[anti-abuse-wg] update on netsecdb project

On 6 Apr 2010, at 01:59, Claus Marxmeier wrote:

> -----BEGIN PGP SIGNED MESSAGE----- 
> Hash: SHA1 
>  
> When starting with www.netsecdb.de in 2008 i'd never expected the
> decrease of spams to round about 1% of former amount to remain a
> stable value. Stats from last weeks, monthes and year now give proof
> that the setup of a central communitation matrix based on worldwide
> IPv4-whois databases was a great help in fighting abusive mails and a
> lot more.
> 
> Inspite of common hosting environments the number of spams is
> generally lower that the amount of mails containing wanted messaging.
> The hourly auto-generated configuration files for MTAs like postfix,
> exim, qmail and MS Excchange 2007 and later used on external partner
> servers show same progresses.
> 
> In addition, files that contain the blocking lists for leading TOP25
> spammer-country are distributed for free.
> 
> Starting from scratch with a localized german based environment, we
> opened netranges from additional countries based on the incoming
> spamlevel. Nowadays, networks from DE, CH, AT, BE, NL, FR, GB, LU, LI,
> IE, IT, CZ, SE, GR, PT, NO, PL, IS, FI, ES, DK, SK, HU, RO, BG, LT,
> LV, EE, US, CA, IL and defined customer nets don't get blocked but get
> tickets instead. If a non-customers's netrange abuse-email is
> invalid/non-functional, range gets blocked.
> 
> Many providers integrated ticket-systems for abuse-handling and
> improved their quality management a lot. Only a few remained passive
> and surprisingly a handful of ISPs still seem to work with quota
> limited mailboxes to avoid a kind of work-overload.
> 
> Logfiles show an increasing number of HEADER connects to our
> smtp-ports just to check the current status of single IP or netrange
> returned by our servers.
> 
> Within the last monthes, netsol worked on rwhois integration into ARIN
> whois outputs which finetuned the process of generating abuse-tickets
> a lot.
> 
> Many RIPE members started updating their whois records and abuse-mail
> contacts. Sometimes this results in an very effective workflow with
> only a few seconds response time over far distance whereas local
> providers still cannot be reached cause of invalid or missing contact
> records.
> 
> Unfortunately the RIPE team stated by mail, that they have no
> job-order to take care of the integrity of it's database records i.e.
> finding ancient content with missing or invalid information gives
> random results.
> 
> There seems to be no need for a RIPE member to keep it's records
> up-2-date ?
> 
> Any additional information regardings spams, exploit attacks, hacking
> can be taken from www.netsecdb.de site's sections.
> 
> I wonder how long hosters are willing to pay the traffic, energy and
> CPU-time for something nobody needs to have.
> I wonder how long i takes for the DialUp- and Business Customers to
> learn, that security is a crucial part of internet activities and that
> their ISP's deliver very diffent qualities behind their mostly
> coloured flash-animated websites.
> 
> Looking forward to see the current unsolved problems beeing
> transported to public clouds in datacenter and poisoned high bandwith
> customer connections if everything remains 'same procedure as every
> year' ...
> 
> Kind regards,
> 
> Claus

Claus

You need to learn the meaning of the word "diplomacy"

Otherwise none of us will want to help you

Regards

Michele


Mr Michele Neylon
Blacknight Solutions
Hosting & Colocation, Brand Protection
ICANN Accredited Registrar
http://www.blacknight.com/
http://blog.blacknight.com/
http://mneylon.tel
Intl. +353 (0) 59  9183072
US: 213-233-1612 
UK: 0844 484 9361
Locall: 1850 929 929
Direct Dial: +353 (0)59 9183090
Twitter: http://twitter.com/mneylon
-------------------------------
Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty
Road,Graiguecullen,Carlow,Ireland  Company No.: 370845