From brian.nisbet at heanet.ie Wed Mar 4 18:30:35 2015 From: brian.nisbet at heanet.ie (Brian Nisbet) Date: Wed, 04 Mar 2015 17:30:35 +0000 Subject: [anti-abuse-wg] Draft AA WG Minutes - RIPE 69 In-Reply-To: <54F445FE.5020503@ripe.net> References: <54F445FE.5020503@ripe.net> Message-ID: <54F7413B.905@heanet.ie> Colleagues, Here are the draft minutes from the AA-WG meeting at RIPE69. Could you please take a look and come back to me with any corrections on your part? Thanks, Brian --------- Anti-Abuse Working Group Draft Minutes - RIPE 69 Date: 5 November 2015, 14:00-15:30 Working Group Co-Chairs: Brian Nisbet, Tobias Knecht Scribe: Marco Hogewoning Status: Draft Brian Nisbet, WG co-chair, welcomed the attendees and apologised on behalf of Tobias Knecht who due to illness could not attend the session. A. Administrative Matters Brian apologised for the minutes of RIPE 68 being sent out late and asked the audience if there where any comments or additions. Alexander Isavin, NetLine, mentioned that the section on law enforcement agencies is missing from the minutes. Brian says he remembers the discussion and will look into the matter. He asked the working group to approve the session's agenda, which they did without further comments. B. Update - Brian Nisbet, AA Working Group Co-Chair Brian mentioned the charter was discussed in Warsaw and some follow up discussion took place in June. The new charter has been published on the website and Brian closed this action point. Brian introduced the procedure to select working group chairs and gave the working group some background on why this is needed. A draft text was sent to the mailing list and a version with some minor changes in wording was published on Tuesday evening. Brian highlighted the main elements of the proposal that the chairs will have a term, there will be no limit on the number of terms and each term will last for three years. There will be two or a maximum of three chairs for the working group and the decision on who will become chair preferably is made by consensus or alternatively by a secret ballot. Brian asked if there were any further comments and deferred the discussion back to the mailing list to come to a conclusion about this topic Sander Steffann raised his thumb. Brian pointed to a discussion the mailing list about AS Numbers and said that due to the recent number of emails he was not able to catch up.He suggested to leave the discussion on the mailing list as more people are likely to be behind on this topic. Brain mentioned that the RIPE NCC was already looking into some of the questions raised in the list and was expected to reply. He clarified the discussion has to do with the credentials supplied when an AS Number is requested and any allocations that have been revoked. C. Policies Brian mentioned that due to Tobias' illness they haven?t looked into the issue and mentioned that a conference call with the RIPE NCC has been planned in December to talk about this. D2: RIPE NCC anti-abuse outreach activities Mirjam Keuhne and Ivo Dijkhuis from the RIPE NCC presented about their outreach activity. A copy of the presentation is available at https://ripe69.ripe.net/presentations/116-SecurityUpdate4RIPE69.pdf Brian reminded Mirjam about an open action point for the RIPE NCC from Warsaw to send some more information to the list, which hadn?t happened yet. D3. RIPE NCC Governemnt/LEA Interactions Update Marco Hogewoning, RIPE NCC, gave a short update on the interactions with law enforcement and governments. An archived copy of Marco?s presentation is available at https://ripe69.ripe.net/archives/video/10140/ Coming back to Alexander Isavin?s earlier question about the minutes, Marco mentioned there is an open action point to provide more information about the LEA meetings. As there haven?t been any LEA meetings yet, this information was not published. Heather Schiller, ARIN, asked if the RIPE NCC published a report about the number of LEA enquiries they receive. Marco mentioned the RIPE NCC in 2012 and 2013 published a transparency report which is available on the website. Ruediger Volk, Deutsche Telekom, pointed out that the report does not list the level of access given to law enforcement agencies. Marco explains the information contained in the report and said that it not only provides the number of enquiries but also gives some information on where the are coming from and provides an overview of the nature and reason of declined requests. E2. Tor censorship countermeasures and how you can help Jurre van Bergen, Greenhost, presented about countermeasures to Tor censorship. A copy of the presentation is available at https://ripe69.ripe.net/presentations/112-tor-ripe69.pdf Erik Bais, A2B Networks, asked if he understood correctly that Jurre had set up a foundation for this and what kind of work was involved in running an exit node. Jurre clarified that the foundation was set up to maintain a dialogue with the law enforcement community and to actively assist them with warrants and subpoenas. He said they are happy to provide operators with training and help them to set up and suggested to take the discussion private. Brian Nisbet mentioned that research networks have two issues with running tor exit nodes. One being the acceptable use policy prohibiting ^a third party from using these networks for this purpose. The other being that the misconceptions about the Tor project might lead to questions from the governments who fund the research network. Jurre pointed out that majority of funding for the Tor project comes from governments. He explained they are using an IP block from a Dutch research institute, but as it was re-purposed they are not really using the research network. Sacha van Geffen, Greenhost, asked if the foundation was busy creating and publishing any best current practices. Jurre answered this is done and gave an example on controlling which ports can be used on a Tor exit node to limit certain services. Brian suggested to Jurre to share some of this information with the mailing list, especially the ones on abuse policy as they relate to the working group. E1. Impact of rom-0 vulnerability in SOHO routers Tomas Hlavacek, NIC.CZ, presented on the ROM vulnerability in routers, an archived copy of his presentation is available at https://ripe69.ripe.net/presentations/61-rom0-vuln.pdf Erik Bais, A2B Internet, asked if the holders of the IP addresses found in the research were notified about the issue. Tomas explained this was not done because people were not interested and the team chose to use mass media to create awareness. Erik suggested to have a chat about this as he had experience with cleaning up botnets and mailing owners might help. Elvis Valea, V4Escrow, asked if there was a list with vulnerable modems available. Tomas answered it is usually the cheaper brands but they would not disclose names as the manufacturers don?t like that. Elvis asked Tomas if they scanned the whole Internet. Tomas confirmed. Heather Schiller, Google, mentioned there are other groups looking into CPE vulnerabilities and it might help to share the data with them. Bruce van Nice, Nominum, asked