From rvij at thedotcorp.com Fri Aug 2 01:21:11 2013 From: rvij at thedotcorp.com (Roy Vij) Date: Thu, 1 Aug 2013 16:21:11 -0700 Subject: [anti-abuse-wg] SQL injection attacks from Kyivstar GSM Message-ID: <00e701ce8f0d$d0345340$709cf9c0$@thedotcorp.com> We have seen a rush of SQL injection attacks from Ukraine based Kyivstar GSM. How can I query the ripe database to provide all IP blocks from Kyivstar GSM? -Regards -------------- next part -------------- An HTML attachment was scrubbed... URL: From corebug at corebug.net Fri Aug 2 10:19:53 2013 From: corebug at corebug.net (=?UTF-8?B?0JLQuNGC0LDQu9C40Lkg0KLRg9GA0L7QstC10YY=?=) Date: Fri, 2 Aug 2013 11:19:53 +0300 Subject: [anti-abuse-wg] SQL injection attacks from Kyivstar GSM In-Reply-To: <00e701ce8f0d$d0345340$709cf9c0$@thedotcorp.com> References: <00e701ce8f0d$d0345340$709cf9c0$@thedotcorp.com> Message-ID: Hi there. https://apps.db.ripe.net/search/query.html Filter string: "-i or AS15895" 2013/8/2 Roy Vij > We have seen a rush of SQL injection attacks from Ukraine based Kyivstar GSM. How can I query the ripe database to provide all IP blocks from Kyivstar GSM?**** > > ** ** > > -Regards**** > > ** ** > > ** ** > > ** ** > > ** ** > > ** ** > > ** ** > > ** ** > > ** ** > > ** ** > -- ~~~ WBR, Vitaliy Turovets NOC Lead @TV-Net ISP +38(093)265-70-55 VITU-RIPE X-NCC-RegID: ua.tv -------------- next part -------------- An HTML attachment was scrubbed... URL: From denis at ripe.net Fri Aug 2 12:18:09 2013 From: denis at ripe.net (Denis Walker) Date: Fri, 02 Aug 2013 12:18:09 +0200 Subject: [anti-abuse-wg] SQL injection attacks from Kyivstar GSM In-Reply-To: References: <00e701ce8f0d$d0345340$709cf9c0$@thedotcorp.com> Message-ID: <51FB8761.4020109@ripe.net> Dear Colleagues If you want to search for the allocations rather than all the assignments you can do an inverse query on the organisation https://apps.db.ripe.net/search/query.html?searchtext=-rBG+-i+og+ORG-KG8-RIPE&sources=RIPE_NCC#resultsAnchor regards Denis Walker Business Analyst RIPE NCC Database Team On 02/08/2013 10:19, ??????? ??????? wrote: > Hi there. > > https://apps.db.ripe.net/search/query.html > Filter string: "-i or AS15895" > > > 2013/8/2 Roy Vij > > > We have seen a rush of SQL injection attacks from Ukraine based Kyivstar GSM. How can I query the ripe database to provide all IP blocks from Kyivstar GSM?____ > > __ __ > > -Regards____ > > __ __ > > __ __ > > > > __ __ > > > > __ __ > > > > __ __ > > > > __ __ > > > > __ __ > > __ __ > > __ __ > > > > > -- > > > > > ~~~ > WBR, > Vitaliy Turovets > NOC Lead @TV-Net ISP > +38(093)265-70-55 > VITU-RIPE > X-NCC-RegID: ua.tv From brian.nisbet at heanet.ie Mon Aug 12 10:28:00 2013 From: brian.nisbet at heanet.ie (Brian Nisbet) Date: Mon, 12 Aug 2013 09:28:00 +0100 Subject: [anti-abuse-wg] Call For Agenda Items - RIPE67 Message-ID: <52089C90.109@heanet.ie> Colleagues, While Europe is still enjoying its summer, the next RIPE meeting is slowly approaching. This meeting will be taking place in Athens from the 14th - 18th October 2013 and all the details can be found at http://ripe67.ripe.net As always Tobias and I are hoping the Anti-Abuse WG session will be full of interesting presentations and discussions. If you have anything you would like to present at the meeting, please email us at aa-wg-chairs at ripe.net Thanks, Brian From jahlen at ripe.net Tue Aug 20 16:26:24 2013 From: jahlen at ripe.net (=?iso-8859-1?Q?Johan_=C5hl=E9n?=) Date: Tue, 20 Aug 2013 16:26:24 +0200 Subject: [anti-abuse-wg] Update on "abuse-c:" coverage in RIPE Database Message-ID: <06348BCC-802A-4039-920F-C89A32FDB6E7@ripe.net> Dear colleagues, We would like to update you on the current "abuse-c:" coverage in the RIPE Database now that we have sent out the second batch of reminders. The last update you received was at the end of June; you can find the archived message at http://www.ripe.net/ripe/mail/archives/anti-abuse-wg/2013-June/002273.html -------- NETWORK NUMBERS: Total number of IPv4 allocations listed: 21,068 Number of IPv4 allocations covered with "abuse-c:": 10,901 or 51.7% of IPv4 allocations Total number of IPv4 PI assignments listed: 28,542 Number of IPv4 PI assignments covered with "abuse-c:": 1,591 or 5.6% of IPv4 assignments Total number of IPv6 allocations listed: 6,037 Number of IPv6 allocations covered with "abuse-c:": 3,223 or 53.4% of IPv6 allocations Total number of IPv6 assignments: 1,493 Number of IPv6 assignments covered with "abuse-c:": 190 or 12.7% of IPv6 assignments Total number of objects: 57,140 (IPv4: 49,610 / IPv6: 7,530) Number of objects covered with "abuse-c:": 15,905 or 27.8% (IPv4: 25.2% / IPv6: 