This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/anti-abuse-wg@ripe.net/
[anti-abuse-wg] DRAFT: RIPE proposal - implementation of an abuse
- Previous message (by thread): [anti-abuse-wg] DRAFT: RIPE proposal - implementation of an abuse monitor system
- Next message (by thread): [anti-abuse-wg] DRAFT: RIPE proposal - implementation of an abuse
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
James Davis
james.davis at ja.net
Thu Apr 8 18:13:01 CEST 2010
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dipl-Inform. Frank Gadegast wrote: > You dont need to know the real one until you have one for every IP. As I mentioned, you might simply want to contact the abuse team regarding a more general issue. Quite often if I can't find a published abuse contact for foo.com so I'll dig www.foo.com and then lookup the returned address in the RIPE DB - I'm not at all interested in an address specific to that IP address though. > Metric ? Metric as in a standard of measurement. Sorry that probably wasn't very clear language on my part. > And that prooves what ? I have 17 million+ users, and a remit to provide very open network access to them. It's inevitable that somewhere on the network someone is sending large volumes of spam, what's important is how quickly and effecitvely we react to that incident. Someone from RIPE calling us, to offer us a training course we don't need, because last year we had a few hosts sending 100,000+ spam e-mails isn't a useful use of anyone's resources. This, and my comment about NAT, are just illustrations of how you need to be careful over deciding what you consider to be a large volume of reports. > Well at least you will hear about incidents with the new system > and thats more thats currently happening. We already hear about incidents. Almost all the address space used on our network has an irt object published and reports reach us at the correct address. I'm not convinced that any abuse team who really wants to make themselves contactable has problems doing so (whether they are aware of the irt object or not is another matter). The difficulty is in convincing network owners that they need abuse teams that take the issue seriously :) > Yes, thats why I stated that. > A solution could be, that the RIPE system will return a link > to the report sender, that has to be clicked, before the report > will be forwarded to the member. > > Will that help ? Sorry I missed that in my original reading. > A member abuse address could be resetted automatically to the members > main email adress (but is very likely to be read by the member). > The member would not want that many emails arrive at that main address > and fix the abuse address asap. > > This process could be automated at RIPE system. I don't know anything about RIPE's existing processes for making sure that member information is correct but I suspect that it still requires human effort as a last resort. > Another idea to stop spam coming in, could be to open > the whole system only to RIPE members first ! > > The ISP could work together and all others stay out. > > Will that be a solution ? No, I suspect most of our reports come from non RIPE members. The link confirmation would be enough, although you'd need some way to deal with automated reports. >> No, it'll just ensure that the reports end up being delivered to an > > Thats far more, that we have now ... Shuffling bits from one mailbox to another doesn't constitute actual progress. You need to give a reason for the recipient to care enough about the reports to do something - and if they have that reason they'll take care of making themselves contactable for you :) James - -- James Davis +44 1235 822 229 PGP: 0xD1622876 JANET CSIRT 0870 850 2340 (+44 1235 822 340) Lumen House, Library Avenue, Didcot, Oxfordshire, OX11 0SG -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iD8DBQFLvgCNhZi14NFiKHYRAnvWAJ9z0cWJq/rXaNZgyEPcG3MhdEODhgCfb2OZ MMz5kWuRdgtPKF3vuY9L2OI= =DfbR -----END PGP SIGNATURE----- JANET(UK) is a trading name of The JNT Association, a company limited by guarantee which is registered in England under No. 2881024 and whose Registered Office is at Lumen House, Library Avenue, Harwell Science and Innovation Campus, Didcot, Oxfordshire. OX11 0SG
- Previous message (by thread): [anti-abuse-wg] DRAFT: RIPE proposal - implementation of an abuse monitor system
- Next message (by thread): [anti-abuse-wg] DRAFT: RIPE proposal - implementation of an abuse
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]