if any work was done in profiling the resolvers to see which sites were abused. Tomas answered they found one doing Google and Facebook phishing. Marco Hogewoning, RIPE NCC, asked how many abuse reports came in after scanning the entire Internet. Tomas said he received three complaints. E3. DDoS as a service Jair Santanna, Universiteit Twente, presented on Booters: the DDoS as a Service phenomenon. An archived copy of his presentation can be found at https://ripe69.ripe.net/presentations/115-20141105_RIPE69_jjsantanna.pdf A member of the audience mentioned they did some investigation to Booters themselves and find out these often use commercial anti-DDoS protection services as Booters sites tend to attack themselves. He suggested to work with these companies to take the front-end offline. Jair said it is hard to find the evidence, but when they do these sites get taken offline by their providers. X. AOB Brian asked for any other business. Erik Bais mentioned he had noticed that after an IP transfer abuse reports get sent to the old IP address holder and that is a clear indication that people are not using the RIR whois databases and fail to update their own information in time. He said it also takes quite an effort to de-list transferred resources with blacklist operators. Brian asked for suggestions on how the working group can help to improve this. Erik responded that more information about transfers to the abuse community could help and offers to explain how a transfer is actually done. Another suggestion is to make it easier to prove a transfer is legitimate. Ruediger Volk suggested looking into the data flow from the RIPE NCC who administers the transfers to the parties who collect and distribute anti-abuse information. Elvis Valea mentions that they observed BGP hijacks taking place in the brief period a transfer takes place and the RIPE Database objects get deleted. Brian responded that they haven?t discussed BGP hijacks but this is worth looking into as it might require a policy change or change the way transfers are done. Brian Nisbet thanked the attendees for their participation and closed the session. From Jonathan.Gist at virginmedia.co.uk Fri Mar 13 16:18:17 2015 From: Jonathan.Gist at virginmedia.co.uk (Gist, Jonathan) Date: Fri, 13 Mar 2015 15:18:17 +0000 Subject: [anti-abuse-wg] Abuse-C attributes - required e-mail address contact method. Message-ID: <7A20203ABF99B841B3EB003ECF217784449696C6@WB2-MBX-P0002.systems.private> Hello, The RIPE policy around the abuse-c attribute requires the presence of an e-mail address, which is asked to be used by subscribers wishing to report abuse incidents. This contact method is resource intensive and Virgin Media would like to propose a change to the policy to remove the requirement for an e-mail address contact field. Virgin Media would like to specify virginmedia.com/netreport (a web-form that feeds an abuse case management system) in the abuse attribute to ensure that we are able to properly manage and prioritise abuse complaints. If we have the web-form listed as the abuse contact we are able to maximise appropriate abuse handling measures to prevent misuse of our network and thereby ensure an optimum experience for all complainants. Is this a view that is help by others? Thanks & regards Jonathan Gist Jonathan Gist | Engineering Support & IP Address Management Virgin Media | Fountain Court, St Mellons, Cardiff, CF3 0FB M 07866 722641 -------------------------------------------------------------------- Save Paper - Do you really need to print this e-mail? Visit www.virginmedia.com for more information, and more fun. This email and any attachments are or may be confidential and legally privileged and are sent solely for the attention of the addressee(s). If you have received this email in error, please delete it from your system: its use, disclosure or copying is unauthorised. Statements and opinions expressed in this email may not represent those of Virgin Media. Any representations or commitments in this email are subject to contract. Registered office: Media House, Bartley Wood Business Park, Hook, Hampshire, RG27 9UP Registered in England and Wales with number 2591237 -------------- next part -------------- An HTML attachment was scrubbed... URL: From ops.lists at gmail.com Fri Mar 13 16:43:02 2015 From: ops.lists at gmail.com (Suresh Ramasubramanian) Date: Fri, 13 Mar 2015 21:13:02 +0530 Subject: [anti-abuse-wg] Abuse-C attributes - required e-mail address contact method. In-Reply-To: <7A20203ABF99B841B3EB003ECF217784449696C6@WB2-MBX-P0002.systems.private> References: <7A20203ABF99B841B3EB003ECF217784449696C6@WB2-MBX-P0002.systems.private> Message-ID: Not exactly a best practice. There are several best practices M3AAWG has worked on to efficiently manage abuse desk email tickets, you might try those. In any case most abuse complaints come in through feedback loops. Manual abuse complaints are few and far between, comparatively speaking. On Mar 13, 2015 9:07 PM, "Gist, Jonathan" wrote: > Hello, > > > > The RIPE policy around the abuse-c attribute requires the presence of an > e-mail address, which is asked to be used by subscribers wishing to report > abuse incidents. This contact method is resource intensive and Virgin Media > would like to propose a change to the policy to remove the requirement for > an e-mail address contact field. > > > > Virgin Media would like to specify virginmedia.com/netreport (a web-form > that feeds an abuse case management system) in the abuse attribute to > ensure that we are able to properly manage and prioritise abuse > complaints. If we have the web-form listed as the abuse contact we are > able to maximise appropriate abuse handling measures to prevent misuse of > our network and thereby ensure an optimum experience for all complainants. > > > > Is this a view that is help by others? > > > > Thanks & regards > > > > Jonathan Gist > > Jonathan Gist | Engineering Support & IP Address Management > *Virgin Media* |* Fountain Court, St Mellons, Cardiff, CF3 0FB* > M 07866 722641 > > > > > -------------------------------------------------------------------- > Save Paper - Do you really need to print this e-mail? > > Visit www.virginmedia.com for more information, and more fun. > > This email and any attachments are or may be confidential and legally > privileged > and are sent solely for the attention of the addressee(s). If you have > received this > email in error, please delete it from your system: its use, disclosure or > copying is > unauthorised. Statements and opinions expressed in this email may not > represent > those of Virgin Media. Any representations or commitments in this email are > subject to contract. > > Registered office: Media House, Bartley Wood Business Park, Hook, > Hampshire, RG27 9UP > Registered in England and Wales with number 2591237 > -------------- next part -------------- An HTML attachment was scrubbed... URL: From bart at bit.nl Fri Mar 13 16:51:23 2015 From: bart at bit.nl (Bart Vrancken) Date: Fri, 13 Mar 2015 16:51:23 +0100 Subject: [anti-abuse-wg] Abuse-C attributes - required e-mail address contact method. In-Reply-To: <7A20203ABF99B841B3EB003ECF217784449696C6@WB2-MBX-P0002.systems.private> References: <7A20203ABF99B841B3EB003ECF217784449696C6@WB2-MBX-P0002.systems.private> Message-ID: <5503077B.5000405@bit.nl> Hi, > Virgin Media would like to specify virginmedia.com/netreport (a web-form > that feeds an abuse case management system) in the abuse attribute to > ensure that we are able to properly manage and prioritise abuse > complaints. If we have the web-form listed as the abuse contact we are > able to maximise appropriate abuse handling measures to prevent misuse > of our network and thereby ensure an optimum experience for all > complainants. But how would 'automated systems' then contact Virgin? I do not mind adding a TXT field, but i would still want to keep the e-mail address as a required field. Filling in a form for abuse would (for me) adds a reason not to send it, as its mostly more hassle then its worth Also some reporters like to be anonymous with their e-mail accounts. -- Met vriendelijke groet, Bart Vrancken, Engineer BIT BV | bart at bit.nl | +31 318 648688 Kvk: 09090351 | CROS-RIPE | GPG 3A99BD6E -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 259 bytes Desc: OpenPGP digital signature URL: From bart at bit.nl Fri Mar 13 16:47:59 2015 From: bart at bit.nl (Bart Vrancken) Date: Fri, 13 Mar 2015 16:47:59 +0100 Subject: [anti-abuse-wg] Abuse-C attributes - required e-mail address contact method. In-Reply-To: <7A20203ABF99B841B3EB003ECF217784449696C6@WB2-MBX-P0002.systems.private> References: <7A20203ABF99B841B3EB003ECF217784449696C6@WB2-MBX-P0002.systems.private> Message-ID: <550306AF.4010509@bit.nl> Hi, > Virgin Media would like to specify virginmedia.com/netreport (a web-form > that feeds an abuse case management system) in the abuse attribute to > ensure that we are able to properly manage and prioritise abuse > complaints. If we have the web-form listed as the abuse contact we are > able to maximise appropriate abuse handling measures to prevent misuse > of our network and thereby ensure an optimum experience for all > complainants. But how would 'automated systems' then contact Virgin? I do not mind adding a TXT field, but i would still want to keep the e-mail address as a required field. Filling in a form for abuse would (for me) adds a reason not to send it, as its mostly more hassle then its worth ;) Also some reporters like to be anonymous with their e-mail accounts. -- Met vriendelijke groet, Bart Vrancken, Engineer BIT BV | bart at bit.nl | +31 318 648688 Kvk: 09090351 | CROS-RIPE | GPG 3A99BD6E -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 259 bytes Desc: OpenPGP digital signature URL: From gert at space.net Fri Mar 13 17:03:25 2015 From: gert at space.net (Gert Doering) Date: Fri, 13 Mar 2015 17:03:25 +0100 Subject: [anti-abuse-wg] Abuse-C attributes - required e-mail address contact method. In-Reply-To: <7A20203ABF99B841B3EB003ECF217784449696C6@WB2-MBX-P0002.systems.private> References: <7A20203ABF99B841B3EB003ECF217784449696C6@WB2-MBX-P0002.systems.private> Message-ID: <20150313160325.GJ54385@Space.Net> Hi, On Fri, Mar 13, 2015 at 03:18:17PM +0000, Gist, Jonathan wrote: > The RIPE policy around the abuse-c attribute requires the presence of an e-mail address, which is asked to be used by subscribers wishing to report abuse incidents. This contact method is resource intensive and Virgin Media would like to propose a change to the policy to remove the requirement for an e-mail address contact field. > > > Virgin Media would like to specify virginmedia.com/netreport (a web-form that feeds an abuse case management system) I would not support such a change, at least not without a *well defined* format for such web forms. On the reporting side of abuse, it is just way too much work to figure out how particular ISPs expect to receive abuse reports, offloading half the work of abuse handling to the reporter. (I report quite a lot of abuse, but I refuse to do anything but e-mail, because it is just too much work for me - it's your customers, they are giving *you* money, their abuse should not cost *me* extra time). Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 811 bytes Desc: not available URL: From kjz at gmx.net Fri Mar 13 18:01:32 2015 From: kjz at gmx.net (Karl-Josef Ziegler) Date: Fri, 13 Mar 2015 18:01:32 +0100 Subject: [anti-abuse-wg] anti-abuse-wg Digest, Vol 41, Issue 2 Message-ID: > Virgin Media would like to specify virginmedia.com/netreport (a > web-form that feeds an abuse case management system) in the abuse > attribute to ensure that we are able to properly manage and > prioritise abuse complaints. If we have the web-form listed as the > abuse contact we are able to maximise appropriate abuse handling > measures to prevent misuse of our network and thereby ensure an > optimum experience for all complainants. I also don't support this proposal because filling (maybe also a different form for each ISP) webforms correctly is a tedious work and only transfers parts of the workload from abuse desk to the reporter. But the reporter is not responsible for the abuse; responsibility lies with the ISP so the workload must be done there. Best regards, - Karl-Josef Ziegler From peter at hk.ipsec.se Fri Mar 13 18:21:33 2015 From: peter at hk.ipsec.se (peter h) Date: Fri, 13 Mar 2015 18:21:33 +0100 Subject: [anti-abuse-wg] Abuse-C attributes - required e-mail address contact method. In-Reply-To: <7A20203ABF99B841B3EB003ECF217784449696C6@WB2-MBX-P0002.systems.private> References: <7A20203ABF99B841B3EB003ECF217784449696C6@WB2-MBX-P0002.systems.private> Message-ID: <201503131821.34010.peter@hk.ipsec.se> On Friday 13 March 2015 16.18, Gist, Jonathan wrote: > Hello, > > The RIPE policy around the abuse-c attribute requires the presence of an e-mail address, which is asked to be used by subscribers wishing to report abuse incidents. This contact method is resource intensive and Virgin Media would like to propose a change to the policy to remove the requirement for an e-mail address contact field. > > > Virgin Media would like to specify virginmedia.com/netreport (a web-form that feeds an abuse case management system) in the abuse attribute to ensure that we are able to properly manage and prioritise abuse complaints. If we have the web-form listed as the abuse contact we are able to maximise appropriate abuse handling measures to prevent misuse of our network and thereby ensure an optimum experience for all complainants. > Request denied! It costs money to deal with abuse complains, that is true. But to save some of this Virgin could do : - reduce spam and fishing from virgin addresses - effectivly hunt down and cut off abusing customer. As regards to cost of running an abusedesk; thats part of the business. If virgin want to save money, then they should sell the Internet activities and start ( coillecting stamps ?) Running any form of business requires responsibility. An functioning abusedesk is one function of an Internet provider. My 5c > > > Is this a view that is help by others? > > > > Thanks & regards > > > > Jonathan Gist > Jonathan Gist | Engineering Support & IP Address Management > Virgin Media | Fountain Court, St