From ripe-lir at speednic.eu Mon Nov 7 11:16:30 2011 From: ripe-lir at speednic.eu (SPEEDNIC S.R.L. - RIPE Handling) Date: Mon, 07 Nov 2011 07:16:30 -0300 Subject: [members-discuss] Voting @ GM 2011 In-Reply-To: <1320085036.9010.35.camel@ntitley-laptop> References: <1747118566.20111031172803@net-art.cz> <1320085036.9010.35.camel@ntitley-laptop> Message-ID: <4EB7AFFE.7050201@speednic.eu> Dear Nigel, as the voting results are published it reflects clearly the discussion through the new Chargig Scheme 2012. Voting Results b) The General Meeting adopts the RIPE NCC Charging Scheme 2012. No 148 Yes 102 Abstain 11 Can you explain us and to the whole list what will be happen now as I guess it was the first time since we are a member that the GM don't adopt the Charging Scheme ?? thx a lot Alexander Schoberl SPEEDNIC S.R.L. From jblessing at llnw.com Mon Nov 7 11:25:39 2011 From: jblessing at llnw.com (James Blessing) Date: Mon, 07 Nov 2011 10:25:39 +0000 Subject: [members-discuss] Voting @ GM 2011 In-Reply-To: <4EB7AFFE.7050201@speednic.eu> References: <1747118566.20111031172803@net-art.cz> <1320085036.9010.35.camel@ntitley-laptop> <4EB7AFFE.7050201@speednic.eu> Message-ID: <4EB7B223.7070108@llnw.com> On 07/11/2011 10:16, SPEEDNIC S.R.L. - RIPE Handling wrote: > Can you explain us and to the whole list what will be happen now as I > guess it was the first time since we are a member that the GM don't > adopt the Charging Scheme ?? As was explained at the GM by Nigel, the charging scheme that currently exists would be used leading to an expected revenue shortfall J -- James Blessing +44 7989 039 476 Strategic Relations Manager, EMEA Limelight Networks From eirik at blixsolutions.no Mon Nov 7 11:24:12 2011 From: eirik at blixsolutions.no (Eirik Hjelle) Date: Mon, 07 Nov 2011 11:24:12 +0100 Subject: [members-discuss] Voting @ GM 2011 In-Reply-To: <4EB7AFFE.7050201@speednic.eu> References: <1747118566.20111031172803@net-art.cz> <1320085036.9010.35.camel@ntitley-laptop> <4EB7AFFE.7050201@speednic.eu> Message-ID: <4EB7B1CC.7040009@blixsolutions.no> On 11/07/2011 11:16 AM, SPEEDNIC S.R.L. - RIPE Handling wrote: > Dear Nigel, > > as the voting results are published it reflects clearly the discussion > through the new Chargig Scheme 2012. > > Voting Results > b) The General Meeting adopts the RIPE NCC Charging Scheme 2012. > No 148 > Yes 102 > Abstain 11 > > Can you explain us and to the whole list what will be happen now as I > guess it was the first time since we are a member that the GM don't > adopt the Charging Scheme ?? I believe this was mentioned in the meeting and they said that the previous Charging Scheme would now still be valid. -- Eirik Hjelle Blix Solutions AS - we care about your servers From kaa at net-art.cz Mon Nov 7 11:21:53 2011 From: kaa at net-art.cz (sergey myasoedov) Date: Mon, 7 Nov 2011 11:21:53 +0100 Subject: [members-discuss] Voting @ GM 2011 In-Reply-To: <4EB7AFFE.7050201@speednic.eu> References: <1747118566.20111031172803@net-art.cz> <1320085036.9010.35.camel@ntitley-laptop> <4EB7AFFE.7050201@speednic.eu> Message-ID: <1414739133.20111107112153@net-art.cz> Alexander, CS-2011 will be used for the next billing period. -- Kind regards, sergey myasoedov You wrote Monday, November 7, 2011, 11:16:30 AM: > Dear Nigel, > as the voting results are published it reflects clearly the discussion > through the new Chargig Scheme 2012. > Voting Results > b) The General Meeting adopts the RIPE NCC Charging Scheme 2012. > No 148 > Yes 102 > Abstain 11 > Can you explain us and to the whole list what will be happen now as I > guess it was the first time since we are a member that the GM don't > adopt the Charging Scheme ?? > thx a lot > Alexander Schoberl > SPEEDNIC S.R.L. > ---- > If you don't want to receive emails from the RIPE NCC members-discuss > mailing list, please log in to your LIR Portal account and go to the general page: > https://lirportal.ripe.net/general/view > Click on "Edit my LIR details", under "Subscribed Mailing Lists". From here, you can add or remove addresses. From hank at efes.iucc.ac.il Mon Nov 7 11:52:15 2011 From: hank at efes.iucc.ac.il (Hank Nussbacher) Date: Mon, 07 Nov 2011 12:52:15 +0200 Subject: [members-discuss] Voting @ GM 2011 In-Reply-To: <4EB7B223.7070108@llnw.com> References: <4EB7AFFE.7050201@speednic.eu> <1747118566.20111031172803@net-art.cz> <1320085036.9010.35.camel@ntitley-laptop> <4EB7AFFE.7050201@speednic.eu> Message-ID: <5.1.0.14.2.20111107125034.00c27490@efes.iucc.ac.il> At 10:25 07/11/2011 +0000, James Blessing wrote: >On 07/11/2011 10:16, SPEEDNIC S.R.L. - RIPE Handling wrote: > > > Can you explain us and to the whole list what will be happen now as I > > guess it was the first time since we are a member that the GM don't > > adopt the Charging Scheme ?? > >As was explained at the GM by Nigel, the charging scheme that currently >exists would be used leading to an expected revenue shortfall In most businesses I know of, when there is an expected revenue shortfall, cuts are made - either in salary, amount of manpower or in projects. I hope RIPE NCC has contingency plans in place. Regards, Hank >J >-- >James Blessing >+44 7989 039 476 >Strategic Relations Manager, EMEA >Limelight Networks > >---- >If you don't want to receive emails from the RIPE NCC members-discuss >mailing list, please log in to your LIR Portal account and go to the >general page: >https://lirportal.ripe.net/general/view > >Click on "Edit my LIR details", under "Subscribed Mailing Lists". From >here, you can add or remove addresses. From hank at efes.iucc.ac.il Mon Nov 7 11:59:41 2011 From: hank at efes.iucc.ac.il (Hank Nussbacher) Date: Mon, 07 Nov 2011 12:59:41 +0200 Subject: [members-discuss] Voting @ GM 2011 In-Reply-To: References: <5.1.0.14.2.20111107125034.00c27490@efes.iucc.ac.il> <1747118566.20111031172803@net-art.cz> <1320085036.9010.35.camel@ntitley-laptop> <4EB7AFFE.7050201@speednic.eu> <4EB7B223.7070108@llnw.com> <5.1.0.14.2.20111107125034.00c27490@efes.iucc.ac.il> Message-ID: <5.1.0.14.2.20111107125550.00c3b778@efes.iucc.ac.il> At 11:54 07/11/2011 +0100, Lu Heng wrote: >Hi Hank: >They will take money from reserve as I heard in the GM. >It was like 4M(if I was not remember it wrong) shortage Always nice to have reserves, but they tend to dry up after extensive use. I hope the EB has some plans of cost cutting, other than RIPE NCC's ideas of cost cutting such as taking on a 2MEuro RIPE ATLAS Probe project. -Hank >On Mon, Nov 7, 2011 at 11:52 AM, Hank Nussbacher wrote: > > At 10:25 07/11/2011 +0000, James Blessing wrote: > >>On 07/11/2011 10:16, SPEEDNIC S.R.L. - RIPE Handling wrote: > >> > >> > Can you explain us and to the whole list what will be happen now as I > >> > guess it was the first time since we are a member that the GM don't > >> > adopt the Charging Scheme ?? > >> > >>As was explained at the GM by Nigel, the charging scheme that currently > >>exists would be used leading to an expected revenue shortfall > > > > In most businesses I know of, when there is an expected revenue shortfall, > > cuts are made - either in salary, amount of manpower or in projects. I > > hope RIPE NCC has contingency plans in place. > > > > Regards, > > Hank > > > > > >>J > >>-- > >>James Blessing > >>+44 7989 039 476 > >>Strategic Relations Manager, EMEA > >>Limelight Networks > >> > >>---- > >>If you don't want to receive emails from the RIPE NCC members-discuss > >>mailing list, please log in to your LIR Portal account and go to the > >>general page: > >>https://lirportal.ripe.net/general/view > >> > >>Click on "Edit my LIR details", under "Subscribed Mailing Lists". From > >>here, you can add or remove addresses. > > > > > > ---- > > If you don't want to receive emails from the RIPE NCC members-discuss > > mailing list, please log in to your LIR Portal account and go to the > general page: > > https://lirportal.ripe.net/general/view > > > > Click on "Edit my LIR details", under "Subscribed Mailing Lists". From > here, you can add or remove addresses. > > > > > >-- >This transmission is intended solely for the addressee(s) shown above. >It may contain information that is privileged, confidential or >otherwise protected from disclosure. Any review, dissemination or use >of this transmission or its contents by persons other than the >intended addressee(s) is strictly prohibited. If you have received >this transmission in error, please notify this office immediately and >e-mail the original at the sender's address above by replying to this >message and including the text of the transmission received. From rhe at nosc.ja.net Mon Nov 7 11:32:32 2011 From: rhe at nosc.ja.net (Rob Evans) Date: Mon, 7 Nov 2011 10:32:32 +0000 Subject: [members-discuss] Voting @ GM 2011 In-Reply-To: <4EB7B223.7070108@llnw.com> References: <1747118566.20111031172803@net-art.cz> <1320085036.9010.35.camel@ntitley-laptop> <4EB7AFFE.7050201@speednic.eu> <4EB7B223.7070108@llnw.com> Message-ID: > As was explained at the GM by Nigel, the charging scheme that currently > exists would be used leading to an expected revenue shortfall I think the figure mentioned was drawing ~?400k from the reserve. However, as I understood the meeting, the budget hasn't been finalised yet either, so there may still be some scope for reducing the draw on reserves. Cheers, Rob From h.lu at outsideheaven.com Mon Nov 7 11:54:39 2011 From: h.lu at outsideheaven.com (Lu Heng) Date: Mon, 7 Nov 2011 11:54:39 +0100 Subject: [members-discuss] Voting @ GM 2011 In-Reply-To: <5.1.0.14.2.20111107125034.00c27490@efes.iucc.ac.il> References: <1747118566.20111031172803@net-art.cz> <1320085036.9010.35.camel@ntitley-laptop> <4EB7AFFE.7050201@speednic.eu> <4EB7B223.7070108@llnw.com> <5.1.0.14.2.20111107125034.00c27490@efes.iucc.ac.il> Message-ID: Hi Hank: They will take money from reserve as I heard in the GM. It was like 4M(if I was not remember it wrong) shortage On Mon, Nov 7, 2011 at 11:52 AM, Hank Nussbacher wrote: > At 10:25 07/11/2011 +0000, James Blessing wrote: >>On 07/11/2011 10:16, SPEEDNIC S.R.L. - RIPE Handling wrote: >> >> > Can you explain us and to the whole list what will be happen now as I >> > guess it was the first time since we are a member that the GM don't >> > adopt the Charging Scheme ?? >> >>As was explained at the GM by Nigel, the charging scheme that currently >>exists would be used leading to an expected revenue shortfall > > In most businesses I know of, when there is an expected revenue shortfall, > cuts are made - either in salary, amount of manpower or in projects. ? I > hope RIPE NCC has contingency plans in place. > > Regards, > Hank > > >>J >>-- >>James Blessing >>+44 7989 039 476 >>Strategic Relations Manager, EMEA >>Limelight Networks >> >>---- >>If you don't want to receive emails from the RIPE NCC members-discuss >>mailing list, please log in to your LIR Portal account and go to the >>general page: >>https://lirportal.ripe.net/general/view >> >>Click on "Edit my LIR details", under "Subscribed Mailing Lists". From >>here, you can add or remove addresses. > > > ---- > If you don't want to receive emails from the RIPE NCC members-discuss > mailing list, please log in to your LIR Portal account and go to the general page: > https://lirportal.ripe.net/general/view > > Click on "Edit my LIR details", under "Subscribed Mailing Lists". From here, you can add or remove addresses. > -- This transmission is intended solely for the addressee(s) shown above. It may contain information that is privileged, confidential or otherwise protected from disclosure. Any review, dissemination or use of this transmission or its contents by persons other than the intended addressee(s) is strictly prohibited. If you have received this transmission in error, please notify this office immediately and e-mail the original at the sender's address above by replying to this message and including the text of the transmission received. From ck at minxs.net Mon Nov 7 12:06:04 2011 From: ck at minxs.net (Christian Kaufmann) Date: Mon, 7 Nov 2011 12:06:04 +0100 Subject: [members-discuss] Voting @ GM 2011 In-Reply-To: References: <1747118566.20111031172803@net-art.cz> <1320085036.9010.35.camel@ntitley-laptop> <4EB7AFFE.7050201@speednic.eu> <4EB7B223.7070108@llnw.com> Message-ID: <8A60BF45-5F3E-4F5A-BD8A-4BA711434BF5@minxs.net> Hi all, On Nov 7, 2011, at 11:32 AM, Rob Evans wrote: >> As was explained at the GM by Nigel, the charging scheme that currently >> exists would be used leading to an expected revenue shortfall This is correct. > I think the figure mentioned was drawing ~?400k from the reserve. However, as I understood the meeting, the budget hasn't been finalised yet either, so there may still be some scope for reducing the draw on reserves. Both points are correct, thanks Rob for pointing them out. Best regards, CK > > Cheers, > Rob > > > ---- > If you don't want to receive emails from the RIPE NCC members-discuss > mailing list, please log in to your LIR Portal account and go to the general page: > https://lirportal.ripe.net/general/view > > Click on "Edit my LIR details", under "Subscribed Mailing Lists". From here, you can add or remove addresses. From nigel at titley.com Mon Nov 7 12:06:34 2011 From: nigel at titley.com (Nigel Titley) Date: Mon, 07 Nov 2011 11:06:34 +0000 Subject: [members-discuss] Voting @ GM 2011 In-Reply-To: <4EB7AFFE.7050201@speednic.eu> References: <1747118566.20111031172803@net-art.cz> <1320085036.9010.35.camel@ntitley-laptop> <4EB7AFFE.7050201@speednic.eu> Message-ID: <4EB7BBBA.6090108@titley.com> On 07/11/2011 10:16, SPEEDNIC S.R.L. - RIPE Handling wrote: > Dear Nigel, > > as the voting results are published it reflects clearly the discussion > through the new Chargig Scheme 2012. > > Voting Results > b) The General Meeting adopts the RIPE NCC Charging Scheme 2012. > No 148 > Yes 102 > Abstain 11 > > Can you explain us and to the whole list what will be happen now as I > guess it was the first time since we are a member that the GM don't > adopt the Charging Scheme ?? > We continue with last year's charging scheme. This will result in a shortfall of approximately ?500k on the budget, which will be met from reserves. There is no danger of the RIPE NCC going under, but obviously we need to ensure that the membership as a whole is satisfied with the charging scheme that we propose next year. Preliminary thinking on this is to put together a small task force composed of representatives from the membership, the board and the RIPE NCC in the hopes of coming up with a scheme that we can all live with. The alternative, of course, is to continue with the old charging scheme as we have used up until now but of course we put together the new charging scheme as a response to the membership after complaints about the old one, so I wouldn't expect that to be popular. All the best Nigel From nigel at titley.com Mon Nov 7 12:19:06 2011 From: nigel at titley.com (Nigel Titley) Date: Mon, 07 Nov 2011 11:19:06 +0000 Subject: [members-discuss] Voting @ GM 2011 In-Reply-To: <5.1.0.14.2.20111107125034.00c27490@efes.iucc.ac.il> References: <4EB7AFFE.7050201@speednic.eu> <1747118566.20111031172803@net-art.cz> <1320085036.9010.35.camel@ntitley-laptop> <4EB7AFFE.7050201@speednic.eu> <5.1.0.14.2.20111107125034.00c27490@efes.iucc.ac.il> Message-ID: <4EB7BEAA.9030806@titley.com> On 07/11/2011 10:52, Hank Nussbacher wrote: > In most businesses I know of, when there is an expected revenue > shortfall, cuts are made - either in salary, amount of manpower or in > projects. I hope RIPE NCC has contingency plans in place. Or, rather than cutting services to members, we use some of our reserves. That is likely what will happen here, although we will obviously have a look at trimming budgets where that doesn't affect member services. The RIPE NCC isn't strictly speaking "like most businesses". Our membership have a great say in what we do through the activity plan, the draft of which is usually published in May of every year. Membership discussion is always invited, and very seldom received. Next year we will be making the activity plan much clearer and will be showing the financial cost of at least each type of activity. Where warranted we will go down to the individual activity. The RIPE NCC has committed to this. In return, I would like members to commit to reading the activity plan and commenting on it. The activity plan feeds into the budget, which in turn feeds into the charging scheme. We need to get it right. Nigel From nigel at titley.com Mon Nov 7 12:20:25 2011 From: nigel at titley.com (Nigel Titley) Date: Mon, 07 Nov 2011 11:20:25 +0000 Subject: [members-discuss] Voting @ GM 2011 In-Reply-To: References: <1747118566.20111031172803@net-art.cz> <1320085036.9010.35.camel@ntitley-laptop> <4EB7AFFE.7050201@speednic.eu> <4EB7B223.7070108@llnw.com> <5.1.0.14.2.20111107125034.00c27490@efes.iucc.ac.il> Message-ID: <4EB7BEF9.3010108@titley.com> On 07/11/2011 10:54, Lu Heng wrote: > Hi Hank: > They will take money from reserve as I heard in the GM. > It was like 4M(if I was not remember it wrong) shortage > 400K... not 4M. Nigel From jon at fido.net Mon Nov 7 12:39:03 2011 From: jon at fido.net (Jon Morby) Date: Mon, 7 Nov 2011 11:39:03 +0000 Subject: [members-discuss] Voting @ GM 2011 In-Reply-To: <4EB7BEAA.9030806@titley.com> References: <4EB7AFFE.7050201@speednic.eu> <1747118566.20111031172803@net-art.cz> <1320085036.9010.35.camel@ntitley-laptop> <4EB7AFFE.7050201@speednic.eu> <5.1.0.14.2.20111107125034.00c27490@efes.iucc.ac.il>, <4EB7BEAA.9030806@titley.com> Message-ID: <717B7464-84C0-4580-9713-B4FA44115FCA@fido.net> Hi Nigel I think the problem has been that the activity plan has lacked any substance for a while ... It would be good to see costs all be they in retrospect in at least part for this year's activity plan. I would also quite like an answer to the question I raised at the GM in respect to the costs for the RPKI project. You kindly admitted that you had exact costs for the project and then completely failed to provide them despite that being the point of my question. I would be grateful for a completion of the answer; all be it too late to affect the outcome of the vote at the GM. However I think it would be useful to see how much of the overall budget is assigned to this project, and all other activities currently underway. The fact no costs / budgets have been included in the activity plan over the last few years is an innocent oversight I'm sure, but it would be useful to correct this now as you have already stated, and it would be helpful to see the costs for this year both actual and budgeted ... Thanks in advance. -- Jon Morby fido.net - the internet made simple! tel: 0845 004 3050 fax: 0845 004 3051 On 7 Nov 2011, at 11:19, "Nigel Titley" wrote: > On 07/11/2011 10:52, Hank Nussbacher wrote: >> In most businesses I know of, when there is an expected revenue >> shortfall, cuts are made - either in salary, amount of manpower or in >> projects. I hope RIPE NCC has contingency plans in place. > > Or, rather than cutting services to members, we use some of our > reserves. That is likely what will happen here, although we will > obviously have a look at trimming budgets where that doesn't affect > member services. The RIPE NCC isn't strictly speaking "like most > businesses". Our membership have a great say in what we do through the > activity plan, the draft of which is usually published in May of every > year. Membership discussion is always invited, and very seldom received. > > Next year we will be making the activity plan much clearer and will be > showing the financial cost of at least each type of activity. Where > warranted we will go down to the individual activity. The RIPE NCC has > committed to this. In return, I would like members to commit to reading > the activity plan and commenting on it. The activity plan feeds into the > budget, which in turn feeds into the charging scheme. We need to get it > right. > > Nigel > > ---- > If you don't want to receive emails from the RIPE NCC members-discuss > mailing list, please log in to your LIR Portal account and go to the general page: > https://lirportal.ripe.net/general/view > > Click on "Edit my LIR details", under "Subscribed Mailing Lists". From here, you can add or remove addresses. From nigel at titley.com Mon Nov 7 12:41:03 2011 From: nigel at titley.com (Nigel Titley) Date: Mon, 07 Nov 2011 11:41:03 +0000 Subject: [members-discuss] Voting @ GM 2011 In-Reply-To: <5.1.0.14.2.20111107125550.00c3b778@efes.iucc.ac.il> References: <5.1.0.14.2.20111107125034.00c27490@efes.iucc.ac.il> <1747118566.20111031172803@net-art.cz> <1320085036.9010.35.camel@ntitley-laptop> <4EB7AFFE.7050201@speednic.eu> <4EB7B223.7070108@llnw.com> <5.1.0.14.2.20111107125034.00c27490@efes.iucc.ac.il> <5.1.0.14.2.20111107125550.00c3b778@efes.iucc.ac.il> Message-ID: <4EB7C3CF.7020606@titley.com> On 07/11/2011 10:59, Hank Nussbacher wrote: > Always nice to have reserves, but they tend to dry up after extensive > use. I hope the EB has some plans of cost cutting, other than RIPE > NCC's ideas of cost cutting such as taking on a 2MEuro RIPE > ATLAS Probe project The extension to Atlas isn't in the budget and may never be. Nigel From nigel at titley.com Mon Nov 7 12:48:03 2011 From: nigel at titley.com (Nigel Titley) Date: Mon, 07 Nov 2011 11:48:03 +0000 Subject: [members-discuss] Privatelayer Inc Message-ID: <4EB7C573.6040201@titley.com> Dear Private Layer If there is anybody from Private Layer actually reading this list can they please take their ticketing system OFF it. You are the last member to do this. It is difficult to understand why you are unable to do this. There are two possibilities: 1. No one at Private Layer reads trouble tickets 2. No one at Private Layer knows how to take their ticket system off the list Neither bodes well for your continued viability as a commercial entity. Fondest regards Nigel From erik at bais.name Mon Nov 7 12:58:01 2011 From: erik at bais.name (Erik Bais) Date: Mon, 7 Nov 2011 12:58:01 +0100 Subject: [members-discuss] Voting @ GM 2011 In-Reply-To: <4EB7BBBA.6090108@titley.com> References: <1747118566.20111031172803@net-art.cz> <1320085036.9010.35.camel@ntitley-laptop> <4EB7AFFE.7050201@speednic.eu> <4EB7BBBA.6090108@titley.com> Message-ID: <3D7F7C92CA8EEF458B7AC7BACD7D619102F193C699F3@EXVS002.netsourcing.lan> Hi Nigel, > Preliminary thinking on this is to put together a small task force > composed of representatives from the membership, the board and the RIPE > NCC in the hopes of coming up with a scheme that we can all live with. I would like to volunteer for this, if required. So if you require additional members that are currently not involved in the board or has any active ties to the NCC beside managing a LIR. I live about 25km from the RIPE office, so I'll pay for my own petrol for the transportation, if you provide the coffee. ;) Regards, Erik Bais From nigel at titley.com Mon Nov 7 13:09:11 2011 From: nigel at titley.com (Nigel Titley) Date: Mon, 07 Nov 2011 12:09:11 +0000 Subject: [members-discuss] Voting @ GM 2011 In-Reply-To: <717B7464-84C0-4580-9713-B4FA44115FCA@fido.net> References: <4EB7AFFE.7050201@speednic.eu> <1747118566.20111031172803@net-art.cz> <1320085036.9010.35.camel@ntitley-laptop> <4EB7AFFE.7050201@speednic.eu> <5.1.0.14.2.20111107125034.00c27490@efes.iucc.ac.il>, <4EB7BEAA.9030806@titley.com> <717B7464-84C0-4580-9713-B4FA44115FCA@fido.net> Message-ID: <4EB7CA67.6000206@titley.com> On 07/11/2011 11:39, Jon Morby wrote: > Hi Nigel > > I think the problem has been that the activity plan has lacked any substance for a while ... I'd agree with this. It is both too detailed and not detailed enough. > > It would be good to see costs all be they in retrospect in at least part for this year's activity plan. > > I would also quite like an answer to the question I raised at the GM in respect to the costs for the RPKI project. > > You kindly admitted that you had exact costs for the project and then completely failed to provide them despite that being the point of my question. I didn't provide them at the meeting largely because I don't have them in my head. We can certainly provide them to you. Jochem usually, when doing his budget presentation, indicates roughly how the various budget lines are made up and there is usually a full and detailed budget in the back of the Annual report. We'll make sure we get them to you, as I indicated we would. > > I would be grateful for a completion of the answer; all be it too late to affect the outcome of the vote at the GM. However I think it would be useful to see how much of the overall budget is assigned to this project, and all other activities currently underway. The fact no costs / budgets have been included in the activity plan over the last few years is an innocent oversight I'm sure, but it would be useful to correct this now as you have already stated, and it would be helpful to see the costs for this year both actual and budgeted ... However, as I indicated, a very full budget is included in the Annual report, a copy of which is sent to every member (and which is available online). It *doesn't* break down to individual activities, but we have this information and will get it to you. Annual reports all the way back to 1998 are available at http://www.ripe.net/internet-coordination/press-centre/publications/annual-reports Best regards Nigel From brandon at rd.bbc.co.uk Mon Nov 7 14:38:59 2011 From: brandon at rd.bbc.co.uk (Brandon Butterworth) Date: Mon, 7 Nov 2011 13:38:59 GMT Subject: [members-discuss] Voting @ GM 2011 Message-ID: <201111071338.NAA08162@sunf10.rd.bbc.co.uk> > The alternative, of course, is to continue with the old charging scheme > as we have used up until now but of course we put together the new > charging scheme as a response to the membership after complaints about > the old one, so I wouldn't expect that to be popular. There will always be some who think the price is too damn high and they should pay less (and in this case others should pay more instead). When you change it you'll make some happier, some will think it's still to high and you'll add others who now think it's too high. The latter two will continue to be heard. Overall the RIPE fees aren't that large and for big ISP are just noise. If there is change that's a sign where to make it. brandon From poty at iiat.ru Wed Nov 9 16:00:31 2011 From: poty at iiat.ru (poty at iiat.ru) Date: Wed, 9 Nov 2011 19:00:31 +0400 Subject: [members-discuss] Some thoughts I was not able to say at GM-2011 Message-ID: Hello everybody, At the beginning I'd like to apologize for my poor spoken English which prevented me to clearly state my opinion at GM. It is not related to any problems with EB preventing me to do that! Thank them for the opportunity given and sorry for emotional expressions. I hope that something from my speech at GM was understandable, but to make my position more consistent I'll sum the thoughts I wanted to express. My main concern is about openness of the decisions if we speak about money, not technical and police things. All the three interrelated finance documents (The Activity Plan, which defines the expenses and is the base for the Budget, which defines the balance between the expenses and incomes, and the Charging Scheme as a result of defined incomes to cover expenses) were compiled inside of the RIPE NCC and were not clear to me and (according to several posts here in the list) to several other members. For example, who exactly gave the feedbacks for initial RIPE NCC Proposed New Charging Scheme 2012? The members-discuss list was pristine innocent about this "the current Charging Scheme model is complex and makes it difficult for individual members to easily determine their own fees" complains. Private conversations? Maybe... But it shouldn't in my opinion be private as soon as it relates to all the members! The new published EB email which enables another private channel between a person and the EB is a bad thing according to the logic of my sentences above. The main and the only "panel" for discussion should be either the members-discuss list or new "finance-discuss?" list, opened maybe only to members (I don't mind if it is completely opened). As stated by Nigel Titley, the Chairman of the Executive Board, at the GM the things are going to change to the next GM. The lack of discussions about the documents before GM-2011 was in my opinion related to usefulness and the source reasons in the documents. Speaking about the Activity Plan - we (members) asked the EB about adding cost to each activity in 2007-2008. Without the numbers the Activity Plan is a way of stating things, but not evaluating effectiveness of the services. Discuss "marked on stone" statements is not very rewarding venture. Thankfully the numbers will appear soon in the document. Second point in the matter - the procedure of changing the Activity Plan - it is not exist now and should be invented. There was already the suggestions about it in the list I won't going to repeat them now. Speaking about the Charging Scheme... I'm not against the increase of the amount to pay, I'm against of the misty motivations for the rise and some predictability of expenses. There should be clearly defined "resource classes" included in each membership category, and clearer definition of fairness. (I'd also decide on the consulting about the taxation issue, but it in unrelated thing up to now.) I can give many examples of that but I'm trying to make this message as short as possible. For example, I don't agree with the "free" IPv6: the LIRs would pay for the blocks indirectly, through IPv4 counting, anyway - whom we are going to trick then? The last thing which is the most important to me - the services of the RIPE NCC above the main baseline of "providing unique blocks of numbers and register them on the DB". It is related to the Activity Plan certainly, but I'd like to mention them from different point of view - in term of including some of them in the Charging Scheme. I'm repeating - I'm not against developed services "made in RIPE NCC", think that many of them (not all though) are very useful, but why some of them deserves to be mentioned in the Charging Scheme, the others - not? Why not related to the main activity things should be mentioned in invoices at all? I think of it like "tie in sale", not very pleasant thought of course. Regards, Vladislav Potapov Ru.iiat -------------- next part -------------- An HTML attachment was scrubbed... URL: From lists-ripe at c4inet.net Fri Nov 11 00:48:49 2011 From: lists-ripe at c4inet.net (Sascha Luck) Date: Thu, 10 Nov 2011 23:48:49 +0000 Subject: [members-discuss] NCC acting on registrations pursuant to "police order"? Message-ID: <20111110234849.GB97093@cilantro.c4inet.net> All, in the recent discussion on RPKI, it was stated by the NCC that it would not act on resource registrations (and, by extension, certificates and ROAs) without a valid Dutch court order. According to: http://www.ripe.net/internet-coordination/news/about-ripe-ncc-and-ripe/ripe-ncc-blocks-registration-in-ripe-registry-following-order-from-dutch-police ther NCC has blocked changes to registered resources pursuant to "an order from Dutch police". Now, I'm not overly familiar with the Dutch legal system but in ours, a court order is different from a "police order". Considering the implications for, in particular, RPKI; could someone from the NCC confirm that this was, in fact, on foot of a court order? Alternatively, is a "police order" something equivalent, eg an order that must be followed on pain of legal sanction?