4ED49593.4030504@powerweb.de> <20111129084900.GB8460@core.kyubu.de> <4ED4C0DA.5000808@abusix.com> <20111129114133.GA9081@core.kyubu.de> <4ED4C7ED.3070305@abusix.com> <4ED4FBBC.7040101@ripe.net> <4ED4FEEE.9080307@abusix.com> <4ED64AED.7030503@ripe.net> <4ED66A6E.4000404@abusix.com> <87vcq05yr7.fsf@enigma.otenet.gr> <4ED780EB.7040209@abusix.com> <8811B64A-CFB3-4F83-8031-57C4D08172B9@icann.org> <4ED797D2.9040302@abusix.com> <41F6C547EA49EC46B4EE1EB2BC2F341849F85A460A@EXVPMBX100-1.exc.icann.org> <4EE5DAF9.5030505@tana.it> <4EE7397F.4020908@ripe.net> <4EEB41DF.6090101@ripe.net> <8E28C0DD-A4C4-460B-A39B-6C05A70D9292@gmail.com> Message-ID: > -----Original Message----- > From: anti-abuse-wg-bounces at ripe.net [mailto:anti-abuse-wg- > bounces at ripe.net] On Behalf Of Ian.Cleary > Sent: Sunday, March 25, 2012 9:25 PM > To: rezaf at mindspring.com > Cc: Laura Cobley; > Can I get off this list? As the header says: 'List-Unsubscribe: '. -- Thor Kottelin http://www.anta.net/ From ripe-anti-spam-wg at powerweb.de Mon Mar 26 10:00:02 2012 From: ripe-anti-spam-wg at powerweb.de (Frank Gadegast) Date: Mon, 26 Mar 2012 10:00:02 +0200 Subject: [anti-abuse-wg] weird ERX networks ? Message-ID: <4F702202.9070700@powerweb.de> Hi, we receive Spam from some networks we cannot find any whois record for. An example: 62.61.196.0 (we found about 1000 networks like this) ARINs whois says, its RIPE RIPEs whois says, its AFRINIC LACNIC also says, its AFRINIC but AFRINICs whois says, its "world-wide" ... So, where is this really allocated too and where can we we find a whois record for those networks ? Unallocated, but still in use from somebody ? Anybody an idea ? Here are the whois records: ARIN: NetRange: 62.0.0.0 - 62.255.255.255 CIDR: 62.0.0.0/8 OriginAS: NetName: RIPE-C3 NetHandle: NET-62-0-0-0-1 RIPE: inetnum: 62.61.192.0 - 62.61.255.255 org: ORG-AFNC1-RIPE netname: AFRINIC-NET-TRANSFERRED-20050223 descr: This network has been transferred to AFRINIC remarks: These IP addresses are assigned in the AFRINIC region. AFRINIC: inetnum: 0.0.0.0 - 255.255.255.255 netname: IANA-BLK descr: The whole IPv4 address space country: EU # Country is really world wide org: ORG-IANA1-AFRINIC Kind regards, Frank -- MOTD: "have you enabled SSL on a website or mailbox today ?" -- PHADE Software - PowerWeb http://www.powerweb.de Inh. Dipl.-Inform. Frank Gadegast mailto:frank at powerweb.de Schinkelstrasse 17 fon: +49 33200 52920 14558 Nuthetal OT Rehbruecke, Germany fax: +49 33200 52921 ====================================================================== From ops.lists at gmail.com Mon Mar 26 11:12:05 2012 From: ops.lists at gmail.com (Suresh Ramasubramanian) Date: Mon, 26 Mar 2012 14:42:05 +0530 Subject: [anti-abuse-wg] weird ERX networks ? In-Reply-To: <4F702202.9070700@powerweb.de> References: <4F702202.9070700@powerweb.de> Message-ID: I dont think that IP is even announced - the /24 is not in the routing table at all. Did you get some spam from any specific IP in there? On Mon, Mar 26, 2012 at 1:30 PM, Frank Gadegast < ripe-anti-spam-wg at powerweb.de> wrote: > > Hi, > > we receive Spam from some networks we cannot find any whois record for. > > An example: > 62.61.196.0 > (we found about 1000 networks like this) > > > ARINs whois says, its RIPE > RIPEs whois says, its AFRINIC > LACNIC also says, its AFRINIC > > but AFRINICs whois says, its "world-wide" ... > > > So, where is this really allocated too and where can we we find a whois > record for those networks ? > Unallocated, but still in use from somebody ? > Anybody an idea ? > > Here are the whois records: > > ARIN: > NetRange: 62.0.0.0 - 62.255.255.255 > CIDR: 62.0.0.0/8 > OriginAS: > NetName: RIPE-C3 > NetHandle: NET-62-0-0-0-1 > > > RIPE: > inetnum: 62.61.192.0 - 62.61.255.255 > org: ORG-AFNC1-RIPE > netname: AFRINIC-NET-TRANSFERRED-**20050223 > descr: This network has been transferred to AFRINIC > remarks: These IP addresses are assigned in the AFRINIC region. > > > AFRINIC: > inetnum: 0.0.0.0 - 255.255.255.255 > netname: IANA-BLK > descr: The whole IPv4 address space > country: EU # Country is really world wide > org: ORG-IANA1-AFRINIC > > > > > Kind regards, Frank > -- > MOTD: "have you enabled SSL on a website or mailbox today ?" > -- > PHADE Software - PowerWeb http://www.powerweb.de > Inh. Dipl.-Inform. Frank Gadegast mailto:frank at powerweb.de > Schinkelstrasse 17 fon: +49 33200 52920 > 14558 Nuthetal OT Rehbruecke, Germany fax: +49 33200 52921 > ==============================**==============================**========== > > > -- Suresh Ramasubramanian (ops.lists at gmail.com) -------------- next part -------------- An HTML attachment was scrubbed... URL: From ripe-anti-spam-wg at powerweb.de Mon Mar 26 11:43:45 2012 From: ripe-anti-spam-wg at powerweb.de (Frank Gadegast) Date: Mon, 26 Mar 2012 11:43:45 +0200 Subject: [anti-abuse-wg] weird ERX networks ? In-Reply-To: References: <4F702202.9070700@powerweb.de> Message-ID: <4F703A51.8070307@powerweb.de> Suresh Ramasubramanian wrote: Hi, > I dont think that IP is even announced - the /24 is not in the routing > table at all. It could be, that this specific network was announced once and isnt anymore today. > Did you get some spam from any specific IP in there? Yes. And true for all those networks (once we got a connect from those IPs). Im trying to find a few, that are really routed somewhere and really hove no whois, but that needs a bit programming first ... My main question was, why ARIN and LACNIC are saying, that they belong to RIPE and RIPE is saying, that they belong to AFRINIC and AFRINIC is saying, that they are worldwide. Should AFRINIC not say, that they are unassigned, where they belong to them and arent used right now ? Instead of saying, that they are worldwide ? Should not any resource belong to one of the RIRs (even if its PI space) ? Kind regards, Frank > On Mon, Mar 26, 2012 at 1:30 PM, Frank Gadegast > > > wrote: > > > Hi, > > we receive Spam from some networks we cannot find any whois record for. > > An example: > 62.61.196.0 > (we found about 1000 networks like this) > > > ARINs whois says, its RIPE > RIPEs whois says, its AFRINIC > LACNIC also says, its AFRINIC > > but AFRINICs whois says, its "world-wide" ... > > > So, where is this really allocated too and where can we we find a > whois record for those networks ? > Unallocated, but still in use from somebody ? > Anybody an idea ? > > Here are the whois records: > > ARIN: > NetRange: 62.0.0.0 - 62.255.255.255 > CIDR: 62.0.0.0/8 > OriginAS: > NetName: RIPE-C3 > NetHandle: NET-62-0-0-0-1 > > > RIPE: > inetnum: 62.61.192.0 - 62.61.255.255 > org: ORG-AFNC1-RIPE > netname: AFRINIC-NET-TRANSFERRED-__20050223 > descr: This network has been transferred to AFRINIC > remarks: These IP addresses are assigned in the AFRINIC region. > > > AFRINIC: > inetnum: 0.0.0.0 - 255.255.255.255 > netname: IANA-BLK > descr: The whole IPv4 address space > country: EU # Country is really world wide > org: ORG-IANA1-AFRINIC > > > > > Kind regards, Frank > -- > MOTD: "have you enabled SSL on a website or mailbox today ?" > -- > PHADE Software - PowerWeb http://www.powerweb.de > Inh. Dipl.-Inform. Frank Gadegast > mailto:frank at powerweb.de > Schinkelstrasse 17 fon: +49 33200 52920 > 14558 Nuthetal OT Rehbruecke, Germany fax: +49 33200 52921 > ==============================__==============================__========== > > > > > > -- > Suresh Ramasubramanian (ops.lists at gmail.com ) -- Mit freundlichen Gruessen, -- MOTD: "have you enabled SSL on a website or mailbox today ?" -- PHADE Software - PowerWeb http://www.powerweb.de Inh. Dipl.-Inform. Frank Gadegast mailto:frank at powerweb.de Schinkelstrasse 17 fon: +49 33200 52920 14558 Nuthetal OT Rehbruecke, Germany fax: +49 33200 52921 ====================================================================== From thor.kottelin at turvasana.com Mon Mar 26 11:59:03 2012 From: thor.kottelin at turvasana.com (Thor Kottelin) Date: Mon, 26 Mar 2012 12:59:03 +0300 Subject: [anti-abuse-wg] weird ERX networks ? In-Reply-To: <4F703A51.8070307@powerweb.de> References: <4F702202.9070700@powerweb.de> <4F703A51.8070307@powerweb.de> Message-ID: > -----Original Message----- > From: anti-abuse-wg-bounces at ripe.net [mailto:anti-abuse-wg- > bounces at ripe.net] On Behalf Of Frank Gadegast > Sent: Monday, March 26, 2012 12:44 PM > To: anti-abuse-wg at ripe.net > Should not any resource belong to one of the RIRs (even if its PI > space) ? In the interest of picking nits: a number of /8 prefixes were allocated to non-RIR entities between 1991 and 1998 (look for 'LEGACY' status at http://www.iana.org/assignments/ipv4-address-space/ipv4-address-space.xml). The network you mentioned is not in any of those ranges though. -- Thor Kottelin http://www.anta.net/ From denis at ripe.net Mon Mar 26 12:16:58 2012 From: denis at ripe.net (Denis Walker) Date: Mon, 26 Mar 2012 12:16:58 +0200 Subject: [anti-abuse-wg] weird ERX networks ? In-Reply-To: <4F703A51.8070307@powerweb.de> References: <4F702202.9070700@powerweb.de> <4F703A51.8070307@powerweb.de> Message-ID: <4F70421A.4030809@ripe.net> Dear Colleagues, The IP address 62.61.192.0 - 62.61.255.255 was allocated to an organisation in Algeria and registered in the RIPE Database. So the entries in ARIN and LACNIC Databases were originally correct, but need to be updated. It was transferred from the RIPE Database to AfriNIC as part of the set up of the Afrinic Registry in 2005. That is why the RIPE Database entry says "This network has been transferred to AFRINIC" and has the netname "AFRINIC-NET-TRANSFERRED-20050223". Any questions about the current status of these addresses should be directed to AfriNIC. Regards, Denis Walker Business Analyst RIPE NCC Database Group On 26/03/12:14 11:43 AM, Frank Gadegast wrote: > Suresh Ramasubramanian wrote: > > Hi, > >> I dont think that IP is even announced - the /24 is not in the routing >> table at all. > > It could be, that this specific network was announced once and isnt > anymore today. > >> Did you get some spam from any specific IP in there? > > Yes. And true for all those networks (once we got a connect from those > IPs). Im trying to find a few, that are really routed somewhere and > really hove no whois, but that needs a bit programming first ... > > > My main question was, why ARIN and LACNIC are saying, that > they belong to RIPE and RIPE is saying, that they belong to AFRINIC > and AFRINIC is saying, that they are worldwide. > > Should AFRINIC not say, that they are unassigned, where they belong > to them and arent used right now ? Instead of saying, that they are > worldwide ? > > Should not any resource belong to one of the RIRs (even if its PI space) ? > > > Kind regards, Frank > > >> On Mon, Mar 26, 2012 at 1:30 PM, Frank Gadegast >> > >> wrote: >> >> >> Hi, >> >> we receive Spam from some networks we cannot find any whois record >> for. >> >> An example: >> 62.61.196.0 >> (we found about 1000 networks like this) >> >> >> ARINs whois says, its RIPE >> RIPEs whois says, its AFRINIC >> LACNIC also says, its AFRINIC >> >> but AFRINICs whois says, its "world-wide" ... >> >> >> So, where is this really allocated too and where can we we find a >> whois record for those networks ? >> Unallocated, but still in use from somebody ? >> Anybody an idea ? >> >> Here are the whois records: >> >> ARIN: >> NetRange: 62.0.0.0 - 62.255.255.255 >> CIDR: 62.0.0.0/8 >> OriginAS: >> NetName: RIPE-C3 >> NetHandle: NET-62-0-0-0-1 >> >> >> RIPE: >> inetnum: 62.61.192.0 - 62.61.255.255 >> org: ORG-AFNC1-RIPE >> netname: AFRINIC-NET-TRANSFERRED-__20050223 >> descr: This network has been transferred to AFRINIC >> remarks: These IP addresses are assigned in the AFRINIC region. >> >> >> AFRINIC: >> inetnum: 0.0.0.0 - 255.255.255.255 >> netname: IANA-BLK >> descr: The whole IPv4 address space >> country: EU # Country is really world wide >> org: ORG-IANA1-AFRINIC >> >> >> >> >> Kind regards, Frank >> -- >> MOTD: "have you enabled SSL on a website or mailbox today ?" >> -- >> PHADE Software - PowerWeb http://www.powerweb.de >> Inh. Dipl.-Inform. Frank Gadegast >> mailto:frank at powerweb.de >> Schinkelstrasse 17 fon: +49 33200 >> 52920 >> 14558 Nuthetal OT Rehbruecke, Germany fax: +49 33200 >> 52921 >> >> ==============================__==============================__========== >> >> >> >> >> >> >> -- >> Suresh Ramasubramanian (ops.lists at gmail.com ) > > From chrish at consol.net Mon Mar 26 12:01:16 2012 From: chrish at consol.net (Chris) Date: Mon, 26 Mar 2012 12:01:16 +0200 Subject: [anti-abuse-wg] weird ERX networks ? In-Reply-To: <4F703A51.8070307@powerweb.de> References: <4F702202.9070700@powerweb.de> <4F703A51.8070307@powerweb.de> Message-ID: <4F703E6C.1060800@consol.net> hi! On 03/26/2012 11:43 AM, Frank Gadegast wrote: > It could be, that this specific network was announced once and isnt anymore today. ris says: (fist seen) (last seen) 62.61.192.0/18 25512 CDT-AS CD-Telematika a.s. 2012-01-23 07:45:22 UTC 2012-03-16 11:38:08 UTC > My main question was, why ARIN and LACNIC are saying, that > they belong to RIPE and RIPE is saying, that they belong to AFRINIC > and AFRINIC is saying, that they are worldwide. well, arin doesn't get it, ripe and lacnic are consistent. i don't find this surprising. 0/0 matches any address, and discussing the actual content of an 'all' allocation wouldn't help anyone i guess... that there's no assignment simply seems to be true. > Should not any resource belong to one of the RIRs (even if its PI space) ? it's obvious it's allocated to afrinic. i think a rir's whois policy on its own allocation objects isn't really relevant for users. at least when it's not 'my' RIR i wouldn't feel like it's my business... regards, Chris From rezaf at mindspring.com Mon Mar 26 13:43:56 2012 From: rezaf at mindspring.com (Reza Farzan) Date: Mon, 26 Mar 2012 07:43:56 -0400 Subject: [anti-abuse-wg] National PSDN "UZPAK" In-Reply-To: <87d380iq1o.fsf@mid.deneb.enyo.de> References: <20111123134719.EDB3516738D@smtpgate1.restena.lu><4ECE0666.8010502@restena.lu> <20111129075105.GM9075@x27.adm.denic.de><4ED49593.4030504@powerweb.de> <20111129084900.GB8460@core.kyubu.de><4ED4C0DA.5000808@abusix.com> <20111129114133.GA9081@core.kyubu.de><4ED4C7ED.3070305@abusix.com> <4ED4FBBC.7040101@ripe.net><4ED4FEEE.9080307@abusix.com> <4ED64AED.7030503@ripe.net><4ED66A6E.4000404@abusix.com> <87vcq05yr7.fsf@enigma.otenet.gr><4ED780EB.7040209@abusix.com><8811B64A-CFB3-4F83-8031-57C4D08172B9@icann.org><4ED797D2.9040302@abusix.com><41F6C547EA49EC46B4EE1EB2BC2F341849F85A460A@EXVPMBX100-1.exc.icann.org><4EE5DAF9.5030505@tana.it> <4EE7397F.4020908@ripe.net><4EEB41DF.6090101@ripe.net> <87d380iq1o.fsf@mid.deneb.enyo.de> Message-ID: Florian, If your statement--Email contact information is optional, is correct, how do people contact a network regarding the abuse violations that were originated from their IP address? By calling them? Or, writing a letter using the postal service? This is simply ridiculous. Again, if your statement--Email contact information is optional, is true, RIPE must be stuck in the past, without realizing the necessity of e-mail contacts. RIPE must create a revised policy regarding e-mail contact for networks listing within RIPE database to ensure accountability. Thank you. Reza Farzan rezaf at mindspring.com > -----Original Message----- > From: Florian Weimer [mailto:fw at deneb.enyo.de] > Sent: Sunday, March 25, 2012 12:50 PM > To: rezaf at mindspring.com > Cc: 'Laura Cobley'; anti-abuse-wg at ripe.net > Subject: Re: [anti-abuse-wg] National PSDN "UZPAK" > > * Reza Farzan: > > > What is the RIPE policy regarding listing contact e-mails, > especially > > about reporting abuse? > > Email contact information is optional. From michele at blacknight.ie Mon Mar 26 13:55:19 2012 From: michele at blacknight.ie (Michele Neylon :: Blacknight) Date: Mon, 26 Mar 2012 11:55:19 +0000 Subject: [anti-abuse-wg] National PSDN "UZPAK" In-Reply-To: References: <20111123134719.EDB3516738D@smtpgate1.restena.lu><4ECE0666.8010502@restena.lu> <20111129075105.GM9075@x27.adm.denic.de><4ED49593.4030504@powerweb.de> <20111129084900.GB8460@core.kyubu.de><4ED4C0DA.5000808@abusix.com> <20111129114133.GA9081@core.kyubu.de><4ED4C7ED.3070305@abusix.com> <4ED4FBBC.7040101@ripe.net><4ED4FEEE.9080307@abusix.com> <4ED64AED.7030503@ripe.net><4ED66A6E.4000404@abusix.com> <87vcq05yr7.fsf@enigma.otenet.gr><4ED780EB.7040209@abusix.com><8811B64A-CFB3-4F83-8031-57C4D08172B9@icann.org><4ED797D2.9040302@abusix.com><41F6C547EA49EC46B4EE1EB2BC2F341849F85A460A@EXVPMBX100-1.exc.icann.org><4EE5DAF9.5030505@tana.it> <4EE7397F.4020908@ripe.net><4EEB41DF.6090101@ripe.net> <87d380iq1o.fsf@mid.deneb.enyo.de> Message-ID: <85BED006-08D6-42BF-AE25-9E4E11F02063@blacknight.ie> On 26 Mar 2012, at 12:43, Reza Farzan wrote: > Florian, > > If your statement--Email contact information is optional, is correct, how do > people contact a network regarding the abuse violations that were originated > from their IP address? This has been discussed at length - check the list archives > By calling them? Or, writing a letter using the postal service? This is > simply ridiculous. > > Again, if your statement--Email contact information is optional, is true, > RIPE must be stuck in the past, without realizing the necessity of e-mail > contacts. RIPE knows who its members are and there's plenty of data in the database that is public. I think Florian answered the question that was asked and didn't elaborate any further .. > > RIPE must create a revised policy regarding e-mail contact for networks > listing within RIPE database to ensure accountability. RIPE "must" not do anything. RIPE might consider doing a lot of things, but they're not obliged to do anything Mr Michele Neylon Blacknight Solutions ? Hosting & Colocation, Brand Protection ICANN Accredited Registrar http://www.blacknight.com/ http://blog.blacknight.com/ http://blacknight.biz http://mneylon.tel Intl. +353 (0) 59 9183072 US: 213-233-1612 Locall: 1850 929 929 Facebook: http://fb.me/blacknight Twitter: http://twitter.com/mneylon ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,Ireland Company No.: 370845 From tk at abusix.com Mon Mar 26 13:57:36 2012 From: tk at abusix.com (Tobias Knecht) Date: Mon, 26 Mar 2012 13:57:36 +0200 Subject: [anti-abuse-wg] National PSDN "UZPAK" In-Reply-To: References: <20111123134719.EDB3516738D@smtpgate1.restena.lu><4ECE0666.8010502@restena.lu> <20111129075105.GM9075@x27.adm.denic.de><4ED49593.4030504@powerweb.de> <20111129084900.GB8460@core.kyubu.de><4ED4C0DA.5000808@abusix.com> <20111129114133.GA9081@core.kyubu.de><4ED4C7ED.3070305@abusix.com> <4ED4FBBC.7040101@ripe.net><4ED4FEEE.9080307@abusix.com> <4ED64AED.7030503@ripe.net><4ED66A6E.4000404@abusix.com> <87vcq05yr7.fsf@enigma.otenet.gr><4ED780EB.7040209@abusix.com><8811B64A-CFB3-4F83-8031-57C4D08172B9@icann.org><4ED797D2.9040302@abusix.com><41F6C547EA49EC46B4EE1EB2BC2F341849F85A460A@EXVPMBX100-1.exc.icann.org><4EE5DAF9.5030505@tana.it> <4EE7397F.4020908@ripe.net><4EEB41DF.6090101@ripe.net> <87d380iq1o.fsf@mid.deneb.enyo.de> Message-ID: <4F7059B0.6020008@abusix.com> Hi Reza, this issue is well known (see the list archive) and at the moment it is my fault to not come up with a new policy proposal. Sorry 24 hours a day is just to less ;-) I hope I'll get it done pretty soon, to have another starting point for a discussion. Stay tuned, Tobias Am 26.03.12 13:43, schrieb Reza Farzan: > Florian, > > If your statement--Email contact information is optional, is correct, how do > people contact a network regarding the abuse violations that were originated > from their IP address? > By calling them? Or, writing a letter using the postal service? This is > simply ridiculous. > > Again, if your statement--Email contact information is optional, is true, > RIPE must be stuck in the past, without realizing the necessity of e-mail > contacts. > > RIPE must create a revised policy regarding e-mail contact for networks > listing within RIPE database to ensure accountability. > > Thank you. > > Reza Farzan > rezaf at mindspring.com > > > > >> -----Original Message----- >> From: Florian Weimer [mailto:fw