45.3%) -------- IPv4 NETWORK SIZES: Total size of IPv4 allocations listed: 594,555,904 Size of IPv4 allocations covered with "abuse-c:": 337,556,992 or 56.8% Total size of IPv4 PI assignments listed: 169,707,896 Size of IPv4 PI assignments covered with "abuse-c:": 14,646,192 or 8.6% Total size of listed IPv4 addresses: 764,263,800 Size of listed IPv4 addresses covered with "abuse-c:": 352,203,184 or 46.1% In our last update, the coverage of IPv4 allocations, by size, was 41.1%. Today it is at 56.8%. -------- LIR NUMBERS: LIRs with "abuse-c:": 4,024 LIRs without "abuse-c:": 5,404 If you have any questions about theses figures, please feel free to contact us. Kind regards, Johan ?hl?n Assistant Manager, Database Group RIPE NCC From denis at ripe.net Tue Aug 20 16:49:57 2013 From: denis at ripe.net (Denis Walker) Date: Tue, 20 Aug 2013 16:49:57 +0200 Subject: [anti-abuse-wg] next step on abuse-c deployment Message-ID: <52138215.8080902@ripe.net> Dear Brian and Tobias We are approaching the end of quarter 3 when all LIRs should have an abuse-c otherwise we said we would add it. Having talked to our customer service guys they have the impression that many LIRs had problems adding abuse-c despite all the documentation, Labs articles and videos. So we had a think about the next step. What we would suggest is: -for us to do a short presentation in the AA WG session at RIPE 67 reviewing how this first phase went with latest stats. -Then propose a new feature to add to the LIR Portal. Allow LIRs who don't yet have an abuse-c to simply enter an email address in a box that they want to use. -We will have scripts in the background that will create a new ROLE object, add this email as abuse-mailbox in that ROLE and add an abuse-c to their ORGANISATION object referencing the new ROLE object. -Then extend the deadline for LIRs to the end of October -After October we will use the same scripts to add the internal LIR contact email address, held by the RIPE NCC, in the same way for any LIR that still does not have one Then in November we start the next phase for PI holders. As they don't have access to the LIR Portal we can offer the same simple process with a web page having 3 boxes. Enter the email address they want to use, the name of their ORGANISATION object and the password to authorise an update to their ORGANISATION object. Using the same scripts we will create a ROLE and make the connections. What do you think? cheers denis From denis at ripe.net Tue Aug 20 16:59:25 2013 From: denis at ripe.net (Denis Walker) Date: Tue, 20 Aug 2013 16:59:25 +0200 Subject: [anti-abuse-wg] Fwd: next step on abuse-c deployment In-Reply-To: <52138215.8080902@ripe.net> References: <52138215.8080902@ripe.net> Message-ID: <5213844D.6020208@ripe.net> Dear Colleagues This email was intended for the WG chairs. But we have no secrets so I have no problem with sending it to the list by mistake :) If anyone has comments we can discuss the ideas on the list before the RIPE Meeting. Regards Denis Walker Business Analyst RIPE NCC Database Team -------- Original Message -------- Subject: [anti-abuse-wg] next step on abuse-c deployment Date: Tue, 20 Aug 2013 16:49:57 +0200 From: Denis Walker Organization: RIPE NCC To: anti-abuse-wg-chairs at ripe.net Dear Brian and Tobias We are approaching the end of quarter 3 when all LIRs should have an abuse-c otherwise we said we would add it. Having talked to our customer service guys they have the impression that many LIRs had problems adding abuse-c despite all the documentation, Labs articles and videos. So we had a think about the next step. What we would suggest is: -for us to do a short presentation in the AA WG session at RIPE 67 reviewing how this first phase went with latest stats. -Then propose a new feature to add to the LIR Portal. Allow LIRs who don't yet have an abuse-c to simply enter an email address in a box that they want to use. -We will have scripts in the background that will create a new ROLE object, add this email as abuse-mailbox in that ROLE and add an abuse-c to their ORGANISATION object referencing the new ROLE object. -Then extend the deadline for LIRs to the end of October -After October we will use the same scripts to add the internal LIR contact email address, held by the RIPE NCC, in the same way for any LIR that still does not have one Then in November we start the next phase for PI holders. As they don't have access to the LIR Portal we can offer the same simple process with a web page having 3 boxes. Enter the email address they want to use, the name of their ORGANISATION object and the password to authorise an update to their ORGANISATION