[anti-abuse-wg] update on netsecdb project

Claus Marxmeier wrote:

Hello,

> When starting with www.netsecdb.de in 2008 i'd never expected the

You defny need to update your pages to explain what the netsecdb.de
is for in the first place, looks like our own project under
http://www.dnsbl.de, but I cannot find any explanation on your
pages.

Anyway ...

> Many RIPE members started updating their whois records and abuse-mail
> contacts. Sometimes this results in an very effective workflow with
> only a few seconds response time over far distance whereas local
> providers still cannot be reached cause of invalid or missing contact
> records.
> 
> Unfortunately the RIPE team stated by mail, that they have no
> job-order to take care of the integrity of it's database records i.e.
> finding ancient content with missing or invalid information gives
> random results.
> 
> There seems to be no need for a RIPE member to keep it's records
> up-2-date ?

Here I really have to agree.
I always voted, that the currently optional "abuse"-field in the whois
records HAVE to be filled by the providers AND checked by RIPE.

Providers are responsible for whats leaving their networks, but it looks
like that the community has absolutely no interest to give the RIPE
NCC the order to check those addresses on a regular base.

I even mentioned that the RIPE community should develop mechanisms to
punish members that do not react to abuse reports delivered to their
abuse addresses, and thats defny work for this group to define these
mechanisms.

One simply mechanism could look like this:
- RIPE defines an emailadress scheme for every IP address like
   ip1.ip2.ip3.ip4 at abuse.ripe.net
- this scheme is mentioned in every whois output
- so, there will be no need for blacklist, other providers or
   even privat persons to do a whois lookup anymore

- any report should be delivered to these addresses and RIPE NCC
   forwards incoming reports to the abuse address of the members
   (these could be even non-public)
- any provider has to react in a whatever time by replying
   to the mail including a tracking number generated by RIPE NCC,
   to the complainant and the RIPE system, mark the reports as
   spam, false report, beeing worked one, customer blocked aso ...

- provider without a valid abuse contact get warned, and in the worst
   case, will loose their IP allocation complained about
- provider that have a valid address, but do not react will loose
   their IP allocation, if the spam level raised a defined limit
   according to the size of the providers allocation
- RIPE NCC will calculate a value for every provider depending
   on the amount of IP addresses and incoming spam reports for
   a couple of months. RIPE then urges the provider to reduce
   this value on a monthly base. The provider will also
   loose his alloctions, if the value is not reduced or
   even rising. Surely a little value of spam reports is allowed
   for every provider depending on the size of his allocation.

Surely their will be lots of details to check, but only
this will force any member to actually DO something against
spam leaving their networks, to block dialin customers with
spambotted PCs, open relays of hacked servers.


Kind regards, Frank

> I wonder how long hosters are willing to pay the traffic, energy and
> CPU-time for something nobody needs to have.
> I wonder how long i takes for the DialUp- and Business Customers to
> learn, that security is a crucial part of internet activities and that
> their ISP's deliver very diffent qualities behind their mostly
> coloured flash-animated websites.
> 
> Looking forward to see the current unsolved problems beeing
> transported to public clouds in datacenter and poisoned high bandwith
> customer connections if everything remains 'same procedure as every
> year' ...
> 
> Kind regards,
> 
> 
> Claus Marxmeier
> 
> 
> - ---
> Claus Marxmeier EDV-Service
> Johann-Kierspel-Straße 5
> 51491 Overath  
> Germany
> 

--
PHADE Software - PowerWeb                       http://www.powerweb.de
Inh. Dipl.-Inform. Frank Gadegast             mailto:frank at powerweb.de
Schinkelstrasse 17                                fon: +49 33200 52920
14558 Nuthetal OT Rehbruecke, Germany             fax: +49 33200 52921
======================================================================
Public PGP Key available for frank at powerweb.de