From brian.nisbet at heanet.ie Tue Jun 3 18:12:49 2014 From: brian.nisbet at heanet.ie (Brian Nisbet) Date: Tue, 03 Jun 2014 17:12:49 +0100 Subject: [anti-abuse-wg] Working Group Charter, Draft 2 Message-ID: <538DF401.4050008@heanet.ie> Colleagues, Having taken on board a number of points, here is another draft of this. I think we've got the kinks knocked out, so to speak, or at least reached a point where rough consensus may be manageable. I'm going to set a deadline of 15:00 UTC +1 on Friday 6th June to end this round of discussions. Obviously if something needs to be discussed beyond that, it can, but we've been talking about this for a couple of weeks now. Importantly while I'd like some statements of support, silence, at this point, will be taken to indicate consent. Please see the draft below, Brian ********************************** As the Internet has evolved, so has the scope and scale of network abuse. Unsolicited bulk email (spam) is often merely a symptom of deeper abuse such as viruses or botnets. Consequently the Anti-Spam Working Group has a wide scope, to include all relevant kinds of abuse. The technical details of spam and other abuse constantly vary, in terms of application channel and technique. Channel examples include SMTP, SIP, XMPP and HTTP. Examples of techniques range from buffer overrun to social engineering. Within scope are all systems and mechanisms, both technical and non-technical, that are used to create, control, and make money from, such abuse. While areas such as hosting illegal content or copyright infringement are not seen as a central part of the working group's remit, they are unquestionably bound up in other aspects of network abuse and, as such, may be areas of interest. The working group considers both technical and non-technical aspects of abuse, with the following goals: Produce and continue to update a BCP (Best Common Practice) document for ISPs similar in nature to RIPE-409 but covering a wider range of possible abusive behaviours. Provide advice (beyond that of the BCP) to relevant parties within the RIPE region such as ISPs, Governments and Law Enforcement Agencies on strategic and operational matters. Discuss and disseminate information on technical and non-technical methods of preventing or reducing network abuse. From brian.nisbet at heanet.ie Tue Jun 3 22:12:51 2014 From: brian.nisbet at heanet.ie (Brian Nisbet) Date: Tue, 03 Jun 2014 21:12:51 +0100 Subject: [anti-abuse-wg] Working Group Charter, Draft 2 In-Reply-To: <538DF401.4050008@heanet.ie> References: <538DF401.4050008@heanet.ie> Message-ID: <26947912-661d-4544-8fad-b81abae29544@email.android.com> It's been pointed out to me (thanks Leo!), that the WG is called Anti-Spam below. This is a mistake, to clarify, we're still very much the Anti-Abuse WG. Brian On 3 June 2014 17:12:49 GMT+01:00, Brian Nisbet wrote: >Colleagues, > >Having taken on board a number of points, here is another draft of >this. >I think we've got the kinks knocked out, so to speak, or at least >reached a point where rough consensus may be manageable. I'm going to >set a deadline of 15:00 UTC +1 on Friday 6th June to end this round of >discussions. Obviously if something needs to be discussed beyond that, >it can, but we've been talking about this for a couple of weeks now. > >Importantly while I'd like some statements of support, silence, at this > >point, will be taken to indicate consent. > >Please see the draft below, > >Brian > >********************************** > >As the Internet has evolved, so has the scope and scale of network >abuse. Unsolicited bulk email (spam) is often merely a symptom of >deeper abuse such as viruses or botnets. Consequently the Anti-Spam >Working Group has a wide scope, to include all relevant kinds of abuse. > >The technical details of spam and other abuse constantly vary, in terms > >of application channel and technique. Channel examples include SMTP, >SIP, XMPP and HTTP. Examples of techniques range from buffer overrun >to >social engineering. > > Within scope are all systems and mechanisms, both technical and >non-technical, that are used to create, control, and make money from, >such abuse. > > While areas such as hosting illegal content or copyright >infringement are not seen as a central part of the working group's >remit, they are unquestionably bound up in other aspects of network >abuse and, as such, may be areas of interest. > >The working group considers both technical and non-technical aspects of > >abuse, with the following goals: > > Produce and continue to update a BCP (Best Common Practice) >document for ISPs similar in nature to RIPE-409 but covering a wider >range of possible abusive behaviours. > > Provide advice (beyond that of the BCP) to relevant parties >within the RIPE region such as ISPs, Governments and Law Enforcement >Agencies on strategic and operational matters. > > Discuss and disseminate information on technical and >non-technical methods of preventing or reducing network abuse. -- Brian Nisbet Network Operations Manager, HEAnet (Sent from a mobile device, apologies for brevity) -------------- next part -------------- An HTML attachment was scrubbed... URL: From michele at blacknight.com Wed Jun 4 13:19:02 2014 From: michele at blacknight.com (Michele Neylon - Blacknight) Date: Wed, 4 Jun 2014 11:19:02 +0000 Subject: [anti-abuse-wg] Working Group Charter, Draft 2 In-Reply-To: <538DF401.4050008@heanet.ie> References: <538DF401.4050008@heanet.ie> Message-ID: Looks good to me -- Mr Michele Neylon Blacknight Solutions Hosting & Colocation, Domains http://www.blacknight.co/ http://blog.blacknight.com/ http://www.technology.ie Intl. +353 (0) 59? 