object. Using the same scripts we will create a ROLE and make the connections. What do you think? cheers denis From brian.nisbet at heanet.ie Wed Aug 21 12:49:53 2013 From: brian.nisbet at heanet.ie (Brian Nisbet) Date: Wed, 21 Aug 2013 11:49:53 +0100 Subject: [anti-abuse-wg] Fwd: next step on abuse-c deployment In-Reply-To: <5213844D.6020208@ripe.net> References: <52138215.8080902@ripe.net> <5213844D.6020208@ripe.net> Message-ID: <52149B51.4000309@heanet.ie> Denis, Denis Walker wrote the following on 20/08/2013 15:59: > Dear Colleagues > > This email was intended for the WG chairs. But we have no secrets so I > have no problem with sending it to the list by mistake :) > > If anyone has comments we can discuss the ideas on the list before the > RIPE Meeting. There's many a slip etc... But yes, it would be great to hear further comments from the community and you all now know at least one of the presentations that will be coming up at the WG session in Athens. Of course if anyone has any other suggestions for agenda items, do let us know! Brian From vijaye at google.com Sat Aug 31 00:41:27 2013 From: vijaye at google.com (=?UTF-8?B?VmlqYXkgIEVyYW50aSAo4pyMIOCwteCwv+CwnOCwr+CxjSAg4LCI4LCw4LCC4LCf4LC/KSA=?=) Date: Fri, 30 Aug 2013 15:41:27 -0700 Subject: [anti-abuse-wg] Clarification Regarding Needs Assessment and Audits In-Reply-To: References: <51D58C1E.6070100@powerweb.de> <20130704145650.GZ2706@Space.Net> <51D591B5.9090503@powerweb.de> <20130704153125.GB2706@Space.Net> <20130704173609.GE17456@x28.adm.denic.de> <51D5BD61.2000205@powerweb.de> <20130704193052.GA25954@cilantro.c4inet.net> <51D5D2BB.7090305@powerweb.de> <20130704202208.GB25954@cilantro.c4inet.net> <51D5DE1E.6050906@powerweb.de> Message-ID: i agree with suresh's assessment. Lately lot of spammers are getting /32 ipv6 assignments with their own ASNs and having a nice run. The ipv4 allotment is seriously broken in ripe - just having paperwork with valid forms filled is good enough to allot what ever range the spammers can ask. regards vijay On Mon, Jul 8, 2013 at 12:04 AM, Suresh Ramasubramanian wrote: > The lack of progress is simply because you have very few people who are in > a security rather than IP admin or network ops role. Security as in for a > seriously large provider. > > The other lack of progress - well, changing entrenched policies, or > enforcing them beyond a point where the enforcer is reluctant to > investigate (or is it "play police" according to the local meme) is as > tough as it sounds. > > > On Friday, July 5, 2013, Frank Gadegast wrote: > >> Sascha Luck wrote: >> >> TTBOMK, as long as policy requirements are fulfilled >>> there is no mandate to revoke resources. >>> >> >> Any spammer on this list (think so, simply because >> of the lack of progress) ? >> >> * Im starting now a second carrier in renting all >> the IPv4 addresses left in our allocation exclusively >> to abusers and make a lot of money with it. >> Just make offers now. * >> >> Will surely put a working abuse contact email address >> in RIPEs db, that gets directed to /dev/null >> and have a correct postal address somewhere on >> a funny island ... >> >> And it looks like if nobody could ever do anything >> against it. >> >> The current regulations are simply slippery as >> an eel (like we say in Germany), no way >> to catch anybody responsible. Again, ridicolous ... >> >> >> Kind regards, Frank >> -- >> PHADE Software - PowerWeb http://www.powerweb.de >> Inh. Dipl.-Inform. Frank Gadegast mailto:frank at powerweb.de >> Schinkelstrasse 17 fon: +49 33200 52920 >> 14558 Nuthetal OT Rehbruecke, Germany fax: +49 33200 52921 >> ==============================**==============================** >> ========== >> >> > > -- > --srs (iPad) > -------------- next part -------------- An HTML attachment was scrubbed... URL: From ops.lists at gmail.com Sat Aug 31 01:11:18 2013 From: ops.lists at gmail.com (Suresh Ramasubramanian) Date: Sat, 31 Aug 2013 04:41:18 +0530 Subject: [anti-abuse-wg] Clarification Regarding Needs Assessment and Audits In-Reply-To: References: <51D58C1E.6070100@powerweb.de> <20130704145650.GZ2706@Space.Net> <51D591B5.9090503@powerweb.de> <20130704153125.GB2706@Space.Net> <20130704173609.GE17456@x28.adm.denic.de> <51D5BD61.2000205@powerweb.de> <20130704193052.GA25954@cilantro.c4inet.net> <51D5D2BB.7090305@powerweb.de> <20130704202208.GB25954@cilantro.c4inet.net> <51D5DE1E.6050906@powerweb.de> Message-ID: I was starting to wonder whether anybody else with an operational antispam and security role for a large provider was around here. :) Thanks for chiming in, vijay. At a guess those v6 /32s are all registered in