Mellons, Cardiff, CF3 0FB > M 07866 722641 > > > -------------------------------------------------------------------- > Save Paper - Do you really need to print this e-mail? > > Visit www.virginmedia.com for more information, and more fun. > > This email and any attachments are or may be confidential and legally privileged > and are sent solely for the attention of the addressee(s). If you have received this > email in error, please delete it from your system: its use, disclosure or copying is > unauthorised. Statements and opinions expressed in this email may not represent > those of Virgin Media. Any representations or commitments in this email are > subject to contract. > > Registered office: Media House, Bartley Wood Business Park, Hook, Hampshire, RG27 9UP > Registered in England and Wales with number 2591237 > -- Peter H?kanson There's never money to do it right, but always money to do it again ... and again ... and again ... and again. ( Det ?r billigare att g?ra r?tt. Det ?r dyrt att laga fel. ) From andre at ox.co.za Sat Mar 14 07:35:27 2015 From: andre at ox.co.za (andre at ox.co.za) Date: Sat, 14 Mar 2015 08:35:27 +0200 Subject: [anti-abuse-wg] Abuse-C attributes - required e-mail address contact method. In-Reply-To: <20150313160325.GJ54385@Space.Net> References: <7A20203ABF99B841B3EB003ECF217784449696C6@WB2-MBX-P0002.systems.private> <20150313160325.GJ54385@Space.Net> Message-ID: On Fri, 13 Mar 2015 17:03:25 +0100 Gert Doering wrote: > On Fri, Mar 13, 2015 at 03:18:17PM +0000, Gist, Jonathan wrote: > > The RIPE policy around the abuse-c attribute requires the presence > > of an e-mail address, which is asked to be used by subscribers > > wishing to report abuse incidents. This contact method is resource > > intensive and Virgin Media would like to propose a change to the > > policy to remove the requirement for an e-mail address contact > > field. > > Virgin Media would like to specify virginmedia.com/netreport (a > > web-form that feeds an abuse case management system) >> > I would not support such a change, at least not without a *well > defined* format for such web forms. > On the reporting side of abuse, it is just way too much work to > figure out how particular ISPs expect to receive abuse reports, > offloading half the work of abuse handling to the reporter. > (I report quite a lot of abuse, but I refuse to do anything but > e-mail, because it is just too much work for me - it's your > customers, they are giving *you* money, their abuse should not cost > *me* extra time). > Gert Doering +1 Certain types of ISP's wish to reduce their costs of flooding the Internet. If they can force you to have to jump through their website hoops, they can make it so challenging and difficult to report their abuse, that it will become impossible. Just to define an acceptable standard for any such web reporting system would be an immense challenge in itself. Email is simply the easiest and most direct way to communicate and to receive notice of abuse complaints. Possibly I may be bold and suggest that virginmedia rather installs an email ticketing system and allocates resources to managing their abuse complaints than attempting to propose solutions that are divisive and non productive. my 2c (we have high inflation so 1c just does not cut it any longer...) ac From tkraft at cyscon.de Sat Mar 14 08:40:03 2015 From: tkraft at cyscon.de (Thorsten) Date: Sat, 14 Mar 2015 08:40:03 +0100 Subject: [anti-abuse-wg] Abuse-C attributes - required e-mail address contact method. In-Reply-To: <20150314070757.017E1E040F1@shared01.dedicatehome.net> References: <7A20203ABF99B841B3EB003ECF217784449696C6@WB2-MBX-P0002.systems.private> <20150313160325.GJ54385@Space.Net> <20150314070757.017E1E040F1@shared01.dedicatehome.net> Message-ID: > Am 14.03.2015 um 07:35 schrieb andre at ox.co.za: > > On Fri, 13 Mar 2015 17:03:25 +0100 > Gert Doering wrote: >> On Fri, Mar 13, 2015 at 03:18:17PM +0000, Gist, Jonathan wrote: >>> The RIPE policy around the abuse-c attribute requires the presence >>> of an e-mail address, which is asked to be used by subscribers >>> wishing to report abuse incidents. This contact method is resource >>> intensive and Virgin Media would like to propose a change to the >>> policy to remove the requirement for an e-mail address contact >>> field. >>> Virgin Media would like to specify virginmedia.com/netreport (a >>> web-form that feeds an abuse case management system) I would support an *additional field* for ?abuse-webform? in the abuse-c attributes, to ensure that *manual reports* contain everything what is needed for an ISP to act on, beside the "abuse-mailbox? for automated (e.g. X-ARF complaints). But not in the fashion that it is getting the ?single point of contact?. >> I would not support such a change, at least not without a *well >> defined* format for such web forms. For companies like us, reporting out thousands of abuse-reports (phishing sites, malware complaints, etc.) per day, webforms are making it impossible to report abuse. >> On the reporting side of abuse, it is just way too much work to >> figure out how particular ISPs expect to receive abuse reports, >> offloading half the work of abuse handling to the reporter. >> (I report quite a lot of abuse, but I refuse to do anything but >> e-mail, because it is just too much work for me - it's your >> customers, they are giving *you* money, their abuse should not cost >> *me* extra time). Exactly! Rgds, Thorsten From wiegert at telus.net Sat Mar 14 18:57:11 2015 From: wiegert at telus.net (Arnold) Date: Sat, 14 Mar 2015 10:57:11 -0700 Subject: [anti-abuse-wg] Abuse-C attributes - required e-mail address contact method. In-Reply-To: <20150313160325.GJ54385@Space.Net> References: <7A20203ABF99B841B3EB003ECF217784449696C6@WB2-MBX-P0002.systems.private> <20150313160325.GJ54385@Space.Net> Message-ID: <55047677.4050800@telus.net> On 3/13/2015 11:35 PM, andre at ox.co.za wrote: > On Fri, 13 Mar 2015 17:03:25 +0100 > Gert Doering wrote: >> On Fri, Mar 13, 2015 at 03:18:17PM +0000, Gist, Jonathan wrote: >>> The RIPE policy around the abuse-c attribute requires the presence >>> of an e-mail address, which is asked to be used by subscribers >>> wishing to report abuse incidents. This contact method is resource >>> intensive and Virgin Media would like to propose a change to the >>> policy to remove the requirement for an e-mail address contact >>> field. >>> Virgin Media would like to specify virginmedia.com/netreport (a >>> web-form that feeds an abuse case management system) >>> >> I would not support such a change, at least not without a *well >> defined* format for such web forms. >> On the reporting side of abuse, it is just way too much work to >> figure out how particular ISPs expect to receive abuse reports, >> offloading half the work of abuse handling to the reporter. >> (I report quite a lot of abuse, but I refuse to do anything but >> e-mail, because it is just too much work for me - it's your >> customers, they are giving *you* money, their abuse should not cost >> *me* extra time). >> Gert Doering +5 Arnold > +1 > > Certain types of ISP's wish to reduce their costs of flooding