This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/anti-abuse-wg@ripe.net/
[anti-abuse-wg] update on netsecdb project
- Previous message (by thread): [anti-abuse-wg] update on netsecdb project
- Next message (by thread): [anti-abuse-wg] update on netsecdb project
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Frank Gadegast
frank at powerweb.de
Tue Apr 6 10:14:19 CEST 2010
Claus Marxmeier wrote: Hello, > When starting with www.netsecdb.de in 2008 i'd never expected the You defny need to update your pages to explain what the netsecdb.de is for in the first place, looks like our own project under http://www.dnsbl.de, but I cannot find any explanation on your pages. Anyway ... > Many RIPE members started updating their whois records and abuse-mail > contacts. Sometimes this results in an very effective workflow with > only a few seconds response time over far distance whereas local > providers still cannot be reached cause of invalid or missing contact > records. > > Unfortunately the RIPE team stated by mail, that they have no > job-order to take care of the integrity of it's database records i.e. > finding ancient content with missing or invalid information gives > random results. > > There seems to be no need for a RIPE member to keep it's records > up-2-date ? Here I really have to agree. I always voted, that the currently optional "abuse"-field in the whois records HAVE to be filled by the providers AND checked by RIPE. Providers are responsible for whats leaving their networks, but it looks like that the community has absolutely no interest to give the RIPE NCC the order to check those addresses on a regular base. I even mentioned that the RIPE community should develop mechanisms to punish members that do not react to abuse reports delivered to their abuse addresses, and thats defny work for this group to define these mechanisms. One simply mechanism could look like this: - RIPE defines an emailadress scheme for every IP address like ip1.ip2.ip3.ip4 at abuse.ripe.net - this scheme is mentioned in every whois output - so, there will be no need for blacklist, other providers or even privat persons to do a whois lookup anymore - any report should be delivered to these addresses and RIPE NCC forwards incoming reports to the abuse address of the members (these could be even non-public) - any provider has to react in a whatever time by replying to the mail including a tracking number generated by RIPE NCC, to the complainant and the RIPE system, mark the reports as spam, false report, beeing worked one, customer blocked aso ... - provider without a valid abuse contact get warned, and in the worst case, will loose their IP allocation complained about - provider that have a valid address, but do not react will loose their IP allocation, if the spam level raised a defined limit according to the size of the providers allocation - RIPE NCC will calculate a value for every provider depending on the amount of IP addresses and incoming spam reports for a couple of months. RIPE then urges the provider to reduce this value on a monthly base. The provider will also loose his alloctions, if the value is not reduced or even rising. Surely a little value of spam reports is allowed for every provider depending on the size of his allocation. Surely their will be lots of details to check, but only this will force any member to actually DO something against spam leaving their networks, to block dialin customers with spambotted PCs, open relays of hacked servers. Kind regards, Frank > I wonder how long hosters are willing to pay the traffic, energy and > CPU-time for something nobody needs to have. > I wonder how long i takes for the DialUp- and Business Customers to > learn, that security is a crucial part of internet activities and that > their ISP's deliver very diffent qualities behind their mostly > coloured flash-animated websites. > > Looking forward to see the current unsolved problems beeing > transported to public clouds in datacenter and poisoned high bandwith > customer connections if everything remains 'same procedure as every > year' ... > > Kind regards, > > > Claus Marxmeier > > > - --- > Claus Marxmeier EDV-Service > Johann-Kierspel-Straße 5 > 51491 Overath > Germany > -- PHADE Software - PowerWeb http://www.powerweb.de Inh. Dipl.-Inform. Frank Gadegast mailto:frank at powerweb.de Schinkelstrasse 17 fon: +49 33200 52920 14558 Nuthetal OT Rehbruecke, Germany fax: +49 33200 52921 ====================================================================== Public PGP Key available for frank at powerweb.de
- Previous message (by thread): [anti-abuse-wg] update on netsecdb project
- Next message (by thread): [anti-abuse-wg] update on netsecdb project
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]