Romania? --srs On Saturday, August 31, 2013, Vijay Eranti (? ????? ?????) wrote: > i agree with suresh's assessment. > > Lately lot of spammers are getting /32 ipv6 assignments with their own > ASNs and having a nice run. > The ipv4 allotment is seriously broken in ripe - just having paperwork > with valid forms filled is good enough to allot what ever range the > spammers can ask. > > regards > vijay > > > On Mon, Jul 8, 2013 at 12:04 AM, Suresh Ramasubramanian < > ops.lists at gmail.com >wrote: > >> The lack of progress is simply because you have very few people who are >> in a security rather than IP admin or network ops role. Security as in for >> a seriously large provider. >> >> The other lack of progress - well, changing entrenched policies, or >> enforcing them beyond a point where the enforcer is reluctant to >> investigate (or is it "play police" according to the local meme) is as >> tough as it sounds. >> >> >> On Friday, July 5, 2013, Frank Gadegast wrote: >> >>> Sascha Luck wrote: >>> >>> TTBOMK, as long as policy requirements are fulfilled >>>> there is no mandate to revoke resources. >>>> >>> >>> Any spammer on this list (think so, simply because >>> of the lack of progress) ? >>> >>> * Im starting now a second carrier in renting all >>> the IPv4 addresses left in our allocation exclusively >>> to abusers and make a lot of money with it. >>> Just make offers now. * >>> >>> Will surely put a working abuse contact email address >>> in RIPEs db, that gets directed to /dev/null >>> and have a correct postal address somewhere on >>> a funny island ... >>> >>> And it looks like if nobody could ever do anything >>> against it. >>> >>> The current regulations are simply slippery as >>> an eel (like we say in Germany), no way >>> to catch anybody responsible. Again, ridicolous ... >>> >>> >>> Kind regards, Frank >>> -- >>> PHADE Software - PowerWeb http://www.powerweb.de >>> Inh. Dipl.-Inform. Frank Gadegast mailto:frank at powerweb.de >>> Schinkelstrasse 17 fon: +49 33200 52920 >>> 14558 Nuthetal OT Rehbruecke, Germany fax: +49 33200 52921 >>> ==============================**==============================** >>> ========== >>> >>> >> >> -- >> --srs (iPad) >> > > -- --srs (iPad) -------------- next part -------------- An HTML attachment was scrubbed... URL: From gert at space.net Sat Aug 31 13:59:32 2013 From: gert at space.net (Gert Doering) Date: Sat, 31 Aug 2013 13:59:32 +0200 Subject: [anti-abuse-wg] Clarification Regarding Needs Assessment and Audits In-Reply-To: References: <51D591B5.9090503@powerweb.de> <20130704153125.GB2706@Space.Net> <20130704173609.GE17456@x28.adm.denic.de> <51D5BD61.2000205@powerweb.de> <20130704193052.GA25954@cilantro.c4inet.net> <51D5D2BB.7090305@powerweb.de> <20130704202208.GB25954@cilantro.c4inet.net> <51D5DE1E.6050906@powerweb.de> Message-ID: <20130831115931.GC65295@Space.Net> Hi, On Fri, Aug 30, 2013 at 03:41:27PM -0700, Vijay Eranti (??? ??????????????? ???????????????) wrote: > i agree with suresh's assessment. > > Lately lot of spammers are getting /32 ipv6 assignments with their own ASNs > and having a nice run. > The ipv4 allotment is seriously broken in ripe - just having paperwork with > valid forms filled is good enough to allot what ever range the spammers can > ask. I'm not sure where that rumor is coming from, but since a *year*, the RIPE NCC has run out of IPv4 addresses - that is, the "last /8" policy kicked in, and each LIR will only receive a single /22 of IPv4 space, nothing more than that. "What ever range can ask" is a done thing. Gert -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (89) 32356-444 USt-IdNr.: DE813185279 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 306 bytes Desc: not available URL: From elvis at velea.eu Sat Aug 31 14:28:35 2013 From: elvis at velea.eu (Elvis Velea) Date: Sat, 31 Aug 2013 20:28:35 +0800 Subject: [anti-abuse-wg] Clarification Regarding Needs Assessment and Audits In-Reply-To: References: <51D58C1E.6070100@powerweb.de> <20130704145650.GZ2706@Space.Net> <51D591B5.9090503@powerweb.de> <20130704153125.GB2706@Space.Net> <20130704173609.GE17456@x28.adm.denic.de> <51D5BD61.2000205@powerweb.de> <20130704193052.GA25954@cilantro.c4inet.net> <51D5D2BB.7090305@powerweb.de> <20130704202208.GB25954@cilantro.c4inet.net> <51D5DE1E.6050906@powerweb.de> Message-ID: <5221E173.60009@velea.eu> Hi Suresh, Firstly, any member (LIR) can receive by default a /32 (up to a /29) ALLOCATION and NOT assignment. It's a /48 PI assignment that you can get if you are not an LIR. Secondly, @Suresh - have a look at who is leading the world in IPv6 deployment and then you may want to be careful with