the > Internet. If they can force you to have to jump through their website > hoops, they can make it so challenging and difficult to report their > abuse, that it will become impossible. > > Just to define an acceptable standard for any such web reporting > system would be an immense challenge in itself. > > Email is simply the easiest and most direct way to communicate > and to receive notice of abuse complaints. > > Possibly I may be bold and suggest that virginmedia rather installs > an email ticketing system and allocates resources to managing their > abuse complaints than attempting to propose solutions that > are divisive and non productive. > > my 2c (we have high inflation so 1c just does not cut it any longer...) > > ac > > > > From rfg at tristatelogic.com Tue Mar 17 01:42:37 2015 From: rfg at tristatelogic.com (Ronald F. Guilmette) Date: Mon, 16 Mar 2015 17:42:37 -0700 Subject: [anti-abuse-wg] Abuse-C attributes - required e-mail address contact method. Message-ID: <35727.1426552957@server1.tristatelogic.com> My two cents... The person/company who proposed this proposal used the word "complainant" to refer to someone (anyone) attempting to report a case of network abuse to its source network administrators. Personally, speaking only for myself, I object to being called a "complainant" or a "complainer", e.g. when I attempt to do the decent thing and take up _my_ valuable time to notify responsible (?) network administrators about something I feel that they themselves may want to know about, and indeed should want to know about. Of course, the Powers That Be at many networks ... the bean counters and the higher level managers... often view _any_ communication with any party other than a paying customer as a waste of time and money, and thus, the personel underneath these folks inevitably come to develop an "us versus them" attitude which leads inevitably to viewing reports generated by outsiders, aka non-paying customers, as "complaints" and the senders as "complainers" whose only (or primary) goal is to cost the receiving company time and money, rather than the opposite, i.e. attempting to _help_ the receiving company. I would argue that it is this bean counter attitute that has itself given rise to most of the abuse on the Internet, i.e. in the time since the broad commercialization of the net in the mid 1990's. If you view receiving, understanding, and acting upon notifications of bad behavior occuring on your network as nothing other than a non-profit-generating cost sink, then you are entirely less likely to ever actually *do* anything about such reports. And when you don't, the word goes out among the bad guy communities on the Internet, and your network ends up being the source of ever more network abuse. This is just the (Darwinian) way things are. Opportunistic leeches abound. If given safe homes, they and their activities proliferate. I generally expend a good deal of time and effort writing up any abuse report I send. (Note that I say "report" not "complaint".) There are plenty of ways that various networks have dreamed up to avoid reading these "complaints", i.e. because they don't immediately or obviously generate any instantaneous revenue or profits for the receipient networks. The simplest method to avoid spending any non-profit-generating company man hours on reading abuse reports is just to alias abuse at network to /dev/null. If Virgin feels that reading incoming e-mail reports is not worth their time, then I respectfully suggest that they simply enter devnull at example.com into the abuse contact e-mail address fields for all of their relevant RIPE database records. This will be maximally efficient for all concerned. (There really is no more efficient way for Virgin to process all of their incoming "complaints". And since they _are_ clearly concerned about the efficiency of this process, that would seem to be ttheir best solution.) Regards, rfg From peter at hk.ipsec.se Tue Mar 17 07:39:22 2015 From: peter at hk.ipsec.se (peter h) Date: Tue, 17 Mar 2015 07:39:22 +0100 Subject: [anti-abuse-wg] Abuse-C attributes - required e-mail address contact method. In-Reply-To: <35727.1426552957@server1.tristatelogic.com> References: <35727.1426552957@server1.tristatelogic.com> Message-ID: <201503170739.23422.peter@hk.ipsec.se> On Tuesday 17 March 2015 01.42, Ronald F. Guilmette wrote: > > My two cents... > > The person/company who proposed this proposal used the word "complainant" > to refer to someone (anyone) attempting to report a case of network > abuse to its source network administrators. > > Personally, speaking only for myself, I object to being called a > "complainant" or a "complainer", e.g. when I attempt to do the decent > thing and take up _my_ valuable time to notify responsible (?) network > administrators about something I feel that they themselves may want > to know about, and indeed should want to know about. > > Of course, the Powers That Be at many networks ... the bean counters > and the higher level managers... often view _any_ communication with > any party other than a paying customer as a waste of time and money, > and thus, the personel underneath these folks inevitably come to > develop an "us versus them" attitude which leads inevitably to viewing > reports generated by outsiders, aka non-paying customers, as "complaints" > and the senders as "complainers" whose only (or primary) goal is to > cost the receiving company time and money, rather than the opposite, > i.e. attempting to _help_ the receiving company. > > I would argue that it is this bean counter attitute that has itself > given rise to most of the abuse on the Internet, i.e. in the time since > the broad commercialization of the net in the mid 1990's. > > If you view receiving, understanding, and acting upon notifications > of bad behavior occuring on your network as nothing other than a > non-profit-generating cost sink, then you are entirely less likely to > ever actually *do* anything about such reports. And when you don't, > the word goes out among the bad guy communities on the Internet, and > your network ends up being the source of ever more network abuse. > This is just the (Darwinian) way things are. Opportunistic leeches > abound. If given safe homes, they and their activities proliferate. > > I generally expend a good deal of time and effort writing up any abuse > report I send. (Note that I say "report" not "complaint".) There are > plenty of ways that various networks have dreamed up to avoid reading > these "complaints", i.e. because they don't immediately or obviously > generate any instantaneous revenue or profits for the receipient networks. > The simplest method to avoid spending any non-profit-generating company > man hours on reading abuse reports is just to alias abuse at network to > /dev/null. If Virgin feels that reading incoming e-mail reports is not > worth their time, then I respectfully suggest that they simply enter > devnull at example.com into the abuse contact e-mail address fields for > all of their relevant RIPE database records. This will be maximally > efficient for all concerned. (There really is no more