[anti-abuse-wg] Fwd: Re: botnet controllers
- Previous message (by thread): [anti-abuse-wg] Fwd: Re: botnet controllers
- Next message (by thread): [anti-abuse-wg] Fwd: Re: botnet controllers
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
PP
phishphucker at storey.ovh
Thu Jun 25 09:26:41 CEST 2020
Firstly, reporting it to the LEO does not cause the resources to be de-registered. Secondly, your example regarding IPv6 is another reason why this approach is not sufficient: there are 340,282,366,920,938,000,000,000,000,000,000,000,000 possible IPv6 addresses. It should be that the resources are only allocated to legitimate established corporations. Phone numbers aren't wholly allocated to anyone who asks, they remain controlled by a reputable phone company. Why should IP addresses be different? On 25/06/2020 4:50 pm, Shane Kerr wrote: > Dear Phish Phucker, > > The RIPE NCC is a not-for-profit, membership-based organization based > in the Netherlands. They are responsible for allocating Internet > number resources (IP addresses and AS numbers) in their region. Their > policies are set by RIPE, which is just anyone who joins the RIPE > mailing lists and participates in the policy discussions. > > I'm not sure what policy can be introduced. Historically RIPE > participants have been reluctant to make any value judgements about > what IP resources can and cannot be used for. Currently as long as you > are truthful about your organization's registration information you > have fulfilled the requirements. > > In a sense this should be enough. The information is available for > anyone who cares about protecting their users from spam originating > there. Spamhaus lists the organization, and I am pretty sure that most > e-mail providers either block their IP addresses because of that - or > have their own abuse tracking which identifies them. It's not > perfect... I had to change VPS provider because my previous VPS > provider kept having its IPv6 addresses blocked by Spamhaus and > neither my provider nor Spamhaus would explain why (my provider > claimed to have never received any complains, and Spamhaus never > explains anything). But it seems to be good enough for most people. > > If an organization is breaking a law, then the correct action is to > report them to the law-enforcement organization (LEO) that feels like > it is in their jurisdiction. Again, since the member is required by > the RIPE NCC to have correct information about the person or > organization that has been allocated resources, the LEO can follow-up. > > It's hardly an ideal situation, but difficult to see how to improve it > given the general anti-regulation philosophy of most Internet providers. > > Cheers, > > -- > Shane > > On 25/06/2020 08.03, PP wrote: >> So who at RIPE is responsible for allocating this resource, and what >> policy can be introduced to prevent the allocation of IP address >> resources to irresponsible organizations like this one? >> >> SpamHaus have it listed as the worlds number one source of spam: >> >> https://www.spamhaus.org/statistics/networks/ >> >> >> >> On 25/06/2020 2:10 pm, Tõnu Tammer via anti-abuse-wg wrote: >>> >>> We've had similar experience with this VPN provider. >>> >>> He claims not being able to track malicious actor is for the benefit >>> of free speech but when malware is used to attack people who express >>> free speech he did not understand that his service is not >>> contributing towards free speech but hinders it. >>> >>> Tonu >>> CERT-EE >>> >>> On 25.06.2020 04:15, PP wrote: >>>> >>>> Botnet controllers on VPN provider that refuses to act: >>>> >>>> >>>> organisation: ORG-SL751-RIPE >>>> org-name: Freedom Of Speech VPN >>>> org-type: OTHER >>>> address: P.O. Box 9173 >>>> address: Victoria >>>> address: Mahe Island >>>> address: Seychelles >>>> e-mail: info at FOS-VPN.org >>>> abuse-c: SL12644-RIPE >>>> mnt-ref: FOS-VPN-MNT >>>> mnt-by: FOS-VPN-MNT >>>> created: 2018-07-13T05:33:45Z >>>> last-modified: 2020-02-28T12:37:39Z >>>> source: RIPE >>>> >>>> >>>> >>>> >>>> -------- Forwarded Message -------- >>>> Subject: Re: botnet controllers >>>> Date: Wed, 24 Jun 2020 21:49:21 +0200 >>>> From: info at ghlc.biz >>>> To: PP <phishphucker at storey.ovh> >>>> >>>> >>>> >>>> On 2020-06-24 13:03, PP wrote: >>>> Hello! >>>> >>>> >>>> Please note that all mentioned IPs belong to non-logging VPN services. >>>> >>>> No user logs are kept. >>>> >>>> >>>> Sincerely yours >>>> >>>> David Craig >>>> >>>> >>>>> SBL488704 >>>>> 185.140.53.75/32 >>>>> ghlc.biz >>>>> 23-Jun-2020 05:26 GMT >>>>> Malware botnet controller @185.140.53.75 >>>>> https://www.spamhaus.org/sbl/query/SBL488704 >>>>> >>>>> >>>>> SBL488686 >>>>> 91.193.75.58/32 >>>>> ghlc.biz >>>>> 22-Jun-2020 18:39 GMT >>>>> NanoCore botnet controller @91.193.75.58 >>>>> https://www.spamhaus.org/sbl/query/SBL488686 >>>>> >>>>> >>>>> SBL488548 >>>>> 185.244.30.201/32 >>>>> ghlc.biz >>>>> 19-Jun-2020 13:21 GMT >>>>> QuasarRAT botnet controller @185.244.30.201 >>>>> https://www.spamhaus.org/sbl/query/SBL488548 >>>>> >>>>> >>>>> SBL488006 >>>>> 185.140.53.162/32 >>>>> ghlc.biz >>>>> 18-Jun-2020 10:11 GMT >>>>> NanoCore botnet controller @185.140.53.162 >>>>> https://www.spamhaus.org/sbl/query/SBL488006 >>>>> >>>>> >>>>> SBL487900 >>>>> 185.140.53.229/32 >>>>> ghlc.biz >>>>> 16-Jun-2020 13:28 GMT >>>>> NanoCore botnet controller @185.140.53.229 >>>>> https://www.spamhaus.org/sbl/query/SBL487900 >>>>> >>>>> >>>>> SBL487899 >>>>> 185.244.30.113/32 >>>>> ghlc.biz >>>>> 16-Jun-2020 12:59 GMT >>>>> RemcosRAT botnet controller @185.244.30.113 >>>>> https://www.spamhaus.org/sbl/query/SBL487899 >>>>> >>>>> >>>>> SBL487893 >>>>> 185.140.53.236/32 >>>>> ghlc.biz >>>>> 16-Jun-2020 12:07 GMT >>>>> NanoCore botnet controller @185.140.53.236 >>>>> https://www.spamhaus.org/sbl/query/SBL487893 >>>>> >>>>> >>>>> SBL487886 >>>>> 185.165.153.45/32 >>>>> ghlc.biz >>>>> 16-Jun-2020 10:26 GMT >>>>> NanoCore botnet controller @185.165.153.45 >>>>> >>>>> https://www.spamhaus.org/sbl/query/SBL487886 >
- Previous message (by thread): [anti-abuse-wg] Fwd: Re: botnet controllers
- Next message (by thread): [anti-abuse-wg] Fwd: Re: botnet controllers
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]