at deneb.enyo.de] >> Sent: Sunday, March 25, 2012 12:50 PM >> To: rezaf at mindspring.com >> Cc: 'Laura Cobley'; anti-abuse-wg at ripe.net >> Subject: Re: [anti-abuse-wg] National PSDN "UZPAK" >> >> * Reza Farzan: >> >>> What is the RIPE policy regarding listing contact e-mails, >> especially >>> about reporting abuse? >> >> Email contact information is optional. > > -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 307 bytes Desc: OpenPGP digital signature URL: From chrish at consol.net Mon Mar 26 14:12:11 2012 From: chrish at consol.net (Chris) Date: Mon, 26 Mar 2012 14:12:11 +0200 Subject: [anti-abuse-wg] National PSDN "UZPAK" In-Reply-To: References: <20111123134719.EDB3516738D@smtpgate1.restena.lu><4ECE0666.8010502@restena.lu> <20111129075105.GM9075@x27.adm.denic.de><4ED49593.4030504@powerweb.de> <20111129084900.GB8460@core.kyubu.de><4ED4C0DA.5000808@abusix.com> <20111129114133.GA9081@core.kyubu.de><4ED4C7ED.3070305@abusix.com> <4ED4FBBC.7040101@ripe.net><4ED4FEEE.9080307@abusix.com> <4ED64AED.7030503@ripe.net><4ED66A6E.4000404@abusix.com> <87vcq05yr7.fsf@enigma.otenet.gr><4ED780EB.7040209@abusix.com><8811B64A-CFB3-4F83-8031-57C4D08172B9@icann.org><4ED797D2.9040302@abusix.com><41F6C547EA49EC46B4EE1EB2BC2F341849F85A460A@EXVPMBX100-1.exc.icann.org><4EE5DAF9.5030505@tana.it> <4EE7397F.4020908@ripe.net><4EEB41DF.6090101@ripe.net> <87d380iq1o.fsf@mid.deneb.enyo.de> Message-ID: <4F705D1B.3030705@consol.net> Hi, On 03/26/2012 01:43 PM, Reza Farzan wrote: > RIPE must create a revised policy regarding e-mail contact for networks > listing within RIPE database to ensure accountability. Oh wow, now that you said so, RIPE (that would be the european+ internet - how much is that, a billion pepole?) has to subject themselves to your wisdom... ;) You can, ofc, try the obvious: mazgarov at uznet.net ripeadmin at uzpak.uz Then again, seeing your mailinglist-contributions I guess it's highly likely that your mails might be considered the same as the probable reason there's no email attributes: spam. In case of a serious issue you probably wouldn't have a problem with postal mail. And while we're at it, regarding your 'accountability'-thing: you should really talk to some governments, being from the past (well...) they all seem to tend to regard postal mail as more 'accountable' than email... Surprisingly... Regards, Chris From carlosm3011 at gmail.com Mon Mar 26 14:13:05 2012 From: carlosm3011 at gmail.com (Carlos Martinez-Cagnazzo) Date: Mon, 26 Mar 2012 09:13:05 -0300 Subject: [anti-abuse-wg] weird ERX networks ? In-Reply-To: <4F70421A.4030809@ripe.net> References: <4F702202.9070700@powerweb.de> <4F703A51.8070307@powerweb.de> <4F70421A.4030809@ripe.net> Message-ID: <4F705D51.9080509@gmail.com> Hello all, I will report the issue with the WHOIS data for this block to our WHOIS maintenance team. On the other hand, I am currently doing some research work into hijackings, and while I expect to present more detailed results in a month or so, this ASN from an organization named Telematika consistently appears in the hijacking cases I've been able to identify so far. Even more, Telematika has announced the whole of 191/8 several times during the past months. 191/8 is a ERX block that was assigned to LACNIC when the ERX space was returned/given to the RIRs. It's not being currently used for *any* purpose, it's in reserve and it should not appear in any routing table. So, in short, yes, the Telematika guys are up to no good. My evil twin would just filter their whole ASN out, but maybe the responsible thing to do first would be contacting them. Warm regards, Carlos On 3/26/12 7:16 AM, Denis Walker wrote: > Dear Colleagues, > > The IP address 62.61.192.0 - 62.61.255.255 was allocated to an > organisation in Algeria and registered in the RIPE Database. So the > entries in ARIN and LACNIC Databases were originally correct, but need > to be updated. > > It was transferred from the RIPE Database to AfriNIC as part of the set > up of the Afrinic Registry in 2005. That is why the RIPE Database entry > says "This network has been transferred to AFRINIC" and has the netname > "AFRINIC-NET-TRANSFERRED-20050223". Any questions about the current > status of these addresses should be directed to AfriNIC. > > Regards, > Denis Walker > Business Analyst > RIPE NCC Database Group > > On 26/03/12:14 11:43 AM, Frank Gadegast wrote: >> Suresh Ramasubramanian wrote: >> >> Hi, >> >>> I dont think that IP is even announced - the /24 is not in the routing >>> table at all. >> It could be, that this specific network was announced once and isnt >> anymore today. >> >>> Did you get some spam from any specific IP in there? >> Yes. And true for all those networks (once we got a connect from those >> IPs). Im trying to find a few, that are really routed somewhere and >> really hove no whois, but that needs a bit programming first ... >> >> >> My main question was, why ARIN and LACNIC are saying, that >> they belong to RIPE and RIPE is saying, that they belong to AFRINIC >> and AFRINIC is saying, that they are worldwide. >> >> Should AFRINIC not say, that they are unassigned, where they belong >> to them and arent used right now ? Instead of saying, that they are >> worldwide ? >> >> Should not any resource belong to one of the RIRs (even if its PI space) ? >> >> >> Kind regards, Frank >> >> >>> On Mon, Mar 26, 2012 at 1:30 PM, Frank Gadegast >>> > >>> wrote: >>> >>> >>> Hi, >>> >>> we receive Spam from some networks we cannot find any whois record >>> for. >>> >>> An example: >>> 62.61.196.0 >>> (we found about 1000 networks like this) >>> >>> >>> ARINs whois says, its RIPE >>> RIPEs whois says, its AFRINIC >>> LACNIC also says, its AFRINIC >>> >>> but AFRINICs whois says, its "world-wide" ... >>> >>> >>> So, where is this really allocated too and where can we we find a >>> whois record for those networks ? >>> Unallocated, but still in use from somebody ? >>> Anybody an idea ? >>> >>> Here are the whois records: >>> >>> ARIN: >>> NetRange: 62.0.0.0 - 62.255.255.255 >>> CIDR: 62.0.0.0/8 >>> OriginAS: >>> NetName: RIPE-C3 >>> NetHandle: NET-62-0-0-0-1 >>> >>> >>> RIPE: >>> inetnum: 62.61.192.0 - 62.61.255.255 >>> org: ORG-AFNC1-RIPE >>> netname: AFRINIC-NET-TRANSFERRED-__20050223 >>> descr: This network has been transferred to AFRINIC >>> remarks: These IP addresses are assigned in the AFRINIC region. >>> >>> >>> AFRINIC: >>> inetnum: 0.0.0.0 - 255.255.255.255 >>> netname: IANA-BLK >>> descr: The whole IPv4 address space >>> country: EU # Country is really world wide >>> org: ORG-IANA1-AFRINIC >>> >>> >>> >>> >>> Kind regards, Frank >>> -- >>> MOTD: "have you enabled SSL on a website or mailbox today ?" >>> -- >>> PHADE Software - PowerWeb http://www.powerweb.de >>> Inh. Dipl.-Inform. Frank Gadegast >>> mailto:frank at powerweb.de >>> Schinkelstrasse 17 fon: +49 33200 >>> 52920 >>> 14558 Nuthetal OT Rehbruecke, Germany fax: +49 33200 >>> 52921 >>> >>> ==============================__==============================__========== >>> >>> >>> >>> >>> >>> >>> -- >>> Suresh Ramasubramanian (ops.lists at gmail.com ) >> From fw at deneb.enyo.de Mon Mar 26 18:45:57 2012 From: fw at deneb.enyo.de (Florian Weimer) Date: Mon, 26 Mar 2012 18:45:57 +0200 Subject: [anti-abuse-wg] National PSDN "UZPAK" In-Reply-To: (Reza Farzan's message of "Mon, 26 Mar 2012 07:43:56 -0400") References: <20111123134719.EDB3516738D@smtpgate1.restena.lu> <4ED49593.4030504@powerweb.de> <20111129084900.GB8460@core.kyubu.de> <4ED4C0DA.5000808@abusix.com> <20111129114133.GA9081@core.kyubu.de> <4ED4C7ED.3070305@abusix.com> <4ED4FBBC.7040101@ripe.net> <4ED4FEEE.9080307@abusix.com> <4ED64AED.7030503@ripe.net> <4ED66A6E.4000404@abusix.com> <87vcq05yr7.fsf@enigma.otenet.gr> <4ED780EB.7040209@abusix.com> <8811B64A-CFB3-4F83-8031-57C4D08172B9@icann.org> <4ED797D2.9040302@abusix.com> <41F6C547EA49EC46B4EE1EB2BC2F341849F85A460A@EXVPMBX100-1.exc.icann.org> <4EE5DAF9.5030505@tana.it> <4EE7397F.4020908@ripe.net> <4EEB41DF.6090101@ripe.net> <87d380iq1o.fsf@mid.deneb.enyo.de> Message-ID: <87aa33z4xm.fsf@mid.deneb.enyo.de> * Reza Farzan: > If your statement--Email contact information is optional, is correct, how do > people contact a network regarding the abuse violations that were originated > from their IP address? > By calling them? Or, writing a letter using the postal service? This is > simply ridiculous. Usually, you don't care about contact, you want them to take some sort of action as well. > RIPE must create a revised policy regarding e-mail contact for networks > listing within RIPE database to ensure accountability. There is no relationship between the two, one way or the other. All PA resources can be traced back to a legal entity which has submitted proof of its existence to RIPE NCC. For PI resources, the status is less clear, but I can't tell if this is an issue in practice. And there are countries (curiously, not the ones you would expect) where forming a limited liability company is so easy and cheap that accountability is seriously impacted. From ops.lists at gmail.com Tue Mar 27 05:19:39 2012 From: ops.lists at gmail.com (Suresh Ramasubramanian) Date: Tue, 27 Mar 2012 08:49:39 +0530 Subject: [anti-abuse-wg] weird ERX networks ? In-Reply-To: <4F703E6C.1060800@consol.net> References: <4F702202.9070700@powerweb.de> <4F703A51.8070307@powerweb.de> <4F703E6C.1060800@consol.net> Message-ID: What is an ASN belonging to an obscure provider in Prague, the Czech Republic, doing announcing Lacnic ASNs anyway? :) On Mon, Mar 26, 2012 at 3:31 PM, Chris wrote: > > ris says: > (fist seen) > (last seen) > 62.61.192.0/18 25512 CDT-AS CD-Telematika a.s. > 2012-01-23 07:45:22 UTC 2012-03-16 11:38:08 UTC -- Suresh Ramasubramanian (ops.lists at gmail.com) -------------- next part -------------- An HTML attachment was scrubbed... URL: From ops.lists at gmail.com Tue Mar 27 11:24:38 2012 From: ops.lists at gmail.com (Suresh Ramasubramanian) Date: Tue, 27 Mar 2012 14:54:38 +0530 Subject: [anti-abuse-wg] National PSDN "UZPAK" In-Reply-To: <85BED006-08D6-42BF-AE25-9E4E11F02063@blacknight.ie> References: <20111123134719.EDB3516738D@smtpgate1.restena.lu> <4ECE0666.8010502@restena.lu> <20111129075105.GM9075@x27.adm.denic.de> <4ED49593.4030504@powerweb.de> <20111129084900.GB8460@core.kyubu.de> <4ED4C0DA.5000808@abusix.com> <20111129114133.GA9081@core.kyubu.de> <4ED4C7ED.3070305@abusix.com> <4ED4FBBC.7040101@ripe.net> <4ED4FEEE.9080307@abusix.com> <4ED64AED.7030503@ripe.net> <4ED66A6E.4000404@abusix.com> <87vcq05yr7.fsf@enigma.otenet.gr> <4ED780EB.7040209@abusix.com> <8811B64A-CFB3-4F83-8031-57C4D08172B9@icann.org> <4ED797D2.9040302@abusix.com> <41F6C547EA49EC46B4EE1EB2BC2F341849F85A460A@EXVPMBX100-1.exc.icann.org> <4EE5DAF9.5030505@tana.it> <4EE7397F.4020908@ripe.net> <4EEB41DF.6090101@ripe.net> <87d380iq1o.fsf@mid.deneb.enyo.de> <85BED006-08D6-42BF-AE25-9E4E11F02063@blacknight.ie> Message-ID: Ah yes. A lot of shell companies, and "we are not the document police" as somebody said on one occasion. If a bank manager disbursed loans based on the sort of paperwork that's enough for getting a /15 .. On Mon, Mar 26, 2012 at 5:25 PM, Michele Neylon :: Blacknight < michele at blacknight.ie> wrote: > > RIPE knows who its members are and there's plenty of data in the database > that is public. I think Florian answered the question that was asked and > didn't elaborate any further .. -- Suresh Ramasubramanian (ops.lists at gmail.com) -------------- next part -------------- An HTML attachment was scrubbed... URL: From julien at tayon.net Tue Mar 27 14:41:55 2012 From: julien at tayon.net (julien tayon) Date: Tue, 27 Mar 2012 14:41:55 +0200 Subject: [anti-abuse-wg] National PSDN "UZPAK" In-Reply-To: <87d380iq1o.fsf@mid.deneb.enyo.de> References: <20111123134719.EDB3516738D@smtpgate1.restena.lu> <4ECE0666.8010502@restena.lu> <20111129075105.GM9075@x27.adm.denic.de> <4ED49593.4030504@powerweb.de> <20111129084900.GB8460@core.kyubu.de> <4ED4C0DA.5000808@abusix.com> <20111129114133.GA9081@core.kyubu.de> <4ED4C7ED.3070305@abusix.com> <4ED4FBBC.7040101@ripe.net> <4ED4FEEE.9080307@abusix.com> <4ED64AED.7030503@ripe.net> <4ED66A6E.4000404@abusix.com> <87vcq05yr7.fsf@enigma.otenet.gr> <4ED780EB.7040209@abusix.com> <8811B64A-CFB3-4F83-8031-57C4D08172B9@icann.org> <4ED797D2.9040302@abusix.com> <41F6C547EA49EC46B4EE1EB2BC2F341849F85A460A@EXVPMBX100-1.exc.icann.org> <4EE5DAF9.5030505@tana.it> <4EE7397F.4020908@ripe.net> <4EEB41DF.6090101@ripe.net> <87d380iq1o.fsf@mid.deneb.enyo.de> Message-ID: 2012/3/25 Florian Weimer : > * Reza Farzan: > >> What is the RIPE policy regarding listing contact e-mails, especially about >> reporting abuse? > > Email contact information is optional. > fake fax number with a 3200baud lane is however cool, or optionnaly overtaxed telephone number with unnice and incompetent sweat phone center is quite a must. A regexp describing a phone number in an ABNF in a RFC matters more to RIPE than if there are actually people answering the given phone number are respecting the basics of troubleshooting (ticketing, tracability, competence, accountability...). Well, to be honest would they have contracts with the LIR/RIR they could enforce the contact. Ho ! My bad. They have the awful power to restrict the delivery of public IP & AS, therefore they have power over the contractant. I even guess they could ask the blackholing of some resources (BGP) in extreme case. I am pretty much seeing RIPE as a bureaucracy even though it is working by the good will of really nice and expert persons. But -in my opinion- it has forgotten its goal : making sure change management, QA, accountability of internet resources stakeholders is made correctly. And they have the power to do it. Contracts are there since the roman empire and they still works the same : a contract is broken if one of the party does not respects its word on an essential contractual binding as long as it is legal. I have read 10 years ago the RIPE contract for RIR, they do have the power to do it for sure. It is not a technical issue, it is more a political issue amongst RIPE : they don't want to be the bad guys sanctioning bad behaviours, they are the good guys helping as much good willed people as they can to do their job properly and cooperate (that's the reason to be of the RIPE formation I guess on topics such as DNSSec, IPv6, and meetings, RIPE ML). Revoking a contract is way more costly (since you have to put a lawyer on the issue in an international context ruled by more than one country/law/convention). How many formations do you have to sacrifice for a contract to be revoked ? Politic is about deciding how much resources you spend on a given task. It is clearly not in the hand of any technical mailing lists. And legal enforcement costs prejudices the formation price. (Education is productive, litigations alone has no long term positive impact on the whole ecosystem). RIPE essence is clearly to improve the pool of good willed people and make them cooperate. However, I would -if I were the RIPE- at least publicly announce once in a while that a rogue RIR/LIR has its contract suspended. I would do it just because it is demotivating to do your job correctly when you have evidence of people doing it wrong without any consequence for them. Cheers PS : I really do have appreciated RIPE good willed, nice, and competent help when I had to fill the IPv4 forms. I really loved working with RIPE NCC it was a pleasing experience. I just would like it to be even better and I guess I lack so much elements that I might have expressed an obviously stupid opinion, but I was told you should always trust your intuition :) -- Julien Tayon Silent lurker for years and with no actual shiny title or experience to backup its opinion :) From fw at deneb.enyo.de Tue Mar 27 18:30:45 2012 From: fw at deneb.enyo.de (Florian Weimer) Date: Tue, 27 Mar 2012 18:30:45 +0200 Subject: [anti-abuse-wg] National PSDN "UZPAK" In-Reply-To: (Suresh Ramasubramanian's message of "Tue, 27 Mar 2012 14:54:38 +0530") References: <20111123134719.EDB3516738D@smtpgate1.restena.lu> <4ED4C0DA.5000808@abusix.com> <20111129114133.GA9081@core.kyubu.de> <4ED4C7ED.3070305@abusix.com> <4ED4FBBC.7040101@ripe.net> <4ED4FEEE.9080307@abusix.com> <4ED64AED.7030503@ripe.net> <4ED66A6E.4000404@abusix.com> <87vcq05yr7.fsf@enigma.otenet.gr> <4ED780EB.7040209@abusix.com> <8811B64A-CFB3-4F83-8031-57C4D08172B9@icann.org> <4ED797D2.9040302@abusix.com> <41F6C547EA49EC46B4EE1EB2BC2F341849F85A460A@EXVPMBX100-1.exc.icann.org> <4EE5DAF9.5030505@tana.it> <4EE7397F.4020908@ripe.net> <4EEB41DF.6090101@ripe.net> <87d380iq1o.fsf@mid.deneb.enyo.de> <85BED006-08D6-42BF-AE25-9E4E11F02063@blacknight.ie> Message-ID: <87aa32huq2.fsf@mid.deneb.enyo.de> * Suresh Ramasubramanian: > If a bank manager disbursed loans based on the sort of paperwork that's > enough for getting a /15 .. I'm afraid banking analogies do not score any points in a discussion about accountability. From ops.lists at gmail.com Wed Mar 28 12:40:20 2012 From: ops.lists at gmail.com (Suresh Ramasubramanian) Date: Wed, 28 Mar 2012 16:10:20 +0530 Subject: [anti-abuse-wg] National PSDN "UZPAK" In-Reply-To: <87aa32huq2.fsf@mid.deneb.enyo.de> References: <20111123134719.EDB3516738D@smtpgate1.restena.lu> <4ED4C0DA.5000808@abusix.com> <20111129114133.GA9081@core.kyubu.de> <4ED4C7ED.3070305@abusix.com> <4ED4FBBC.7040101@ripe.net> <4ED4FEEE.9080307@abusix.com> <4ED64AED.7030503@ripe.net> <4ED66A6E.4000404@abusix.com> <87vcq05yr7.fsf@enigma.otenet.gr> <4ED780EB.7040209@abusix.com> <8811B64A-CFB3-4F83-8031-57C4D08172B9@icann.org> <4ED797D2.9040302@abusix.com> <41F6C547EA49EC46B4EE1EB2BC2F341849F85A460A@EXVPMBX100-1.exc.icann.org> <4EE5DAF9.5030505@tana.it> <4EE7397F.4020908@ripe.net> <4EEB41DF.6090101@ripe.net> <87d380iq1o.fsf@mid.deneb.enyo.de> <85BED006-08D6-42BF-AE25-9E4E11F02063@blacknight.ie> <87aa32huq2.fsf@mid.deneb.enyo.de> Message-ID: There is clearly a fiduciary duty as the custodians of a scarce, depleting, common good. So, why would an analogy about due diligence not score points? On Tuesday, March 27, 2012, Florian Weimer wrote: > * Suresh Ramasubramanian: > >> If a bank manager disbursed loans based on the sort of paperwork that's >> enough for getting a /15 .. > > I'm afraid banking analogies do not score any points in a discussion > about accountability. > -- Suresh Ramasubramanian (ops.lists at gmail.com) -------------- next part -------------- An HTML attachment was scrubbed... URL: From ops.lists at gmail.com Wed Mar 28 13:03:39 2012 From: ops.lists at gmail.com (Suresh Ramasubramanian) Date: Wed, 28 Mar 2012 16:33:39 +0530 Subject: [anti-abuse-wg] National PSDN "UZPAK" In-Reply-To: References: <20111123134719.EDB3516738D@smtpgate1.restena.lu> <4ED4C0DA.5000808@abusix.com> <20111129114133.GA9081@core.kyubu.de> <4ED4C7ED.3070305@abusix.com> <4ED4FBBC.7040101@ripe.net> <4ED4FEEE.9080307@abusix.com> <4ED64AED.7030503@ripe.net> <4ED66A6E.4000404@abusix.com> <87vcq05yr7.fsf@enigma.otenet.gr> <4ED780EB.7040209@abusix.com> <8811B64A-CFB3-4F83-8031-57C4D08172B9@icann.org> <4ED797D2.9040302@abusix.com> <41F6C547EA49EC46B4EE1EB2BC2F341849F85A460A@EXVPMBX100-1.exc.icann.org> <4EE5DAF9.5030505@tana.it> <4EE7397F.4020908@ripe.net> <4EEB41DF.6090101@ripe.net> <87d380iq1o.fsf@mid.deneb.enyo.de> <85BED006-08D6-42BF-AE25-9E4E11F02063@blacknight.ie> <87aa32huq2.fsf@mid.deneb.enyo.de> Message-ID: speaking of that, it would be interesting to see the response to soca's proposed whois validation http://news.dot-nxt.com/2012/03/12/five-cs-whois-validation-model On Wednesday, March 28, 2012, Suresh Ramasubramanian wrote: > There is clearly a fiduciary duty as the custodians of a scarce, depleting, common good. > > So, why would an analogy about due diligence not score points? > > On Tuesday, March 27, 2012, Florian Weimer wrote: >> * Suresh Ramasubramanian: >> >>> If a bank manager disbursed loans based on the sort of paperwork that's >>> enough for getting a /15 .. >> >> I'm afraid banking analogies do not score any points in a discussion >> about accountability. >> > > -- > Suresh Ramasubramanian (ops.lists at gmail.com) > -- Suresh Ramasubramanian (ops.lists at