efficient way > for Virgin to process all of their incoming "complaints". And since they > _are_ clearly concerned about the efficiency of this process, that would > seem to be ttheir best solution.) > > > Regards, > rfg > > Wonderful ! A masterpiece ! Well formulated, well written and ON THE SPOT ! Thanks -- Peter H?kanson There's never money to do it right, but always money to do it again ... and again ... and again ... and again. ( Det ?r billigare att g?ra r?tt. Det ?r dyrt att laga fel. ) From furio+as at spin.it Tue Mar 17 12:17:46 2015 From: furio+as at spin.it (furio ercolessi) Date: Tue, 17 Mar 2015 12:17:46 +0100 Subject: [anti-abuse-wg] Abuse-C attributes - required e-mail address contact method. In-Reply-To: <201503170739.23422.peter@hk.ipsec.se> References: <35727.1426552957@server1.tristatelogic.com> <201503170739.23422.peter@hk.ipsec.se> Message-ID: <20150317111746.GA5971@spin.it> On Tue, Mar 17, 2015 at 07:39:22AM +0100, peter h wrote: > On Tuesday 17 March 2015 01.42, Ronald F. Guilmette wrote: > > > > My two cents... > > [...] > Wonderful ! A masterpiece ! Well formulated, well written and ON THE SPOT ! I agree fully. My two cents: There are feedback loops from large places and SpamCop, that should account for the overwhelming majority of reports, and there are isolated reports from net citizens. The flows from the feedback loop places have a lower quality of individual reports (high fraction of "mail that i do not want" that is not really spam) but their strength is the volume, they have a fixed format and so processing of those reports should be easy to automate - they do not need to enter the queue of mails inspected manually. I believe that there are products for abuse desks on the market that do these splittings already. It is a known fact that very few people nowadays take the time to send reports manually. It is also a known fact that spammers have learnt about the effects of feedback loops and plan their activity accordingly. So, for instance, they have a vision of the world which is something like World = { Gmail, Hotmail/Office365/WindowsLive, Yahoo, General Internet } and they develop an independent delivery strategy for each category. So, those flows of reports are likely to be different. An IP hitting Yahoo at some point in time is not necessarily hitting also the "General Internet" at the same time, etc. Most people here work in the "General Internet" realm. The big places tend to have their own teams and resources, and their defense strategies are not well known and often kept opaque for obvious reasons. In contrast, the "General Internet" is more open, and for the spammers it is a dangerous territory. Some spammers avoid it completely, concentrating only on the big platforms. Other spammers spend a lot of efforts to identify the traps used by major blocking list services and avoid them, forcing those services to take measures to prevent easy trap detection. Some of these spammers (mostly of the 'snowshoe' category) seem to have some success in these endeavours - thanks to the negative feedback of hundreds or thousands of terminations! - and manage to survive at ISPs for longer times through avoidance of known traps. The "General Internet" does not have many feedback loops, and therefore reports from users there - particularly experienced users that invest time in composing their reports - should be taken as PURE GOLD, because they provide independent informations on the "tiny" subset of the Internet mail recipients which is not hosted on the big platforms and that is defended mostly through an open community effort, but also because they often offer a viewpoint of the Internet that nobody else has. These efforts very often results in spam operations brought down, with benefits for the large platforms too (this is why spammers consider dangerous the "General Internet"!). So, every effort should be made to make life _easier_ for this almost estinct species - the abuse reporters - because their diversity is one of our biggest assets. furio From Woeber at CC.UniVie.ac.at Tue Mar 17 19:51:12 2015 From: Woeber at CC.UniVie.ac.at (Wilfried Woeber) Date: Tue, 17 Mar 2015 19:51:12 +0100 Subject: [anti-abuse-wg] Abuse-C attributes - required e-mail address contact method. In-Reply-To: <7A20203ABF99B841B3EB003ECF217784449696C6@WB2-MBX-P0002.systems.private> References: <7A20203ABF99B841B3EB003ECF217784449696C6@WB2-MBX-P0002.systems.private> Message-ID: <550877A0.4050109@CC.UniVie.ac.at> Gist, Jonathan wrote: > Hello, [...] > Is this a view that is help by others? Definitely *not* by me. -Wilfried. > Thanks & regards > > > > Jonathan Gist > > Jonathan Gist | Engineering Support & IP Address Management > *Virgin Media* |* Fountain Court, St Mellons, Cardiff, CF3 0FB* > M 07866 722641 From rfg at tristatelogic.com Wed Mar 18 02:02:24 2015 From: rfg at tristatelogic.com (Ronald F. Guilmette) Date: Tue, 17 Mar 2015 18:02:24 -0700 Subject: [anti-abuse-wg] Abuse-C attributes - required e-mail address contact method. In-Reply-To: <20150317111746.GA5971@spin.it> Message-ID: <31816.1426640544@server1.tristatelogic.com> In message <20150317111746.GA5971 at spin.it>, furio ercolessi wrote: >... The flows from the feedback loop places have a >lower quality of individual reports (high fraction of "mail that i do >not want" that is not really spam) but their strength is the volume, >they have a fixed format and so processing of those reports should be >easy to automate - they do not need to enter the queue of mails inspected >manually. I believe that there are products for abuse desks on the market >that do these splittings already. I would just add that the separation Furio just described should be quite trivial for pretty much anyone with even minimal experience with, for example, Procmail, or even bash or awk or grep to automate locally, e.g. based on the e-mail source information (e.g. envelope sender address). There's no real need to go outside and purchase a "separator" tool. However _parsing_ the various formats of feedback loop e-mails is a different matter. Regards, rfg From jogi at mur.at Wed Mar 18 11:10:35 2015 From: jogi at mur.at (=?UTF-8?B?Sm9naSBIb2Ztw7xsbGVy?