trowing stones at Romania. Romania IS and has been for at least one year the leader in IPv6 deployment in the whole world, if you are badmouthing Romania for it's spam, try to praise it for it's IPv6 deployment, that would be fair. My 2 cents, Elvis Daniel Velea (proud Romanian) On 8/31/13 7:11 AM, Suresh Ramasubramanian wrote: > I was starting to wonder whether anybody else with an operational > antispam and security role for a large provider was around here. :) > > Thanks for chiming in, vijay. At a guess those v6 /32s are all > registered in Romania? > > --srs > > On Saturday, August 31, 2013, Vijay Eranti (? ????? ?????) wrote: > > i agree with suresh's assessment. > > Lately lot of spammers are getting /32 ipv6 assignments with their > own ASNs and having a nice run. > The ipv4 allotment is seriously broken in ripe - just having > paperwork with valid forms filled is good enough to allot what ever > range the spammers can ask. > > regards > vijay > > > On Mon, Jul 8, 2013 at 12:04 AM, Suresh Ramasubramanian > 'ops.lists at gmail.com');>> wrote: > > The lack of progress is simply because you have very few people > who are in a security rather than IP admin or network ops role. > Security as in for a seriously large provider. > > The other lack of progress - well, changing entrenched policies, > or enforcing them beyond a point where the enforcer is reluctant > to investigate (or is it "play police" according to the local > meme) is as tough as it sounds. > > > On Friday, July 5, 2013, Frank Gadegast wrote: > > Sascha Luck wrote: > > TTBOMK, as long as policy requirements are fulfilled > there is no mandate to revoke resources. > > > Any spammer on this list (think so, simply because > of the lack of progress) ? > > * Im starting now a second carrier in renting all > the IPv4 addresses left in our allocation exclusively > to abusers and make a lot of money with it. > Just make offers now. * > > Will surely put a working abuse contact email address > in RIPEs db, that gets directed to /dev/null > and have a correct postal address somewhere on > a funny island ... > > And it looks like if nobody could ever do anything > against it. > > The current regulations are simply slippery as > an eel (like we say in Germany), no way > to catch anybody responsible. Again, ridicolous ... > > > Kind regards, Frank > -- > PHADE Software - PowerWeb http://www.powerweb.de > Inh. Dipl.-Inform. Frank Gadegast > mailto:frank at powerweb.de > Schinkelstrasse 17 fon: +49 > 33200 52920 > 14558 Nuthetal OT Rehbruecke, Germany fax: +49 > 33200 52921 > ==============================__==============================__========== > > > > -- > --srs (iPad) > > > > > -- > --srs (iPad) -- Kind regards, Elvis Velea From ops.lists at gmail.com Sat Aug 31 15:18:18 2013 From: ops.lists at gmail.com (Suresh Ramasubramanian) Date: Sat, 31 Aug 2013 18:48:18 +0530 Subject: [anti-abuse-wg] Clarification Regarding Needs Assessment and Audits In-Reply-To: <5221E173.60009@velea.eu> References: <51D58C1E.6070100@powerweb.de> <20130704145650.GZ2706@Space.Net> <51D591B5.9090503@powerweb.de> <20130704153125.GB2706@Space.Net> <20130704173609.GE17456@x28.adm.denic.de> <51D5BD61.2000205@powerweb.de> <20130704193052.GA25954@cilantro.c4inet.net> <51D5D2BB.7090305@powerweb.de> <20130704202208.GB25954@cilantro.c4inet.net> <51D5DE1E.6050906@powerweb.de> <5221E173.60009@velea.eu> Message-ID: Nothing against all of romania but there appears to be more than one rogue operation there that used to hand out quite a few /15 v4 netblocks to US based spammers and are now registering quite a lot of /32 v6 netblocks --srs (htc one x) On 31-Aug-2013 6:05 PM, "Elvis Velea" wrote: > Hi Suresh, > > Firstly, any member (LIR) can receive by default a /32 (up to a /29) > ALLOCATION and NOT assignment. It's a /48 PI assignment that you can get if > you are not an LIR. > > Secondly, @Suresh - have a look at who is leading the world in IPv6 > deployment and then you may want to be careful with trowing stones at > Romania. > Romania IS and has been for at least one year the leader in IPv6 > deployment in the whole world, if you are badmouthing Romania for it's > spam, try to praise it for it's IPv6 deployment, that would be fair. > > My 2 cents, > Elvis Daniel Velea (proud Romanian) > > > On 8/31/13 7:11 AM, Suresh Ramasubramanian wrote: > >> I was starting to wonder whether anybody else with an operational >> antispam and security role for a large provider was around here. :) >> >> Thanks for chiming in, vijay. At a guess those v6 /32s are all >> registered in Romania? >> >> --srs >> >> On Saturday, August 31, 2013, Vijay Eranti (? ????? ?????) wrote: >> >> i agree with suresh's assessment. >> >> Lately lot of spammers are getting /32 ipv6 assignments with their >> own ASNs and having a nice run. >> The ipv4 allotment is seriously broken in ripe - just having >> paperwork with valid forms filled is good enough to allot what ever >> range the spammers can ask. >> >> regards >> vijay >> >> >> On Mon, Jul 8, 2013 at 12:04 AM, Suresh Ramasubramanian >> > 'ops.lists at gmail.com');>> wrote: >> >> The lack of progress is simply because you have very few people >> who are in a security rather than IP admin or network ops role. >> Security as in for a seriously large provider. >> >> The other lack of progress - well, changing entrenched policies, >> or enforcing them beyond a point where the enforcer is reluctant >> to investigate (or is it "play police" according to the local >> meme) is as tough as it sounds. >> >> >> On Friday, July 5, 2013, Frank Gadegast wrote: >> >> Sascha Luck wrote: >> >> TTBOMK, as long as policy requirements are fulfilled >> there is no mandate to revoke resources. >> >> >> Any spammer on this list (think so, simply because >> of the lack of progress) ? >> >> * Im starting now a second carrier in renting all >> the IPv4 addresses left in our allocation exclusively >> to abusers and make a lot of money with it. >> Just make offers now. * >> >> Will surely put a working abuse contact email address >> in RIPEs db, that gets directed to /dev/null >> and have a correct postal address somewhere on >> a funny island ... >> >> And it looks like if nobody could ever do anything >> against it. >> >> The current regulations are simply slippery as >> an eel (like we say in Germany), no way >> to catch anybody responsible. Again, ridicolous ... >> >> >> Kind regards, Frank >> -- >> PHADE Software - PowerWeb http://www.powerweb.de >> Inh. Dipl.-Inform. Frank Gadegast >> mailto:frank at powerweb.de >> Schinkelstrasse 17 fon: +49 >> 33200 52920 >> 14558 Nuthetal OT Rehbruecke, Germany fax: +49 >> 33200 52921 >> ==============================** >> __============================**==__========== >> >> >> >> -- >> --srs (iPad) >> >> >> >> >> -- >> --srs (iPad) >> > > -- > Kind regards, Elvis Velea > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From elvis at velea.eu Sat Aug 31 15:49:58 2013 From: elvis at velea.eu (Elvis Velea) Date: Sat, 31 Aug 2013 21:49:58 +0800 Subject: [anti-abuse-wg] Clarification Regarding Needs Assessment and Audits In-Reply-To: References: <51D58C1E.6070100@powerweb.de> <20130704145650.GZ2706@Space.Net> <51D591B5.9090503@powerweb.de> <20130704153125.GB2706@Space.Net> <20130704173609.GE17456@x28.adm.denic.de> <51D5BD61.2000205@powerweb.de> <20130704193052.GA25954@cilantro.c4inet.net> <51D5D2BB.7090305@powerweb.de> <20130704202208.GB25954@cilantro.c4inet.net> <51D5DE1E.6050906@powerweb.de> <5221E173.60009@velea.eu> Message-ID: <5221F486.5020905@velea.eu> Hi, On 8/31/13 9:18 PM, Suresh Ramasubramanian wrote: > Nothing against all of romania then maybe it would be a great idea to stop trowing rocks at it > but there appears to be more than one rogue operation there Even better, use the RIPE NCC form and report the things you think are wrong with those /32s.. you probably know how to fill in a form, right? > [...] are now registering quite a lot of /32 v6 netblocks you can only get one /32 per LIR, how many is quite a lot to you? I have the feeling you exaggerate 'quite a bit' as there are (as it appears in the members list) _in total_ 45 members from Romania, out of each at least 5-10% belong to governmental agencies. You surely do not want to blame the Government for all the spam you receive, right? So, I'd recommend you to stop blaming Romania for all the bad things happening in your life and look at the facts as well, Romanian LEADS the World IPv6 deployment and you are the only person in this community blaming everything you think is wrong unto Romania. Every country has it's own rogue companies, stop pointing fingers at only one.. you make everyone believe there is only one problem. I'd recommend looking at your friends' site [1] and see who you should point fingers at, or look at all the statistics showing that India is fighting with USA for #1 spam country in the world. I'd suggest that next time you want to say the words Romania and spam on a public mailing list to look first in your own garden.. it may be filled with rogue 'plants' cheers, Elvis [1] http://www.spamhaus.org/statistics/countries/ > > --srs (htc one x) > > On 31-Aug-2013 6:05 PM, "Elvis Velea" > wrote: > > Hi Suresh, > > Firstly, any member (LIR) can receive by default a /32 (up to a /29) > ALLOCATION