This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/anti-abuse-wg@ripe.net/
[anti-abuse-wg] update on netsecdb project
- Next message (by thread): [anti-abuse-wg] update on netsecdb project
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Claus Marxmeier
claus at marxmeier.de
Tue Apr 6 02:59:38 CEST 2010
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 When starting with www.netsecdb.de in 2008 i'd never expected the decrease of spams to round about 1% of former amount to remain a stable value. Stats from last weeks, monthes and year now give proof that the setup of a central communitation matrix based on worldwide IPv4-whois databases was a great help in fighting abusive mails and a lot more. Inspite of common hosting environments the number of spams is generally lower that the amount of mails containing wanted messaging. The hourly auto-generated configuration files for MTAs like postfix, exim, qmail and MS Excchange 2007 and later used on external partner servers show same progresses. In addition, files that contain the blocking lists for leading TOP25 spammer-country are distributed for free. Starting from scratch with a localized german based environment, we opened netranges from additional countries based on the incoming spamlevel. Nowadays, networks from DE, CH, AT, BE, NL, FR, GB, LU, LI, IE, IT, CZ, SE, GR, PT, NO, PL, IS, FI, ES, DK, SK, HU, RO, BG, LT, LV, EE, US, CA, IL and defined customer nets don't get blocked but get tickets instead. If a non-customers's netrange abuse-email is invalid/non-functional, range gets blocked. Many providers integrated ticket-systems for abuse-handling and improved their quality management a lot. Only a few remained passive and surprisingly a handful of ISPs still seem to work with quota limited mailboxes to avoid a kind of work-overload. Logfiles show an increasing number of HEADER connects to our smtp-ports just to check the current status of single IP or netrange returned by our servers. Within the last monthes, netsol worked on rwhois integration into ARIN whois outputs which finetuned the process of generating abuse-tickets a lot. Many RIPE members started updating their whois records and abuse-mail contacts. Sometimes this results in an very effective workflow with only a few seconds response time over far distance whereas local providers still cannot be reached cause of invalid or missing contact records. Unfortunately the RIPE team stated by mail, that they have no job-order to take care of the integrity of it's database records i.e. finding ancient content with missing or invalid information gives random results. There seems to be no need for a RIPE member to keep it's records up-2-date ? Any additional information regardings spams, exploit attacks, hacking can be taken from www.netsecdb.de site's sections. I wonder how long hosters are willing to pay the traffic, energy and CPU-time for something nobody needs to have. I wonder how long i takes for the DialUp- and Business Customers to learn, that security is a crucial part of internet activities and that their ISP's deliver very diffent qualities behind their mostly coloured flash-animated websites. Looking forward to see the current unsolved problems beeing transported to public clouds in datacenter and poisoned high bandwith customer connections if everything remains 'same procedure as every year' ... Kind regards, Claus - -- Claus Marxmeier - --- Claus Marxmeier EDV-Service Johann-Kierspel-Straße 5 51491 Overath Germany -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAku6h3oACgkQUIsBFYVeBxC82gCfReNpv+rLKbb2n9vRxwoizCv+ 0UAAn18QA/Y6irneBZyvcty9NGiKDHgq =MuBy -----END PGP SIGNATURE----- -------------- next part -------------- An HTML attachment was scrubbed... URL: </ripe/mail/archives/anti-abuse-wg/attachments/20100406/fd2dd2ed/attachment.html> -------------- next part -------------- A non-text attachment was scrubbed... Name: claus.vcf Type: text/x-vcard Size: 278 bytes Desc: not available URL: </ripe/mail/archives/anti-abuse-wg/attachments/20100406/fd2dd2ed/attachment.vcf>
- Next message (by thread): [anti-abuse-wg] update on netsecdb project
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]