=) Date: Wed, 18 Mar 2015 11:10:35 +0100 Subject: [anti-abuse-wg] Abuse-C attributes - required e-mail address contact method. In-Reply-To: <7A20203ABF99B841B3EB003ECF217784449696C6@WB2-MBX-P0002.systems.private> References: <7A20203ABF99B841B3EB003ECF217784449696C6@WB2-MBX-P0002.systems.private> Message-ID: <55094F1B.2070807@mur.at> Am 2015-03-13 um 16:18 schrieb Gist, Jonathan: > Is this a view that is help by others? Not by me. Just feed email to your system ... -- j.hofm?ller Optimism doesn't alter the laws of physics. - Subcommander T'Pol -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 213 bytes Desc: OpenPGP digital signature URL: From bart at bit.nl Wed Mar 18 12:05:30 2015 From: bart at bit.nl (Bart Vrancken) Date: Wed, 18 Mar 2015 12:05:30 +0100 Subject: [anti-abuse-wg] Introduction and the AbuseIO project Message-ID: <55095BFA.7060909@bit.nl> Hello AA-WG peoples, I am new to this workgroup so let me start by introducing myself: I am Bart Vrancken, Engineer at a Dutch ISP BIT. Next to the normal day-day work i handle most of the abuse sent by notifiers. For a while now i am also part at the Abuse-NL workgroup. On IRC i can be found under the names CrossWire or Kruisdraad. Outside office hours (who can call it spare time these days ...) i spent my time with my two daughters and volunteer with the dutch 'coastguard' service. Since 2009 i have been working on a tool to manage the abuse flow, and recently started the Open Source AbuseIO (https://abuse.io) project so anyone could benefit from it. For the ISP/Hosters that still manually process their abuse it might be interesting to have a look at it ;) I'll be at the RIPE-70 meeting to shake some hands ;) -- Met vriendelijke groet, Bart Vrancken, Engineer BIT BV | bart at bit.nl | +31 318 648688 Kvk: 09090351 | CROS-RIPE | GPG 3A99BD6E -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 259 bytes Desc: OpenPGP digital signature URL: From bart at bit.nl Wed Mar 18 14:21:28 2015 From: bart at bit.nl (Bart Vrancken) Date: Wed, 18 Mar 2015 14:21:28 +0100 Subject: [anti-abuse-wg] Introduction and the AbuseIO project In-Reply-To: <1426683395.27582.7.camel@extraterrestrialmail.com> References: <55095BFA.7060909@bit.nl> <1426683395.27582.7.camel@extraterrestrialmail.com> Message-ID: <55097BD8.1080505@bit.nl> Hi Sumon, > How could you intergrate with xortify.com (fortify dot com).. the > browsing interface is a bit sick after moving to amazon but all the > API's work.. I haven't heard about xortify, but AbuseIO is modulair. We use both parser modules (that handle incoming e-mails) and collector modules (that do external requests, e.g. RBL scans). In general its fairly easy to implement addons for any feed thats provides abuse information. I'll have a look into it, but the website is not really loading well for me. -- Met vriendelijke groet, Bart Vrancken, Engineer BIT BV | bart at bit.nl | +31 318 648688 Kvk: 09090351 | CROS-RIPE | GPG 3A99BD6E -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 259 bytes Desc: OpenPGP digital signature URL: From leshy at extraterrestrialmail.com Wed Mar 18 13:56:35 2015 From: leshy at extraterrestrialmail.com (Simon Antony Roberts) Date: Wed, 18 Mar 2015 23:56:35 +1100 Subject: [anti-abuse-wg] Introduction and the AbuseIO project In-Reply-To: <55095BFA.7060909@bit.nl> References: <55095BFA.7060909@bit.nl> Message-ID: <1426683395.27582.7.camel@extraterrestrialmail.com> How could you intergrate with xortify.com (fortify dot com).. the browsing interface is a bit sick after moving to amazon but all the API's work.. On Wed, 2015-03-18 at 12:05 +0100, Bart Vrancken wrote: > Hello AA-WG peoples, > > I am new to this workgroup so let me start by introducing myself: I am > Bart Vrancken, Engineer at a Dutch ISP BIT. Next to the normal day-day > work i handle most of the abuse sent by notifiers. For a while now i am > also part at the Abuse-NL workgroup. On IRC i can be found under the > names CrossWire or Kruisdraad. Outside office hours (who can call it > spare time these days ...) i spent my time with my two daughters and > volunteer with the dutch 'coastguard' service. > > Since 2009 i have been working on a tool to manage the abuse flow, and > recently started the Open Source AbuseIO (https://abuse.io) project so > anyone could benefit from it. For the ISP/Hosters that still manually > process their abuse it might be interesting to have a look at it ;) > > I'll be at the RIPE-70 meeting to shake some hands ;) > From leshy at extraterrestrialmail.com Wed Mar 18 15:07:43 2015 From: leshy at extraterrestrialmail.com (Simon Antony Roberts) Date: Thu, 19 Mar 2015 01:07:43 +1100 Subject: [anti-abuse-wg] Introduction and the AbuseIO project In-Reply-To: <55097BD8.1080505@bit.nl> References: <55095BFA.7060909@bit.nl> <1426683395.27582.7.camel@extraterrestrialmail.com> <55097BD8.1080505@bit.nl> Message-ID: <1426687663.27582.11.camel@extraterrestrialmail.com> Xortify.com yeah I have to work on the theme and the White Screen of Death something was riding the physics of my link again, I am waiting for my sallitte hidden off the books other IT Programmer to rebuild it so I can continue, I just know physics and using cause to do effect. Well If you have any bans, take them out on it, all the API are working you can refer to the API documents etc. on http://sourceforge.com/projects/xortify If you could make someway I can lodge there abuse notices we send on a ban, also too AbuseIO so they can be introduced to it, that would be kewl, it would pass you some focus as well.. Simon::Leshy On Wed, 2015-03-18 at 14:21 +0100, Bart Vrancken wrote: > Hi Sumon, > > > How could you intergrate with xortify.com (fortify dot com).. the > > browsing interface is a bit sick after moving to amazon but all the > > API's work.. > > I haven't heard about xortify, but AbuseIO is modulair. We use both > parser modules (that handle incoming e-mails) and collector modules > (that do external requests, e.g. RBL scans). In general its fairly easy > to implement addons for any feed thats provides abuse information. > > I'll have a look into it, but the website is not really loading well for me. > From Piotr.Strzyzewski at polsl.pl Thu Mar 19 14:49:53 2015 From: Piotr.Strzyzewski at polsl.pl (Piotr Strzyzewski) Date: Thu, 19 Mar 2015 14:49:53 +0100 Subject: [anti-abuse-wg] Abuse-C attributes - required e-mail address contact method. In-Reply-To: <7A20203ABF99B841B3EB003ECF217784449696C6@WB2-MBX-P0002.systems.private> References: <7A20203ABF99B841B3EB003ECF217784449696C6@WB2-MBX-P0002.systems.private> Message-ID: <20150319134953.GG3704@hydra.ck.polsl.pl> On Fri, Mar 13, 2015 at 03:18:17PM +0000, Gist, Jonathan wrote: Hi > Is this a view that is help by others? No, not by me. Piotr -- gucio -> Piotr Strzy?ewski E-mail: Piotr.Strzyzewski at polsl.pl From mir at ripe.net Fri Mar 20 10:16:26 2015 From: mir at ripe.net (Mirjam Kuehne) Date: Fri, 20 Mar 2015 10:16:26 +0100 Subject: [anti-abuse-wg] New on RIPE Labs: Inferring DDoS Attacks from Darknet Space Message-ID: <550BE56A.4060902@ripe.net> Dear colleagues, Please see this new article on RIPE Labs by Claude Fachkha: This work proposes a novel approach to infer and characterise Internet-scale DNS Distributed Reflection Denial of Service (DRDoS) attacks by leveraging the darknet space. The aim of this work is to extract useful information related to DRDoS activities such as intensity, rate and geo-location in addition to various network-layer and flow-based insights. https://labs.ripe.net/Members/claude_fachkha/inferring-distributed-reflection-denial-of-service-attacks-from-darknet-space Kind regards, Mirjam Kuehne RIPE NCC From brian.nisbet at heanet.ie Fri Mar 20 11:58:50 2015 From: brian.nisbet at heanet.ie (Brian Nisbet) Date: Fri, 20 Mar 2015 10:58:50 +0000 Subject: [anti-abuse-wg] Abuse-C attributes - required e-mail address contact method. In-Reply-To: <7A20203ABF99B841B3EB003ECF217784449696C6@WB2-MBX-P0002.systems.private> References: <7A20203ABF99B841B3EB003ECF217784449696C6@WB2-MBX-P0002.systems.private> Message-ID: <550BFD6A.7000604@heanet.ie> Jonathan, Thanks for your mail. On 13/03/2015 15:18, Gist, Jonathan