and NOT assignment. It's a /48 PI assignment that you can > get if you are not an LIR. > > Secondly, @Suresh - have a look at who is leading the world in IPv6 > deployment and then you may want to be careful with trowing stones > at Romania. > Romania IS and has been for at least one year the leader in IPv6 > deployment in the whole world, if you are badmouthing Romania for > it's spam, try to praise it for it's IPv6 deployment, that would be > fair. > > My 2 cents, > Elvis Daniel Velea (proud Romanian) > > > On 8/31/13 7:11 AM, Suresh Ramasubramanian wrote: > > I was starting to wonder whether anybody else with an operational > antispam and security role for a large provider was around here. :) > > Thanks for chiming in, vijay. At a guess those v6 /32s are all > registered in Romania? > > --srs > > On Saturday, August 31, 2013, Vijay Eranti (? ????? ?????) wrote: > > i agree with suresh's assessment. > > Lately lot of spammers are getting /32 ipv6 assignments > with their > own ASNs and having a nice run. > The ipv4 allotment is seriously broken in ripe - just having > paperwork with valid forms filled is good enough to allot > what ever > range the spammers can ask. > > regards > vijay > > > On Mon, Jul 8, 2013 at 12:04 AM, Suresh Ramasubramanian > > 'ops.lists at gmail.com ');>> wrote: > > The lack of progress is simply because you have very > few people > who are in a security rather than IP admin or network > ops role. > Security as in for a seriously large provider. > > The other lack of progress - well, changing entrenched > policies, > or enforcing them beyond a point where the enforcer is > reluctant > to investigate (or is it "play police" according to the > local > meme) is as tough as it sounds. > > > On Friday, July 5, 2013, Frank Gadegast wrote: > > Sascha Luck wrote: > > TTBOMK, as long as policy requirements are > fulfilled > there is no mandate to revoke resources. > > > Any spammer on this list (think so, simply because > of the lack of progress) ? > > * Im starting now a second carrier in renting all > the IPv4 addresses left in our allocation exclusively > to abusers and make a lot of money with it. > Just make offers now. * > > Will surely put a working abuse contact email address > in RIPEs db, that gets directed to /dev/null > and have a correct postal address somewhere on > a funny island ... > > And it looks like if nobody could ever do anything > against it. > > The current regulations are simply slippery as > an eel (like we say in Germany), no way > to catch anybody responsible. Again, ridicolous ... > > > Kind regards, Frank > -- > PHADE Software - PowerWeb http://www.powerweb.de > Inh. Dipl.-Inform. Frank Gadegast > mailto:frank at powerweb.de > Schinkelstrasse 17 > fon: +49 > 33200 52920 > 14558 Nuthetal OT Rehbruecke, Germany > fax: +49 > 33200 52921 > > ==============================____============================__==__========== > > > > -- > --srs (iPad) > > > > > -- > --srs (iPad) > > > -- > Kind regards, Elvis Velea > -- Kind regards, Elvis Velea From ops.lists at gmail.com Sat Aug 31 16:27:15 2013 From: ops.lists at gmail.com (Suresh Ramasubramanian) Date: Sat, 31 Aug 2013 19:57:15 +0530 Subject: [anti-abuse-wg] Clarification Regarding Needs Assessment and Audits In-Reply-To: <5221F486.5020905@velea.eu> References: <51D58C1E.6070100@powerweb.de> <20130704145650.GZ2706@Space.Net> <51D591B5.9090503@powerweb.de> <20130704153125.GB2706@Space.Net> <20130704173609.GE17456@x28.adm.denic.de> <51D5BD61.2000205@powerweb.de> <20130704193052.GA25954@cilantro.c4inet.net> <51D5D2BB.7090305@powerweb.de> <20130704202208.GB25954@cilantro.c4inet.net> <51D5DE1E.6050906@powerweb.de> <5221E173.60009@velea.eu> <5221F486.5020905@velea.eu> Message-ID: I have not had very much success following that process to report more than one shady /15 in the past. And as for india that is mostly botted IPs rather than a cash and carry IP address market. So far APNIC seems to have its act together rather better on that front. Again as for india there is active outreach going on, where quite a few people are helping indian isps work on their security. --srs (htc one x) On 31-Aug-2013 7:20 PM, "Elvis Velea" wrote: > Hi, > > On 8/31/13 9:18 PM, Suresh Ramasubramanian wrote: > >> Nothing against all of romania >> > > then maybe it would be a great idea to stop trowing rocks at it > > but there appears to be more than one rogue operation there >> > > Even better, use the RIPE NCC form and report the things you think are > wrong with those /32s.. you probably know how to fill in a form, right? > > [...] are now registering quite a lot of /32 v6 netblocks >> > > you can only