` Regards, Sascha Luck From axel.pawlik at ripe.net Fri Nov 11 09:34:45 2011 From: axel.pawlik at ripe.net (Axel Pawlik) Date: Fri, 11 Nov 2011 09:34:45 +0100 Subject: [members-discuss] NCC acting on registrations pursuant to "police order"? In-Reply-To: <20111110234849.GB97093@cilantro.c4inet.net> References: <20111110234849.GB97093@cilantro.c4inet.net> Message-ID: <4EBCDE25.7070506@ripe.net> Good morning Sascha, all, you are right Sascha, this is an order from the Dutch police, on behalf of the Distract Attorney. If we were to refuse it, according to counsel, we would become liable for consequences of that. I'm expecting further information today as to which further consequences a refusal would have. cheers, Axel On 11/11/2011 00:48, Sascha Luck wrote: > All, > > in the recent discussion on RPKI, it was stated by the NCC that it > would not act on resource registrations (and, by extension, > certificates and ROAs) without a valid Dutch court order. > > According to: > > http://www.ripe.net/internet-coordination/news/about-ripe-ncc-and-ripe/ripe-ncc-blocks-registration-in-ripe-registry-following-order-from-dutch-police > > ther NCC has blocked changes to registered resources pursuant to "an > order from Dutch police". > > Now, I'm not overly familiar with the Dutch legal system but in ours, > a court order is different from a "police order". Considering the > implications for, in particular, RPKI; could someone from the NCC > confirm that this was, in fact, on foot of a court order? > Alternatively, is a "police order" something equivalent, eg an order > that must be followed on pain of legal sanction?` > > Regards, Sascha Luck From jorgen at ssc.net Fri Nov 11 12:07:02 2011 From: jorgen at ssc.net (=?ISO-8859-1?Q?J=F8rgen_Hovland?=) Date: Fri, 11 Nov 2011 12:07:02 +0100 Subject: [members-discuss] NCC acting on registrations pursuant to"police order"? In-Reply-To: <4EBCDE25.7070506@ripe.net> References: <20111110234849.GB97093@cilantro.c4inet.net> <4EBCDE25.7070506@ripe.net> Message-ID: <4EBD01D6.30005@ssc.net> On 11/11/11 09:34, Axel Pawlik wrote: > Good morning Sascha, all, > > you are right Sascha, this is an order from the Dutch > police, on behalf of the Distract Attorney. > > If we were to refuse it, according to counsel, we > would become liable for consequences of that. > I'm expecting further information today as to > which further consequences a refusal would have. > If you don't mind, I have a question: First of all, did you receive any real reason why they requested this? If not, I find that decision disturbing. As opposed to other things in the RIPE NCC budget, the potential expenses for pursuing this is something I would gladly accept. When you permit things like that it is damaging the reputation. Cheers, J From axel.pawlik at ripe.net Fri Nov 11 10:41:22 2011 From: axel.pawlik at ripe.net (Axel Pawlik) Date: Fri, 11 Nov 2011 10:41:22 +0100 Subject: [members-discuss] NCC acting on registrations pursuant to"police order"? In-Reply-To: <4EBD01D6.30005@ssc.net> References: <20111110234849.GB97093@cilantro.c4inet.net> <4EBCDE25.7070506@ripe.net> <4EBD01D6.30005@ssc.net> Message-ID: <4EBCEDC2.5060709@ripe.net> J?rgen, Sascha, all, the order says it's done on the basis of several international requests of assistence, issued to the Dutch authorities from the US authorities, in relation to massive malware distribution in the US and other countries. We will be preparing an article on the genesis of this order, background documents as publishable, legal opinions and the like. Currently we are busy coordinating legal opinions, requesting further documentation and the like. cheers, Axel From mark at tuxis.nl Fri Nov 11 10:37:46 2011 From: mark at tuxis.nl (Mark Schouten) Date: Fri, 11 Nov 2011 10:37:46 +0100 Subject: [members-discuss] NCC acting on registrations pursuant to"police order"? In-Reply-To: <4EBD01D6.30005@ssc.net> References: <20111110234849.GB97093@cilantro.c4inet.net> <4EBCDE25.7070506@ripe.net> <4EBD01D6.30005@ssc.net> Message-ID: <4EBCECEA.1000900@tuxis.nl> Hi J?rgen, On 11/11/2011 12:07 PM, J?rgen Hovland wrote: > If you don't mind, I have a question: > First of all, did you receive any real reason why they requested this? According to webwereld.nl (a Dutch tech-site), it was to disable a gang that runs rogue DNS services. A poorly translated article can be found via Google Translate: http://tinyurl.com/7jrmubc -- Mark Schouten | Tuxis Internet Engineering KvK: 09218193 | http://www.tuxis.nl/ T: 0318 200208 | info at tuxis.nl M: 06 53463918 | mark at tuxis.nl -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 262 bytes Desc: OpenPGP digital signature URL: From fweimer at bfk.de Fri Nov 11 11:03:26 2011 From: fweimer at bfk.de (Florian Weimer) Date: Fri, 11 Nov 2011 10:03:26 +0000 Subject: [members-discuss] NCC acting on registrations pursuant to "police order"? In-Reply-To: <20111110234849.GB97093@cilantro.c4inet.net> (Sascha Luck's message of "Thu, 10 Nov 2011 23:48:49 +0000") References: <20111110234849.GB97093@cilantro.c4inet.net> Message-ID: <82zkg3m0wh.fsf@mid.bfk.de> * Sascha Luck: > in the recent discussion on RPKI, it was stated > by the NCC that it would not act on resource > registrations (and, by extension, certificates and > ROAs) without a valid Dutch court order. And in the RPKI context, it was said that there was no legal basis whatsoever that such an order could be obtained *at all*. I'm not sure this is a bad development. It shows that existing laws and RIPE policies allow government agencies and RIPE NCC to work together, in order to make the Internet a safer place. It is difficult for me to see how we could address such situations without any government interference whatsoever, merely through self-regulation, and still maintain due process for those who are involved. -- Florian Weimer BFK edv-consulting GmbH http://www.bfk.de/ Kriegsstra?e 100 tel: +49-721-96201-1 D-76133 Karlsruhe fax: +49-721-96201-99 From erik at bais.name Fri Nov 11 13:41:10 2011 From: erik at bais.name (Erik Bais) Date: Fri, 11 Nov 2011 13:41:10 +0100 Subject: [members-discuss] FW: NCC acting on registrations pursuant to "police order"? References: <20111110234849.GB97093@cilantro.c4inet.net> <82zkg3m0wh.fsf@mid.bfk.de> Message-ID: <3D7F7C92CA8EEF458B7AC7BACD7D619102F193C69A0C@EXVS002.netsourcing.lan> Sorry. Repost from the correct mail-address. --- The article on Webwereld states: (http://webwereld.nl/nieuws/108523/nederlandse-politie-bevriest-ip-toegang-dns-bende.html ) Tegelijk met het oprollen van de bende heeft de Nederlandse politie vier blokken van ip-adressen laten 'bevriezen' bij het in Amsterdam gevestigde RIPE. Die Europese beheerder van ip-adressen, heeft op last van de politie vier blokken van IPv4-adressen geblokkeerd. Dit houdt in dat de eigenaar van de ip-adressen geen wijzigingen kan doorvoeren in de registratiegegevens bij RIPE. Which translates in English into: Together with the roll-up of the gang, the Dutch police had 4 subnets of IP addresses frozen at the in Amsterdam based RIPE. The European manager of IP addresses has based on a police order 4 subnets of IPv4 addresses locked. This means that the owner of the IP addresses couldn't make any changes in the registration information at RIPE. --- As far as I'm aware (but I'm not a lawyer) the international gratified ComputerCrime II ACT, provides the authority to ask for a freeze (secure) of administrative and technical (logging) information known to a certain database / website holder about someone, to prevent it from being purged. What RIPE did is just that, if I read this correctly. Comparing this to RPKI: The difference of a cert being revoked by RIPE in an RPKI situation, was that routing by itself wasn't changed. Nor that the assigned IP's where revoked or something similar. Perhaps someone from RIPE can provide some more insight beside the posting on the website (http://www.ripe.net/internet-coordination/news/about-ripe-ncc-and-ripe/ripe-ncc-blocks-registration-in-ripe-registry-following-order-from-dutch-police ) Regards, Erik Bais From hank at efes.iucc.ac.il Fri Nov 11 14:27:58 2011 From: hank at efes.iucc.ac.il (Hank Nussbacher) Date: Fri, 11 Nov 2011 15:27:58 +0200 (IST) Subject: [members-discuss] NCC acting on registrations pursuant to "police order"? In-Reply-To: <82zkg3m0wh.fsf@mid.bfk.de> References: <20111110234849.GB97093@cilantro.c4inet.net> <82zkg3m0wh.fsf@mid.bfk.de> Message-ID: On Fri, 11 Nov 2011, Florian Weimer wrote: > * Sascha Luck: > >> in the recent discussion on RPKI, it was stated >> by the NCC that it would not act on resource >> registrations (and, by extension, certificates and >> ROAs) without a valid Dutch court order. > > And in the RPKI context, it was said that there was no legal basis > whatsoever that such an order could be obtained *at all*. > > I'm not sure this is a bad development. It shows that existing laws and > RIPE policies allow government agencies and RIPE NCC to work together, > in order to make the Internet a safer place. It is difficult for me to > see how we could address such situations without any government > interference whatsoever, merely through self-regulation, and still > maintain due process for those who are involved. I support RIPE NCC in its effort to make the Internet a safer place. A court order for RIPE NCC to do something would probably have needed a trial, and can sometimes take months and usually years until a decision is handed down. If the police lodged a formal request then RIPE NCC has to abide by it. Adjust the charter or procedures to comply with reality if necessary. -Hank From erik at datahouse.nl Fri Nov 11 13:39:36 2011 From: erik at datahouse.nl (Erik Bais) Date: Fri, 11 Nov 2011 13:39:36 +0100 Subject: [members-discuss] NCC acting on registrations pursuant to "police order"? In-Reply-To: <82zkg3m0wh.fsf@mid.bfk.de> References: <20111110234849.GB97093@cilantro.c4inet.net> <82zkg3m0wh.fsf@mid.bfk.de> Message-ID: <006201cca06e$f8ce7b30$ea6b7190$@datahouse.nl> The article on Webwereld states: (http://webwereld.nl/nieuws/108523/nederlandse-politie-bevriest-ip-toegang-d ns-bende.html ) Tegelijk met het oprollen van de bende heeft de Nederlandse politie vier blokken van ip-adressen laten 'bevriezen' bij het in Amsterdam gevestigde RIPE. Die Europese beheerder van ip-adressen, heeft op last van de politie vier blokken van IPv4-adressen geblokkeerd. Dit houdt in dat de eigenaar van de ip-adressen geen wijzigingen kan doorvoeren in de registratiegegevens bij RIPE. Which translates in English into: Together with the roll-up of the gang, the Dutch police had 4 subnets of IP addresses frozen at the in Amsterdam based RIPE. The European manager of IP addresses has based on a police order 4 subnets of IPv4 addresses locked. This means that the owner of the IP addresses couldn't make any changes in the registration information at RIPE. --- As far as I'm aware (but I'm not a lawyer) the international gratified ComputerCrime II ACT, provides the authority to ask for a freeze (secure) of administrative and technical (logging) information known to a certain database / website holder about someone, to prevent it from being purged. What RIPE did is just that, if I read this correctly. Comparing this to RPKI: The difference of a cert being revoked by RIPE in an RPKI situation, was that routing by itself wasn't changed. Nor that the assigned IP's where revoked or something similar. Perhaps someone from RIPE can provide some more insight beside the posting on the website (http://www.ripe.net/internet-coordination/news/about-ripe-ncc-and-ripe/ripe -ncc-blocks-registration-in-ripe-registry-following-order-from-dutch-police ) Regards, Erik Bais From erik at bais.name Fri Nov 11 15:57:12 2011 From: erik at bais.name (Erik Bais) Date: Fri, 11 Nov 2011 15:57:12 +0100 Subject: [members-discuss] FW: NCC acting on registrations pursuant to "police order"? In-Reply-To: <3D7F7C92CA8EEF458B7AC7BACD7D619102F193C69A0C@EXVS002.netsourcing.lan> References: <20111110234849.GB97093@cilantro.c4inet.net> <82zkg3m0wh.fsf@mid.bfk.de> <3D7F7C92CA8EEF458B7AC7BACD7D619102F193C69A0C@EXVS002.netsourcing.lan> Message-ID: <3D7F7C92CA8EEF458B7AC7BACD7D619102F193C69A0E@EXVS002.netsourcing.lan> For those that like to read up on the Convention on Cybercrime ( Budapest - 2001 ) : http://conventions.coe.int/Treaty/Commun/QueVoulezVous.asp?NT=185&CM=8&DF=02/06/2010&CL=ENG (Overall start page for the Treaty) http://conventions.coe.int/Treaty/Commun/ChercheSig.asp?NT=185&CM=8&DF=02/06/2010&CL=ENG (status page for the international ratification per country in the EU and none-European countries) http://conventions.coe.int/Treaty/en/Treaties/Html/185.htm (actual text of the treaty) The part that I revered to in my previous email can be found under Title 2 - Article 16: --- Title 2 - Expedited preservation of stored computer data Article 16 - Expedited preservation of stored computer data 1 Each Party shall adopt such legislative and other measures as may be necessary to enable its competent authorities to order or similarly obtain the expeditious preservation of specified computer data, including traffic data, that has been stored by means of a computer system, in particular where there are grounds to believe that the computer data is particularly vulnerable to loss or modification. 