This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/anti-abuse-wg@ripe.net/
[anti-abuse-wg] DRAFT: RIPE proposal - implementation of an abuse
- Previous message (by thread): [anti-abuse-wg] DRAFT: RIPE proposal - implementation of an abuse
- Next message (by thread): [anti-abuse-wg] DRAFT: RIPE proposal - implementation of an abuse
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Michele Neylon :: Blacknight
michele at blacknight.ie
Fri Apr 9 10:38:36 CEST 2010
On 8 Apr 2010, at 19:27, Frank Gadegast , Dipl-Inform. Frank Gadegast wrote: >> >>> You dont need to know the real one until you have one for every IP. >> >> As I mentioned, you might simply want to contact the abuse team >> regarding a more general issue. Quite often if I can't find a published >> abuse contact for foo.com so I'll dig www.foo.com and then lookup the >> returned address in the RIPE DB - I'm not at all interested in an >> address specific to that IP address though. > > well, you can still look it up. > > But see it this way: > - most provider use anti spam tools like SpamAssassin to protect there > customer > - SA surely lists the IP that was connecting and causing the spam > - you can then automatically forward the spam plus a initial text, > describing that you do not want this to the general "IP like" address > - and the monitoring system will then forward it to the > right RIPE member (and to EVERY member) So if a machine on a network were compromised / abused and a large amount of spam was sent out, how many of these emails would you see being relayed via RIPE to the abuse contact?? > > > You can then look up the report (or even automate it), reset > his radius password and kick him out, waiting for him > to phone your support :o) Not everyone has the same business model > > Or you could redirect him to a webpage describing that there > are too many reports coming in for his IP in a whatever time. > Its all up you. > > My dream system looks like this: > - abuse reports will get standarized that would be helpful > - monitoring systems will be developed at all RIRs Monitoring for what exactly??? > - spam detection will be automated at the providers side > and send standarized reports to the RIRs monitoring system > > - and the RIRs member automates and scans the incoming reports > like he wants (maybe by devining minimum values and limits) > and automates the blockage and information of his users > > Sounds great ? > > Well, thats actually what we are doing already with our own users. > If we detect incoming spam with high scores a couple of times > in a short time we kick the users offline automatically and redirect > him next time he loggs in to a information page, where he finds > our support numbers :o) > > Wroks simply great, and I would love to get closer to such a system > together with ALL ISP And again you are working under the false assumption that ALL RIPE members offer the same services as you do and in the same way. > > "Bad providers" could be even published by RIPE :o) Are you insane? RIPE cannot open itself up for that kind of liability >> > > Well, thats only work at RIPE NCC, its not that complicated to > automated bounces ... So you say .. You cannot speak for all providers / RIPE members. You are also suggesting putting a very heavy load on RIPE's systems which someone will have to pay for. Who? > > >> confirmation would be enough, although you'd need some way to deal with >> automated reports. > > Well, the monitoring system could send always the same backlink > for the same IP, so that the ISP could still count the amount > of incoming reports for one IP automatically and then > "answers" it as being closed with just clicking ONE link. > > Good idea ? So you expect RIPE members to completely rework their abuse desks to fit into your view of the world? I can't see that happening, because not all RIPE members are the same or work in the same way. Mr Michele Neylon Blacknight Solutions Hosting & Colocation, Brand Protection ICANN Accredited Registrar http://www.blacknight.com/ http://blog.blacknight.com/ http://mneylon.tel Intl. +353 (0) 59 9183072 US: 213-233-1612 UK: 0844 484 9361 Locall: 1850 929 929 Twitter: http://twitter.com/mneylon ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,Ireland Company No.: 370845
- Previous message (by thread): [anti-abuse-wg] DRAFT: RIPE proposal - implementation of an abuse
- Next message (by thread): [anti-abuse-wg] DRAFT: RIPE proposal - implementation of an abuse
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]