get one /32 per LIR, how many is quite a lot to you? > > I have the feeling you exaggerate 'quite a bit' as there are (as it > appears in the members list) _in total_ 45 members from Romania, out of > each at least 5-10% belong to governmental agencies. You surely do not want > to blame the Government for all the spam you receive, right? > > > So, I'd recommend you to stop blaming Romania for all the bad things > happening in your life and look at the facts as well, Romanian LEADS the > World IPv6 deployment and you are the only person in this community blaming > everything you think is wrong unto Romania. Every country has it's own > rogue companies, stop pointing fingers at only one.. you make everyone > believe there is only one problem. > > I'd recommend looking at your friends' site [1] and see who you should > point fingers at, or look at all the statistics showing that India is > fighting with USA for #1 spam country in the world. > > I'd suggest that next time you want to say the words Romania and spam on a > public mailing list to look first in your own garden.. it may be filled > with rogue 'plants' > > cheers, > Elvis > > [1] http://www.spamhaus.org/**statistics/countries/ > > >> --srs (htc one x) >> >> On 31-Aug-2013 6:05 PM, "Elvis Velea" > > wrote: >> >> Hi Suresh, >> >> Firstly, any member (LIR) can receive by default a /32 (up to a /29) >> ALLOCATION and NOT assignment. It's a /48 PI assignment that you can >> get if you are not an LIR. >> >> Secondly, @Suresh - have a look at who is leading the world in IPv6 >> deployment and then you may want to be careful with trowing stones >> at Romania. >> Romania IS and has been for at least one year the leader in IPv6 >> deployment in the whole world, if you are badmouthing Romania for >> it's spam, try to praise it for it's IPv6 deployment, that would be >> fair. >> >> My 2 cents, >> Elvis Daniel Velea (proud Romanian) >> >> >> On 8/31/13 7:11 AM, Suresh Ramasubramanian wrote: >> >> I was starting to wonder whether anybody else with an operational >> antispam and security role for a large provider was around here. >> :) >> >> Thanks for chiming in, vijay. At a guess those v6 /32s are all >> registered in Romania? >> >> --srs >> >> On Saturday, August 31, 2013, Vijay Eranti (? ????? ?????) wrote: >> >> i agree with suresh's assessment. >> >> Lately lot of spammers are getting /32 ipv6 assignments >> with their >> own ASNs and having a nice run. >> The ipv4 allotment is seriously broken in ripe - just having >> paperwork with valid forms filled is good enough to allot >> what ever >> range the spammers can ask. >> >> regards >> vijay >> >> >> On Mon, Jul 8, 2013 at 12:04 AM, Suresh Ramasubramanian >> >> > 'ops.lists at gmail.com ')**;>> >> wrote: >> >> The lack of progress is simply because you have very >> few people >> who are in a security rather than IP admin or network >> ops role. >> Security as in for a seriously large provider. >> >> The other lack of progress - well, changing entrenched >> policies, >> or enforcing them beyond a point where the enforcer is >> reluctant >> to investigate (or is it "play police" according to the >> local >> meme) is as tough as it sounds. >> >> >> On Friday, July 5, 2013, Frank Gadegast wrote: >> >> Sascha Luck wrote: >> >> TTBOMK, as long as policy requirements are >> fulfilled >> there is no mandate to revoke resources. >> >> >> Any spammer on this list (think so, simply because >> of the lack of progress) ? >> >> * Im starting now a second carrier in renting all >> the IPv4 addresses left in our allocation exclusively >> to abusers and make a lot of money with it. >> Just make offers now. * >> >> Will surely put a working abuse contact email address >> in RIPEs db, that gets directed to /dev/null >> and have a correct postal address somewhere on >> a funny island ... >> >> And it looks like if nobody could ever do anything >> against it. >> >> The current regulations are simply slippery as >> an eel (like we say in Germany), no way >> to catch anybody responsible. Again, ridicolous ... >> >> >> Kind regards, Frank >> -- >> PHADE Software - PowerWeb http://www.powerweb.de >> Inh. Dipl.-Inform. Frank Gadegast >> mailto:frank at powerweb.de >> Schinkelstrasse 17 >> fon: +49 >> 33200 52920 >> 14558 Nuthetal OT Rehbruecke, Germany >> fax: +49 >> 33200 52921 >> >> ==============================**____==========================** >> ==__==__========== >> >> >> >> -- >> --srs (iPad) >> >> >> >> >> -- >> --srs (iPad) >> >> >> -- >> Kind regards, Elvis Velea >> >> > -- > Kind regards, Elvis Velea > -------------- next part -------------- An HTML attachment was scrubbed... URL: