[anti-abuse-wg] AS24961 myLoc managed IT AG, uadns.com, ledl.net, and non-disclosing registries
- Previous message (by thread): [anti-abuse-wg] AS24961 myLoc managed IT AG, uadns.com, ledl.net, and non-disclosing registries
- Next message (by thread): [anti-abuse-wg] AS24961 myLoc managed IT AG, uadns.com, ledl.net, and non-disclosing registries
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Carlos Friaças
cfriacas at fccn.pt
Thu Feb 20 09:10:03 CET 2020
Hi Hans-Martin, All, <CSIRT hat on> On Wed, 19 Feb 2020, Hans-Martin Mosner wrote: > AS24961 (RIPE NCC member myLoc managed IT AG) continues to host one persistent spam sender years after years. I have > complained to them a number of times, with no noticeable effect. > > The sender is recognizable by characteristics of their domain names and local parts, and most importantly by their DNS > service, which is always uadns.com. Would be easy to deny them service if myLoc wanted to. > > Domain registrations are most often done via Ledl.net GmbH (RIPE NCC member). OK, so you started to expose some of the spammer's characteristics. > Registries DENIC eG (RIPE NCC member), EURid vzw (RIPE NCC member), nic.at GmbH (RIPE NCC member) willingly accept > registrations that have most likely fake data (which I can't check because these data are conveniently not disclosed, > although they very likely describe a commercial entity and not existing private persons and are therefore not subject to > GDPR protections.) "most likely" will not get you anywhere. I think you are completely right about the GDPR issue. While that wasn't the goal of GDPR some orgs actually use it as an excuse for company obscurity -- which seem to be acceptable for some or most of their service providers. > Excuse me while I vomit a little. You are not alone. > I know that this working group is not responsible for handling individual cases of abuse, Exactly, but should be responsible for finding ways to reduce abuse and/or its impact -- which is what is more or less written in the WG charter. > so my intention is not to get a solution (which I already did via > nullrouting that AS) You may have solved your problem. But that same spammer has a whole lot of targets to go on with the same "business model"... > but to understand how persistent abuse-enabling entities can act > unhindered without any clear escalation path. They simply do. IMHO because they: 1) find service providers who look the other way. 2) build and operate their own networking/security/anti-ddos infrastructure. > Effectively extracting the last rotten tooth "ICANN Whois Inaccuracy > Complaint" by hiding all registration data so that an inaccuracy check > is made impossible didn't help much... > > Cheers, > Hans-Martin Cheers, Carlos
- Previous message (by thread): [anti-abuse-wg] AS24961 myLoc managed IT AG, uadns.com, ledl.net, and non-disclosing registries
- Next message (by thread): [anti-abuse-wg] AS24961 myLoc managed IT AG, uadns.com, ledl.net, and non-disclosing registries
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]