2 Where a Party gives effect to paragraph 1 above by means of an order to a person to preserve specified stored computer data in the person's possession or control, the Party shall adopt such legislative and other measures as may be necessary to oblige that person to preserve and maintain the integrity of that computer data for a period of time as long as necessary, up to a maximum of ninety days, to enable the competent authorities to seek its disclosure. A Party may provide for such an order to be subsequently renewed. 3 Each Party shall adopt such legislative and other measures as may be necessary to oblige the custodian or other person who is to preserve the computer data to keep confidential the undertaking of such procedures for the period of time provided for by its domestic law. --- Regards, Erik Bais From brandon at rd.bbc.co.uk Fri Nov 11 16:11:26 2011 From: brandon at rd.bbc.co.uk (Brandon Butterworth) Date: Fri, 11 Nov 2011 15:11:26 GMT Subject: [members-discuss] FW: NCC acting on registrations pursuant to "police order"? Message-ID: <201111111511.PAA25140@sunf10.rd.bbc.co.uk> >> 1 Each Party shall adopt such legislative and other measures as >> may be necessary to enable its competent authorities to order or >> similarly obtain the expeditious preservation of specified computer >> data It's just preservation, it doesn't say prevention of new data creation (you'd have to preserve that too) It would just be a limitation of the RIPE systems if they have to lock an account to ensure retention of data, they could implement other means to provide a preserved data trail while leaving the account active. brandon From erik at datahouse.nl Fri Nov 11 18:00:07 2011 From: erik at datahouse.nl (Erik Bais) Date: Fri, 11 Nov 2011 18:00:07 +0100 Subject: [members-discuss] FW: NCC acting on registrations pursuant to "police order"? Message-ID: <00ef01cca093$5d9bf3c0$18d3db40$@datahouse.nl> Hi Brandon, >>> 1 Each Party shall adopt such legislative and other measures as >>> may be necessary to enable its competent authorities to order or >>> similarly obtain the expeditious preservation of specified computer >>> data > >It's just preservation, it doesn't say prevention of new data creation (you'd have to preserve that too) >It would just be a limitation of the RIPE systems if they have to lock an account to ensure retention of data, they could implement other means to provide a preserved data trail while leaving the account active. Your statement might be true and is also the problem with international ratification of Treaties and the underlying national implementation into the law. In this case, the question would be, what was the actual request from the Police, in order to get some more detail on it. If a preservation of information would have been enough or if a freeze of an account would be required. An online copy of the actual request from the KLPD in that case would be nice, where the personal details can be removed with black marker to protect the innocence etc. (blah blah .. ;-) ) I can only imagine that the operational system of RIPE would not have been designed to comply with anything like a Data retention act in mind. (Off-topic: Which in the Netherlands is still on 12 months btw.) So was the locking of the accounts towards the RIPE systems or freezing of the subnets, was it about the LIR portal, the associated maintainer passwd, or something else, like preventing them from doing changes to rev. dns. ? Or was it about avoiding transfers or changes in the Whois DB ? And instead of dealing with all the fuzz of the above, RIPE NCC might have taken the route of ... disable the accounts and wait ... Which is a perfectly good action imho as it would freeze the evidence present and the people involved would only notice it when they would actually need to make changes. Questions .. questions .. And only a few that know. Erik From erik at bais.name Fri Nov 11 18:05:05 2011 From: erik at bais.name (Erik Bais) Date: Fri, 11 Nov 2011 18:05:05 +0100 Subject: [members-discuss] FW: NCC acting on registrations pursuant to "police order"? In-Reply-To: <00ef01cca093$5d9bf3c0$18d3db40$@datahouse.nl> References: <00ef01cca093$5d9bf3c0$18d3db40$@datahouse.nl> Message-ID: <3D7F7C92CA8EEF458B7AC7BACD7D619102F193C69A0F@EXVS002.netsourcing.lan> Hi Brandon, >>> 1 Each Party shall adopt such legislative and other measures as >>> may be necessary to enable its competent authorities to order or >>> similarly obtain the expeditious preservation of specified computer >>> data > >It's just preservation, it doesn't say prevention of new data creation (you'd have to preserve that too) >It would just be a limitation of the RIPE systems if they have to lock >an account to ensure retention of data, they could implement other means to provide a preserved data trail while leaving the account active. Your statement might be true and is also the problem with international ratification of Treaties and the underlying national implementation into the law. In this case, the question would be, what was the actual request from the Police, in order to get some more detail on it. If a preservation of information would have been enough or if a freeze of an account would be required. An online copy of the actual request from the KLPD in that case would be nice, where the personal details can be removed with black marker to protect the innocence etc. (blah blah .. ;-) ) I can only imagine that the operational system of RIPE would not have been designed to comply with anything like a Data retention act in mind. (Off-topic: Which in the Netherlands is still on 12 months btw.) So was the locking of the accounts towards the RIPE systems or freezing of the subnets, was it about the LIR portal, the associated maintainer passwd, or something else, like preventing them from doing changes to rev. dns. ? Or was it about avoiding transfers or changes in the Whois DB ? And instead of dealing with all the fuzz of the above, RIPE NCC might have taken the route of ... disable the accounts and wait ... Which is a perfectly good action imho as it would freeze the evidence present and the people involved would only notice it when they would actually need to make changes. Questions .. questions .. And only a few that know. Erik ---- If you don't want to receive emails from the RIPE NCC members-discuss mailing list, please log in to your LIR Portal account and go to the general page: https://lirportal.ripe.net/general/view Click on "Edit my LIR details", under "Subscribed Mailing Lists". From here, you can add or remove addresses. From sven at cb3rob.net Fri Nov 11 23:31:10 2011 From: sven at cb3rob.net (Sven Olaf Kamphuis) Date: Fri, 11 Nov 2011 22:31:10 +0000 (UTC) Subject: [members-discuss] FW: NCC acting on registrations pursuant to "police order"? In-Reply-To: <3D7F7C92CA8EEF458B7AC7BACD7D619102F193C69A0F@EXVS002.netsourcing.lan> References: <00ef01cca093$5d9bf3c0$18d3db40$@datahouse.nl> <3D7F7C92CA8EEF458B7AC7BACD7D619102F193C69A0F@EXVS002.netsourcing.lan> Message-ID: http://depiratenpartij.wordpress.com/2011/11/11/brein-versus-xs4all-verplaats-de-rirs-naar-ijsland/ -- Greetings, Sven Olaf Kamphuis, CB3ROB Ltd. & Co. KG ========================================================================= Address: Koloniestrasse 34 VAT Tax ID: DE267268209 D-13359 Registration: HRA 42834 B BERLIN Phone: +31/(0)87-8747479 Germany GSM: +49/(0)152-26410799 RIPE: CBSK1-RIPE e-Mail: sven at cb3rob.net ========================================================================= C3P0, der elektrische Westerwelle http://www.facebook.com/cb3rob ========================================================================= Confidential: Please be advised that the information contained in this email message, including all attached documents or files, is privileged and confidential and is intended only for the use of the individual or individuals addressed. Any other use, dissemination, distribution or copying of this communication is strictly prohibited. On Fri, 11 Nov 2011, Erik Bais wrote: > Hi Brandon, > >>>> 1 Each Party shall adopt such legislative and other measures as >>>> may be necessary to enable its competent authorities to order or >>>> similarly obtain the expeditious preservation of specified computer >>>> data >> >> It's just preservation, it doesn't say prevention of new data creation > (you'd have to preserve that too) > >> It would just be a limitation of the RIPE systems if they have to lock >> an > account to ensure retention of data, they could implement other means to provide a preserved data trail while leaving the account active. > > Your statement might be true and is also the problem with international ratification of Treaties and the underlying national implementation into the law. > > In this case, the question would be, what was the actual request from the Police, in order to get some more detail on it. If a preservation of information would have been enough or if a freeze of an account would be required. > An online copy of the actual request from the KLPD in that case would be nice, where the personal details can be removed with black marker to protect the innocence etc. (blah blah .. ;-) ) > > I can only imagine that the operational system of RIPE would not have been designed to comply with anything like a Data retention act in mind. > (Off-topic: Which in the Netherlands is still on 12 months btw.) So was the locking of the accounts towards the RIPE systems or freezing of the subnets, was it about the LIR portal, the associated maintainer passwd, or something else, like preventing them from doing changes to rev. dns. ? Or was it about avoiding transfers or changes in the Whois DB ? > > And instead of dealing with all the fuzz of the above, RIPE NCC might have taken the route of ... disable the accounts and wait ... Which is a perfectly good action imho as it would freeze the evidence present and the people involved would only notice it when they would actually need to make changes. > > Questions .. questions .. And only a few that know. > > Erik > > > > ---- > If you don't want to receive emails from the RIPE NCC members-discuss mailing list, please log in to your LIR Portal account and go to the general page: > https://lirportal.ripe.net/general/view > > Click on "Edit my LIR details", under "Subscribed Mailing Lists". From here, you can add or remove addresses. > > ---- > If you don't want to receive emails from the RIPE NCC members-discuss > mailing list, please log in to your LIR Portal account and go to the general page: > https://lirportal.ripe.net/general/view > > Click on "Edit my LIR details", under "Subscribed Mailing Lists". From here, you can add or remove addresses. > From sven at cb3rob.net Fri Nov 11 23:44:54 2011 From: sven at cb3rob.net (Sven Olaf Kamphuis) Date: Fri, 11 Nov 2011 22:44:54 +0000 (UTC) Subject: [members-discuss] NCC acting on registrations pursuant to"police order"? In-Reply-To: <4EBCEDC2.5060709@ripe.net> References: <20111110234849.GB97093@cilantro.c4inet.net> <4EBCDE25.7070506@ripe.net> <4EBD01D6.30005@ssc.net> <4EBCEDC2.5060709@ripe.net> Message-ID: issued to the Dutch authorities from the US authorities, in relation to massive malware distribution in the US and other countries. ... microsoft.com - the biggest malware distributer out there... can we just go ahead and nuke the usa... finally ;) -- Greetings, Sven Olaf Kamphuis, CB3ROB Ltd. & Co. KG ========================================================================= Address: Koloniestrasse 34 VAT Tax ID: DE267268209 D-13359 Registration: HRA 42834 B BERLIN Phone: +31/(0)87-8747479 Germany GSM: +49/(0)152-26410799 RIPE: CBSK1-RIPE e-Mail: sven at cb3rob.net ========================================================================= C3P0, der elektrische Westerwelle http://www.facebook.com/cb3rob ========================================================================= Confidential: Please be advised that the information contained in this email message, including all attached documents or files, is privileged and confidential and is intended only for the use of the individual or individuals addressed. Any other use, dissemination, distribution or copying of this communication is strictly prohibited. On Fri, 11 Nov 2011, Axel Pawlik wrote: > > J?rgen, Sascha, all, > > the order says it's done on the basis of several international requests > of assistence, issued to the Dutch authorities from the US authorities, > in relation to massive malware distribution in the US and other countries. > > We will be preparing an article on the genesis of this order, background > documents as publishable, legal opinions and the like. > > Currently we are busy coordinating legal opinions, requesting further > documentation and the like. > > cheers, Axel > > > ---- > If you don't want to receive emails from the RIPE NCC members-discuss > mailing list, please log in to your LIR Portal account and go to the general page: > https://lirportal.ripe.net/general/view > > Click on "Edit my LIR details", under "Subscribed Mailing Lists". From here, you can add or remove addresses. > From sven at cb3rob.net Sat Nov 12 00:05:33 2011 From: sven at cb3rob.net (Sven Olaf Kamphuis) Date: Fri, 11 Nov 2011 23:05:33 +0000 (UTC) Subject: [members-discuss] [#22756] Re: FW: NCC acting on registrations pursuant to "police order"? In-Reply-To: <3eae2f1aac2a21f0610140149937d83a@support.privatelayer.com> References: <3eae2f1aac2a21f0610140149937d83a@support.privatelayer.com> Message-ID: Security expert Ronald Prince of forensic firm Fox-IT across all Macworld speculated that this action may be related to the rolling up of the DNS gang. "De DNS-servers draaiden op bepaalde ip-adressen. Nu zijn die vervangen door servers van de politie zelf." "The DNS servers were running on certain IP addresses. Now those servers replaced by the police themselves." ah so-called "security expert" and well known sockpuppet of the amerifags, ronald prins, is at it again... when he's not too busy persecuting the international souvereign military order of internet knights that is anonymous, he's always to be found to make some foolish statements in the press. The rolled malware gang has four million PCs worldwide able to infect. This is done through rogue DNS servers. NO -THIS IS DONE THROUGH MICROSOFT WINDOWS-, go and arrest bill gates for selling utter crap that doesn't belong on a network in the first place, and not fixing it on purpose although code is much easier to fix than to maintain a dictionary of search strings for 'known' virus code that exploits it. Prince says that the RIPE-blocking by the Dutch police can ensure that the infected computers keep their connection. Only is it not the rogue machines, but the police servers. " And that solves the problem ... how exactly... the next virus will show up and microsoft continue keep sell crap and isn't even being blamed by this rather pro-american so-called "security" expert. i'd say, flash the god damn biosses with an advertisement that gets them to the mac store, or force install ubuntu if you're already taking over a botnet anyway :P the dutch police gets paid by dutch taxpayers to protect dutch/european interests, not those of mickeysoft or the usa, or to run after people that exploit bugs (probably purposely) not fixed by microsoft to keep their "anti virus industry" buddies in business. i'd say, this whole thing is EASILY solved by a forced update of windows, on THEIR side of the ocean, i see no need to waste further european tax money on whatever that god damn ex-colony of amsterdam wants. (and while we're at the subject, why on earth do we let them sell that crap in our stores ;) -- Greetings, Sven Olaf Kamphuis, CB3ROB Ltd. & Co. KG ========================================================================= Address: Koloniestrasse 34 VAT Tax ID: DE267268209 D-13359 Registration: HRA 42834 B BERLIN Phone: +31/(0)87-8747479 Germany GSM: +49/(0)152-26410799 RIPE: CBSK1-RIPE e-Mail: sven at cb3rob.net ========================================================================= C3P0, der elektrische Westerwelle http://www.facebook.com/cb3rob ========================================================================= Confidential: Please be advised that the information contained in this email message, including all attached documents or files, is privileged and confidential and is intended only for the use of the individual or individuals addressed. Any other use, dissemination, distribution or copying of this communication is strictly prohibited. On Fri, 11 Nov 2011, support at privatelayer.com wrote: > Dear Valued Private Layer Customer, > > > Our tech support department has received your message in good order and we have assigned a ticket number to your request. > > The ticket number assigned is: 22756. We are reviewing your ticket and will reply to it shortly. > > > Best Regards, > > Private Layer INC > Tech Support Department > support at privatelayer.com > From zoe at hotchilli.com Mon Nov 14 11:05:08 2011 From: zoe at hotchilli.com (Zoe O'Connell) Date: Mon, 14 Nov 2011 10:05:08 +0000 Subject: [members-discuss] NCC acting on registrations pursuant to "police order"? In-Reply-To: References: <20111110234849.GB97093@cilantro.c4inet.net> <82zkg3m0wh.fsf@mid.bfk.de> Message-ID: <4EC0E7D4.50901@hotchilli.com> On 11/11/11 13:27, Hank Nussbacher wrote: > I support RIPE NCC in its effort to make the Internet a safer place. A > court order for RIPE NCC to do something would probably have needed a > trial, and can sometimes take months and usually years until a decision is > handed down. If the police lodged a formal request then RIPE NCC has to > abide by it. Adjust the charter or procedures to comply with reality if > necessary. I believe that the current situation is unrelated to preservation of data, so I don't believe there's a treaty obligation involved. From what I've heard, the bad people have all been arrested so nobody is being kicked offline who isn't offline anyway. However, whilst I am not familiar with the legal situation in the Netherlands, (Is there an independent judicial element to any police "requests"?) I would be rather worried about any situation in which the police, based on their own particular policies, might be able to exert control over what they consider acceptable use of the Internet within the RIPE region. RIPE covers many countries and not all have the same set of ethical values and standards and we should be wary of any situation in which one nation exerts undue extra-judicial influence because a coordinating body happens to be based there. Zo? From LudendorffR at rferl.org Mon Nov 14 11:51:17 2011 From: LudendorffR at rferl.org (Ray Ludendorff) Date: Mon, 14 Nov 2011 11:51:17 +0100 Subject: [members-discuss] NCC acting on registrations pursuant to "police order"? In-Reply-To: <4EC0E7D4.50901@hotchilli.com> References: <20111110234849.GB97093@cilantro.c4inet.net> <82zkg3m0wh.fsf@mid.bfk.de> <4EC0E7D4.50901@hotchilli.com> Message-ID: Hello , I have not been reading all the emails, so can some tell me if a police order was issued and what it is about ? Thanks -Ray -------------- next part -------------- An HTML attachment was scrubbed... URL: From axel.pawlik at ripe.net Tue Nov 15 17:50:37 2011 From: axel.pawlik at ripe.net (Axel Pawlik) Date: Tue, 15 Nov 2011 17:50:37 +0100 Subject: [members-discuss] Update on police order of 8 November Message-ID: <4EC2985D.90502@ripe.net> Dear all, In the interest of transparency, I'd like to update you on the Dutch police order issued to the RIPE NCC on 8 November 2011 to temporarily lock a registration of four IP address blocks in the RIPE Registry until 22 March 2012. As mentioned earlier, we are working on full disclosure of the background documents. You can read a copy of the police order here: https://www.ripe.net/lir-services/member-support/police-order-8-november-2011 We will update you if and when any other publishable materials become available. We have received independent legal advice and are in discussion with the appropriate authorities. We intend to pursue this matter further in Dutch court to establish a precedent so that we are certain of our rights regarding such orders. The RIPE NCC is committed to acting in the best interest of its membership and we will continue to inform you and the Internet community on this matter as it progresses. I'd also like to take this opportunity to clarify that we have not withdrawn, removed or reclaimed the address blocks in question. kind regards, Axel From erik at bais.name Tue Nov 15 20:57:33 2011 From: erik at bais.name (Erik Bais) Date: Tue, 15 Nov 2011 20:57:33 +0100 Subject: [members-discuss] Update on police order of 8 November In-Reply-To: <4EC2985D.90502@ripe.net> References: <4EC2985D.90502@ripe.net> Message-ID: <3D7F7C92CA8EEF458B7AC7BACD7D619102F193C69A34@EXVS002.netsourcing.lan> Hi Axel, Thanks for the copy of the police order. I'll do a quick translation of the document for those that are not so into Dutch. (Probably within the next 2 days. Depending on the workload in the office) For the people that didn't read the security fora and want to see how those frozen prefixes look in the www.ripe.net/whois. https://apps.db.ripe.net/whois/lookup/ripe/inetnum/85.255.112.0-85.255.127.255.html https://apps.db.ripe.net/whois/lookup/ripe/inetnum/213.109.64.0-213.109.79.255.html https://apps.db.ripe.net/whois/lookup/ripe/inetnum/93.188.160.0-93.188.167.255.html https://apps.db.ripe.net/whois/lookup/ripe/inetnum/77.67.83.0-77.67.83.255.html The above mentioned details can also be found in the FBI file found at : http://www.fbi.gov/news/stories/2011/november/malware_110911/DNS-changer-malware.pdf ( Source : http://isc.sans.edu/diary/Operation+Ghost+Click+FBI+bags+crime+ring+responsible+for+14+million+in+losses/11986 ) Regards, Erik Bais From erik at bais.name Wed Nov 16 01:50:03 2011 From: erik at bais.name (Erik Bais) Date: Wed, 16 Nov 2011 01:50:03 +0100 Subject: [members-discuss] Update on police order of 8 November In-Reply-To: <3D7F7C92CA8EEF458B7AC7BACD7D619102F193C69A34@EXVS002.netsourcing.lan> References: <4EC2985D.90502@ripe.net> <3D7F7C92CA8EEF458B7AC7BACD7D619102F193C69A34@EXVS002.netsourcing.lan> Message-ID: <3D7F7C92CA8EEF458B7AC7BACD7D619102F193C69A37@EXVS002.netsourcing.lan> See below the rough translation of the Dutch order from the Police. Please keep in mind, I'm not a laywer or a legal Dutch English translator, so there might be some specific wording used that isn't 100%. It will however give a good indication of the overall intention of the document handed to RIPE. Regards, Erik Bais You can read an original Dutch copy of the police order here: https://www.ripe.net/lir-services/member-support/police-order-8-november-2011 My English translation: Order based on article 2 of the police law. To protect the public order and maintain order Signed by G.A. Wind, Inspector of the Police, active at the team High Tech Crime of the Dienst National Recherche of the Korps Landelijke Politiediensten, Considering that: - By the authorized authorities of the United States of America, a criminal investigation is started to investigate the un-authorized installations of malware software on several million computer systems in the US and abroad, including the laundry of criminal profits. - These facts are punishable by Dutch law, based on (among others) the articles 138ab, 139B, 140, 350a and 420bis of the Dutch Wetboek van Strafrecht (Dutch Law book for criminal Law) - These punishable facts are an immediate threat to the Dutch public order. - On December 14th 2010 by the authorized authorities of the USA, the Dutch authorities received a request for assistance to assist in the investigation of the US case. - On November 3th, 2011, by the authorized authorities of the USA, an additional request was done to the Dutch authorities, based on a decree by Honorable William H. Pauley III, US district judge, Southern District of New York, on Nov. 3th 2011. - The US court order has impact on the activities of all Regional Internet Registrars (RIR) in the world, of which Resaux IP European Network Coordination Center (RIPE NCC) has their office (seat) in Amsterdam. Page 2 The US judge (??**) (*probably judge was intended, as it was poorly translated into Dutch*) orders every RIR to take the following measurements to prevent: o The suspects in the US investigation will transfer the control of the relevant registrations of a couple specific IP ranges in the public register. o The suspects in the US investigations will alter the relevant registration(s) of a specific set of IP ranges in the public register, unless specifically approved by the FBI of the US attorney's office for the Southern District of New York. o The suspects in the US investigation a specific set IP address registration (IP address records) transfer to someone else, unless specifically approved by the FBI of the US attorney's office in the Southern District of New York. Ordered by the (Officier van Justitie) (the Dutch) Public Prosecutor of the Public Office, mr. L.J.A. van Zwieten, Hereby orders: RIPE NCC with offices in Amsterdam To protect the public order and maintain the order to act accordingly to the US court order for the following IP ranges: XXXXXXXXXXXXXX XXXXXXXXXXXXXX XXXXXXXXXXXXXX XXXXXXXXXXXXXX For the compliance to the order, it is expected to report compliance to the person who signed this order no later than November 8th 2011. In case it is technically not possible to execute the order, it is expected that you, no later than November 8th 2011, notify the person who signed this order. This measurement should be in place for the period November 8th 2011 up to and including March 22nd, 2012. This order is signed and handed over on the November 8th, 2011 G.A. Wind For receipts: RIPE NCC From brandon at rd.bbc.co.uk Wed Nov 16 09:45:34 2011 From: brandon at rd.bbc.co.uk (Brandon Butterworth) Date: Wed, 16 Nov 2011 08:45:34 GMT Subject: [members-discuss] Update on police order of 8 November Message-ID: <201111160845.IAA02429@sunf10.rd.bbc.co.uk> > Please keep in mind, I'm not a laywer Likewise but it appears to be totally unnecessary action that establishes precedent for other more intrusive requests later > - These punishable facts are an immediate threat to the Dutch public order. Seems quite unlikely that there will be public disorder as a result of malware, at least to the extent freezing registry entries would prevent. > o The suspects in the US investigation will transfer the control of > the relevant registrations of a couple specific IP ranges in the > public register. > o The suspects in the US investigations will alter the > relevant registration(s) of a specific set of IP ranges in the > public register, unless specifically approved by the FBI of the > US attorney's office for the Southern District of New York. Why would that matter as long as they made an evidence record of what it was at this time. There's lots of things the suspects may do during the course of an investigation, like just live their normal lives. brandon From comunicaciones at acotelsa.com Tue Nov 22 16:41:09 2011 From: comunicaciones at acotelsa.com (Comunicaciones ACOTELSA) Date: Tue, 22 Nov 2011 16:41:09 +0100 Subject: [members-discuss] What to do Message-ID: <002101cca92d$28148e40$783daac0$@acotelsa.com> Hi all. We have detected a DoS from IP of APNIC, from China. Are there a procedure to inform APNIC or RIPE about the problem or the only way is inform to the WHOIS contact? Thanks in advance. Saludos... =========================================== Luis ?ngel Lozano Aparicio Comunicaciones y Seguridad Grupo Acotel e-mail: comunicaciones at acotelsa.com ------------------------------------------ Tlf: 983 440274 - 902 194273 Fax:983 548220 Oficina 201 - Edificio Galileo, m?dulo Rojo Parque Tecnol?gico de Boecillo 47151 Boecillo (Valladolid) - Espa?a =========================================== Protecci?n de Datos: ACOTELSA le informa de que los datos facilitados por Ud. y utilizados para el env?o de esta comunicaci?n ser?n objeto de tratamiento automatizado o no en nuestros ficheros, con la finalidad de gestionar la agenda de contactos de nuestra empresa y para el env?o de comunicaciones profesionales por cualquier medio electr?nico o no. Vd. podr? en cualquier momento ejercer el derecho de acceso, rectificaci?n, cancelaci?n y oposici?n en los t?rminos establecidos en la Ley Org?nica 15/1999. El responsable del tratamiento es ACOTELSA, con domicilio en Ronda de Poniente, 3 bajo, 28760 Tres Cantos, Madrid. Confidencialidad El contenido de esta comunicaci?n, as? como el de toda la documentaci?n anexa, es confidencial y va dirigido ?nicamente al destinatario del mismo. En el supuesto de que usted no fuera el destinatario, le solicitamos que nos lo indique y no comunique su contenido a terceros, procediendo a su destrucci?n. Gracias. Confidenciality The content of this communication and any attached information is confidential and exclusively for the use of the addressee. If you are not the addressee, we ask you to notify to the sender and do not pass its content to another person, and please be sure you destroy it. Thank you. From noc at metronet.hr Tue Nov 22 18:32:20 2011 From: noc at metronet.hr (noc at metronet.hr) Date: Tue, 22 Nov 2011 18:32:20 +0100 Subject: [members-discuss] What to do In-Reply-To: <002101cca92d$28148e40$783daac0$@acotelsa.com> References: <002101cca92d$28148e40$783daac0$@acotelsa.com> Message-ID: <4844A79EE58BDC45AF416184A99318CD02C218B3@smail01.METRONET.local> Hi, Which prefixes are under attack? Regards, NOC Metronet Sektor za mre?u i usluge Network Operations Center Metronet telekomunikacije d.d. Ulica grada Vukovara 269d/I 10 000 Zagreb, Croatia T: + 385 (0)1 6327 090 F: + 385 (0)1 6040 307 www.metronet.hr -----Original Message----- From: members-discuss-bounces at ripe.net [mailto:members-discuss-bounces at ripe.net] On Behalf Of Comunicaciones ACOTELSA Sent: Tuesday, November 22, 2011 4:41 PM To: members-discuss at ripe.net Subject: [members-discuss] What to do Hi all. We have detected a DoS from IP of APNIC, from China. Are there a procedure to inform APNIC or RIPE about the problem or the only way is inform to the WHOIS contact? Thanks in advance. Saludos... =========================================== Luis ?ngel Lozano Aparicio Comunicaciones y Seguridad Grupo Acotel e-mail: comunicaciones at acotelsa.com ------------------------------------------ Tlf: 983 440274 - 902 194273 Fax:983 548220 Oficina 201 - Edificio Galileo, m?dulo Rojo Parque Tecnol?gico de Boecillo 47151 Boecillo (Valladolid) - Espa?a =========================================== Protecci?n de Datos: ACOTELSA le informa de que los datos facilitados por Ud. y utilizados para el env?o de esta comunicaci?n ser?n objeto de tratamiento automatizado o no en nuestros ficheros, con la finalidad de gestionar la agenda de contactos de nuestra empresa y para el env?o de comunicaciones profesionales por cualquier medio electr?nico o no. Vd. podr? en cualquier momento ejercer el derecho de acceso, rectificaci?n, cancelaci?n y oposici?n en los t?rminos establecidos en la Ley Org?nica 15/1999. El responsable del tratamiento es ACOTELSA, con domicilio en Ronda de Poniente, 3 bajo, 28760 Tres Cantos, Madrid. Confidencialidad El contenido de esta comunicaci?n, as? como el de toda la documentaci?n anexa, es confidencial y va dirigido ?nicamente al destinatario del mismo. En el supuesto de que usted no fuera el destinatario, le solicitamos que nos lo indique y no comunique su contenido a terceros, procediendo a su destrucci?n. Gracias. Confidenciality The content of this communication and any attached information is confidential and exclusively for the use of the addressee. If you are not the addressee, we ask you to notify to the sender and do not pass its content to another person, and please be sure you destroy it. Thank you. ---- If you don't want to receive emails from the RIPE NCC members-discuss mailing list, please log in to your LIR Portal account and go to the general page: https://lirportal.ripe.net/general/view Click on "Edit my LIR details", under "Subscribed Mailing Lists". From here, you can add or remove addresses. From markel.stefo at plus.al Tue Nov 22 21:34:35 2011 From: markel.stefo at plus.al (Markel Stefo) Date: Tue, 22 Nov 2011 20:34:35 +0000 Subject: [members-discuss] What to do In-Reply-To: <002101cca92d$28148e40$783daac0$@acotelsa.com> References: <002101cca92d$28148e40$783daac0$@acotelsa.com> Message-ID: <38078DF5B9A0984C8AC03AAEAB7BC1CE022C94DD@EXCH-MBX02.plus.local> I Saludos, Being a young lir I am not sure what the procedure should be but we would certianly appriciate, at least myself, to know what the IP causing the attack is or range therfore. Thanks in advance, Markel Stefo IP Core Network Administrator Plus Communicaction PS:Sorry to the list -----Original Message----- From: members-discuss-bounces at ripe.net [mailto:members-discuss-bounces at ripe.net] On Behalf Of Comunicaciones ACOTELSA Sent: Tuesday, November 22, 2011 4:41 PM To: members-discuss at ripe.net Subject: [members-discuss] What to do Hi all. We have detected a DoS from IP of APNIC, from China. Are there a procedure to inform APNIC or RIPE about the problem or the only way is inform to the WHOIS contact? Thanks in advance. Saludos... =========================================== Luis ?ngel Lozano Aparicio Comunicaciones y Seguridad Grupo Acotel e-mail: comunicaciones at acotelsa.com ------------------------------------------ Tlf: 983 440274 - 902 194273 Fax:983 548220 Oficina 201 - Edificio Galileo, m?dulo Rojo Parque Tecnol?gico de Boecillo 47151 Boecillo (Valladolid) - Espa?a =========================================== Protecci?n de Datos: ACOTELSA le informa de que los datos facilitados por Ud. y utilizados para el env?o de esta comunicaci?n ser?n objeto de tratamiento automatizado o no en nuestros ficheros, con la finalidad de gestionar la agenda de contactos de nuestra empresa y para el env?o de comunicaciones profesionales por cualquier medio electr?nico o no. Vd. podr? en cualquier momento ejercer el derecho de acceso, rectificaci?n, cancelaci?n y oposici?n en los t?rminos establecidos en la Ley Org?nica 15/1999. El responsable del tratamiento es ACOTELSA, con domicilio en Ronda de Poniente, 3 bajo, 28760 Tres Cantos, Madrid. Confidencialidad El contenido de esta comunicaci?n, as? como el de toda la documentaci?n anexa, es confidencial y va dirigido ?nicamente al destinatario del mismo. En el supuesto de que usted no fuera el destinatario, le solicitamos que nos lo indique y no comunique su contenido a terceros, procediendo a su destrucci?n. Gracias. Confidenciality The content of this communication and any attached information is confidential and exclusively for the use of the addressee. If you are not the addressee, we ask you to notify to the sender and do not pass its content to another person, and please be sure you destroy it. Thank you. ---- If you don't want to receive emails from the RIPE NCC members-discuss mailing list, please log in to your LIR Portal account and go to the general page: https://lirportal.ripe.net/general/view Click on "Edit my LIR details", under "Subscribed Mailing Lists". From here, you can add or remove addresses. From mikevs at xs4all.net Tue Nov 22 21:53:48 2011 From: mikevs at xs4all.net (Miquel van Smoorenburg) Date: Tue, 22 Nov 2011 21:53:48 +0100 Subject: [members-discuss] What to do In-Reply-To: <002101cca92d$28148e40$783daac0$@acotelsa.com> References: <002101cca92d$28148e40$783daac0$@acotelsa.com> Message-ID: <4ECC0BDC.1090209@xs4all.net> RIPE, APNIC or any of the other RIRs only handle administrative issues wrt the allocation and distribution of IP addresses, AS numbers etc. They have no "power" over the network of any ISP. You should contact the persons in the WHOIS, and at the same time, you should contact your upstream provider and ask them if they can see where the DOS originates and if they can perhaps block it for you. Do remember that IP packets can be spoofed, the source address of the DOS packets may say "this originated from 243.1.2.3" but perhaps it is a completely different network that is sending you the packets - your upstream provider might be able to pinpoint the actual source. Mike. On 22-11-11 4:41 PM, Comunicaciones ACOTELSA wrote: > Hi all. > > We have detected a DoS from IP of APNIC, from China. > > Are there a procedure to inform APNIC or RIPE about the problem or the only > way is inform to the WHOIS contact? > > Thanks in advance. > > > Saludos... > > =========================================== > Luis ?ngel Lozano Aparicio > Comunicaciones y Seguridad > Grupo Acotel > e-mail: comunicaciones at acotelsa.com > ------------------------------------------ > Tlf: 983 440274 - 902 194273 Fax:983 548220 > Oficina 201 - Edificio Galileo, m?dulo Rojo > Parque Tecnol?gico de Boecillo > 47151 Boecillo (Valladolid) - Espa?a > =========================================== > > > > > > Protecci?n de Datos: ACOTELSA le informa de que los datos facilitados por Ud. y utilizados para el env?o de esta comunicaci?n ser?n objeto de tratamiento automatizado o no en nuestros ficheros, con la finalidad de gestionar la agenda de contactos de nuestra empresa y para el env?o de comunicaciones profesionales por cualquier medio electr?nico o no. Vd. podr? en cualquier momento ejercer el derecho de acceso, rectificaci?n, cancelaci?n y oposici?n en los t?rminos establecidos en la Ley Org?nica 15/1999. El responsable del tratamiento es ACOTELSA, con domicilio en Ronda de Poniente, 3 bajo, 28760 Tres Cantos, Madrid. > > Confidencialidad El contenido de esta comunicaci?n, as? como el de toda la documentaci?n anexa, es confidencial y va dirigido ?nicamente al destinatario del mismo. En el supuesto de que usted no fuera el destinatario, le solicitamos que nos lo indique y no comunique su contenido a terceros, procediendo a su destrucci?n. Gracias. > > Confidenciality The content of this communication and any attached information is confidential and exclusively for the use of the addressee. If you are not the addressee, we ask you to notify to the sender and do not pass its content to another person, and please be sure you destroy it. Thank you. > > > > ---- > If you don't want to receive emails from the RIPE NCC members-discuss > mailing list, please log in to your LIR Portal account and go to the general page: > https://lirportal.ripe.net/general/view > > Click on "Edit my LIR details", under "Subscribed Mailing Lists". From here, you can add or remove addresses. > From sslavov at blizoo.bg Tue Nov 22 22:54:26 2011 From: sslavov at blizoo.bg (sslavov at blizoo.bg) Date: Tue, 22 Nov 2011 23:54:26 +0200 Subject: [members-discuss] What to do Message-ID: <5e662a6d37654b0a3ef2cef3f9c502ad.squirrel@mail.blizoo.bg> Contact the Persons in the WHOIS database, your UPLINK Provider AND BLOCK IP RANGE. Best regards. Stoyan > > RIPE, APNIC or any of the other RIRs only handle administrative issues > wrt the allocation and distribution of IP addresses, AS numbers etc. > They have no "power" over the network of any ISP. > > You should contact the persons in the WHOIS, and at the same time, you > should contact your upstream provider and ask them if they can see where > the DOS originates and if they can perhaps block it for you. > > Do remember that IP packets can be spoofed, the source address of the > DOS packets may say "this originated from 243.1.2.3" but perhaps it is a > completely different network that is sending you the packets - your > upstream provider might be able to pinpoint the actual source. > > Mike. > > On 22-11-11 4:41 PM, Comunicaciones ACOTELSA wrote: >> Hi all. >> >> We have detected a DoS from IP of APNIC, from China. >> >> Are there a procedure to inform APNIC or RIPE about the problem or the >> only >> way is inform to the WHOIS contact? >> >> Thanks in advance. >> >> >> Saludos... >> >> =========================================== >> Luis ?ngel Lozano Aparicio >> Comunicaciones y Seguridad >> Grupo Acotel >> e-mail: comunicaciones at acotelsa.com >> ------------------------------------------ >> Tlf: 983 440274 - 902 194273 Fax:983 548220 >> Oficina 201 - Edificio Galileo, m?dulo Rojo >> Parque Tecnol?gico de Boecillo >> 47151 Boecillo (Valladolid) - Espa?a >> =========================================== >> >> >> >> >> >> Protecci?n de Datos: ACOTELSA le informa de que los datos facilitados >> por Ud. y utilizados para el env?o de esta comunicaci?n ser?n objeto de >> tratamiento automatizado o no en nuestros ficheros, con la finalidad de >> gestionar la agenda de contactos de nuestra empresa y para el env?o de >> comunicaciones profesionales por cualquier medio electr?nico o no. Vd. >> podr? en cualquier momento ejercer el derecho de acceso, rectificaci?n, >> cancelaci?n y oposici?n en los t?rminos establecidos en la Ley Org?nica >> 15/1999. El responsable del tratamiento es ACOTELSA, con domicilio en >> Ronda de Poniente, 3 bajo, 28760 Tres Cantos, Madrid. >> >> Confidencialidad El contenido de esta comunicaci?n, as? como el de toda >> la documentaci?n anexa, es confidencial y va dirigido ?nicamente al >> destinatario del mismo. En el supuesto de que usted no fuera el >> destinatario, le solicitamos que nos lo indique y no comunique su >> contenido a terceros, procediendo a su destrucci?n. Gracias. >> >> Confidenciality The content of this communication and any attached >> information is confidential and exclusively for the use of the >> addressee. If you are not the addressee, we ask you to notify to the >> sender and do not pass its content to another person, and please be sure >> you destroy it. Thank you. >> >> >> >> ---- >> If you don't want to receive emails from the RIPE NCC members-discuss >> mailing list, please log in to your LIR Portal account and go to the >> general page: >> https://lirportal.ripe.net/general/view >> >> Click on "Edit my LIR details", under "Subscribed Mailing Lists". From >> here, you can add or remove addresses. >> > > ---- > If you don't want to receive emails from the RIPE NCC members-discuss > mailing list, please log in to your LIR Portal account and go to the > general page: > https://lirportal.ripe.net/general/view > > Click on "Edit my LIR details", under "Subscribed Mailing Lists". From > here, you can add or remove addresses. > From support at kosmozz.be Tue Nov 22 19:22:47 2011 From: support at kosmozz.be (KOSMOZZ - Support 24/7) Date: Tue, 22 Nov 2011 18:22:47 +0000 Subject: [members-discuss] What to do In-Reply-To: <4844A79EE58BDC45AF416184A99318CD02C218B3@smail01.METRONET.local> References: <002101cca92d$28148e40$783daac0$@acotelsa.com> <4844A79EE58BDC45AF416184A99318CD02C218B3@smail01.METRONET.local> Message-ID: Hi, DoS targeting which networks? Ripe? What is the IP? Kind regards, Filip Herman NOC 24/7 -- KOSMOZZ http://www.kosmozz.be -----Oorspronkelijk bericht----- Van: members-discuss-bounces at ripe.net [mailto:members-discuss-bounces at ripe.net] Namens noc at metronet.hr Verzonden: dinsdag 22 november 2011 18:32 Aan: comunicaciones at acotelsa.com; members-discuss at ripe.net Onderwerp: Re: [members-discuss] What to do Hi, Which prefixes are under attack? Regards, NOC Metronet Sektor za mre?u i usluge Network Operations Center Metronet telekomunikacije d.d. Ulica grada Vukovara 269d/I 10 000 Zagreb, Croatia T: + 385 (0)1 6327 090 F: + 385 (0)1 6040 307 www.metronet.hr -----Original Message----- From: members-discuss-bounces at ripe.net [mailto:members-discuss-bounces at ripe.net] On Behalf Of Comunicaciones ACOTELSA Sent: Tuesday, November 22, 2011 4:41 PM To: members-discuss at ripe.net Subject: [members-discuss] What to do Hi all. We have detected a DoS from IP of APNIC, from China. Are there a procedure to inform APNIC or RIPE about the problem or the only way is inform to the WHOIS contact? Thanks in advance. Saludos... =========================================== Luis ?ngel Lozano Aparicio Comunicaciones y Seguridad Grupo Acotel e-mail: comunicaciones at acotelsa.com ------------------------------------------ Tlf: 983 440274 - 902 194273 Fax:983 548220 Oficina 201 - Edificio Galileo, m?dulo Rojo Parque Tecnol?gico de Boecillo 47151 Boecillo (Valladolid) - Espa?a =========================================== Protecci?n de Datos: ACOTELSA le informa de que los datos facilitados por Ud. y utilizados para el env?o de esta comunicaci?n ser?n objeto de tratamiento automatizado o no en nuestros ficheros, con la finalidad de gestionar la agenda de contactos de nuestra empresa y para el env?o de comunicaciones profesionales por cualquier medio electr?nico o no. Vd. podr? en cualquier momento ejercer el derecho de acceso, rectificaci?n, cancelaci?n y oposici?n en los t?rminos establecidos en la Ley Org?nica 15/1999. El responsable del tratamiento es ACOTELSA, con domicilio en Ronda de Poniente, 3 bajo, 28760 Tres Cantos, Madrid. Confidencialidad El contenido de esta comunicaci?n, as? como el de toda la documentaci?n anexa, es confidencial y va dirigido ?nicamente al destinatario del mismo. En el supuesto de que usted no fuera el destinatario, le solicitamos que nos lo indique y no comunique su contenido a terceros, procediendo a su destrucci?n. Gracias. Confidenciality The content of this communication and any attached information is confidential and exclusively for the use of the addressee. If you are not the addressee, we ask you to notify to the sender and do not pass its content to another person, and please be sure you destroy it. Thank you. ---- If you don't want to receive emails from the RIPE NCC members-discuss mailing list, please log in to your LIR Portal account and go to the general page: https://lirportal.ripe.net/general/view Click on "Edit my LIR details", under "Subscribed Mailing Lists". From here, you can add or remove addresses. ---- If you don't want to receive emails from the RIPE NCC members-discuss mailing list, please log in to your LIR Portal account and go to the general page: https://lirportal.ripe.net/general/view Click on "Edit my LIR details", under "Subscribed Mailing Lists". From here, you can add or remove addresses. From comunicaciones at acotelsa.com Wed Nov 23 11:09:06 2011 From: comunicaciones at acotelsa.com (Comunicaciones ACOTELSA) Date: Wed, 23 Nov 2011 11:09:06 +0100 Subject: [members-discuss] What to do In-Reply-To: References: <002101cca92d$28148e40$783daac0$@acotelsa.com> <4844A79EE58BDC45AF416184A99318CD02C218B3@smail01.METRONET.local> Message-ID: <008d01cca9c7$ef2001a0$cd6004e0$@acotelsa.com> Our prefix is 178.19.32.0/21 and the attack was to all the range of IP. We have detected four different attacks in the last 48 hours, from different networks or RIRs. The source was from Chinesse (three of them) and USA (the last). All the attack was with packets from the 80 tcp port to the 80 tcp port so it could be from zombie web servers. Now, we are alerting and we will inform you about any new problem. Saludos... =========================================== Luis ??ngel Lozano Aparicio Comunicaciones y Seguridad Grupo Acotel e-mail: comunicaciones at acotelsa.com ------------------------------------------ Tlf: 983 440274 - 902 194273 Fax:983 548220 Oficina 201 - Edificio Galileo, m??dulo Rojo Parque Tecnol??gico de Boecillo 47151 Boecillo (Valladolid) - Espa??a =========================================== -----Mensaje original----- De: members-discuss-bounces at ripe.net [mailto:members-discuss-bounces at ripe.net] En nombre de KOSMOZZ - Support 24/7 Enviado el: martes, 22 de noviembre de 2011 19:23 Para: noc at metronet.hr; comunicaciones at acotelsa.com; members-discuss at ripe.net Asunto: Re: [members-discuss] What to do Hi, DoS targeting which networks? Ripe? What is the IP? Kind regards, Filip Herman NOC 24/7 -- KOSMOZZ http://www.kosmozz.be -----Oorspronkelijk bericht----- Van: members-discuss-bounces at ripe.net [mailto:members-discuss-bounces at ripe.net] Namens noc at metronet.hr Verzonden: dinsdag 22 november 2011 18:32 Aan: comunicaciones at acotelsa.com; members-discuss at ripe.net Onderwerp: Re: [members-discuss] What to do Hi, Which prefixes are under attack? Regards, NOC Metronet Sektor za mre??u i usluge Network Operations Center Metronet telekomunikacije d.d. Ulica grada Vukovara 269d/I 10 000 Zagreb, Croatia T: + 385 (0)1 6327 090 F: + 385 (0)1 6040 307 www.metronet.hr -----Original Message----- From: members-discuss-bounces at ripe.net [mailto:members-discuss-bounces at ripe.net] On Behalf Of Comunicaciones ACOTELSA Sent: Tuesday, November 22, 2011 4:41 PM To: members-discuss at ripe.net Subject: [members-discuss] What to do Hi all. We have detected a DoS from IP of APNIC, from China. Are there a procedure to inform APNIC or RIPE about the problem or the only way is inform to the WHOIS contact? Thanks in advance. Saludos... =========================================== Luis ??ngel Lozano Aparicio Comunicaciones y Seguridad Grupo Acotel e-mail: comunicaciones at acotelsa.com ------------------------------------------ Tlf: 983 440274 - 902 194273 Fax:983 548220 Oficina 201 - Edificio Galileo, m??dulo Rojo Parque Tecnol??gico de Boecillo 47151 Boecillo (Valladolid) - Espa??a =========================================== Protecci??n de Datos: ACOTELSA le informa de que los datos facilitados por Ud. y utilizados para el env??o de esta comunicaci??n ser??n objeto de tratamiento automatizado o no en nuestros ficheros, con la finalidad de gestionar la agenda de contactos de nuestra empresa y para el env??o de comunicaciones profesionales por cualquier medio electr??nico o no. Vd. podr?? en cualquier momento ejercer el derecho de acceso, rectificaci??n, cancelaci??n y oposici??n en los t??rminos establecidos en la Ley Org??nica 15/1999. El responsable del tratamiento es ACOTELSA, con domicilio en Ronda de Poniente, 3 bajo, 28760 Tres Cantos, Madrid. Confidencialidad El contenido de esta comunicaci??n, as?? como el de toda la documentaci??n anexa, es confidencial y va dirigido ??nicamente al destinatario del mismo. En el supuesto de que usted no fuera el destinatario, le solicitamos que nos lo indique y no comunique su contenido a terceros, procediendo a su destrucci??n. Gracias. Confidenciality The content of this communication and any attached information is confidential and exclusively for the use of the addressee. If you are not the addressee, we ask you to notify to the sender and do not pass its content to another person, and please be sure you destroy it. Thank you. ---- If you don't want to receive emails from the RIPE NCC members-discuss mailing list, please log in to your LIR Portal account and go to the general page: https://lirportal.ripe.net/general/view Click on "Edit my LIR details", under "Subscribed Mailing Lists". From here, you can add or remove addresses. ---- If you don't want to receive emails from the RIPE NCC members-discuss mailing list, please log in to your LIR Portal account and go to the general page: https://lirportal.ripe.net/general/view Click on "Edit my LIR details", under "Subscribed Mailing Lists". From here, you can add or remove addresses. ---- If you don't want to receive emails from the RIPE NCC members-discuss mailing list, please log in to your LIR Portal account and go to the general page: https://lirportal.ripe.net/general/view Click on "Edit my LIR details", under "Subscribed Mailing Lists". From here, you can add or remove addresses. -- Mensaje analizado por el sistema de deteccion de virus y antispam de ACOTEL. El hecho de que dicho mensaje haya sido tratado NO excluye que pueda contener virus no catalogados a fecha de hoy. ------------------------------------------------------------------ Message analyzed by the Antispam-Virus Detection System at ACOTEL. The fact tha this message has passed analysis does not exclude the posibility of being infected by an undetected virus. Protecci?n de Datos: ACOTELSA le informa de que los datos facilitados por Ud. y utilizados para el env?o de esta comunicaci?n ser?n objeto de tratamiento automatizado o no en nuestros ficheros, con la finalidad de gestionar la agenda de contactos de nuestra empresa y para el env?o de comunicaciones profesionales por cualquier medio electr?nico o no. Vd. podr? en cualquier momento ejercer el derecho de acceso, rectificaci?n, cancelaci?n y oposici?n en los t?rminos establecidos en la Ley Org?nica 15/1999. El responsable del tratamiento es ACOTELSA, con domicilio en Ronda de Poniente, 3 bajo, 28760 Tres Cantos, Madrid. Confidencialidad El contenido de esta comunicaci?n, as? como el de toda la documentaci?n anexa, es confidencial y va dirigido ?nicamente al destinatario del mismo. En el supuesto de que usted no fuera el destinatario, le solicitamos que nos lo indique y no comunique su contenido a terceros, procediendo a su destrucci?n. Gracias. Confidenciality The content of this communication and any attached information is confidential and exclusively for the use of the addressee. If you are not the addressee, we ask you to notify to the sender and do not pass its content to another person, and please be sure you destroy it. Thank you. From noc at solido.net Wed Nov 23 11:16:45 2011 From: noc at solido.net (=?iso-8859-1?Q?Henrik_Kramsh=F8j_Solido_NOC_abuse?=) Date: Wed, 23 Nov 2011 11:16:45 +0100 Subject: [members-discuss] What to do In-Reply-To: <008d01cca9c7$ef2001a0$cd6004e0$@acotelsa.com> References: <002101cca92d$28148e40$783daac0$@acotelsa.com> <4844A79EE58BDC45AF416184A99318CD02C218B3@smail01.METRONET.local> <008d01cca9c7$ef2001a0$cd6004e0$@acotelsa.com> Message-ID: <6487BDA8-6A66-4FEB-BA2E-B5353A282072@solido.net> On 23/11/2011, at 11.09, Comunicaciones ACOTELSA wrote: > Our prefix is 178.19.32.0/21 and the attack was to all the range of IP. We have detected four different attacks in the last 48 hours, from different networks or RIRs. The source was from Chinesse (three of them) and USA (the last). > > All the attack was with packets from the 80 tcp port to the 80 tcp port so it could be from zombie web servers. > > Now, we are alerting and we will inform you about any new problem. Hi Traffic initiated FROM port 80 is very uncommon and you should be able to filter out these very easily using stateless ACL filters on your edge router, or certainly on your firewall. Normal HTTP traffic from clients - browser to server - is from high ports and then to port 80 on the server, like (source ip, source port, destination ip, destination port, protocol) (IP 91.102.xx.18, source port 22101, destination IP 91.102.xx.17, destination port 80, protocol tcp) I can highly recommend the http://www.team-cymru.org/ site and their tools, such as the secure templates, like the Cisco IOS one http://www.team-cymru.org/ReadingRoom/Templates/secure-bgp-template.html Best regards Henrik, abuse handler at AS12617 -- Henrik Lund Kramsh?j, Follower of the Great Way of Unix hlk at kramse.org hlk at solidonetworks.com +45 2026 6000 cand.scient CISSP CEH http://solidonetworks.com/ Network Security is a business enabler From green at msu.ru Thu Nov 24 07:08:49 2011 From: green at msu.ru (Alexander Zubkov) Date: Thu, 24 Nov 2011 10:08:49 +0400 Subject: [members-discuss] What to do In-Reply-To: <008d01cca9c7$ef2001a0$cd6004e0$@acotelsa.com> References: <002101cca92d$28148e40$783daac0$@acotelsa.com> <4844A79EE58BDC45AF416184A99318CD02C218B3@smail01.METRONET.local> <008d01cca9c7$ef2001a0$cd6004e0$@acotelsa.com> Message-ID: <4ECDDF71.1050004@msu.ru> On 11/23/2011 02:09 PM, Comunicaciones ACOTELSA wrote: > Our prefix is 178.19.32.0/21 and the attack was to all the range of IP. We have detected four different attacks in the last 48 hours, from different networks or RIRs. The source was from Chinesse (three of them) and USA (the last). > > All the attack was with packets from the 80 tcp port to the 80 tcp port so it could be from zombie web servers. What is the "nature" of attack? Big traffic or some other try to DoS your services? Because it may be just some type of scanners which is harmless and there no need to panic about it. > > Now, we are alerting and we will inform you about any new problem. > > > Saludos... > > =========================================== > Luis ?ngel Lozano Aparicio > Comunicaciones y Seguridad > Grupo Acotel > e-mail: comunicaciones at acotelsa.com > ------------------------------------------ > Tlf: 983 440274 - 902 194273 Fax:983 548220 > Oficina 201 - Edificio Galileo, m?dulo Rojo > Parque Tecnol?gico de Boecillo > 47151 Boecillo (Valladolid) - Espa?a > =========================================== > > > > -----Mensaje original----- > De: members-discuss-bounces at ripe.net [mailto:members-discuss-bounces at ripe.net] En nombre de KOSMOZZ - Support 24/7 > Enviado el: martes, 22 de noviembre de 2011 19:23 > Para: noc at metronet.hr; comunicaciones at acotelsa.com; members-discuss at ripe.net > Asunto: Re: [members-discuss] What to do > > Hi, > > DoS targeting which networks? Ripe? > What is the IP? > > Kind regards, > > Filip Herman > NOC 24/7 -- KOSMOZZ > http://www.kosmozz.be > > > -----Oorspronkelijk bericht----- > Van: members-discuss-bounces at ripe.net [mailto:members-discuss-bounces at ripe.net] Namens noc at metronet.hr > Verzonden: dinsdag 22 november 2011 18:32 > Aan: comunicaciones at acotelsa.com; members-discuss at ripe.net > Onderwerp: Re: [members-discuss] What to do > > Hi, > > Which prefixes are under attack? > > Regards, > > > NOC Metronet > Sektor za mre?u i usluge > Network Operations Center > > Metronet telekomunikacije d.d. > Ulica grada Vukovara 269d/I > 10 000 Zagreb, Croatia > > > T: + 385 (0)1 6327 090 > F: + 385 (0)1 6040 307 > www.metronet.hr > > -----Original Message----- > From: members-discuss-bounces at ripe.net [mailto:members-discuss-bounces at ripe.net] On Behalf Of Comunicaciones ACOTELSA > Sent: Tuesday, November 22, 2011 4:41 PM > To: members-discuss at ripe.net > Subject: [members-discuss] What to do > > Hi all. > > We have detected a DoS from IP of APNIC, from China. > > Are there a procedure to inform APNIC or RIPE about the problem or the only way is inform to the WHOIS contact? > > Thanks in advance. > > > Saludos... > > =========================================== > Luis ?ngel Lozano Aparicio > Comunicaciones y Seguridad > Grupo Acotel > e-mail: comunicaciones at acotelsa.com > ------------------------------------------ > Tlf: 983 440274 - 902 194273 Fax:983 548220 Oficina 201 - Edificio Galileo, m?dulo Rojo Parque Tecnol?gico de Boecillo > 47151 Boecillo (Valladolid) - Espa?a > =========================================== > > > > > > Protecci?n de Datos: ACOTELSA le informa de que los datos facilitados por Ud. y utilizados para el env?o de esta comunicaci?n ser?n objeto de tratamiento automatizado o no en nuestros ficheros, con la finalidad de gestionar la agenda de contactos de nuestra empresa y para el env?o de comunicaciones profesionales por cualquier medio electr?nico o no. Vd. podr? en cualquier momento ejercer el derecho de acceso, rectificaci?n, cancelaci?n y oposici?n en los t?rminos establecidos en la Ley Org?nica 15/1999. El responsable del tratamiento es ACOTELSA, con domicilio en Ronda de Poniente, 3 bajo, 28760 Tres Cantos, Madrid. > > Confidencialidad El