9183072 Direct Dial: +353 (0)59 9183090 Twitter: http://twitter.com/mneylon ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,Ireland? Company No.: 370845 -----Original Message----- From: anti-abuse-wg-bounces at ripe.net [mailto:anti-abuse-wg-bounces at ripe.net] On Behalf Of Brian Nisbet Sent: Tuesday, June 03, 2014 5:13 PM To: anti-abuse-wg at ripe.net Subject: [anti-abuse-wg] Working Group Charter, Draft 2 Colleagues, Having taken on board a number of points, here is another draft of this. I think we've got the kinks knocked out, so to speak, or at least reached a point where rough consensus may be manageable. I'm going to set a deadline of 15:00 UTC +1 on Friday 6th June to end this round of discussions. Obviously if something needs to be discussed beyond that, it can, but we've been talking about this for a couple of weeks now. Importantly while I'd like some statements of support, silence, at this point, will be taken to indicate consent. Please see the draft below, Brian ********************************** As the Internet has evolved, so has the scope and scale of network abuse. Unsolicited bulk email (spam) is often merely a symptom of deeper abuse such as viruses or botnets. Consequently the Anti-Spam Working Group has a wide scope, to include all relevant kinds of abuse. The technical details of spam and other abuse constantly vary, in terms of application channel and technique. Channel examples include SMTP, SIP, XMPP and HTTP. Examples of techniques range from buffer overrun to social engineering. Within scope are all systems and mechanisms, both technical and non-technical, that are used to create, control, and make money from, such abuse. While areas such as hosting illegal content or copyright infringement are not seen as a central part of the working group's remit, they are unquestionably bound up in other aspects of network abuse and, as such, may be areas of interest. The working group considers both technical and non-technical aspects of abuse, with the following goals: Produce and continue to update a BCP (Best Common Practice) document for ISPs similar in nature to RIPE-409 but covering a wider range of possible abusive behaviours. Provide advice (beyond that of the BCP) to relevant parties within the RIPE region such as ISPs, Governments and Law Enforcement Agencies on strategic and operational matters. Discuss and disseminate information on technical and non-technical methods of preventing or reducing network abuse. From mir at ripe.net Thu Jun 5 13:53:13 2014 From: mir at ripe.net (Mirjam Kuehne) Date: Thu, 05 Jun 2014 13:53:13 +0200 Subject: [anti-abuse-wg] New on RIPE Labs: SSH Intrusion Detection with SSHCure Message-ID: <53905A29.7090303@ripe.net> Dear colleagues, SSHCure is an SSH Intrusion Detection System that is capable of distinguishing successful from unsuccessful attacks, and thereby detecting actual compromises. It's been developed at the University of Twente. Please find more details in this new RIPE Labs article contributed by Luuk Hendriks: https://labs.ripe.net/Members/luuk_hendriks/sshcure-ssh-intrusion-detection-using-netflow-and-ipfix Kind regards, Mirjam Kuehne RIPE NCC From brian.nisbet at heanet.ie Fri Jun 6 17:42:24 2014 From: brian.nisbet at heanet.ie (Brian Nisbet) Date: Fri, 06 Jun 2014 16:42:24 +0100 Subject: [anti-abuse-wg] Working Group Charter, Draft 2 In-Reply-To: <538DF401.4050008@heanet.ie> References: <538DF401.4050008@heanet.ie> Message-ID: <5391E160.8010700@heanet.ie> Afternoon (in all of the service region at least), There have been no further comments, so I'm going to ask the NCC to update the http://www.ripe.net/ripe/groups/wg/anti-abuse page. Thanks for the various comments and discussions. Brian Brian Nisbet wrote the following on 03/06/2014 17:12: > Colleagues, > > Having taken on board a number of points, here is another draft of this. > I think we've got the kinks knocked out, so to speak, or at least > reached a point where rough consensus may be manageable. I'm going to > set a deadline of 15:00 UTC +1 on Friday 6th June to end this round of > discussions. Obviously if something needs to be discussed beyond that, > it can, but we've been talking about this for a couple of weeks now. > > Importantly while I'd like some statements of support, silence, at this > point, will be taken to indicate consent. > > Please see the draft below, > > Brian > > ********************************** > > As the Internet has evolved, so has the scope and scale of network > abuse. Unsolicited bulk email (spam) is often merely a symptom of > deeper abuse such as viruses or botnets. Consequently the Anti-Spam > Working Group has a wide scope, to include all relevant kinds of abuse. > > The technical details of spam and other abuse constantly vary, in terms > of application channel and technique. Channel examples include SMTP, > SIP, XMPP and HTTP. Examples of techniques range from buffer overrun to > social engineering. > > Within scope are all systems and mechanisms, both technical and > non-technical, that are used to create, control, and make money from, > such abuse. > > While areas such as hosting illegal content or copyright > infringement are not seen as a central part of the working group's > remit, they are unquestionably bound up in other aspects of network > abuse and, as such, may be areas of interest. > > The working group considers both technical and non-technical aspects of > abuse, with the following goals: > > Produce and continue to update a BCP (Best Common Practice) > document for ISPs similar in nature to RIPE-409 but covering a wider > range of possible abusive behaviours. > > Provide advice (beyond that of the BCP) to relevant parties > within the RIPE region such as ISPs, Governments and Law Enforcement > Agencies on strategic and operational matters. > > Discuss and disseminate information on technical and > non-technical methods of preventing or reducing network abuse. >