wrote: > Hello, > > The RIPE policy around the abuse-c attribute requires the presence of an > e-mail address, which is asked to be used by subscribers wishing to > report abuse incidents. This contact method is resource intensive and > Virgin Media would like to propose a change to the policy to remove the > requirement for an e-mail address contact field. > > Virgin Media would like to specify virginmedia.com/netreport (a web-form > that feeds an abuse case management system) in the abuse attribute to > ensure that we are able to properly manage and prioritise abuse > complaints. If we have the web-form listed as the abuse contact we are > able to maximise appropriate abuse handling measures to prevent misuse > of our network and thereby ensure an optimum experience for all > complainants. > > Is this a view that is help by others? I think that you've had some response from the community over the last few days which will hopefully be useful. If you would still like to investigate this amendment to the policy, or consider other options, then the Working Group Chairs are happy to help in any way we can. Thanks, Brian Co-Chair, RIPE AA-WG From marcoh at ripe.net Fri Mar 20 16:31:53 2015 From: marcoh at ripe.net (Marco Hogewoning) Date: Fri, 20 Mar 2015 16:31:53 +0100 Subject: [anti-abuse-wg] Meeting with Law Enforcement Agencies (LEAs) Message-ID: Dear Colleagues, We recently held our seventh meeting for Law Enforcement Agencies (LEAs), in partnership with the British National Crime Agency (NCA) and the other RIRs. Held on 12 March 2015, the purpose of this meeting was to discuss trends and developments that might impact the operations of LEAs and to gather the global law enforcement community?s perspective. A number of key points arose throughout the day: - The RIPE NCC highlighted that much of the information that LEAs required was publicly available and did not require a Dutch court order - Attendees agreed that the current multi-stakeholder model of Internet governance was preferable, but felt that LEAs and governments needed to engage more effectively within the existing structures - The relatively slow adoption of IPv6 and the spread of IP address sharing technologies such as Carrier Grade NAT will increasingly create issues around identifying specific end users - LEAs felt that cooperation with the private sector is extremely important and could improve greatly, but it was also understood that this came with additional costs In response to feedback from the RIPE community, a more detailed report of this meeting has been prepared and is available here: https://www.ripe.net/ripe/meetings/lea-meetings/ripe-ncc-law-enforcement-meeting-london-12-march-2015 We would like to thank the NCA for its help in putting together this day and are looking forward to continue our engagement with the global law enforcement community. We are happy to answer any questions you may have about this meeting or our LEA engagement activities in general. Regards, Marco Hogewoning External Relations Officer - Technical Advisor RIPE NCC From aawg at c4inet.net Fri Mar 20 17:13:11 2015 From: aawg at c4inet.net (Sascha Luck [ml]) Date: Fri, 20 Mar 2015 16:13:11 +0000 Subject: [anti-abuse-wg] Meeting with Law Enforcement Agencies (LEAs) In-Reply-To: References: Message-ID: <20150320161311.GU1012@cilantro.c4inet.net> On Fri, Mar 20, 2015 at 04:31:53PM +0100, Marco Hogewoning wrote: >In response to feedback from the RIPE community, a more detailed >report of this meeting has been prepared and is available here: >https://www.ripe.net/ripe/meetings/lea-meetings/ripe-ncc-law-enforcement-meeting-london-12-march-2015 Can I suggest that this be posted on ncc-announce also? I'm sure the level of "partnership" with LEAs is of interest to the wider membership beyond the subscribers of anti-abuse-wg. rgds, Sascha Luck From richih.mailinglist at gmail.com Fri Mar 20 17:32:58 2015 From: richih.mailinglist at gmail.com (Richard Hartmann) Date: Fri, 20 Mar 2015 17:32:58 +0100 Subject: [anti-abuse-wg] Meeting with Law Enforcement Agencies (LEAs) In-Reply-To: <20150320161311.GU1012@cilantro.c4inet.net> References: <20150320161311.GU1012@cilantro.c4inet.net> Message-ID: +1 Richard Sent by mobile; excuse my brevity. -------------- next part -------------- An HTML attachment was scrubbed... URL: From meredithrachel at google.com Fri Mar 20 17:53:05 2015 From: meredithrachel at google.com (Meredith Whittaker) Date: Fri, 20 Mar 2015 09:53:05 -0700 Subject: [anti-abuse-wg] [cooperation-wg] Meeting with Law Enforcement Agencies (LEAs) In-Reply-To: References: <20150320161311.GU1012@cilantro.c4inet.net> Message-ID: +1 On Fri, Mar 20, 2015 at 9:32 AM, Richard Hartmann < richih.mailinglist at gmail.com> wrote: > +1 > > Richard > > Sent by mobile; excuse my brevity. > -- Meredith Whittaker Open Source Research Lead Google NYC -------------- next part -------------- An HTML attachment was scrubbed... URL: From aawg at c4inet.net Mon Mar 23 16:48:51 2015 From: aawg at c4inet.net (Sascha Luck [ml]) Date: Mon, 23 Mar 2015 15:48:51 +0000 Subject: [anti-abuse-wg] Meeting with Law Enforcement Agencies (LEAs) In-Reply-To: <55A22DC4-A3B9-4EAC-9A1C-0F975273E42C@ripe.net> References: <20150320161311.GU1012@cilantro.c4inet.net> <55A22DC4-A3B9-4EAC-9A1C-0F975273E42C@ripe.net> Message-ID: <20150323154851.GW1012@cilantro.c4inet.net> On Mon, Mar 23, 2015 at 10:25:08AM -0500, Marco Hogewoning wrote: >We have cooperated with NCA over the past several years to >organise this specific annual event. We work together to shape >the agenda, making sure it has relevance to the LEAs, and NCA >also helps to make sure the relevant agencies receive an >invitation. > >We have also taken your suggestion and shared this report with >the membership via the ncc-announce mailing list. Thanks, Marco. rgds, Sascha Luck From marcoh at ripe.net Mon Mar 23 16:25:08 2015 From: marcoh at ripe.net (Marco Hogewoning) Date: Mon, 23 Mar 2015 10:25:08 -0500 Subject: [anti-abuse-wg] Meeting with Law Enforcement Agencies (LEAs) In-Reply-To: <20150320161311.GU1012@cilantro.c4inet.net> References: <20150320161311.GU1012@cilantro.c4inet.net> Message-ID: <55A22DC4-A3B9-4EAC-9A1C-0F975273E42C@ripe.net> On 20 Mar 2015, at 11:13, Sascha Luck [ml] wrote: > On Fri, Mar 20, 2015 at 04:31:53PM +0100, Marco Hogewoning wrote: > >> In response to feedback from the RIPE community, a more detailed >> report of this meeting has been prepared and is available here: >> https://www.ripe.net/ripe/meetings/lea-meetings/ripe-ncc-law-enforcement-meeting-london-12-march-2015 > > Can I suggest that this be posted on ncc-announce also? I'm sure the > level of "partnership" with LEAs is of interest to the wider > membership beyond the subscribers of anti-abuse-wg. Dear Sascha, We have cooperated with NCA over the past several years to organise this specific annual event. We work together to shape the agenda, making sure it has relevance to the LEAs, and NCA also helps to make sure the relevant agencies receive an invitation. We have also taken your suggestion and shared this report with the membership via the ncc-announce mailing list. Regards Marco Hogewoning RIPE NCC