contenido de esta comunicaci?n, as? como el de toda la documentaci?n anexa, es confidencial y va dirigido ?nicamente al destinatario del mismo. En el supuesto de que usted no fuera el destinatario, le solicitamos que nos lo indique y no comunique su contenido a terceros, procediendo a su destrucci?n. Gracias. > > Confidenciality The content of this communication and any attached information is confidential and exclusively for the use of the addressee. If you are not the addressee, we ask you to notify to the sender and do not pass its content to another person, and please be sure you destroy it. Thank you. > > > > ---- > If you don't want to receive emails from the RIPE NCC members-discuss mailing list, please log in to your LIR Portal account and go to the general page: > https://lirportal.ripe.net/general/view > > Click on "Edit my LIR details", under "Subscribed Mailing Lists". From here, you can add or remove addresses. > ---- > If you don't want to receive emails from the RIPE NCC members-discuss mailing list, please log in to your LIR Portal account and go to the general page: > https://lirportal.ripe.net/general/view > > Click on "Edit my LIR details", under "Subscribed Mailing Lists". From here, you can add or remove addresses. > ---- > If you don't want to receive emails from the RIPE NCC members-discuss mailing list, please log in to your LIR Portal account and go to the general page: > https://lirportal.ripe.net/general/view > > Click on "Edit my LIR details", under "Subscribed Mailing Lists". From here, you can add or remove addresses. > -- > Mensaje analizado por el sistema de deteccion de virus y antispam de ACOTEL. El hecho de que dicho mensaje haya sido tratado NO excluye que pueda contener virus no catalogados a fecha de hoy. > ------------------------------------------------------------------ > Message analyzed by the Antispam-Virus Detection System at ACOTEL. The fact tha this message has passed analysis does not exclude the posibility of being infected by an undetected virus. > > > > > Protecci?n de Datos: ACOTELSA le informa de que los datos facilitados por Ud. y utilizados para el env?o de esta comunicaci?n ser?n objeto de tratamiento automatizado o no en nuestros ficheros, con la finalidad de gestionar la agenda de contactos de nuestra empresa y para el env?o de comunicaciones profesionales por cualquier medio electr?nico o no. Vd. podr? en cualquier momento ejercer el derecho de acceso, rectificaci?n, cancelaci?n y oposici?n en los t?rminos establecidos en la Ley Org?nica 15/1999. El responsable del tratamiento es ACOTELSA, con domicilio en Ronda de Poniente, 3 bajo, 28760 Tres Cantos, Madrid. > > Confidencialidad El contenido de esta comunicaci?n, as? como el de toda la documentaci?n anexa, es confidencial y va dirigido ?nicamente al destinatario del mismo. En el supuesto de que usted no fuera el destinatario, le solicitamos que nos lo indique y no comunique su contenido a terceros, procediendo a su destrucci?n. Gracias. > > Confidenciality The content of this communication and any attached information is confidential and exclusively for the use of the addressee. If you are not the addressee, we ask you to notify to the sender and do not pass its content to another person, and please be sure you destroy it. Thank you. > > > > > > > ---- > If you don't want to receive emails from the RIPE NCC members-discuss > mailing list, please log in to your LIR Portal account and go to the general page: > https://lirportal.ripe.net/general/view > > Click on "Edit my LIR details", under "Subscribed Mailing Lists". From here, you can add or remove addresses. From sven at cb3rob.net Thu Nov 24 12:15:01 2011 From: sven at cb3rob.net (Sven Olaf Kamphuis) Date: Thu, 24 Nov 2011 11:15:01 +0000 (UTC) Subject: [members-discuss] What to do In-Reply-To: <38078DF5B9A0984C8AC03AAEAB7BC1CE022C94DD@EXCH-MBX02.plus.local> References: <002101cca92d$28148e40$783daac0$@acotelsa.com> <38078DF5B9A0984C8AC03AAEAB7BC1CE022C94DD@EXCH-MBX02.plus.local> Message-ID: in order to figure out wether the source addresses are spoofed, just look at the ttl of the incoming packets, -even if they are different- trigger the box at the other end to send you a packet (icmp echo-reply, tcp reject, something like that), and then ofcourse the ttl on the packet you made it send by your self, should be more or less the same as the ttl on the incoming packets from that host. (as usually, the source ip is spoofed)... if the source ip is -not- spoofed... the procedure is quite simple, you pick up the phone and you call the noc of the originating networks and tell them to fix the issue :P -- Greetings, Sven Olaf Kamphuis, CB3ROB Ltd. & Co. KG ========================================================================= Address: Koloniestrasse 34 VAT Tax ID: DE267268209 D-13359 Registration: HRA 42834 B BERLIN Phone: +31/(0)87-8747479 Germany GSM: +49/(0)152-26410799 RIPE: CBSK1-RIPE e-Mail: sven at cb3rob.net ========================================================================= C3P0, der elektrische Westerwelle http://www.facebook.com/cb3rob ========================================================================= Confidential: Please be advised that the information contained in this email message, including all attached documents or files, is privileged and confidential and is intended only for the use of the individual or individuals addressed. Any other use, dissemination, distribution or copying of this communication is strictly prohibited. On Tue, 22 Nov 2011, Markel Stefo wrote: > I Saludos, > > Being a young lir I am not sure what the procedure should be but we would certianly appriciate, at least myself, to know what the IP causing the attack is or range therfore. > > Thanks in advance, > Markel Stefo > IP Core Network Administrator > Plus Communicaction > > PS:Sorry to the list > > -----Original Message----- > From: members-discuss-bounces at ripe.net [mailto:members-discuss-bounces at ripe.net] On Behalf Of Comunicaciones ACOTELSA > Sent: Tuesday, November 22, 2011 4:41 PM > To: members-discuss at ripe.net > Subject: [members-discuss] What to do > > Hi all. > > We have detected a DoS from IP of APNIC, from China. > > Are there a procedure to inform APNIC or RIPE about the problem or the only > way is inform to the WHOIS contact? > > Thanks in advance. > > > Saludos... > > =========================================== > Luis ?ngel Lozano Aparicio > Comunicaciones y Seguridad > Grupo Acotel > e-mail: comunicaciones at acotelsa.com > ------------------------------------------ > Tlf: 983 440274 - 902 194273 Fax:983 548220 > Oficina 201 - Edificio Galileo, m?dulo Rojo > Parque Tecnol?gico de Boecillo > 47151 Boecillo (Valladolid) - Espa?a > =========================================== > > > > > > Protecci?n de Datos: ACOTELSA le informa de que los datos facilitados por Ud. y utilizados para el env?o de esta comunicaci?n ser?n objeto de tratamiento automatizado o no en nuestros ficheros, con la finalidad de gestionar la agenda de contactos de nuestra empresa y para el env?o de comunicaciones profesionales por cualquier medio electr?nico o no. Vd. podr? en cualquier momento ejercer el derecho de acceso, rectificaci?n, cancelaci?n y oposici?n en los t?rminos establecidos en la Ley Org?nica 15/1999. El responsable del tratamiento es ACOTELSA, con domicilio en Ronda de Poniente, 3 bajo, 28760 Tres Cantos, Madrid. > > Confidencialidad El contenido de esta comunicaci?n, as? como el de toda la documentaci?n anexa, es confidencial y va dirigido ?nicamente al destinatario del mismo. En el supuesto de que usted no fuera el destinatario, le solicitamos que nos lo indique y no comunique su contenido a terceros, procediendo a su destrucci?n. Gracias. > > Confidenciality The content of this communication and any attached information is confidential and exclusively for the use of the addressee. If you are not the addressee, we ask you to notify to the sender and do not pass its content to another person, and please be sure you destroy it. Thank you. > > > > ---- > If you don't want to receive emails from the RIPE NCC members-discuss > mailing list, please log in to your LIR Portal account and go to the general page: > https://lirportal.ripe.net/general/view > > Click on "Edit my LIR details", under "Subscribed Mailing Lists". From here, you can add or remove addresses. > > ---- > If you don't want to receive emails from the RIPE NCC members-discuss > mailing list, please log in to your LIR Portal account and go to the general page: > https://lirportal.ripe.net/general/view > > Click on "Edit my LIR details", under "Subscribed Mailing Lists". From here, you can add or remove addresses. > From nigel at titley.com Tue Nov 29 19:04:28 2011 From: nigel at titley.com (Nigel Titley) Date: Tue, 29 Nov 2011 18:04:28 +0000 Subject: [members-discuss] Executive Board Activity Since the RIPE NCC General Meeting Message-ID: <4ED51EAC.9020705@titley.com> Dear all, We would like to give you an update on the thoughts and decisions of the RIPE NCC Executive Board since the RIPE 63 Meeting and RIPE NCC General Meeting three weeks ago. On Friday, 18 November, the Executive Board met for a teleconference to review the events and discussions that took place during that very busy week. First of all, we were all very pleased by the opportunity to meet so many of our members; we appreciate the lively discussions and see them as a sign that the RIPE NCC membership is very much alive and kicking. Thank you all for your contributions, whether they took place here on the mailing list or at the microphones in Vienna. The main business we conducted during our Board meeting revolved around the Charging Scheme, Budget and Activity Plan for 2012, as you would probably expect. As the proposed Charging Scheme did not find sufficient support, we will use the 2011 Charging Scheme for 2012. Because the 2011 Charging Scheme does not explicitly say that legacy space resources will have no impact on membership fees, the Board has decided to formally waive fees for legacy space resources for the coming year. With a view towards a sustainable and member-supported Charging Scheme, the Board would like to call for a small task force of RIPE NCC members and RIPE NCC staff to work together with Executive Board members on models for such a new Charging Scheme. Axel will work with his staff on a draft charter for this task force. Further to comments made during the General Meeting, we asked Axel to ensure a better alignment between the Activity Plan and Budget structures. On the Budget, having examined our options in order to reduce the effects on the services we offer to members, we have made a reduction in costs of approximately 2%, mainly in the areas of Travel, RIPE meeting organisation and Training efficiency: especially as these were highlighted as suitable areas for economies by the membership. On the income for 2012, we are are now expecting a slight surplus because new members and holders of independent resources will remain a strong source of income. The membership also voted to have the RIPE NCC continue with development of Resource Certification (RPKI) including route object authorisations (ROAs). However the Board recognises that a number of concerns were raised about certification and will ensure that those concerns are taken into account as development goes ahead. You can find the minutes of the Executive Board teleconference at: https://www.ripe.net/lir-services/ncc/executive-board/minutes/draft-minutes-of-the-79th-executive-board-meeting If you have any further questions or comments, please do not hesitate to contact us at . Kind regards, Nigel Titley Chairman, Executive Board From fweimer at bfk.de Wed Nov 30 09:20:42 2011 From: fweimer at bfk.de (Florian Weimer) Date: Wed, 30 Nov 2011 08:20:42 +0000 Subject: [members-discuss] Executive Board Activity Since the RIPE NCC General Meeting In-Reply-To: <4ED51EAC.9020705@titley.com> (Nigel Titley's message of "Tue, 29 Nov 2011 18:04:28 +0000") References: <4ED51EAC.9020705@titley.com> Message-ID: <828vmynhr9.fsf@mid.bfk.de> * Nigel Titley: > As the proposed Charging Scheme did not find sufficient support, we will > use the 2011 Charging Scheme for 2012. Because the 2011 Charging Scheme > does not explicitly say that legacy space resources will have no impact > on membership fees, the Board has decided to formally waive fees for > legacy space resources for the coming year. Thanks for the update. Is it possible to determine from the RIPE database if a resource is a legacy space resource in the sense of this waiver? -- Florian Weimer BFK edv-consulting GmbH http://www.bfk.de/ Kriegsstra?e 100 tel: +49-721-96201-1 D-76133 Karlsruhe fax: +49-721-96201-99 From hank at efes.iucc.ac.il Wed Nov 30 10:20:47 2011 From: hank at efes.iucc.ac.il (Hank Nussbacher) Date: Wed, 30 Nov 2011 11:20:47 +0200 Subject: [members-discuss] Executive Board Activity Since the RIPE NCC General Meeting In-Reply-To: <828vmynhr9.fsf@mid.bfk.de> References: <4ED51EAC.9020705@titley.com> <4ED51EAC.9020705@titley.com> Message-ID: <5.1.0.14.2.20111130111857.03783a38@efes.iucc.ac.il> At 08:20 30/11/2011 +0000, Florian Weimer wrote: >* Nigel Titley: > > > As the proposed Charging Scheme did not find sufficient support, we will > > use the 2011 Charging Scheme for 2012. Because the 2011 Charging Scheme > > does not explicitly say that legacy space resources will have no impact > > on membership fees, the Board has decided to formally waive fees for > > legacy space resources for the coming year. > >Thanks for the update. > >Is it possible to determine from the RIPE database if a resource is a >legacy space resource in the sense of this waiver? I would have assumed anything with: status: EARLY-REGISTRATION but that is not always the case. -Hank >-- >Florian Weimer >BFK edv-consulting GmbH http://www.bfk.de/ >Kriegsstra?e 100 tel: +49-721-96201-1 >D-76133 Karlsruhe fax: +49-721-96201-99 > >---- >If you don't want to receive emails from the RIPE NCC members-discuss >mailing list, please log in to your LIR Portal account and go to the >general page: >https://lirportal.ripe.net/general/view > >Click on "Edit my LIR details", under "Subscribed Mailing Lists". From >here, you can add or remove addresses. From nigel at titley.com Wed Nov 30 17:13:43 2011 From: nigel at titley.com (Nigel Titley) Date: Wed, 30 Nov 2011 16:13:43 +0000 Subject: [members-discuss] IDAQ joins an exclusive club Message-ID: <4ED65637.4090906@titley.com> I see that IDAQ has joined PrivateLayer in the exclusive club of those members who have subscribed their ticket robots to the RIPE member-discuss list. Welcome to the IDAQ-ticket robot, and congratulations on achieving sentience. We will look forward to your contributions to the discussion list with interest. Nigel (waiting in Moscow airport for my flight back to strike-hit Heathrow)