gmail.com) -------------- next part -------------- An HTML attachment was scrubbed... URL: From fw at deneb.enyo.de Wed Mar 28 19:57:58 2012 From: fw at deneb.enyo.de (Florian Weimer) Date: Wed, 28 Mar 2012 19:57:58 +0200 Subject: [anti-abuse-wg] National PSDN "UZPAK" In-Reply-To: (Suresh Ramasubramanian's message of "Wed, 28 Mar 2012 16:33:39 +0530") References: <20111123134719.EDB3516738D@smtpgate1.restena.lu> <4ED4FBBC.7040101@ripe.net> <4ED4FEEE.9080307@abusix.com> <4ED64AED.7030503@ripe.net> <4ED66A6E.4000404@abusix.com> <87vcq05yr7.fsf@enigma.otenet.gr> <4ED780EB.7040209@abusix.com> <8811B64A-CFB3-4F83-8031-57C4D08172B9@icann.org> <4ED797D2.9040302@abusix.com> <41F6C547EA49EC46B4EE1EB2BC2F341849F85A460A@EXVPMBX100-1.exc.icann.org> <4EE5DAF9.5030505@tana.it> <4EE7397F.4020908@ripe.net> <4EEB41DF.6090101@ripe.net> <87d380iq1o.fsf@mid.deneb.enyo.de> <85BED006-08D6-42BF-AE25-9E4E11F02063@blacknight.ie> <87aa32huq2.fsf@mid.deneb.enyo.de> Message-ID: <87hax8ppzt.fsf@mid.deneb.enyo.de> * Suresh Ramasubramanian: > speaking of that, it would be interesting to see the response to soca's > proposed whois validation > > http://news.dot-nxt.com/2012/03/12/five-cs-whois-validation-model In essence, it boils down to this question: Can RIPE NCC rely on the UK Register of Companies to validate requests which aim to establish a UK business as a LIR? SOCA seems to suggest that the answer is "no". This is disturbing. From fw at deneb.enyo.de Wed Mar 28 20:35:01 2012 From: fw at deneb.enyo.de (Florian Weimer) Date: Wed, 28 Mar 2012 20:35:01 +0200 Subject: [anti-abuse-wg] National PSDN "UZPAK" In-Reply-To: (Suresh Ramasubramanian's message of "Wed, 28 Mar 2012 16:10:20 +0530") References: <20111123134719.EDB3516738D@smtpgate1.restena.lu> <4ED4C7ED.3070305@abusix.com> <4ED4FBBC.7040101@ripe.net> <4ED4FEEE.9080307@abusix.com> <4ED64AED.7030503@ripe.net> <4ED66A6E.4000404@abusix.com> <87vcq05yr7.fsf@enigma.otenet.gr> <4ED780EB.7040209@abusix.com> <8811B64A-CFB3-4F83-8031-57C4D08172B9@icann.org> <4ED797D2.9040302@abusix.com> <41F6C547EA49EC46B4EE1EB2BC2F341849F85A460A@EXVPMBX100-1.exc.icann.org> <4EE5DAF9.5030505@tana.it> <4EE7397F.4020908@ripe.net> <4EEB41DF.6090101@ripe.net> <87d380iq1o.fsf@mid.deneb.enyo.de> <85BED006-08D6-42BF-AE25-9E4E11F02063@blacknight.ie> <87aa32huq2.fsf@mid.deneb.enyo.de> Message-ID: <87sjgso9pm.fsf@mid.deneb.enyo.de> * Suresh Ramasubramanian: > There is clearly a fiduciary duty as the custodians of a scarce, depleting, > common good. > > So, why would an analogy about due diligence not score points? Because we do not value accountability in our financial institutions. Back to the original topic. I agree that we face various issues with service provider accountability, but one of the major problems with this and similar discussions is that those who demand some form of action make claims which are quite obviously not factually correct. The allocated resource covering 213.230.122.0 is the inetnum object 213.230.64.0 - 213.230.127.255, allocated to this LIR: organisation: ORG-UNCN1-RIPE org-name: Uzpak Net (Country Net of Independence Republic of Uzbekistan) org-type: LIR address: National Data Network Company 8th floor, 8, Druzhba Narodov str., 700043, Tashkent, Uzbekistan phone: +998 71 114 6314 phone: +998 71 144 4804 fax-no: +998 71 114 6322 e-mail: admin at uzpak.uz admin-c: BM2509-RIPE admin-c: MBA-RIPE mnt-ref: AS8193-MNT mnt-ref: RIPE-NCC-HM-MNT mnt-by: RIPE-NCC-HM-MNT changed: [...] 20120308 source: RIPE There you have a street address, a phone number, and even an email address. Does this change anything about accountability? Not sure. For PA resources, such information is relatively easy to find. However, RIPE NCC is not able to provide this as a service, and restricts access to the database in a way that makes it impossible to offer such a service to the general public. But these obstacles are created by RIPE NCC and the RIPE community, and not the resource holders. Again, let me stress that this case is far from unique. We often see claims that some network is "bad". I'm slightly out of touch with regards to current network-wide events, but I still feel that I should be able to recognize proof of badness as such. But what happens far too often is that folks who I know are knowledgeable about these things cannot express their rationale in terms I can understand or accept as proof. This is a problem. From fw at deneb.enyo.de Wed Mar 28 21:01:08 2012 From: fw at deneb.enyo.de (Florian Weimer) Date: Wed, 28 Mar 2012 21:01:08 +0200 Subject: [anti-abuse-wg] National PSDN "UZPAK" References: <20111123134719.EDB3516738D@smtpgate1.restena.lu> <4ED49593.4030504@powerweb.de> <20111129084900.GB8460@core.kyubu.de> <4ED4C0DA.5000808@abusix.com> <20111129114133.GA9081@core.kyubu.de> <4ED4C7ED.3070305@abusix.com> <4ED4FBBC.7040101@ripe.net> <4ED4FEEE.9080307@abusix.com> <4ED64AED.7030503@ripe.net> <4ED66A6E.4000404@abusix.com> <87vcq05yr7.fsf@enigma.otenet.gr> <4ED780EB.7040209@abusix.com> <8811B64A-CFB3-4F83-8031-57C4D08172B9@icann.org> <4ED797D2.9040302@abusix.com> <41F6C547EA49EC46B4EE1EB2BC2F341849F85A460A@EXVPMBX100-1.exc.icann.org> <4EE5DAF9.5030505@tana.it> <4EE7397F.4020908@ripe.net> <4EEB41DF.6090101@ripe.net> <87d380iq1o.fsf@mid.deneb.enyo.de> Message-ID: <878viko8i3.fsf@mid.deneb.enyo.de> * julien tayon: > Well, to be honest would they have contracts with the LIR/RIR they > could enforce the contact. Ho ! My bad. They have the awful power to > restrict the delivery of public IP & AS, therefore they have power > over the contractant. I even guess they could ask the blackholing of > some resources (BGP) in extreme case. At a technical level, RPKI might eventually allow this, but this project was not exactly welcomed by the RIPE community, for precisely this reason. From fw at deneb.enyo.de Wed Mar 28 21:53:55 2012 From: fw at deneb.enyo.de (Florian Weimer) Date: Wed, 28 Mar 2012 21:53:55 +0200 Subject: [anti-abuse-wg] National PSDN "UZPAK" In-Reply-To: (Fearghas McKay's message of "Wed, 28 Mar 2012 20:50:04 +0100") References: <20111123134719.EDB3516738D@smtpgate1.restena.lu> <4ED64AED.7030503@ripe.net> <4ED66A6E.4000404@abusix.com> <87vcq05yr7.fsf@enigma.otenet.gr> <4ED780EB.7040209@abusix.com> <8811B64A-CFB3-4F83-8031-57C4D08172B9@icann.org> <4ED797D2.9040302@abusix.com> <41F6C547EA49EC46B4EE1EB2BC2F341849F85A460A@EXVPMBX100-1.exc.icann.org> <4EE5DAF9.5030505@tana.it> <4EE7397F.4020908@ripe.net> <4EEB41DF.6090101@ripe.net> <87d380iq1o.fsf@mid.deneb.enyo.de> <85BED006-08D6-42BF-AE25-9E4E11F02063@blacknight.ie> <87aa32huq2.fsf@mid.deneb.enyo.de> <87hax8ppzt.fsf@mid.deneb.enyo.de> Message-ID: <87iphoijsc.fsf@mid.deneb.enyo.de> * Fearghas McKay: > On 28 Mar 2012, at 18:57, Florian Weimer wrote: > >> Can RIPE NCC rely on the UK Register of Companies to validate requests >> which aim to establish a UK business as a LIR? >> >> SOCA seems to suggest that the answer is "no". This is disturbing. > > Well since you don't need to be a registered company to hold LIR > assets then that is hardly surprising that Companies House is not > the ultimate source of all knowledge in this case. True, but a signature from an officer of a registered company should be sufficient (together with the signup fee). If it's not, there's something seriously wrong with the registration procedure. From rezaf at mindspring.com Thu Mar 29 02:05:51 2012 From: rezaf at mindspring.com (Reza Farzan) Date: Wed, 28 Mar 2012 20:05:51 -0400 Subject: [anti-abuse-wg] National PSDN "UZPAK" In-Reply-To: <87sjgso9pm.fsf@mid.deneb.enyo.de> References: <20111123134719.EDB3516738D@smtpgate1.restena.lu><4ED4C7ED.3070305@abusix.com> <4ED4FBBC.7040101@ripe.net><4ED4FEEE.9080307@abusix.com> <4ED64AED.7030503@ripe.net><4ED66A6E.4000404@abusix.com> <87vcq05yr7.fsf@enigma.otenet.gr><4ED780EB.7040209@abusix.com><8811B64A-CFB3-4F83-8031-57C4D08172B9@icann.org><4ED797D2.9040302@abusix.com><41F6C547EA49EC46B4EE1EB2BC2F341849F85A460A@EXVPMBX100-1.exc.icann.org><4EE5DAF9.5030505@tana.it> <4EE7397F.4020908@ripe.net><4EEB41DF.6090101@ripe.net><87d380iq1o.fsf@mid.deneb.enyo.de><85BED006-08D6-42BF-AE25-9E4E11F02063@blacknight.ie><87aa32huq2.fsf@mid.deneb.enyo.de> <87sjgso9pm.fsf@mid.deneb.enyo.de> Message-ID: Florian, As I had stated in my earlier message, I had forwarded my Spam report to the following address [admin at uzpak.uz], but it came back with this error message: ------- A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed: ripeadmin at uzpak.uz SMTP error from remote mail server after RCPT TO:: host mail.uzpak.uz [84.54.64.37]: 553 sorry, this recipient is not in my validrcptto list (#5.7.1) ------- As you may know, many networks show and use invalid, or even fake contact e-mail addresses in order to frustrate everyone, and the National PSDN "UZPAK" is no exception. On a daily basis, I report such abuse violations to Spamcop.net, http://www.spamcop.net/, and in many instances, the IP address either does not have an Abuse Reporting e-mail, or the e-mail addresses listed in the Whois directory is bogus. So, having a street address, a phone number, and even an invalid email address, does not change anything; it creates frustration and despair. One way to hold all networks accountable perhaps would be for the RIPE NCC to send an e-mail [once a year] to addresses in their Whois listing, thereby confirming and verifying their correctness and validity. Thank you, Reza Farzan rezaf at mindspring.com =========== > -----Original Message----- > From: anti-abuse-wg-bounces at ripe.net > [mailto:anti-abuse-wg-bounces at ripe.net] On Behalf Of Florian Weimer > Sent: Wednesday, March 28, 2012 2:35 PM > To: Suresh Ramasubramanian > Cc: Laura Cobley; Michele Neylon :: Blacknight; > ; > Subject: Re: [anti-abuse-wg] National PSDN "UZPAK" > > * Suresh Ramasubramanian: > > > There is clearly a fiduciary duty as the custodians of a scarce, > > depleting, common good. > > > > So, why would an analogy about due diligence not score points? > > Because we do not value accountability in our financial institutions. > > Back to the original topic. I agree that we face various > issues with service provider accountability, but one of the > major problems with this and similar discussions is that > those who demand some form of action make claims which are > quite obviously not factually correct. > > The allocated resource covering 213.230.122.0 is the inetnum > object 213.230.64.0 - 213.230.127.255, allocated to this LIR: > > organisation: ORG-UNCN1-RIPE > org-name: Uzpak Net (Country Net of Independence > Republic of Uzbekistan) > org-type: LIR > address: National Data Network Company > 8th floor, 8, Druzhba Narodov str., > 700043, Tashkent, > Uzbekistan > phone: +998 71 114 6314 > phone: +998 71 144 4804 > fax-no: +998 71 114 6322 > e-mail: admin at uzpak.uz > admin-c: BM2509-RIPE > admin-c: MBA-RIPE > mnt-ref: AS8193-MNT > mnt-ref: RIPE-NCC-HM-MNT > mnt-by: RIPE-NCC-HM-MNT > changed: [...] 20120308 > source: RIPE > > There you have a street address, a phone number, and even an > email address. Does this change anything about > accountability? Not sure. > > For PA resources, such information is relatively easy to find. > However, RIPE NCC is not able to provide this as a service, > and restricts access to the database in a way that makes it > impossible to offer such a service to the general public. > But these obstacles are created by RIPE NCC and the RIPE > community, and not the resource holders. > > Again, let me stress that this case is far from unique. We > often see claims that some network is "bad". I'm slightly > out of touch with regards to current network-wide events, but > I still feel that I should be able to recognize proof of > badness as such. But what happens far too often is that > folks who I know are knowledgeable about these things cannot > express their rationale in terms I can understand or accept > as proof. This is a problem. > From ops.lists at gmail.com Thu Mar 29 03:38:47 2012 From: ops.lists at gmail.com (Suresh Ramasubramanian) Date: Thu, 29 Mar 2012 07:08:47 +0530 Subject: [anti-abuse-wg] National PSDN "UZPAK" In-Reply-To: <87hax8ppzt.fsf@mid.deneb.enyo.de> References: <20111123134719.EDB3516738D@smtpgate1.restena.lu> <4ED4FBBC.7040101@ripe.net> <4ED4FEEE.9080307@abusix.com> <4ED64AED.7030503@ripe.net> <4ED66A6E.4000404@abusix.com> <87vcq05yr7.fsf@enigma.otenet.gr> <4ED780EB.7040209@abusix.com> <8811B64A-CFB3-4F83-8031-57C4D08172B9@icann.org> <4ED797D2.9040302@abusix.com> <41F6C547EA49EC46B4EE1EB2BC2F341849F85A460A@EXVPMBX100-1.exc.icann.org> <4EE5DAF9.5030505@tana.it> <4EE7397F.4020908@ripe.net> <4EEB41DF.6090101@ripe.net> <87d380iq1o.fsf@mid.deneb.enyo.de> <85BED006-08D6-42BF-AE25-9E4E11F02063@blacknight.ie> <87aa32huq2.fsf@mid.deneb.enyo.de> <87hax8ppzt.fsf@mid.deneb.enyo.de> Message-ID: On Wed, Mar 28, 2012 at 11:27 PM, Florian Weimer wrote: > > Can RIPE NCC rely on the UK Register of Companies to validate requests > which aim to establish a UK business as a LIR? > > SOCA seems to suggest that the answer is "no". This is disturbing. Incorporating an LLC with the address of record being a maildrop location, or even an empty lot, has traditionally taken you a few pounds and less than a day .. How or why should the registrar of companies be an authoritative source to declare anything except that "a registered company by that name exists"? In other words, there's absolutely no useful input into your IP justification process that validates that X is a genuine entity who actually needs a /20 for his new datacenter location, rather than to stuff it with botnet C&Cs or whatever. Now, if RIPE NCC were to get the RBN or whoever as a customer, they wouldn't know because they simply don't validate anything much of this sort at all, and even if they do set up some perfunctory validation like checking that the company presenting IP allocation paperwork is registered, that doesn't mean anything relevant. Andy Auld was probably not particularly diplomatic when he said this - but he was 100% correct. http://www.zdnet.co.uk/news/security-threats/2009/10/22/soca-russian-cyber-gang-bribed-police-39825939/ "RBN paid Ripe for services," said Auld. "If we were being harsh, we could say that Ripe has received criminal funds and was involved in money-laundering offences. We are not treating it that way, but you could see it like that." "....to which RIPE NCC pointed out that RBN passed a set of checklists."Our checklists include the provision of proof that a prospective LIR has the necessary legal documentation, which proves that a business is bona fide." Now, it is great that you don't like analogies about the banking industry, and don't work in the banking industry (I don't either, but what I did was to phone my bank manager and ask him what'd happen if such a situation arose). Because you see, if this had happened with our putative bank manager, he'd have been arrested for money laundering and the bank would be facing some fairly extensive audits from the banking regulator, getting its records subpoena'd by the police etc -- Suresh Ramasubramanian (ops.lists at gmail.com) -------------- next part -------------- An HTML attachment was scrubbed... URL: From fearghas at gmail.com Wed Mar 28 21:50:04 2012 From: fearghas at gmail.com (Fearghas McKay) Date: Wed, 28 Mar 2012 20:50:04 +0100 Subject: [anti-abuse-wg] National PSDN "UZPAK" In-Reply-To: <87hax8ppzt.fsf@mid.deneb.enyo.de> References: <20111123134719.EDB3516738D@smtpgate1.restena.lu> <4ED4FBBC.7040101@ripe.net> <4ED4FEEE.9080307@abusix.com> <4ED64AED.7030503@ripe.net> <4ED66A6E.4000404@abusix.com> <87vcq05yr7.fsf@enigma.otenet.gr> <4ED780EB.7040209@abusix.com> <8811B64A-CFB3-4F83-8031-57C4D08172B9@icann.org> <4ED797D2.9040302@abusix.com> <41F6C547EA49EC46B4EE1EB2BC2F341849F85A460A@EXVPMBX100-1.exc.icann.org> <4EE5DAF9.5030505@tana.it> <4EE7397F.4020908@ripe.net> <4EEB41DF.6090101@ripe.net> <87d380iq1o.fsf@mid.deneb.enyo.de> <85BED006-08D6-42BF-AE25-9E4E11F02063@blacknight.ie> <87aa32huq2.fsf@mid.deneb.enyo.de> <87hax8ppzt.fsf@mid.deneb.enyo.de> Message-ID: On 28 Mar 2012, at 18:57, Florian Weimer wrote: > Can RIPE NCC rely on the UK Register of Companies to validate requests > which aim to establish a UK business as a LIR? > > SOCA seems to suggest that the answer is "no". This is disturbing. Well since you don't need to be a registered company to hold LIR assets then that is hardly surprising that Companies House is not the ultimate source of all knowledge in this case. cc line trimmed back to the OP and the WG. f From fearghas at gmail.com Wed Mar 28 21:59:50 2012 From: fearghas at gmail.com (Fearghas McKay) Date: Wed, 28 Mar 2012 20:59:50 +0100 Subject: [anti-abuse-wg] National PSDN "UZPAK" In-Reply-To: <87iphoijsc.fsf@mid.deneb.enyo.de> References: <20111123134719.EDB3516738D@smtpgate1.restena.lu> <4ED64AED.7030503@ripe.net> <4ED66A6E.4000404@abusix.com> <87vcq05yr7.fsf@enigma.otenet.gr> <4ED780EB.7040209@abusix.com> <8811B64A-CFB3-4F83-8031-57C4D08172B9@icann.org> <4ED797D2.9040302@abusix.com> <41F6C547EA49EC46B4EE1EB2BC2F341849F85A460A@EXVPMBX100-1.exc.icann.org> <4EE5DAF9.5030505@tana.it> <4EE7397F.4020908@ripe.net> <4EEB41DF.6090101@ripe.net> <87d380iq1o.fsf@mid.deneb.enyo.de> <85BED006-08D6-42BF-AE25-9E4E11F02063@blacknight.ie> <87aa32huq2.fsf@mid.deneb.enyo.de> <87hax8ppzt.fsf@mid.deneb.enyo.de> <87iphoijsc.fsf@mid.deneb.enyo.de> Message-ID: <1D8BDDCF-29F3-4401-88B9-3C4AF9072443@gmail.com> On 28 Mar 2012, at 20:53, Florian Weimer wrote: > * Fearghas McKay: > >> On 28 Mar 2012, at 18:57, Florian Weimer wrote: >> >>> Can RIPE NCC rely on the UK Register of Companies to validate requests >>> which aim to establish a UK business as a LIR? >>> >>> SOCA seems to suggest that the answer is "no". This is disturbing. >> >> Well since you don't need to be a registered company to hold LIR >> assets then that is hardly surprising that Companies House is not >> the ultimate source of all knowledge in this case. > > True, but a signature from an officer of a registered company should > be sufficient (together with the signup fee). If it's not, there's > something seriously wrong with the registration procedure. You miss the point - there are many different kinds of commercial organisation structures that are not Limited/PLC/Limited by Guarantee companies that can hold LIR assets and be members. Why should I be a Limited/PLC/Limited by Guarantee company just to hold LIR membership or an ASN/PA/PI/etc space ? Just because SOCA finds it makes their life harder doesn't mean the whole commercial world has to change to make their lives a bit easier. Why do you find it disturbing that we can have different corporate structures ? All registered of course otherwise they would struggle to do business :-) f From shane at time-travellers.org Thu Mar 29 10:53:28 2012 From: shane at time-travellers.org (Shane Kerr) Date: Thu, 29 Mar 2012 10:53:28 +0200 Subject: [anti-abuse-wg] Enabling community self-help? Message-ID: <20120329105328.4dcceb0d@shane-eeepc.home.time-travellers.org> All, warning: crazy idea time Does it seem like a good idea to provide a way to attach "user comments" to network information? Background... Some people want someone to force ISP's to take responsibility for fixing abuse originating in their networks. The natural place for this enforcement appears to them to be the RIPE NCC (*). Contrariwise, the RIPE NCC is unable to unwilling to change its role from a fundamentally administrative to one that involves setting network usage policies. This involves risks in terms of anti-trust regulators, need to carefully define the limits of control, and setting up what amounts to a industry legal system (with both judges and police). Plus it is hard to get the RIPE NCC membership to support mechanisms which cost them money and limit their freedoms. On the 3rd hand, some people in the RIPE community (including me) also feel that it is very, very difficult to define what the required actions would be in the case of reported abuse. This reporting mechanism itself might indeed be a source of abuse (rivalries between companies could be fought by each accusing the other of hosting criminal activity). Crazy Idea... Lets crowd-source it. Maybe it makes sense to make something like a web forum for each allocated resource, or perhaps for the organization responsible for each. It could be something like a blog article with the contact and other information about each resource, and then a way to post comments about it. So, you might see that ISP ShaNet has working e-mail for abuse, but nobody ever sees any action beyond automated response. Such reports could be useful for people who *can* investigate and do something, such as law enforcement or regulators. A few decades of Internet forums have given us best practices in terms of policing forums for spam and abuse, for evaluating user trustworthiness and helpfulness, and for evaluating the value of individual comments or replies (+1). I think something like this would be within the realm of things that the RIPE NCC could provide. We could link to these pages from the WHOIS results (or go straight there for web queries perhaps). There are lots of web sites which publish consumer evaluations of various companies and products, so this really is not so different. -- Shane (*) Well, normally confused with RIPE (or Ripe). But the RIPE NCC is what they mean. From ops.lists at gmail.com Thu Mar 29 12:14:04 2012 From: ops.lists at gmail.com (Suresh Ramasubramanian) Date: Thu, 29 Mar 2012 15:44:04 +0530 Subject: [anti-abuse-wg] National PSDN "UZPAK" In-Reply-To: <1D8BDDCF-29F3-4401-88B9-3C4AF9072443@gmail.com> References: <20111123134719.EDB3516738D@smtpgate1.restena.lu> <4ED64AED.7030503@ripe.net> <4ED66A6E.4000404@abusix.com> <87vcq05yr7.fsf@enigma.otenet.gr> <4ED780EB.7040209@abusix.com> <8811B64A-CFB3-4F83-8031-57C4D08172B9@icann.org> <4ED797D2.9040302@abusix.com> <41F6C547EA49EC46B4EE1EB2BC2F341849F85A460A@EXVPMBX100-1.exc.icann.org> <4EE5DAF9.5030505@tana.it> <4EE7397F.4020908@ripe.net> <4EEB41DF.6090101@ripe.net> <87d380iq1o.fsf@mid.deneb.enyo.de> <85BED006-08D6-42BF-AE25-9E4E11F02063@blacknight.ie> <87aa32huq2.fsf@mid.deneb.enyo.de> <87hax8ppzt.fsf@mid.deneb.enyo.de> <87iphoijsc.fsf@mid.deneb.enyo.de> <1D8BDDCF-29F3-4401-88B9-3C4AF9072443@gmail.com> Message-ID: SOCA's point is a lot simpler than this nit that's getting picked here. "Company exists" (as a legal entity of some sort, registered somewhere) isn't quite seen as a sufficient criterion and shouldn't be seen as the sole criterion either. IP address justification paperwork is easy enough to fudge - say all the right things, copy and paste from boilerplate or whatever. The RIR certainly isn;t going to give you a /22 if you say you want to deploy botnet C&Cs on it, so of course you aren't going to say that. On Thu, Mar 29, 2012 at 1:29 AM, Fearghas McKay wrote: > > Just because SOCA finds it makes their life harder doesn't mean the whole > commercial world has to change to make their lives a bit easier. > > Why do you find it disturbing that we can have different corporate > structures ? All registered of course otherwise they would struggle to do > business :-) -- Suresh Ramasubramanian (ops.lists at gmail.com) -------------- next part -------------- An HTML attachment was scrubbed... URL: From ops.lists at gmail.com Thu Mar 29 12:27:07 2012 From: ops.lists at gmail.com (Suresh Ramasubramanian) Date: Thu, 29 Mar 2012 15:57:07 +0530 Subject: [anti-abuse-wg] Enabling community self-help? In-Reply-To: <20120329105328.4dcceb0d@shane-eeepc.home.time-travellers.org> References: <20120329105328.4dcceb0d@shane-eeepc.home.time-travellers.org> Message-ID: On Thu, Mar 29, 2012 at 2:23 PM, Shane Kerr wrote: > Some people want someone to force ISP's to take responsibility for > fixing abuse originating in their networks. The natural place for this > enforcement appears to them to be the RIPE NCC (*). > The issue isn't forcing ISPs to fix abuse at all - lots of blocklists and whatever else for that. The issue is making sure that the bad guys are simply not able to get themselves a /15 whenever they like simply because the paperwork verification is close enough to nonexistent. As for "picking on RIPE NCC", do please let me know if another RIR with an LIR model AND a bunch of criminals who have got the idea of setting themselves up as LIRs Contrariwise, the RIPE NCC is unable to unwilling to change its role > from a fundamentally administrative to one that involves setting > network usage policies. This involves risks in terms of anti-trust > regulators, need to carefully define the limits of control, and setting > This is an entirely strawman set of arguments. Can you please explain to me what part of SOCA's proposals about crosschecking ID / email address etc triggers a single antitrust regulation? Or a privacy regulation for that matter? > On the 3rd hand, some people in the RIPE community (including me) > also feel that it is very, very difficult to define what the required > actions would be in the case of reported abuse. This reporting > mechanism itself might indeed be a source of abuse (rivalries between > companies could be fought by each accusing the other of hosting > criminal activity). > You might actually know if there's criiminal activity actually hosted there? As in some random guy asking "do you beat your wife" versus a lot of people coming up and saying that there's often scenes like loud arguments, screams, the sounds of blows / slaps etc being dealt, your wife turning up in public crying and with a black eye etc? ["generic you" of course], followed by a quick check that simply says you're a bigamist and so the marriage just wasn't valid, obtained under false pretences. Yes the analogy is stupid. Thank you in advance for pointing that out. about it. So, you might see that ISP ShaNet has working e-mail for > abuse, but nobody ever sees any action beyond automated response. Such > reports could be useful for people who *can* investigate and do > something, such as law enforcement or regulators. > Various blocklists and antispam forums / security lists do discuss that. However the point here is entirely different. Let us put it this way - provider X has lax security policies, hosts a bunch of spammers and has a ton of blocklist listings. But it also has legitimate customers and does provide what it says it provides - colo services. Provider Y in Eastern Europe is a front for a botmaster, hosts nothing but bot traffic and got itself an assigned-PA or PI /20 from RIPE NCC, after telling RIPE NCC its going to host whatever .. say some guy's family dog's homepage. The point here is not crowdsourcing opinion about a CIDR. The point is getting hostmasters to see the difference between provider X and provider Y, and see if they can't give X a /20 and deny Y his /20. SOCA appears to have a workable and standards based, complaint with european law, model there, as it happens. --srs -------------- next part -------------- An HTML attachment was scrubbed... URL: From chrish at consol.net Thu Mar 29 13:52:37 2012 From: chrish at consol.net (Chris) Date: Thu, 29 Mar 2012 13:52:37 +0200 Subject: [anti-abuse-wg] Enabling community self-help? In-Reply-To: References: <20120329105328.4dcceb0d@shane-eeepc.home.time-travellers.org> Message-ID: <4F744D05.1060306@consol.net> hi, On different occasions, Suresh Ramasubramanian wrote: [a lot of stuff] you seem to misunderstand the players in this game. ripe is the community. ripe ncc is just there to help organize. it handles coordination of ips and ases, as (or: where) they have to be unique. the only reason why ripe doesn't simply hand out any number of resources to anybody is that these are finite (well, in fact, otherwise ripe simply wouldn't exist). the only decisions on handing out resources done at ripe are regarding fairness (and subordinate/derived technical decisions on coordination). that's what constitutes its legitimacy. apart from that it is totally irrelevant who the requesting party is or is not. what you are wailing about is criminal proceedings, policing (and actually also judiciary and legislative proceedings, but i think you probably didn't realise that). this is the job of law courts and police, so you should refer to them. regards, Chris From ops.lists at gmail.com Thu Mar 29 14:09:31 2012 From: ops.lists at gmail.com (Suresh Ramasubramanian) Date: Thu, 29 Mar 2012 17:39:31 +0530 Subject: [anti-abuse-wg] Enabling community self-help? In-Reply-To: <4F744D05.1060306@consol.net> References: <20120329105328.4dcceb0d@shane-eeepc.home.time-travellers.org> <4F744D05.1060306@consol.net> Message-ID: On Thu, Mar 29, 2012 at 5:22 PM, Chris wrote: > ripe is the community. ripe ncc is just there to help organize. it handles > coordination of ips and ases, as (or: where) they have to be unique. the > only reason why ripe doesn't simply hand out any number of resources to > anybody is that these are finite (well, in fact, otherwise ripe simply > wouldn't exist). the only decisions on handing out resources done at ripe > are regarding fairness (and subordinate/derived technical decisions on > coordination). that's what constitutes its legitimacy. apart from that it > is totally irrelevant who the requesting party is or is not. > I am sorry but yes I do understand that difference. I do still maintain that being the custodian of v4 and v6 address space for the RIPE community, RIPE NCC has a fiduciary (for lack of a better word, this isn't finance) responsibility to detect and deny fraudulent IP allocations. > what you are wailing about is criminal proceedings, policing (and actually > also judiciary and legislative proceedings, but i think you probably didn't > realise that). this is the job of law courts and police, so you should > refer to them. > The problem is when they start to refer to the RIR. Which might happen sooner rather than later. That quote about "the police COULD HAVE VIEWED giving RBN an LIR status and lots of IP space as a money laundering offense" is entirely correct. In other words, a slightly more hard nosed cop and/or a more critical situation than that might trigger law enforcement or regulatory action because "I didn't know" is very rarely a valid excuse, and which is why several other more regulated industries have rather stricter due diligence requirements than what we're seeing here. -- Suresh Ramasubramanian (ops.lists at gmail.com) -------------- next part -------------- An HTML attachment was scrubbed... URL: From russ at consumer.net Thu Mar 29 14:10:56 2012 From: russ at consumer.net (russ at consumer.net) Date: Thu, 29 Mar 2012 08:10:56 -0400 Subject: [anti-abuse-wg] whois 5C's In-Reply-To: <4F5A492B.80805@consumer.net> References: <20120309084615.33fecc96@shane-desktop> <4F59FDA4.8060400@consumer.net> <4F5A031C.40006@blacknight.com> <4F5A0F43.3030900@consumer.net> <4F5A492B.80805@consumer.net> Message-ID: <4F745150.1030009@consumer.net> The proposal about the 5 C's sounds good except you also have to include whois access policies. If you can't get to the data easily and be able to use it it is of no good. Right now there is a complicated patchwork of whois access policies. Most of them were made up by a small group of people who really don't consider all the issues. The biggest problem here is that RIPE claims to have a legal decision about whois access but they won't release it publicly. Nobody has provided a reason why this legal opinin has not been released to the community. People try to spend time attacking me and saying my comments are not constructive, etc. This is being done to divert attention from the fact that RIPE won't release the information to the community. RIPE needs to release this legal opinion to the community. There is no excuse for withholding it. Thnak You From ops.lists at gmail.com Thu Mar 29 14:11:11 2012 From: ops.lists at gmail.com (Suresh Ramasubramanian) Date: Thu, 29 Mar 2012 17:41:11 +0530 Subject: [anti-abuse-wg] Enabling community self-help? In-Reply-To: References: <20120329105328.4dcceb0d@shane-eeepc.home.time-travellers.org> <4F744D05.1060306@consol.net> Message-ID: [and by the way, hands up for those of you who are postmaster@ for a significant sized ISP and still believe in the "we are not the internet police" kool aid to the extent that it gets believed in by a lot of the IP engineering people who are posting here]. -------------- next part -------------- An HTML attachment was scrubbed... URL: From ops.lists at gmail.com Thu Mar 29 14:14:06 2012 From: ops.lists at gmail.com (Suresh Ramasubramanian) Date: Thu, 29 Mar 2012 17:44:06 +0530 Subject: [anti-abuse-wg] whois 5C's In-Reply-To: <4F745150.1030009@consumer.net> References: <20120309084615.33fecc96@shane-desktop> <4F59FDA4.8060400@consumer.net> <4F5A031C.40006@blacknight.com> <4F5A0F43.3030900@consumer.net> <4F5A492B.80805@consumer.net> <4F745150.1030009@consumer.net> Message-ID: There's rather a big difference between access to bulk whois data of any sort for security or other "internet community" related, NON COMMERCIAL purposes, versus bulk whois data to run a commercial service. On Thu, Mar 29, 2012 at 5:40 PM, russ at consumer.net wrote: > The proposal about the 5 C's sounds good except you also have to include > whois access policies. If you can't get to the data easily and be able to > use it it is of no good. Right now there is a complicated patchwork of > whois access policies. Most of them were made up by a small group of > people who really don't consider all the issues. -- Suresh Ramasubramanian (ops.lists at gmail.com) -------------- next part -------------- An HTML attachment was scrubbed... URL: From michele at blacknight.ie Thu Mar 29 14:14:36 2012 From: michele at blacknight.ie (Michele Neylon :: Blacknight) Date: Thu, 29 Mar 2012 12:14:36 +0000 Subject: [anti-abuse-wg] whois 5C's In-Reply-To: <4F745150.1030009@consumer.net> References: <20120309084615.33fecc96@shane-desktop> <4F59FDA4.8060400@consumer.net> <4F5A031C.40006@blacknight.com> <4F5A0F43.3030900@consumer.net> <4F5A492B.80805@consumer.net> <4F745150.1030009@consumer.net> Message-ID: <373B86A1-3820-4321-8DB5-DF6379EC133F@blacknight.ie> Russ First of all the SOCA 5 Cs document has absolutely nothing to do with WHOIS access or display. It's to with whois data validation and verification. It's also not even about IP address space and was actually aimed at domain names. With regard to your comments I have never had any issue accessing any whois data for the RIPE region (or any other region for that matter) If law enforcement or anyone else who was not using the data for commercial gain was having issues then I'm sure that it would be addressed. Regards Michele On 29 Mar 2012, at 13:10, russ at consumer.net wrote: > The proposal about the 5 C's sounds good except you also have to include whois access policies. If you can't get to the data easily and be able to use it it is of no good. Right now there is a complicated patchwork of whois access policies. Most of them were made up by a small group of people who really don't consider all the issues. > > The biggest problem here is that RIPE claims to have a legal decision about whois access but they won't release it publicly. Nobody has provided a reason why this legal opinin has not been released to the community. > > People try to spend time attacking me and saying my comments are not constructive, etc. This is being done to divert attention from the fact that RIPE won't release the information to the community. > > RIPE needs to release this legal opinion to the community. There is no excuse for withholding it. > > Thnak You > > Mr Michele Neylon Blacknight Solutions ? Hosting & Colocation, Brand Protection ICANN Accredited Registrar http://www.blacknight.com/ http://blog.blacknight.com/ http://blacknight.biz http://mneylon.tel Intl. +353 (0) 59 9183072 US: 213-233-1612 Locall: 1850 929 929 Facebook: http://fb.me/blacknight Twitter: http://twitter.com/mneylon ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,Ireland Company No.: 370845 From chrish at consol.net Thu Mar 29 14:16:55 2012 From: chrish at consol.net (Chris) Date: Thu, 29 Mar 2012 14:16:55 +0200 Subject: [anti-abuse-wg] Enabling community self-help? In-Reply-To: References: <20120329105328.4dcceb0d@shane-eeepc.home.time-travellers.org> <4F744D05.1060306@consol.net> Message-ID: <4F7452B7.3020906@consol.net> On 03/29/2012 02:09 PM, Suresh Ramasubramanian wrote: > I am sorry but yes I do understand that difference. I do still maintain no you didn't. From ops.lists at gmail.com Thu Mar 29 14:18:25 2012 From: ops.lists at gmail.com (Suresh Ramasubramanian) Date: Thu, 29 Mar 2012 17:48:25 +0530 Subject: [anti-abuse-wg] Enabling community self-help? In-Reply-To: <4F7452B7.3020906@consol.net> References: <20120329105328.4dcceb0d@shane-eeepc.home.time-travellers.org> <4F744D05.1060306@consol.net> <4F7452B7.3020906@consol.net> Message-ID: On Thu, Mar 29, 2012 at 5:46 PM, Chris wrote: > On 03/29/2012 02:09 PM, Suresh Ramasubramanian wrote: > > I am sorry but yes I do understand that difference. I do still maintain > > no you didn't. "he said, she said" etc. Am I blaming RIPE rather than RIPE NCC for being slack in their IP allocation policies by any chance? -- Suresh Ramasubramanian (ops.lists at gmail.com) -------------- next part -------------- An HTML attachment was scrubbed... URL: From russ at consumer.net Thu Mar 29 14:26:34 2012 From: russ at consumer.net (russ at consumer.net) Date: Thu, 29 Mar 2012 08:26:34 -0400 Subject: [anti-abuse-wg] whois 5C's In-Reply-To: References: <20120309084615.33fecc96@shane-desktop> <4F59FDA4.8060400@consumer.net> <4F5A031C.40006@blacknight.com> <4F5A0F43.3030900@consumer.net> <4F5A492B.80805@consumer.net> <4F745150.1030009@consumer.net> Message-ID: <4F7454FA.4030803@consumer.net> >There's rather a big difference between access to bulk whois data of any sort for security or other "internet community" related, NON COMMERCIAL purposes, versus bulk whois data to run a >commercial service. Once the information is publicly available you cannot control how it is used. Trying to control how it is used is a pointless exercise. Further, restricting the data for marketing purposes also restricts its use for security purposes as well. It boild down to restricting the data based on wheher you like what the person is doing and not whether it is legal or not. Commercial purposes are legal and without them people would not have jobs. Most security companies are also commercial. Something like Spamhaus sell services so are they a security purpose or commercial purposes? The problem is that people in the abuse community simply say the issue is black and white and they disregard the needs of users based on their own feelings about how the world should be. Their experience on the Internet is often limited to a small number of administrators and technical types and not the general user. In fact these type of people often have disdain for the average Internet user as can often be seen here by all the childish "attack" posts when someone posts something they don't like or when someone is uniformed. Most Internet users are uninformed about many issues but you cannot simply disregard them because of this. The abuse people often come off as a bunch of teenagers sitting around insulting everyone who walks by. I noticed you did not address RIPE releasing the legal opinions they have. Thank You From russ at consumer.net Thu Mar 29 14:38:44 2012 From: russ at consumer.net (russ at consumer.net) Date: Thu, 29 Mar 2012 08:38:44 -0400 Subject: [anti-abuse-wg] whois 5C's In-Reply-To: <373B86A1-3820-4321-8DB5-DF6379EC133F@blacknight.ie> References: <20120309084615.33fecc96@shane-desktop> <4F59FDA4.8060400@consumer.net> <4F5A031C.40006@blacknight.com> <4F5A0F43.3030900@consumer.net> <4F5A492B.80805@consumer.net> <4F745150.1030009@consumer.net> <373B86A1-3820-4321-8DB5-DF6379EC133F@blacknight.ie> Message-ID: <4F7457D4.6020601@consumer.net> >Russ First of all the SOCA 5 Cs document has absolutely nothing to do with WHOIS access or display. >It's to with whois data validation and verification. It's also not even about IP address space and was >actually aimed at domain names. With regard to your comments I have never had any issue accessing >any whois data for the RIPE region (or any other region for that matter) If law enforcement or anyone >else who was not using the data for commercial gain was having issues then I'm sure that it would be >addressed. The point is if you cannot access the data it does not matter if it is verified so it is interrelated. When you do a security check it is prudent to check the IP address as well as the domain so access to the vagarious whois databases (domains and IP's) is interrelated. May people are complaining about RIPE whois access as well as access to many domain registrars. You are not the only person using the Internet but your attitude is common among self-proclaimed abuse experts. The only thing that matters is their person experience and not the many millions of Internet users. You personally sit on some of these ICANN whois committees and it is clear you are not considering all the relevant issues (see my ICANN comments to the whois and fake renewal committees). The point is that a small group of people with limited experience sit on all these committees and most users are locked out of the process and people like you go around ridiculing people and trying to get them to drop out of the process. The issue has not fully been addressed because RIPE will not release the legal opinions related to whois access (something you go out of your way to avoid addressing). Thank You From gert at space.net Thu Mar 29 14:40:52 2012 From: gert at space.net (Gert Doering) Date: Thu, 29 Mar 2012 14:40:52 +0200 Subject: [anti-abuse-wg] Enabling community self-help? In-Reply-To: References: <20120329105328.4dcceb0d@shane-eeepc.home.time-travellers.org> <4F744D05.1060306@consol.net> Message-ID: <20120329124052.GQ84425@Space.Net> Hi, On Thu, Mar 29, 2012 at 05:39:31PM +0530, Suresh Ramasubramanian wrote: > That quote about "the police COULD HAVE VIEWED giving RBN an LIR status and > lots of IP space as a money laundering offense" is entirely correct. In This is complete bullshit. You don't commit a "money laundering offense" by selling bread to a criminal either. Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (89) 32356-444 USt-IdNr.: DE813185279 From ops.lists at gmail.com Thu Mar 29 14:46:25 2012 From: ops.lists at gmail.com (Suresh Ramasubramanian) Date: Thu, 29 Mar 2012 18:16:25 +0530 Subject: [anti-abuse-wg] Enabling community self-help? In-Reply-To: <20120329124052.GQ84425@Space.Net> References: <20120329105328.4dcceb0d@shane-eeepc.home.time-travellers.org> <4F744D05.1060306@consol.net> <20120329124052.GQ84425@Space.Net> Message-ID: Not bread to a criminal. Supplying him money on the other hand? On Thu, Mar 29, 2012 at 6:10 PM, Gert Doering wrote: > > > On Thu, Mar 29, 2012 at 05:39:31PM +0530, Suresh Ramasubramanian wrote: > > That quote about "the police COULD HAVE VIEWED giving RBN an LIR status > and > > lots of IP space as a money laundering offense" is entirely correct. In > > This is complete bullshit. You don't commit a "money laundering offense" > by selling bread to a criminal either. -- Suresh Ramasubramanian (ops.lists at gmail.com) -------------- next part -------------- An HTML attachment was scrubbed... URL: From gert at space.net Thu Mar 29 14:50:49 2012 From: gert at space.net (Gert Doering) Date: Thu, 29 Mar 2012 14:50:49 +0200 Subject: [anti-abuse-wg] Enabling community self-help? In-Reply-To: References: <20120329105328.4dcceb0d@shane-eeepc.home.time-travellers.org> <4F744D05.1060306@consol.net> <20120329124052.GQ84425@Space.Net> Message-ID: <20120329125049.GR84425@Space.Net> Hi, On Thu, Mar 29, 2012 at 06:16:25PM +0530, Suresh Ramasubramanian wrote: > Not bread to a criminal. Supplying him money on the other hand? Money was flowing from the alleged criminals *to* the RIPE NCC. Is "providing resources in exchange for money" considered "money laundering" these days? And why is an IP address range different from a loaf of bread, or a leased car? Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (89) 32356-444 USt-IdNr.: DE813185279 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 306 bytes Desc: not available URL: From michele at blacknight.ie Thu Mar 29 14:51:42 2012 From: michele at blacknight.ie (Michele Neylon :: Blacknight) Date: Thu, 29 Mar 2012 12:51:42 +0000 Subject: [anti-abuse-wg] whois 5C's In-Reply-To: <4F7457D4.6020601@consumer.net> References: <20120309084615.33fecc96@shane-desktop> <4F59FDA4.8060400@consumer.net> <4F5A031C.40006@blacknight.com> <4F5A0F43.3030900@consumer.net> <4F5A492B.80805@consumer.net> <4F745150.1030009@consumer.net> <373B86A1-3820-4321-8DB5-DF6379EC133F@blacknight.ie> <4F7457D4.6020601@consumer.net> Message-ID: <8AF56924-F9BC-49DA-8D96-5AEBB33F4F54@blacknight.ie> Russ Reading your emails makes me think of this: "I learned long ago, never to wrestle with a pig. You get dirty, and besides, the pig likes it." (George Bernard Shaw) On 29 Mar 2012, at 13:38, russ at consumer.net wrote: > > > May people are complaining about RIPE whois access Who? > as well as access to many domain registrars Who? If you're going to make claims then you need to be able to back them up with evidence. > . You are not the only person using the Internet but your attitude is common among self-proclaimed abuse experts. What exactly is my supposed attitude? And I've never proclaimed myself to be anything - at least I don't recall doing so > The only thing that matters is their person experience and not the many millions of Internet users. There's nothing to stop you, or anyone else, from joining ICANN working groups > You personally sit on some of these ICANN whois committees No I don't I'm involved in several ICANN working groups, but I'm not involved in any dealing with WHOIS. > and it is clear you are not considering all the relevant issues (see my ICANN comments to the whois and fake renewal committees I did and they were completely irrelevant, as you used the ICANN public comments to complain about something related to your experiences with RIPE. > ). The point is that a small group of people with limited experience sit on all these committees Really? Is that based on fact or just your opinion? > and most users are locked out of the process How are people "locked out"? When was the last time you tried to join an ICANN working group? > and people like you go around ridiculing people That's borderline defamatory and if nothing else quite insulting > and trying to get them to drop out of the process. Again - defamatory > > The issue has not fully been addressed because RIPE will not release the legal opinions related to whois access (something you go out of your way to avoid addressing). Last time I checked I don't work for RIPE > > Thank You > > Regards Michele Mr Michele Neylon Blacknight Solutions ? Hosting & Colocation, Brand Protection ICANN Accredited Registrar http://www.blacknight.com/ http://blog.blacknight.com/ http://blacknight.biz http://mneylon.tel Intl. +353 (0) 59 9183072 US: 213-233-1612 Locall: 1850 929 929 Facebook: http://fb.me/blacknight Twitter: http://twitter.com/mneylon ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,Ireland Company No.: 370845 From russ at consumer.net Thu Mar 29 15:19:49 2012 From: russ at consumer.net (russ at consumer.net) Date: Thu, 29 Mar 2012 09:19:49 -0400 Subject: [anti-abuse-wg] whois 5C's In-Reply-To: <8AF56924-F9BC-49DA-8D96-5AEBB33F4F54@blacknight.ie> References: <20120309084615.33fecc96@shane-desktop> <4F59FDA4.8060400@consumer.net> <4F5A031C.40006@blacknight.com> <4F5A0F43.3030900@consumer.net> <4F5A492B.80805@consumer.net> <4F745150.1030009@consumer.net> <373B86A1-3820-4321-8DB5-DF6379EC133F@blacknight.ie> <4F7457D4.6020601@consumer.net> <8AF56924-F9BC-49DA-8D96-5AEBB33F4F54@blacknight.ie> Message-ID: <4F746175.5000007@consumer.net> >Reading your emails makes me think ... Wrong, you don't think. You just post childish remarks and your attitude is that of a know-nothing teenager. It is funny how you keep claiming you don't about things you already commented on and I already addressed. All you do is make childish comments and idiotic statements in order to try to ridicule me in front of your friends. This happens every day in high schools all around the world. You can just keep going on claiming everything you don't agree with is "unproven" while you repeat idiotic statements over and over again without ever addressing the relevant issues. BTW - the committee you were on about fake renewal notices is related to whois because that is where they get the data to send the notices. There were several deficiencies in the report of that group and I explained that in my comments. Maybe you should try getting some type of certification such as a CISSP before you get on these committees so you will have at least some idea of how to relate legal issues to technical issues. Thank You From russ at consumer.net Thu Mar 29 15:35:37 2012 From: russ at consumer.net (russ at consumer.net) Date: Thu, 29 Mar 2012 09:35:37 -0400 Subject: [anti-abuse-wg] whois 5C's In-Reply-To: <4F746175.5000007@consumer.net> References: <20120309084615.33fecc96@shane-desktop> <4F59FDA4.8060400@consumer.net> <4F5A031C.40006@blacknight.com> <4F5A0F43.3030900@consumer.net> <4F5A492B.80805@consumer.net> <4F745150.1030009@consumer.net> <373B86A1-3820-4321-8DB5-DF6379EC133F@blacknight.ie> <4F7457D4.6020601@consumer.net> <8AF56924-F9BC-49DA-8D96-5AEBB33F4F54@blacknight.ie> <4F746175.5000007@consumer.net> Message-ID: <4F746529.7070305@consumer.net> BTW - I was on an ICANN committe some years ago. I was on the Intellectual Property Constituency for short time many years ago. I was the only non-lawyer (my degrees are in physics and com sci) in the group and I gave them some needed technical information and I saw intellectual property issues from a different perspective than what I had seen before. thank you From alex.everett at unc.edu Thu Mar 29 15:38:48 2012 From: alex.everett at unc.edu (Everett, Alex D) Date: Thu, 29 Mar 2012 13:38:48 +0000 Subject: [anti-abuse-wg] Contact for 91.211.88.29 Message-ID: All: I joined this group as some percentage of the time (30% or so) I am unable to contact an organization to report abuse. I feel that if we see a problem, it behooves us to reach out and let others know. I know that when my organization is hosting malicious content, we want to know. What prompted me to join was this issue occurring multiple times, sending emails to abuse at ripe.net, and no resolution. The latest example was from March 15th, for a web server serving malware at 91.211.88.29. Does anyone have any way to contact this organization other than the email addresses below (which fail)? To: "noc at bigus-net.com" Cc: "constructelectro at mail.ru" Subject: Abuse from 91.211.88.29 Sincerely, Alex Everett, CISSP, CCNA University of North Carolina Chapel Hill, NC, USA -------------- next part -------------- An HTML attachment was scrubbed... URL: From chrish at consol.net Thu Mar 29 16:03:18 2012 From: chrish at consol.net (Chris) Date: Thu, 29 Mar 2012 16:03:18 +0200 Subject: [anti-abuse-wg] Contact for 91.211.88.29 In-Reply-To: References: Message-ID: <4F746BA6.2000204@consol.net> On 03/29/2012 03:38 PM, Everett, Alex D wrote: > I joined this group as some percentage of the time (30% or so) I am unable to contact an organization to report abuse. I feel that if we see a problem, it behooves us to reach out and let others know. I know that when my organization is hosting malicious content, we want to know. What prompted me to join was this issue occurring multiple times, sending emails to abuse at ripe.net, and no resolution. The latest example was from March 15th, for a web server serving malware at 91.211.88.29. Does anyone have any way to contact this organization other than the email addresses below (which fail)? > > To: "noc at bigus-net.com" > Cc: "constructelectro at mail.ru" > Subject: Abuse from 91.211.88.29 errm - whois says to me: "please use abuse at bigus-net.com". which also exists, btw. same is true for noc at bigus-net.com!? from the db, i see another email address that looks helpful. and there's a postal address. where do i best send reports about abuse of ripe mls from alex.everett at unc.edu? ;) From ops.lists at gmail.com Thu Mar 29 16:15:11 2012 From: ops.lists at gmail.com (Suresh Ramasubramanian) Date: Thu, 29 Mar 2012 19:45:11 +0530 Subject: [anti-abuse-wg] Contact for 91.211.88.29 In-Reply-To: <4F746BA6.2000204@consol.net> References: <4F746BA6.2000204@consol.net> Message-ID: None of those appear to exist so you might just want to ask the UNC network team to see what nullrouting that IP can accomplish On Thu, Mar 29, 2012 at 7:33 PM, Chris wrote: > > errm - whois says to me: "please use abuse at bigus-net.com". which also > exists, btw. > same is true for noc at bigus-net.com!? > from the db, i see another email address that looks helpful. > and there's a postal address. > > where do i best send reports about abuse of ripe mls from > alex.everett at unc.edu? ;) -- Suresh Ramasubramanian (ops.lists at gmail.com) -------------- next part -------------- An HTML attachment was scrubbed... URL: From chrish at consol.net Thu Mar 29 16:19:47 2012 From: chrish at consol.net (Chris) Date: Thu, 29 Mar 2012 16:19:47 +0200 Subject: [anti-abuse-wg] Contact for 91.211.88.29 In-Reply-To: References: <4F746BA6.2000204@consol.net> Message-ID: <4F746F83.1000208@consol.net> On 03/29/2012 04:15 PM, Suresh Ramasubramanian wrote: > None of those appear to exist so you might just want to ask the UNC network i just sent mail there. got queue ids back. > team to see what nullrouting that IP can accomplish that's the kind of ip-police i wish for... >;) am i supposed to contact gmail to report ripe ml abuse or can you deal with this yourself? ;) From ops.lists at gmail.com Thu Mar 29 16:21:10 2012 From: ops.lists at gmail.com (Suresh Ramasubramanian) Date: Thu, 29 Mar 2012 19:51:10 +0530 Subject: [anti-abuse-wg] Enabling community self-help? In-Reply-To: <20120329125049.GR84425@Space.Net> References: <20120329105328.4dcceb0d@shane-eeepc.home.time-travellers.org> <4F744D05.1060306@consol.net> <20120329124052.GQ84425@Space.Net> <20120329125049.GR84425@Space.Net> Message-ID: Eh. The term itself originated because capone set up a chain of laundries which earned him lots of profits, to account for all the money he was raking in from bootleg booze In any case, look at this - http://articles.latimes.com/2011/aug/25/business/la-fi-google-settlement-20110825 On Thu, Mar 29, 2012 at 6:20 PM, Gert Doering wrote: > > Money was flowing from the alleged criminals *to* the RIPE NCC. > > Is "providing resources in exchange for money" considered "money > laundering" these days? And why is an IP address range different from > a loaf of bread, or a leased car? -- Suresh Ramasubramanian (ops.lists at gmail.com) -------------- next part -------------- An HTML attachment was scrubbed... URL: From ops.lists at gmail.com Thu Mar 29 16:22:15 2012 From: ops.lists at gmail.com (Suresh Ramasubramanian) Date: Thu, 29 Mar 2012 19:52:15 +0530 Subject: [anti-abuse-wg] Contact for 91.211.88.29 In-Reply-To: <4F746F83.1000208@consol.net> References: <4F746BA6.2000204@consol.net> <4F746F83.1000208@consol.net> Message-ID: Be my guest. On Thu, Mar 29, 2012 at 7:49 PM, Chris wrote: > > that's the kind of ip-police i wish for... >;) > > am i supposed to contact gmail to report ripe ml abuse or can you deal > with this yourself? ;) -- Suresh Ramasubramanian (ops.lists at gmail.com) -------------- next part -------------- An HTML attachment was scrubbed... URL: From gert at space.net Thu Mar 29 16:28:34 2012 From: gert at space.net (Gert Doering) Date: Thu, 29 Mar 2012 16:28:34 +0200 Subject: [anti-abuse-wg] Enabling community self-help? In-Reply-To: References: <20120329105328.4dcceb0d@shane-eeepc.home.time-travellers.org> <4F744D05.1060306@consol.net> <20120329124052.GQ84425@Space.Net> <20120329125049.GR84425@Space.Net> Message-ID: <20120329142834.GW84425@Space.Net> Hi, On Thu, Mar 29, 2012 at 07:51:10PM +0530, Suresh Ramasubramanian wrote: > Eh. The term itself originated because capone set up a chain of laundries > which earned him lots of profits, to account for all the money he was > raking in from bootleg booze You missed answering my question: what makes the RIPE NCC different from any other business making deals with an alleged criminal that happens to have money from dirty sources? Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (89) 32356-444 USt-IdNr.: DE813185279 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 306 bytes Desc: not available URL: From ops.lists at gmail.com Thu Mar 29 16:34:05 2012 From: ops.lists at gmail.com (Suresh Ramasubramanian) Date: Thu, 29 Mar 2012 20:04:05 +0530 Subject: [anti-abuse-wg] Enabling community self-help? In-Reply-To: <20120329142834.GW84425@Space.Net> References: <20120329105328.4dcceb0d@shane-eeepc.home.time-travellers.org> <4F744D05.1060306@consol.net> <20120329124052.GQ84425@Space.Net> <20120329125049.GR84425@Space.Net> <20120329142834.GW84425@Space.Net> Message-ID: On Thu, Mar 29, 2012 at 7:58 PM, Gert Doering wrote: > You missed answering my question: what makes the RIPE NCC different from > any other business making deals with an alleged criminal that happens > to have money from dirty sources? Knowing that it occurs. Not taking adequate due diligence to prevent such occurance. I won't say it - but let me play devils advocate, there won't be any shortage of law enforcement saying if the circumstances are right and if the person handling the case feels it appropriate. -- Suresh Ramasubramanian (ops.lists at gmail.com) -------------- next part -------------- An HTML attachment was scrubbed... URL: From ops.lists at gmail.com Thu Mar 29 16:39:09 2012 From: ops.lists at gmail.com (Suresh Ramasubramanian) Date: Thu, 29 Mar 2012 20:09:09 +0530 Subject: [anti-abuse-wg] Enabling community self-help? In-Reply-To: References: <20120329105328.4dcceb0d@shane-eeepc.home.time-travellers.org> <4F744D05.1060306@consol.net> <20120329124052.GQ84425@Space.Net> <20120329125049.GR84425@Space.Net> <20120329142834.GW84425@Space.Net> Message-ID: On Thu, Mar 29, 2012 at 8:04 PM, Suresh Ramasubramanian wrote: > > I won't say it - but let me play devils advocate, there won't be any > shortage of law enforcement saying if the circumstances are right and if > the person handling the case feels it appropriate. At least in the UK, it is a related concept - and yes it includes money gained from theft http://en.wikipedia.org/wiki/Handling_stolen_goods#Elements_of_the_offence > Includes any proceeds of that property, including money for which it has been sold, and anything bought with those proceeds .. and this part is a bit dodgier because - yes it will depend on interpretation, and will be sufficient grounds to at least launch a prosecution, freezing of accounts while the case is in progress etc. > The situation is further complicated by the concept of recklessness or wilful blindness to the circumstances; either will be treated as a belief that the goods are stolen. Thus, *suspicion* will be converted into belief when the facts are so obvious that belief may safely be imputed -- Suresh Ramasubramanian (ops.lists at gmail.com) -------------- next part -------------- An HTML attachment was scrubbed... URL: From gert at space.net Thu Mar 29 16:40:45 2012 From: gert at space.net (Gert Doering) Date: Thu, 29 Mar 2012 16:40:45 +0200 Subject: [anti-abuse-wg] Enabling community self-help? In-Reply-To: References: <20120329105328.4dcceb0d@shane-eeepc.home.time-travellers.org> <4F744D05.1060306@consol.net> <20120329124052.GQ84425@Space.Net> <20120329125049.GR84425@Space.Net> <20120329142834.GW84425@Space.Net> Message-ID: <20120329144045.GA84425@Space.Net> Hi, On Thu, Mar 29, 2012 at 08:04:05PM +0530, Suresh Ramasubramanian wrote: > On Thu, Mar 29, 2012 at 7:58 PM, Gert Doering wrote: > > > You missed answering my question: what makes the RIPE NCC different from > > any other business making deals with an alleged criminal that happens > > to have money from dirty sources? > > Knowing that it occurs. Not taking adequate due diligence to prevent such > occurance. So selling bread to someone that you suspects might do non-lawful stuff makes yourself a villain? Sheesh, don't you see how ridiculous that claim is? Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (89) 32356-444 USt-IdNr.: DE813185279 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 306 bytes Desc: not available URL: From ops.lists at gmail.com Thu Mar 29 16:42:27 2012 From: ops.lists at gmail.com (Suresh Ramasubramanian) Date: Thu, 29 Mar 2012 20:12:27 +0530 Subject: [anti-abuse-wg] Enabling community self-help? In-Reply-To: <20120329144045.GA84425@Space.Net> References: <20120329105328.4dcceb0d@shane-eeepc.home.time-travellers.org> <4F744D05.1060306@consol.net> <20120329124052.GQ84425@Space.Net> <20120329125049.GR84425@Space.Net> <20120329142834.GW84425@Space.Net> <20120329144045.GA84425@Space.Net> Message-ID: On Thu, Mar 29, 2012 at 8:10 PM, Gert Doering wrote: > > So selling bread to someone that you suspects might do non-lawful stuff > makes yourself a villain? > > Sheesh, don't you see how ridiculous that claim is? For questions like that, you need something on dutch law and/or what dutch law enforcement will or won't do. But rest assured, you will be hard put to find a jurisdiction where a credible case can't be made out if the prosecuting officer tries to make it. -- Suresh Ramasubramanian (ops.lists at gmail.com) -------------- next part -------------- An HTML attachment was scrubbed... URL: From ops.lists at gmail.com Thu Mar 29 16:47:02 2012 From: ops.lists at gmail.com (Suresh Ramasubramanian) Date: Thu, 29 Mar 2012 20:17:02 +0530 Subject: [anti-abuse-wg] Enabling community self-help? In-Reply-To: References: <20120329105328.4dcceb0d@shane-eeepc.home.time-travellers.org> <4F744D05.1060306@consol.net> <20120329124052.GQ84425@Space.Net> <20120329125049.GR84425@Space.Net> <20120329142834.GW84425@Space.Net> <20120329144045.GA84425@Space.Net> Message-ID: And I think most countries - not sure about the netherlands - make it "know or ought to have known" Which is where due diligence, know your customer norms etc come in for bankers. On Thu, Mar 29, 2012 at 8:14 PM, Vissers, Pepijn wrote: > > There's a difference between 'knowing' and 'suspecting'. And if a > company/person knowingly facilitates crime, it could be 'complicity'. Under > circumstances. > > It's another nice busy day here @anti-abuse. -- Suresh Ramasubramanian (ops.lists at gmail.com) -------------- next part -------------- An HTML attachment was scrubbed... URL: From gert at space.net Thu Mar 29 16:49:41 2012 From: gert at space.net (Gert Doering) Date: Thu, 29 Mar 2012 16:49:41 +0200 Subject: [anti-abuse-wg] Enabling community self-help? In-Reply-To: References: <4F744D05.1060306@consol.net> <20120329124052.GQ84425@Space.Net> <20120329125049.GR84425@Space.Net> <20120329142834.GW84425@Space.Net> <20120329144045.GA84425@Space.Net> Message-ID: <20120329144941.GB84425@Space.Net> Hi, On Thu, Mar 29, 2012 at 02:44:33PM +0000, Vissers, Pepijn wrote: > > > Knowing that it occurs. Not taking adequate due diligence to prevent > > > such occurance. > > > > So selling bread to someone that you suspects might do non-lawful stuff > > makes yourself a villain? > > There's a difference between 'knowing' and 'suspecting'. And if a company/person knowingly facilitates crime, it could be 'complicity'. Under circumstances. So "selling bread to criminals" is "facilitating crime"? Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (89) 32356-444 USt-IdNr.: DE813185279 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 306 bytes Desc: not available URL: From chrish at consol.net Thu Mar 29 16:51:04 2012 From: chrish at consol.net (Chris) Date: Thu, 29 Mar 2012 16:51:04 +0200 Subject: [anti-abuse-wg] Contact for 91.211.88.29 In-Reply-To: References: <4F746BA6.2000204@consol.net> <4F746F83.1000208@consol.net> Message-ID: <4F7476D8.3010407@consol.net> On 03/29/2012 04:22 PM, Suresh Ramasubramanian wrote: > Be my guest. > > On Thu, Mar 29, 2012 at 7:49 PM, Chris wrote: >> that's the kind of ip-police i wish for... >;) >> >> am i supposed to contact gmail to report ripe ml abuse or can you deal >> with this yourself? ;) hmm - didn't work, still spam galore! what now? could the respective rir please take your ips away? From ops.lists at gmail.com Thu Mar 29 16:51:32 2012 From: ops.lists at gmail.com (Suresh Ramasubramanian) Date: Thu, 29 Mar 2012 20:21:32 +0530 Subject: [anti-abuse-wg] Enabling community self-help? In-Reply-To: <20120329144941.GB84425@Space.Net> References: <4F744D05.1060306@consol.net> <20120329124052.GQ84425@Space.Net> <20120329125049.GR84425@Space.Net> <20120329142834.GW84425@Space.Net> <20120329144045.GA84425@Space.Net> <20120329144941.GB84425@Space.Net> Message-ID: On Thu, Mar 29, 2012 at 8:19 PM, Gert Doering wrote: > > So "selling bread to criminals" is "facilitating crime"? If you can find a crime where a criminal uses a loaf of bread to commit it - yes certainly. -- Suresh Ramasubramanian (ops.lists at gmail.com) -------------- next part -------------- An HTML attachment was scrubbed... URL: From P.Vissers at opta.nl Thu Mar 29 16:52:01 2012 From: P.Vissers at opta.nl (Vissers, Pepijn) Date: Thu, 29 Mar 2012 14:52:01 +0000 Subject: [anti-abuse-wg] Enabling community self-help? In-Reply-To: <20120329144941.GB84425@Space.Net> References: <4F744D05.1060306@consol.net> <20120329124052.GQ84425@Space.Net> <20120329125049.GR84425@Space.Net> <20120329142834.GW84425@Space.Net> <20120329144045.GA84425@Space.Net> <20120329144941.GB84425@Space.Net> Message-ID: > > There's a difference between 'knowing' and 'suspecting'. And if a > company/person knowingly facilitates crime, it could be 'complicity'. > Under circumstances. > > So "selling bread to criminals" is "facilitating crime"? You pretend to miss the point. I won't feed. Have a nice afternoon all. Pepijn +++++++++++++++++++++++++++++++++++++++++++++ Disclaimer Dit e-mailbericht kan vertrouwelijke informatie bevatten of informatie die is beschermd door een beroepsgeheim. Indien dit bericht niet voor u is bestemd, wijzen wij u erop dat elke vorm van verspreiding, vermenigvuldiging of ander gebruik ervan niet is toegestaan. Indien dit bericht blijkbaar bij vergissing bij u terecht is gekomen, verzoeken wij u ons daarvan direct op de hoogte te stellen via tel.nr 070 315 3500 of e-mail mailto:mail at opta.nl en het bericht te vernietigen. Dit e-mailbericht is uitsluitend gecontroleerd op virussen. OPTA aanvaardt geen enkele aansprakelijkheid voor de feitelijke inhoud en juistheid van dit bericht en er kunnen geen rechten aan worden ontleend. This e-mail message may contain confidential information or information protected by professional privilege. If it is not intended for you, you should be aware that any distribution, copying or other form of use of this message is not permitted. If it has apparently reached you by mistake, we urge you to notify us by phone +31 70 315 3500 or e-mail mailto:mail at opta.nl and destroy the message immediately. This e-mail message has only been checked for viruses. The accuracy, relevance, timeliness or completeness of the information provided cannot be guaranteed. OPTA expressly disclaims any responsibility in relation to the information in this e-mail message. No rights can be derived from this message. From ops.lists at gmail.com Thu Mar 29 16:53:53 2012 From: ops.lists at gmail.com (Suresh Ramasubramanian) Date: Thu, 29 Mar 2012 20:23:53 +0530 Subject: [anti-abuse-wg] Enabling community self-help? In-Reply-To: References: <4F744D05.1060306@consol.net> <20120329124052.GQ84425@Space.Net> <20120329125049.GR84425@Space.Net> <20120329142834.GW84425@Space.Net> <20120329144045.GA84425@Space.Net> <20120329144941.GB84425@Space.Net> Message-ID: On Thu, Mar 29, 2012 at 8:22 PM, Vissers, Pepijn wrote: > > > So "selling bread to criminals" is "facilitating crime"? > > You pretend to miss the point. I won't feed. > > Have a nice afternoon all. and do remember, Gert, "dont want to know" aka "we are not the internet police" != "don't know" or "couldn't possibly know". -- Suresh Ramasubramanian (ops.lists at gmail.com) -------------- next part -------------- An HTML attachment was scrubbed... URL: From gert at space.net Thu Mar 29 16:58:05 2012 From: gert at space.net (Gert Doering) Date: Thu, 29 Mar 2012 16:58:05 +0200 Subject: [anti-abuse-wg] Enabling community self-help? In-Reply-To: References: <20120329124052.GQ84425@Space.Net> <20120329125049.GR84425@Space.Net> <20120329142834.GW84425@Space.Net> <20120329144045.GA84425@Space.Net> <20120329144941.GB84425@Space.Net> Message-ID: <20120329145805.GC84425@Space.Net> Hi, On Thu, Mar 29, 2012 at 02:52:01PM +0000, Vissers, Pepijn wrote: > > > There's a difference between 'knowing' and 'suspecting'. And if a > > company/person knowingly facilitates crime, it could be 'complicity'. > > Under circumstances. > > > > So "selling bread to criminals" is "facilitating crime"? > > You pretend to miss the point. I won't feed. Actually I'm dead serious, and I suspect Suresh is missing the point. I consider the original claim to be completely ridiculous, and I'm trying to find analogies that make this obvious. Or, let's phrase it differently. What do you expect the RIPE NCC to *do* upon registration of a new LIR, if you all think that "check their company registration papers with the company register to see that this is a company in good standing in their home country" is not enough? Requiring the RIPE NCC to get a full police background check on the persons listed as contact persons will cause a massive uproar - and not solve anything either. So: what should the NCC do, to avoid being a "partner in crime"? As long as a prospective LIR and their owners have not actually done anything illegal (as in "have been convicted by proper legal processes" not in "Suresh doesn't like what they are doing"), it's a bit hard to find reasons in the legal framework of the EU to deny them membership and IP addresses. Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (89) 32356-444 USt-IdNr.: DE813185279 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 306 bytes Desc: not available URL: From ops.lists at gmail.com Thu Mar 29 16:59:47 2012 From: ops.lists at gmail.com (Suresh Ramasubramanian) Date: Thu, 29 Mar 2012 20:29:47 +0530 Subject: [anti-abuse-wg] Enabling community self-help? In-Reply-To: <20120329145805.GC84425@Space.Net> References: <20120329124052.GQ84425@Space.Net> <20120329125049.GR84425@Space.Net> <20120329142834.GW84425@Space.Net> <20120329144045.GA84425@Space.Net> <20120329144941.GB84425@Space.Net> <20120329145805.GC84425@Space.Net> Message-ID: Does the SOCA 5C model fail to meet your requirements for IP whois compared to domain whois? On Thu, Mar 29, 2012 at 8:28 PM, Gert Doering wrote: > > > Or, let's phrase it differently. What do you expect the RIPE NCC to *do* > upon registration of a new LIR, if you all think that "check their company > registration papers with the company register to see that this is a > company in good standing in their home country" is not enough? > -- Suresh Ramasubramanian (ops.lists at gmail.com) -------------- next part -------------- An HTML attachment was scrubbed... URL: From P.Vissers at opta.nl Thu Mar 29 16:44:33 2012 From: P.Vissers at opta.nl (Vissers, Pepijn) Date: Thu, 29 Mar 2012 14:44:33 +0000 Subject: [anti-abuse-wg] Enabling community self-help? In-Reply-To: <20120329144045.GA84425@Space.Net> References: <20120329105328.4dcceb0d@shane-eeepc.home.time-travellers.org> <4F744D05.1060306@consol.net> <20120329124052.GQ84425@Space.Net> <20120329125049.GR84425@Space.Net> <20120329142834.GW84425@Space.Net> <20120329144045.GA84425@Space.Net> Message-ID: > > Knowing that it occurs. Not taking adequate due diligence to prevent > > such occurance. > > So selling bread to someone that you suspects might do non-lawful stuff > makes yourself a villain? There's a difference between 'knowing' and 'suspecting'. And if a company/person knowingly facilitates crime, it could be 'complicity'. Under circumstances. It's another nice busy day here @anti-abuse. +++++++++++++++++++++++++++++++++++++++++++++ Disclaimer Dit e-mailbericht kan vertrouwelijke informatie bevatten of informatie die is beschermd door een beroepsgeheim. Indien dit bericht niet voor u is bestemd, wijzen wij u erop dat elke vorm van verspreiding, vermenigvuldiging of ander gebruik ervan niet is toegestaan. Indien dit bericht blijkbaar bij vergissing bij u terecht is gekomen, verzoeken wij u ons daarvan direct op de hoogte te stellen via tel.nr 070 315 3500 of e-mail mailto:mail at opta.nl en het bericht te vernietigen. Dit e-mailbericht is uitsluitend gecontroleerd op virussen. OPTA aanvaardt geen enkele aansprakelijkheid voor de feitelijke inhoud en juistheid van dit bericht en er kunnen geen rechten aan worden ontleend. This e-mail message may contain confidential information or information protected by professional privilege. If it is not intended for you, you should be aware that any distribution, copying or other form of use of this message is not permitted. If it has apparently reached you by mistake, we urge you to notify us by phone +31 70 315 3500 or e-mail mailto:mail at opta.nl and destroy the message immediately. This e-mail message has only been checked for viruses. The accuracy, relevance, timeliness or completeness of the information provided cannot be guaranteed. OPTA expressly disclaims any responsibility in relation to the information in this e-mail message. No rights can be derived from this message. From gert at space.net Thu Mar 29 17:02:06 2012 From: gert at space.net (Gert Doering) Date: Thu, 29 Mar 2012 17:02:06 +0200 Subject: [anti-abuse-wg] Enabling community self-help? In-Reply-To: References: <20120329125049.GR84425@Space.Net> <20120329142834.GW84425@Space.Net> <20120329144045.GA84425@Space.Net> <20120329144941.GB84425@Space.Net> <20120329145805.GC84425@Space.Net> Message-ID: <20120329150206.GD84425@Space.Net> Hi, On Thu, Mar 29, 2012 at 08:29:47PM +0530, Suresh Ramasubramanian wrote: > Does the SOCA 5C model fail to meet your requirements for IP whois compared > to domain whois? *My* requirements are already met. *If* the legal authorities in a given country convict the owners of a LIR, the RIPE NCC will take the resources away. This is good enough for me, and this is how *law* works in the EU. You seem to require something else. Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (89) 32356-444 USt-IdNr.: DE813185279 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 306 bytes Desc: not available URL: From joe at oregon.uoregon.edu Thu Mar 29 15:56:35 2012 From: joe at oregon.uoregon.edu (Joe St Sauver) Date: Thu, 29 Mar 2012 06:56:35 -0700 (PDT) Subject: [anti-abuse-wg] National PSDN "UZPAK" Message-ID: <12032906563541_B3@oregon.uoregon.edu> Fearghas commented: #You miss the point - there are many different kinds of commercial organisation #structures that are not Limited/PLC/Limited by Guarantee companies that can #hold LIR assets and be members. Why should I be a Limited/PLC/Limited by #Guarantee company just to hold LIR membership or an ASN/PA/PI/etc space ? There is precedent for the legal organization of an entity to be scrutinized as part of the process of trusting that entity. One example that comes to mind is the vetting that takes place for Extended Validation SSL certificates under norms established by the Certificate and Browser Forum, see: http://www.cabforum.org/vetting.html Or consider requests for proposal that may require prequalification of potential bidders as responsible bidders able to actually undertake and complete the work that's being bid -- again, that sort of vetting is often far easier for a corporation than for a sole proprietorship or a partnership, etc. Public corporations have important properties that typically include transparency, verifiability, and accountability, although obviously we can all find counter examples from recent practice in any given economy :-; Regards, Joe From ops.lists at gmail.com Thu Mar 29 17:26:49 2012 From: ops.lists at gmail.com (Suresh Ramasubramanian) Date: Thu, 29 Mar 2012 20:56:49 +0530 Subject: [anti-abuse-wg] Enabling community self-help? In-Reply-To: <20120329150206.GD84425@Space.Net> References: <20120329125049.GR84425@Space.Net> <20120329142834.GW84425@Space.Net> <20120329144045.GA84425@Space.Net> <20120329144941.GB84425@Space.Net> <20120329145805.GC84425@Space.Net> <20120329150206.GD84425@Space.Net> Message-ID: On Thu, Mar 29, 2012 at 8:32 PM, Gert Doering wrote: > > *My* requirements are already met. *If* the legal authorities in a given > country convict the owners of a LIR, the RIPE NCC will take the resources > away. This is good enough for me, and this is how *law* works in the EU. > > You seem to require something else. This ignores, for example, that there are several jurisdictions where for various reasons a conviction is hard or impossible for reasons such as - All the illegal actions (whatever they are) are committed against citizens of other countries Inadequate laws in the country where the criminal is based Lack of mutual legal assistance etc treaties with a country where law enforcement is interested + has victims seeking redress Possible bribery of local police and judiciary by the criminals .. etc .. -- Suresh Ramasubramanian (ops.lists at gmail.com) -------------- next part -------------- An HTML attachment was scrubbed... URL: From joe at oregon.uoregon.edu Thu Mar 29 15:51:34 2012 From: joe at oregon.uoregon.edu (Joe St Sauver) Date: Thu, 29 Mar 2012 06:51:34 -0700 (PDT) Subject: [anti-abuse-wg] Enabling community self-help? Message-ID: <12032906513394_B3@oregon.uoregon.edu> Suresh commented: #Eh. The term itself originated because capone set up a chain of laundries #which earned him lots of profits, to account for all the money he was #raking in from bootleg booze If folks want to understand the topic of modern money laundering, by far the best publicly available treatment of this topic that I've seen is the 2005 US Money Laundering Threat Assessment, 81 pages, available online at http://www.treasury.gov/resource-center/terrorist-illicit-finance/Documents/mlta.pdf Regards, Joe From fearghas at gmail.com Thu Mar 29 17:50:46 2012 From: fearghas at gmail.com (Fearghas McKay) Date: Thu, 29 Mar 2012 16:50:46 +0100 Subject: [anti-abuse-wg] National PSDN "UZPAK" In-Reply-To: <12032906563541_B3@oregon.uoregon.edu> References: <12032906563541_B3@oregon.uoregon.edu> Message-ID: On 29 Mar 2012, at 14:56, Joe St Sauver wrote: > Public corporations have important properties that typically include > transparency, verifiability, and accountability, although obviously we can > all find counter examples from recent practice in any given economy :-; sure but not all companies at Companies House are public, or that transparent. I am not arguing against corporate vehicles - merely saying that only some in the UK use Companies House as their registry so it is hardly surprising that it is not the definitive source of knowledge. f From russ at consumer.net Thu Mar 29 18:07:00 2012 From: russ at consumer.net (russ at consumer.net) Date: Thu, 29 Mar 2012 12:07:00 -0400 Subject: [anti-abuse-wg] Contact for 91.211.88.29 In-Reply-To: <4F746BA6.2000204@consol.net> References: <4F746BA6.2000204@consol.net> Message-ID: <4F7488A4.2070402@consumer.net> >where do i best send reports about abuse of ripe mls from alex.everett at unc.edu? ;) Go upstairs and bring the report to your Mom. From russ at consumer.net Thu Mar 29 18:10:51 2012 From: russ at consumer.net (russ at consumer.net) Date: Thu, 29 Mar 2012 12:10:51 -0400 Subject: [anti-abuse-wg] Enabling community self-help? In-Reply-To: <20120329142834.GW84425@Space.Net> References: <20120329105328.4dcceb0d@shane-eeepc.home.time-travellers.org> <4F744D05.1060306@consol.net> <20120329124052.GQ84425@Space.Net> <20120329125049.GR84425@Space.Net> <20120329142834.GW84425@Space.Net> Message-ID: <4F74898B.8080100@consumer.net> > what makes the RIPE NCC different from any other business making deals with an alleged criminal that >happens to have money from dirty sources? Gert Doering -- NetMaster There is no restriction on a business doing business with alleged criminals and there is no definition of "dirty sources" so there is no restriction there either. What is normally done in those situations is that court order is obtained if there are illegal activities. From kjz at gmx.net Thu Mar 29 18:11:05 2012 From: kjz at gmx.net (Karl-Josef Ziegler) Date: Thu, 29 Mar 2012 18:11:05 +0200 Subject: [anti-abuse-wg] anti-abuse-wg Digest, Vol 7, Issue 18 In-Reply-To: References: Message-ID: <4F748999.7090605@gmx.net> > You seem to require something else. Maybe, some sort of 'Criminal Records Bureau check'? Best regards, - Karl-Josef Ziegler From brian.nisbet at heanet.ie Thu Mar 29 18:24:19 2012 From: brian.nisbet at heanet.ie (Brian Nisbet) Date: Thu, 29 Mar 2012 17:24:19 +0100 Subject: [anti-abuse-wg] List Behaviour & Tone Message-ID: <4F748CB3.8090002@heanet.ie> Folks, Can I please remind you that there is no place on this list for ad hominem attacks. There has been a veering today towards very impolite behaviour and it hasn't been all that long since I'd last sent a mail about this. If you have a disagreement with someone, please express it in a polite and reasoned manner, as the vast majority of people here do. Brian. From gert at space.net Thu Mar 29 19:31:16 2012 From: gert at space.net (Gert Doering) Date: Thu, 29 Mar 2012 19:31:16 +0200 Subject: [anti-abuse-wg] Enabling community self-help? In-Reply-To: References: <20120329142834.GW84425@Space.Net> <20120329144045.GA84425@Space.Net> <20120329144941.GB84425@Space.Net> <20120329145805.GC84425@Space.Net> <20120329150206.GD84425@Space.Net> Message-ID: <20120329173116.GF84425@Space.Net> Hi, On Thu, Mar 29, 2012 at 08:56:49PM +0530, Suresh Ramasubramanian wrote: > > *My* requirements are already met. *If* the legal authorities in a given > > country convict the owners of a LIR, the RIPE NCC will take the resources > > away. This is good enough for me, and this is how *law* works in the EU. > > > > You seem to require something else. > > > This ignores, for example, that there are several jurisdictions where for > various reasons a conviction is hard or impossible for reasons such as - > > All the illegal actions (whatever they are) are committed against citizens > of other countries > Inadequate laws in the country where the criminal is based > Lack of mutual legal assistance etc treaties with a country where law > enforcement is interested + has victims seeking redress > Possible bribery of local police and judiciary by the criminals Yes, I understand that. But what's the consequence? What other legal system can we use, if not either the legal system valid in the country a LIR is located, or something like "international maritine law" (which doesn't particularily help here). There is no Internet Law yet that we could use to decide upon someone's "badness". Yelling at the RIPE NCC's refusal to become the Internet Police based on something that's outside the existing legal system is not really helping. To come back to your example: if you think that a specific country, let's call it ".xx", is not up to your legal standards and there is no goodness coming from there - well, filter all networks registered to .xx LIRs in your routers. That will keep the badness out of your network, and if the pressure becomes too high, something *will* change in that country. Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (89) 32356-444 USt-IdNr.: DE813185279 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 306 bytes Desc: not available URL: From ops.lists at gmail.com Thu Mar 29 19:33:36 2012 From: ops.lists at gmail.com (Suresh Ramasubramanian) Date: Thu, 29 Mar 2012 23:03:36 +0530 Subject: [anti-abuse-wg] Enabling community self-help? In-Reply-To: <20120329173116.GF84425@Space.Net> References: <20120329142834.GW84425@Space.Net> <20120329144045.GA84425@Space.Net> <20120329144941.GB84425@Space.Net> <20120329145805.GC84425@Space.Net> <20120329150206.GD84425@Space.Net> <20120329173116.GF84425@Space.Net> Message-ID: Due diligence to know your customer norms accepted in most if not all the service provider industry is not "internet policing" and I'm certainly not going to block a country at my border routers. On Thu, Mar 29, 2012 at 11:01 PM, Gert Doering wrote: > > Yelling at the RIPE NCC's refusal to become the Internet Police based > on something that's outside the existing legal system is not really > helping. -- Suresh Ramasubramanian (ops.lists at gmail.com) -------------- next part -------------- An HTML attachment was scrubbed... URL: From gert at space.net Thu Mar 29 19:41:47 2012 From: gert at space.net (Gert Doering) Date: Thu, 29 Mar 2012 19:41:47 +0200 Subject: [anti-abuse-wg] Enabling community self-help? In-Reply-To: References: <20120329144045.GA84425@Space.Net> <20120329144941.GB84425@Space.Net> <20120329145805.GC84425@Space.Net> <20120329150206.GD84425@Space.Net> <20120329173116.GF84425@Space.Net> Message-ID: <20120329174147.GG84425@Space.Net> Hi, On Thu, Mar 29, 2012 at 11:03:36PM +0530, Suresh Ramasubramanian wrote: > Due diligence to know your customer norms accepted in most if not all the > service provider industry is not "internet policing" and I'm certainly not > going to block a country at my border routers. If the customer is not doing anything illegal, their papers are in order (contracts on paper arrive at the address given, and come back with a signature), and they are paying their fees, what else do you want to see for due diligence? So what? Not accept customers/members because they don't wash, and smell bad? I wonder when someone will show up and demands to reject LIRs that host content for adult entertainment... because that's illegal in some states in the world. Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (89) 32356-444 USt-IdNr.: DE813185279 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 306 bytes Desc: not available URL: From ops.lists at gmail.com Thu Mar 29 20:03:15 2012 From: ops.lists at gmail.com (Suresh Ramasubramanian) Date: Thu, 29 Mar 2012 23:33:15 +0530 Subject: [anti-abuse-wg] Enabling community self-help? In-Reply-To: <20120329174147.GG84425@Space.Net> References: <20120329144045.GA84425@Space.Net> <20120329144941.GB84425@Space.Net> <20120329145805.GC84425@Space.Net> <20120329150206.GD84425@Space.Net> <20120329173116.GF84425@Space.Net> <20120329174147.GG84425@Space.Net> Message-ID: The swiss ccTLD seems to have things set up just right - and I would be interested to find out if you think they're in breach of any european law for doing what RIPE NCC appears to steadfastly refuse to do. https://www.nic.ch/reg/cm/wcm-page/index.html?res=EF6GW2JBPVTG67DLNIQXU234MN6SC33JNQQGI7L6#a323 2.5 Duty of data maintenance The holder is responsible for ensuring that all the data of domain names registered for the holder and recorded by SWITCH in the database, such as the data of the contact persons and technical details of the domain name, are kept up-to-date, complete and correct for the entire term of registration. For SWITCH, only the respective data registered in its database are authoritative. SWITCH is not obliged to take note of data communicated other than via www.nic.ch or the interface or to itself conduct research into the accuracy of these data. If the data prove to be incomplete, inaccurate or not up-to-date, particularly with regard to references to a third party, and if as a result the identity of the holder can be determined only at disproportionate time and effort or if messages to the holder and/or the billing contact are undeliverable, SWITCH is entitled to revoke this holder's domain name. 2.6 Holder's correspondence address SWITCH may demand that the holder of a domain name without a correspondence address in Switzerland for .ch domain names, or in Liechtenstein for .li domain names, supply such an address within 30 calendar days upon a demand to this effect from a Swiss authority for .ch or the Liechtenstein Office of Telecommunications (AK) for .li. Should the holder fail to supply any address or fail to supply a valid and correct correspondence address in Switzerland or Liechtenstein within this deadline, SWITCH will revoke his domain name. *3.2.3* *Temporary blocking of domain names and/or deletion of the name server assignment* b) Blocking of a domain name on suspicion of abuse If there is a justified suspicion that the domain name is being used to obtain sensitive data by wrongful means or to disseminate harmful software (malicious code), SWITCH may delete the name server assignment to a domain name and block it for five days. SWITCH is obliged to block a domain name for 30 days if an application to this effect is made by an agency appropriately recognised by the Swiss Federal Office of Communications (OFCOM). The holder may demand a contestable order against the block from the Federal Office of Police (FEDPOL) within 30 days of its commencement. Otherwise, the further procedure and process is governed by the relevant provisions of the Ordinance on Addressing Resources in the Telecommunications Sector (OARTS). On Thu, Mar 29, 2012 at 11:11 PM, Gert Doering wrote: > > If the customer is not doing anything illegal, their papers are in order > (contracts on paper arrive at the address given, and come back with > a signature), and they are paying their fees, what else do you want to > see for due diligence? -- Suresh Ramasubramanian (ops.lists at gmail.com) -------------- next part -------------- An HTML attachment was scrubbed... URL: From fw at deneb.enyo.de Thu Mar 29 21:34:44 2012 From: fw at deneb.enyo.de (Florian Weimer) Date: Thu, 29 Mar 2012 21:34:44 +0200 Subject: [anti-abuse-wg] Enabling community self-help? In-Reply-To: <20120329105328.4dcceb0d@shane-eeepc.home.time-travellers.org> (Shane Kerr's message of "Thu, 29 Mar 2012 10:53:28 +0200") References: <20120329105328.4dcceb0d@shane-eeepc.home.time-travellers.org> Message-ID: <878vijmca3.fsf@mid.deneb.enyo.de> * Shane Kerr: > Contrariwise, the RIPE NCC is unable to unwilling to change its role > from a fundamentally administrative to one that involves setting > network usage policies. Certain network usage policies. They do seem to care if you use IPv6 PI space to connect customers. 8-) > Plus it is hard to get the RIPE NCC membership to support mechanisms > which cost them money and limit their freedoms. Is it? As a first approximation, RIPE NCC only executes the policies set by the RIPE community. Their function is mostly bureaucratic, so as an organization, RIPE NCC inevitably has a tendency to acquire additional responsibilities, diversify and grow. This is especially important because we're approaching the end of address scarcity. > On the 3rd hand, some people in the RIPE community (including me) > also feel that it is very, very difficult to define what the required > actions would be in the case of reported abuse. This reporting > mechanism itself might indeed be a source of abuse (rivalries between > companies could be fought by each accusing the other of hosting > criminal activity). Yes, that's certainly a problem. > Maybe it makes sense to make something like a web forum for each > allocated resource, or perhaps for the organization responsible for > each. We'd have to find someone host such a site in the U.S. because otherwise, the hoster will be responsible for such user-generated content. There are also privacy issues. Alternatively, with heavy moderation, the net result would not be that much different from Spamhaus' ROKSO list, would it? From heather.skanks at gmail.com Thu Mar 29 21:28:58 2012 From: heather.skanks at gmail.com (Heather Schiller) Date: Thu, 29 Mar 2012 15:28:58 -0400 Subject: [anti-abuse-wg] Enabling community self-help? In-Reply-To: <20120329142834.GW84425@Space.Net> References: <20120329105328.4dcceb0d@shane-eeepc.home.time-travellers.org> <4F744D05.1060306@consol.net> <20120329124052.GQ84425@Space.Net> <20120329125049.GR84425@Space.Net> <20120329142834.GW84425@Space.Net> Message-ID: The resource that RIPE NCC is provides (in exchange for money) directly enables them to commit their crime.. and worse provides them some amount of cover for it. --heather On Thu, Mar 29, 2012 at 10:28 AM, Gert Doering wrote: > Hi, > > On Thu, Mar 29, 2012 at 07:51:10PM +0530, Suresh Ramasubramanian wrote: >> Eh. The term itself originated because capone set up a chain of laundries >> which earned him lots of profits, to account for all the money he was >> raking in from bootleg booze > > You missed answering my question: what makes the RIPE NCC different from > any other business making deals with an alleged criminal that happens > to have money from dirty sources? > > Gert Doering > ? ? ? ?-- NetMaster > -- > have you enabled IPv6 on something today...? > > SpaceNet AG ? ? ? ? ? ? ? ? ? ? ? ?Vorstand: Sebastian v. Bomhard > Joseph-Dollinger-Bogen 14 ? ? ? ? ?Aufsichtsratsvors.: A. Grundner-Culemann > D-80807 Muenchen ? ? ? ? ? ? ? ? ? HRB: 136055 (AG Muenchen) > Tel: +49 (89) 32356-444 ? ? ? ? ? ?USt-IdNr.: DE813185279 From vijaye at google.com Thu Mar 29 21:32:02 2012 From: vijaye at google.com (=?UTF-8?B?VmlqYXkgIEVyYW50aSAo4pyMIOCwteCwv+CwnOCwr+CxjSAg4LCI4LCw4LCC4LCf4LC/KSA=?=) Date: Thu, 29 Mar 2012 12:32:02 -0700 Subject: [anti-abuse-wg] Enabling community self-help? In-Reply-To: <20120329174147.GG84425@Space.Net> References: <20120329144045.GA84425@Space.Net> <20120329144941.GB84425@Space.Net> <20120329145805.GC84425@Space.Net> <20120329150206.GD84425@Space.Net> <20120329173116.GF84425@Space.Net> <20120329174147.GG84425@Space.Net> Message-ID: i agree with suresh - ripe has been handing over /15 or even /13 lately to criminals who know how to use high bandwidth pipes to spam like crazy. I am not worried about a /24 given to bad guys - but in this world where ipv4 addresses are so scarce, handing over such huge range of addresses is not correct and it is common sense for everyone to understand this - how can somebody who did right paper work get /15 without proper justification ? On Thu, Mar 29, 2012 at 10:41 AM, Gert Doering wrote: > Hi, > > On Thu, Mar 29, 2012 at 11:03:36PM +0530, Suresh Ramasubramanian wrote: > > Due diligence to know your customer norms accepted in most if not all the > > service provider industry is not "internet policing" and I'm certainly > not > > going to block a country at my border routers. > > If the customer is not doing anything illegal, their papers are in order > (contracts on paper arrive at the address given, and come back with > a signature), and they are paying their fees, what else do you want to > see for due diligence? > > So what? Not accept customers/members because they don't wash, and smell > bad? > > I wonder when someone will show up and demands to reject LIRs that host > content for adult entertainment... because that's illegal in some states > in the world. > > Gert Doering > -- NetMaster > -- > have you enabled IPv6 on something today...? > > SpaceNet AG Vorstand: Sebastian v. Bomhard > Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann > D-80807 Muenchen HRB: 136055 (AG Muenchen) > Tel: +49 (89) 32356-444 USt-IdNr.: DE813185279 > -------------- next part -------------- An HTML attachment was scrubbed... URL: From fw at deneb.enyo.de Thu Mar 29 21:52:42 2012 From: fw at deneb.enyo.de (Florian Weimer) Date: Thu, 29 Mar 2012 21:52:42 +0200 Subject: [anti-abuse-wg] National PSDN "UZPAK" In-Reply-To: (Reza Farzan's message of "Wed, 28 Mar 2012 20:05:51 -0400") References: <20111123134719.EDB3516738D@smtpgate1.restena.lu> <4ED4FEEE.9080307@abusix.com> <4ED64AED.7030503@ripe.net> <4ED66A6E.4000404@abusix.com> <87vcq05yr7.fsf@enigma.otenet.gr> <4ED780EB.7040209@abusix.com> <8811B64A-CFB3-4F83-8031-57C4D08172B9@icann.org> <4ED797D2.9040302@abusix.com> <41F6C547EA49EC46B4EE1EB2BC2F341849F85A460A@EXVPMBX100-1.exc.icann.org> <4EE5DAF9.5030505@tana.it> <4EE7397F.4020908@ripe.net> <4EEB41DF.6090101@ripe.net> <87d380iq1o.fsf@mid.deneb.enyo.de> <85BED006-08D6-42BF-AE25-9E4E11F02063@blacknight.ie> <87aa32huq2.fsf@mid.deneb.enyo.de> <87sjgso9pm.fsf@mid.deneb.enyo.de> Message-ID: <87wr63kwvp.fsf@mid.deneb.enyo.de> * Reza Farzan: > As I had stated in my earlier message, I had forwarded my Spam report to the > following address [admin at uzpak.uz], but it came back with this error > message: In your earlier message, you mentioned and only, and not . But it turns out this address is not valid, either: | 220 Welcome to UzNET Cyber Mail ESMTP | EHLO ka.mail.enyo.de | 250-Welcome to UzNET Cyber Mail | 250-SIZE 0 | 250-PIPELINING | 250 8BITMIME | MAIL FROM: | 250 ok | RCPT TO: | 553 sorry, this recipient is not in my validrcptto list (#5.7.1) | QUIT | 221 Welcome to UzNET Cyber Mail So we've finally something which is demonstrably not in order: the email attribute of ORG-UNCN1-RIPE does not refer to a valid mailbox (to the degree something like that can be tested). > So, having a street address, a phone number, and even an invalid email > address, does not change anything; it creates frustration and despair. The sad thing is that even if there was a working email address (, probably), it wouldn't change anything. I've been through this---in the end, WHOIS accuracy has very little impact on things. The data is bad because no one has a serios need for it. Neither the anti-abuse folks, nor the copyright holders, and certainly not law enforcement. If the data was actually used for any significant purpose, those who submit and publish incorrect WHOIS information would face some accountability. Right now, they get away with publishing anything from outright lies to data which may have been current ten years ago. There is no use case, so quality does not matter. This is like any documentation: if it is not continuously used, it decays fast, and it is extremely difficult to motivate people to maintain it because they abhor the sheer pointlessness of it. From gert at space.net Thu Mar 29 22:02:27 2012 From: gert at space.net (Gert Doering) Date: Thu, 29 Mar 2012 22:02:27 +0200 Subject: [anti-abuse-wg] Enabling community self-help? In-Reply-To: References: <20120329144941.GB84425@Space.Net> <20120329145805.GC84425@Space.Net> <20120329150206.GD84425@Space.Net> <20120329173116.GF84425@Space.Net> <20120329174147.GG84425@Space.Net> Message-ID: <20120329200227.GH84425@Space.Net> Hi, On Thu, Mar 29, 2012 at 12:32:02PM -0700, Vijay Eranti (??? ??????????????? ???????????????) wrote: > i agree with suresh - ripe has been handing over /15 or even /13 lately to > criminals who know how to use high bandwidth pipes to spam like crazy. I am Are these criminals because a judge said so, or because you do not like their business practices? This is a serious question. (Don't get me wrong: I'm not defending spammers, but I *do* like the fact that the RIPE NCC operates inside the legal framework of the countries it's serving) Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (89) 32356-444 USt-IdNr.: DE813185279 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 306 bytes Desc: not available URL: From ops.lists at gmail.com Fri Mar 30 03:12:49 2012 From: ops.lists at gmail.com (Suresh Ramasubramanian) Date: Fri, 30 Mar 2012 06:42:49 +0530 Subject: [anti-abuse-wg] Enabling community self-help? In-Reply-To: <20120329200227.GH84425@Space.Net> References: <20120329144941.GB84425@Space.Net> <20120329145805.GC84425@Space.Net> <20120329150206.GD84425@Space.Net> <20120329173116.GF84425@Space.Net> <20120329174147.GG84425@Space.Net> <20120329200227.GH84425@Space.Net> Message-ID: A lot of antispam laws (eg: australia, canada etc) use the "country link" concept If the spam was originated from an IP in australia, paid for by an australian, **received by an australian**, then australian law has jurisdiction over it and the competent authority (telecom regulator / law enforcement) can decide to follow up on the case So just because spam isn't illegal in, say, romania might be moot On 3/30/12, Gert Doering wrote: > Hi, > > On Thu, Mar 29, 2012 at 12:32:02PM -0700, Vijay Eranti (??? ??????????????? > ???????????????) wrote: >> i agree with suresh - ripe has been handing over /15 or even /13 lately to >> criminals who know how to use high bandwidth pipes to spam like crazy. I >> am > > Are these criminals because a judge said so, or because you do not like > their business practices? > > This is a serious question. > > (Don't get me wrong: I'm not defending spammers, but I *do* like the fact > that the RIPE NCC operates inside the legal framework of the countries > it's serving) > > Gert Doering > -- NetMaster > -- > have you enabled IPv6 on something today...? > > SpaceNet AG Vorstand: Sebastian v. Bomhard > Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann > D-80807 Muenchen HRB: 136055 (AG Muenchen) > Tel: +49 (89) 32356-444 USt-IdNr.: DE813185279 > -- Suresh Ramasubramanian (ops.lists at gmail.com) From ops.lists at gmail.com Fri Mar 30 04:13:54 2012 From: ops.lists at gmail.com (Suresh Ramasubramanian) Date: Fri, 30 Mar 2012 07:43:54 +0530 Subject: [anti-abuse-wg] National PSDN "UZPAK" In-Reply-To: <87wr63kwvp.fsf@mid.deneb.enyo.de> References: <20111123134719.EDB3516738D@smtpgate1.restena.lu> <4ED4FEEE.9080307@abusix.com> <4ED64AED.7030503@ripe.net> <4ED66A6E.4000404@abusix.com> <87vcq05yr7.fsf@enigma.otenet.gr> <4ED780EB.7040209@abusix.com> <8811B64A-CFB3-4F83-8031-57C4D08172B9@icann.org> <4ED797D2.9040302@abusix.com> <41F6C547EA49EC46B4EE1EB2BC2F341849F85A460A@EXVPMBX100-1.exc.icann.org> <4EE5DAF9.5030505@tana.it> <4EE7397F.4020908@ripe.net> <4EEB41DF.6090101@ripe.net> <87d380iq1o.fsf@mid.deneb.enyo.de> <85BED006-08D6-42BF-AE25-9E4E11F02063@blacknight.ie> <87aa32huq2.fsf@mid.deneb.enyo.de> <87sjgso9pm.fsf@mid.deneb.enyo.de> <87wr63kwvp.fsf@mid.deneb.enyo.de> Message-ID: On Fri, Mar 30, 2012 at 1:22 AM, Florian Weimer wrote: > > I've been through this---in the end, WHOIS accuracy has very little > impact on things. ?The data is bad because no one has a serios need > for it. ?Neither the anti-abuse folks, nor the copyright holders, and > certainly not law enforcement. Are you sure?? http://www.icann.org/en/news/presentations/opta-mar-26jun06-en.pdf -- Suresh Ramasubramanian (ops.lists at gmail.com) From ops.lists at gmail.com Fri Mar 30 06:06:38 2012 From: ops.lists at gmail.com (Suresh Ramasubramanian) Date: Fri, 30 Mar 2012 09:36:38 +0530 Subject: [anti-abuse-wg] Enabling community self-help? In-Reply-To: <20120329200227.GH84425@Space.Net> References: <20120329144941.GB84425@Space.Net> <20120329145805.GC84425@Space.Net> <20120329150206.GD84425@Space.Net> <20120329173116.GF84425@Space.Net> <20120329174147.GG84425@Space.Net> <20120329200227.GH84425@Space.Net> Message-ID: BTW Gert - never mind the "spam is illegal or not" type argument here. Let us try it another way. Does the average russian botmaster who submits paperwork for a new /20 say he needs the /20 to host his botnet c&cs? Or something else entirely? In other words, besides all the ranting about how you are not the document police so you can't possibly verify the registrant .. does that document policing argument also extend to not verifying all the weird and wonderful stories about media streaming, colo etc that the botmaster spins RIPE NCC in his allocation paperwork? Kind of reminds me of all the interesting stories I get when I evaluate apricot and sanog fellowship applications .. some people will write anything at all they please to get a paid holiday to Singapore or wherever.. so there absolutely has to be verification and feedback somewhere in the process or else deserving candidates get left out while some freeloader with a convincing application manages to get himself a paid holiday. So how would "document police" be an accepted and necessary practice in ops and RIR circles when verifying something like awarding a few hundred dollars worth of fellowship to a person, and become taboo when talking about verifying who is applying for all that IP space, and for what purpose? --srs On Fri, Mar 30, 2012 at 1:32 AM, Gert Doering wrote: > > Are these criminals because a judge said so, or because you do not like > their business practices? > > This is a serious question. -- Suresh Ramasubramanian (ops.lists at gmail.com) From ops.lists at gmail.com Fri Mar 30 06:11:53 2012 From: ops.lists at gmail.com (Suresh Ramasubramanian) Date: Fri, 30 Mar 2012 09:41:53 +0530 Subject: [anti-abuse-wg] Enabling community self-help? In-Reply-To: References: <20120329105328.4dcceb0d@shane-eeepc.home.time-travellers.org> <4F744D05.1060306@consol.net> <20120329124052.GQ84425@Space.Net> <20120329125049.GR84425@Space.Net> <20120329142834.GW84425@Space.Net> Message-ID: On Fri, Mar 30, 2012 at 12:58 AM, Heather Schiller wrote: > The resource that RIPE NCC is provides (in exchange for money) > directly enables them to commit their crime.. ?and worse provides them > some amount of cover for it. To use a similar - and very loaded - argument - look at gun shops. The majority of people buying guns use them for home defense, hunting, target shooting for fun, whatever. There's a tiny minority who will buy the guns to actually go out and rob a bank or murder someone or whatever. That still means gun shops have a requirement to verify ID, and a gun store owner telling a cop tracing a murder weapon that "I am not the document police" would be in for a very interesting experience indeed. Of if you don't like the idea of guns, try locksmith tools - the sale of which is just as carefully controlled. Or anything else at all that is dual use in nature. -- Suresh Ramasubramanian (ops.lists at gmail.com) From aftab.siddiqui at gmail.com Fri Mar 30 07:47:23 2012 From: aftab.siddiqui at gmail.com (Aftab Siddiqui) Date: Fri, 30 Mar 2012 10:47:23 +0500 Subject: [anti-abuse-wg] Enabling community self-help? In-Reply-To: References: <20120329105328.4dcceb0d@shane-eeepc.home.time-travellers.org> <4F744D05.1060306@consol.net> <20120329124052.GQ84425@Space.Net> <20120329125049.GR84425@Space.Net> <20120329142834.GW84425@Space.Net> Message-ID: *Suresh Bhaiya, > > > To use a similar - and very loaded - argument - look at gun shops. > > The majority of people buying guns use them for home defense, hunting, > target shooting for fun, whatever. > > There's a tiny minority who will buy the guns to actually go out and > rob a bank or murder someone or whatever. > > That still means gun shops have a requirement to verify ID, and a gun > store owner telling a cop tracing a murder weapon that "I am not the > document police" would be in for a very interesting experience indeed. > > If we keep this analogy as benchmark (which many would mind). Gun Shop verified the ID and it was legitimate by the look of the card or document but they has no means to trace back the documents/ID to a real person. No online verification. So whats the purpose of having such verification. Same is the case with RIR, isn't it? They check the documents but they don't have the means to traceback the legitimacy of all the documents and claims the customer is posing. Correct me if I'm wrong? Regards Aftab A. Siddiqui. -------------- next part -------------- An HTML attachment was scrubbed... URL: From ops.lists at gmail.com Fri Mar 30 08:24:35 2012 From: ops.lists at gmail.com (Suresh Ramasubramanian) Date: Fri, 30 Mar 2012 11:54:35 +0530 Subject: [anti-abuse-wg] Enabling community self-help? In-Reply-To: References: <20120329105328.4dcceb0d@shane-eeepc.home.time-travellers.org> <4F744D05.1060306@consol.net> <20120329124052.GQ84425@Space.Net> <20120329125049.GR84425@Space.Net> <20120329142834.GW84425@Space.Net> Message-ID: Hi Aftab - its not just wave an ID and you can get a gun, there's a background check too :) http://www.ehow.com/way_5958275_do-background-check-firearm-purchase_.html Not very topical here and I think RIPE NCC just might have a heart attack if someone went and mandated background checks to acquire IP space .. but well, there's other ways, including revocation of resources. On Fri, Mar 30, 2012 at 11:17 AM, Aftab Siddiqui wrote: > If we keep this analogy as benchmark (which many would mind). Gun Shop > verified the ID and it was legitimate? by the look of the card or document > but they has no means to trace back the documents/ID?to a real person. No > online verification. > > So whats the purpose of having such verification. Same is the case with RIR, > isn't it? They check the documents but they don't have the means to > traceback the legitimacy of all the documents and claims the customer is > posing. -- Suresh Ramasubramanian (ops.lists at gmail.com) From gert at space.net Fri Mar 30 09:49:57 2012 From: gert at space.net (Gert Doering) Date: Fri, 30 Mar 2012 09:49:57 +0200 Subject: [anti-abuse-wg] Enabling community self-help? In-Reply-To: References: <20120329145805.GC84425@Space.Net> <20120329150206.GD84425@Space.Net> <20120329173116.GF84425@Space.Net> <20120329174147.GG84425@Space.Net> <20120329200227.GH84425@Space.Net> Message-ID: <20120330074957.GK84425@Space.Net> HI, On Fri, Mar 30, 2012 at 09:36:38AM +0530, Suresh Ramasubramanian wrote: > BTW Gert - never mind the "spam is illegal or not" type argument here. > Let us try it another way. > > Does the average russian botmaster who submits paperwork for a new /20 > say he needs the /20 to host his botnet c&cs? > > Or something else entirely? > > In other words, besides all the ranting about how you are not the > document police so you can't possibly verify the registrant .. does > that document policing argument also extend to not verifying all the > weird and wonderful stories about media streaming, colo etc that the > botmaster spins RIPE NCC in his allocation paperwork? So how exactly do you verify business *plans*? We've seen enough customers come up with wonderful ideas about their Internet application, requesting a /22 or similar, only to figure out half a year later that their idea wasn't so good in the end, they have only used 5 IP addresses, and are nearly bancrupt. So how can you see at application time whether something is a cool idea that might or might not work out (but you wouldn't know until half a year later) or is a blatant lie (which you wouldn't see unless they start using the space and complaints come in)? Besides... sending mail *is* a perfectly acceptable usage of IP addresses. Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (89) 32356-444 USt-IdNr.: DE813185279 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 306 bytes Desc: not available URL: From ops.lists at gmail.com Fri Mar 30 10:03:41 2012 From: ops.lists at gmail.com (Suresh Ramasubramanian) Date: Fri, 30 Mar 2012 13:33:41 +0530 Subject: [anti-abuse-wg] Enabling community self-help? In-Reply-To: <20120330074957.GK84425@Space.Net> References: <20120329145805.GC84425@Space.Net> <20120329150206.GD84425@Space.Net> <20120329173116.GF84425@Space.Net> <20120329174147.GG84425@Space.Net> <20120329200227.GH84425@Space.Net> <20120330074957.GK84425@Space.Net> Message-ID: On Fri, Mar 30, 2012 at 1:19 PM, Gert Doering wrote: > Besides... sending mail *is* a perfectly acceptable usage of IP addresses. Let us leave the romanian snowshoe spammers getting their /15s aside for the moment and focus on no shortage of PI / PA netblocks assigned to botmasters, shall we? I hope running a botnet isn't a perfectly acceptable usage of IP addresses? -- Suresh Ramasubramanian (ops.lists at gmail.com) From chrish at consol.net Fri Mar 30 12:27:01 2012 From: chrish at consol.net (chrish at consol.net) Date: Fri, 30 Mar 2012 12:27:01 +0200 Subject: [anti-abuse-wg] Enabling community self-help? In-Reply-To: References: <20120329144045.GA84425@Space.Net> <20120329144941.GB84425@Space.Net> <20120329145805.GC84425@Space.Net> <20120329150206.GD84425@Space.Net> <20120329173116.GF84425@Space.Net> <20120329174147.GG84425@Space.Net> Message-ID: <4F758A75.9070209@consol.net> hi! On 03/29/2012 09:32 PM, Vijay Eranti (? ????? ?????) wrote: > i agree with suresh - ripe has been handing over /15 or even /13 lately to > criminals who know how to use high bandwidth pipes to spam like crazy. I am i'm not happy with this either, there are a lot of things i'd personally regard as criminal, not only google. but it's plain madness to believe that i or you or ripe or anybody else than a state can define and enforce - well, law. go to your legal agencies and follow the legal procedures. and btw: ip space is a commons. ripe doesn't sell any resources, it doesn't have any (well - not those we're talking about here) it just coordinates inside the community. and again btw, regarding one of the irrelevant parts of this thread: a botnet is not a criminal registering a /20, installing 2^12 boxes with a bot-trojan on it. it's a bunch of independent windows-boxes connecting to some services used as c&c channel (who don't know anything about all this). so persons taking the botnet-angst seriously, actually really have to desperately want to take action against windows... sbdy registering a /20, installing "bot-clients" on his boxes - that's called "cloud" i believe. and i don't think it is correct to assume they are all illegal. like i don't think cars should be illegal just because some of them kill people... and while we're at it: looking at guns - posession of a gun is illegal. i don't think it's a good idea trying to make ips illegal... regards, Chris From ops.lists at gmail.com Fri Mar 30 12:49:39 2012 From: ops.lists at gmail.com (Suresh Ramasubramanian) Date: Fri, 30 Mar 2012 16:19:39 +0530 Subject: [anti-abuse-wg] Enabling community self-help? In-Reply-To: <4F758A75.9070209@consol.net> References: <20120329144045.GA84425@Space.Net> <20120329144941.GB84425@Space.Net> <20120329145805.GC84425@Space.Net> <20120329150206.GD84425@Space.Net> <20120329173116.GF84425@Space.Net> <20120329174147.GG84425@Space.Net> <4F758A75.9070209@consol.net> Message-ID: *boggle* ok. so where do I start .. explaining what a botnet c&c is? or what "cloud" is? or ... oh forget it. *plonk* On Fri, Mar 30, 2012 at 3:57 PM, wrote: > > and again btw, regarding one of the irrelevant parts of this thread: a botnet is not a criminal registering a /20, installing 2^12 boxes with a bot-trojan on it. it's a bunch of independent windows-boxes connecting to some services used as c&c channel (who don't know anything about all this). so persons taking the botnet-angst seriously, actually really have to desperately want to take action against windows... sbdy registering a /20, installing "bot-clients" on his boxes - that's called "cloud" i believe. and i don't think it is correct to assume they are all illegal. like i don't think cars should be illegal just because some of them kill people... > and while we're at it: looking at guns - posession of a gun is illegal. i don't think it's a good idea trying to make ips illegal... -- Suresh Ramasubramanian (ops.lists at gmail.com) From furio+as at spin.it Fri Mar 30 15:30:39 2012 From: furio+as at spin.it (furio ercolessi) Date: Fri, 30 Mar 2012 15:30:39 +0200 Subject: [anti-abuse-wg] Enabling community self-help? In-Reply-To: <4F758A75.9070209@consol.net> References: <20120329145805.GC84425@Space.Net> <20120329150206.GD84425@Space.Net> <20120329173116.GF84425@Space.Net> <20120329174147.GG84425@Space.Net> <4F758A75.9070209@consol.net> Message-ID: <20120330133039.GA9050@spin.it> On Fri, Mar 30, 2012 at 12:27:01PM +0200, chrish at consol.net wrote: > [...] > and again btw, regarding one of the irrelevant parts of this thread: a botnet is not a criminal registering a /20, installing 2^12 boxes with a bot-trojan on it. it's a bunch of independent windows-boxes connecting to some services used as c&c channel (who don't know anything about all this). so persons taking the botnet-angst seriously, actually really have to desperately want to take action against windows... sbdy registering a /20, installing "bot-clients" on his boxes - that's called "cloud" i believe. and i don't think it is correct to assume they are all illegal. like i don't think cars should be illegal just because some of them kill people... > and while we're at it: looking at guns - posession of a gun is illegal. i don't think it's a good idea trying to make ips illegal... >From what I understood, the discussion was about networks controlled by criminals, not about networks abused by criminals. For instance, one of such networks _was_ RBN, as described in: http://en.wikipedia.org/wiki/Russian_Business_Network Before being shut down and going to the general press and in Wikipedia, RBN was extremely well known to the antiabuse community. At the present time, there are dozens of similar networks, entirely controlled by criminals and used exclusively for criminal activity, as for instance determined by the impossibility to locate any legitimate service in them, the network operators simulating fake terminations while moving the criminals from one range to another, etc. Such networks always remain rather obscure and not known outside the anti-abuse community, until some law enforcements agency or possibly Microsoft or other actors take it down and start issuing press releases at full throttle. Then everybody says "Aaaah! Good! Well done!". But, unfortunately, this happens only in a small fraction of cases. The remaining cases.. well, they are the problem under discussion. We see it right here in this thread: people working in the field know very well what these networks are, but they are not believed, discussions expand to entirely non-related issues, and in any case nothing can be done on the RIR side ever because it's not in the RIR mandate. And I found it absolutely disheartening that a person that was putting work and energy on this problem in the RIPE area - where this problem is bigger than in the other regions - was removed from the co-chair position of this working group, without even discussing it in the list. Since then, my impression is that the problem of large allocations to criminals is being swept under the carpet, with no hope for any solution in the short or medium term. furio From ops.lists at gmail.com Fri Mar 30 19:51:36 2012 From: ops.lists at gmail.com (Suresh Ramasubramanian) Date: Fri, 30 Mar 2012 23:21:36 +0530 Subject: [anti-abuse-wg] Enabling community self-help? In-Reply-To: <20120330133039.GA9050@spin.it> References: <20120329145805.GC84425@Space.Net> <20120329150206.GD84425@Space.Net> <20120329173116.GF84425@Space.Net> <20120329174147.GG84425@Space.Net> <4F758A75.9070209@consol.net> <20120330133039.GA9050@spin.it> Message-ID: That was about the strangest bit of voting I ever saw Various SIG / WG chairs just happening to be there at that time, Richard not around either .. On Fri, Mar 30, 2012 at 7:00 PM, furio ercolessi wrote: > > And I found it absolutely disheartening that a person that was putting > work and energy on this problem in the RIPE area - where this problem > is bigger than in the other regions - was removed from the co-chair > position of this working group, without even discussing it in the list. > Since then, my impression is that the problem of large allocations > to criminals is being swept under the carpet, with no hope for any > solution in the short or medium term. -- Suresh Ramasubramanian (ops.lists at gmail.com) From russ at consumer.net Sat Mar 31 00:39:50 2012 From: russ at consumer.net (russ at consumer.net) Date: Fri, 30 Mar 2012 18:39:50 -0400 Subject: [anti-abuse-wg] Enabling community self-help? In-Reply-To: References: <20120329145805.GC84425@Space.Net> <20120329150206.GD84425@Space.Net> <20120329173116.GF84425@Space.Net> <20120329174147.GG84425@Space.Net> <4F758A75.9070209@consol.net> <20120330133039.GA9050@spin.it> Message-ID: <4F763636.7090507@consumer.net> >That was about the strangest bit of voting I ever saw Various SIG / WG chairs just happening to be there at that time, Richard not around either .. It is pretty obvious to anyone that these procedures and working groups are not legitimate community participation, they are shams so a small group of people can do what they want and they point to these groups as justification for what they are doing .... still waiting for RIPE to release the legal opinions they say they have related to whois access.