[anti-abuse-wg] DRAFT: RIPE proposal - implementation of an

On 9 Apr 2010, at 15:19, Frank Gadegast , Dipl-Inform. Frank Gadegast wrote:

>>
>> Frank
>
> "Hello",
>
>> Either you are doing this intentionally or accidentally, but you keep emailing me offlist
>
> Intentionally, because this discussion has not much valuable feedback
> to the draft, its like a discussion of personal opinions ...

That is your opinion and I disagree

If you're going to insist on emailing me offlist change the subject line


>
>>> Yes I do. And my experience is even, that things get more easy,
>>> when they get bigger.
>>> But its not my reputation that we should talk about.
>>
>> You are trying to impose your views on everyone else, so it is therefore important to understand from what stance you are speaking
>
> Obvious, everybody can only speak for things he believes in, he knows
> about or he cares about.
>
> I care about reducing the spam load bothering me and my customers
> and hackers misusing unattended servers to attack us and my customers.

Ok, but you need to understand that not all companies will care as much about this as you do. You need to understand that not caring as much as you does not mean that they do not care


>
>>> If you have another perspective or other needs, simply name them.
>>> In details.
>>
>> Read my last few emails
>
> No details yet, nothing with any kind of substance neither an example.
> You will have to make things clear, if you want that others are
> understanding your point of view.

There was plenty of substance. That you failed to either understand it or chose to ignore it is another matter entirely


>
>>> Sure I can.
>>
>>
>> Ok, let me put it to you in very clear terms
>
> Woah, Im already looking forward to this ...
>
>> If you ever get spam or other junk from our network and you state anywhere in public that we "caused it" I will sue you and I'm sure there are others who would too.
>
> Thats a point.
>
> And its difficult.
> In Germany there is a term called "Mittaeter", lets try to explains this.
>
> If you have knowledge about a crime and you can easily do something against
> it, you will be sued too, if you do nothing.
> In fact, if you are doing nothing, you are partly a "cause" of the crime.
>
> So calling you a cause of a crime would not be sued in Germany

I'm not in Germany.


> , if
> you could have prevented it.
> Your reputation will be ruined already ...

There you go again. ..

You're not actually listening

>
> An example:
> there is a old granny trying to walk over red lights and you are standing
> near to her, you are not saying anything, you dont wave your
> hands to warn the coming car driver and you dont run to the granny
> to hold her back, you are not even trying to do anything and
> ignore the situation against better knowledge.
>
> The granny is going over red lights, gets run over by the car and dies.
> Somebody else is watching this from the far and the police gets you.
> You will end up in prison for that in Germany.
>
> And there will be no harm to the one more far away if he calls you
> one (one or a !) cause of grannys dead  ...
>
> That how different things are in different countries.
>
> So if I would call you "a" cause of the problem, if you leave
> your servers like the are and you know that they are hacked and misused,
> there will be nothing happening to me Germany.


But we're not in Germany.

And spam is an international problem AND RIPE is not dealing with Germany ONLY



>
>> You need to learn that you cannot use certain terms without there being repurcussions. If you state that AS39122 / Blacknight "caused" spam then that, as far as I am concerned, is both:
>>
>> - false
>> - damaging to us
>>
>> and enough of a reason for us to sue you.
>>
>> Clear enough?
>
> Yes, but not true in Germany.

Maybe you need to talk to the German RIPE members only then?


>
> I could call you that even, if you have enough knowledge and manpower to prevent
> spam and hacks coming from your networks even without being informed
> through third parties and still are doing nothing (where I personally
> think, the knwoledge should be part of it).
>
> Lets say, one of your servers is hacked and the hacking of one of
> our servers started from your IP.
> I could sue against "unknown" AND you as being a "Mittaeter", because
> you could have monitored your server better (as a big and experiences
> ISP you should have the possibility to monitor your traffic and servers
> easily).
>
> Surely only if your company is located in Germany.
>
>
> Thats why I can call everybody that could do something against
> spam and hacks easily "a" cause of the problem, if he doesnt
> do anything after he gets informed.
> And thats why it is that important to have the possibility to inform
> every RIPE member from a German view.
> If they have knowledge, it is even more easy to sue them, if they
> didnt do anything.
>
> And thats why all bigger German ISPs have a working abuse department.
> They would be sued to often, if they would totally ignore the reality.
> Sure there is spam also coming from German networks, but its dropping
> and more and more ISPs implement usefull ssystem to prevent abuse.
> And according to the amount of Germans activley using the Internet
> and the amount of servers hosted in Germany, I personally think,
> that the rate isnt that bad.
>
> The only problem here is still, that you have to sue them
> for every single incident and not in a more general way,
> and that you have to proove how much you lost, because
> of the incident, but the later is possible in most cases.
>
>
> Kind regards, Frank
> --
> PHADE Software - PowerWeb                       http://www.powerweb.de
> Inh. Dipl.-Inform. Frank Gadegast             mailto:frank at powerweb.de
> Schinkelstrasse 17                                fon: +49 33200 52920
> 14558 Nuthetal OT Rehbruecke, Germany             fax: +49 33200 52921
> ======================================================================
> Public PGP Key available for frank at powerweb.de
>
>>
>>
>>>
>>> There is a lot of members that actively host spammers.
>>
>> Define "a lot"
>>
>> Define "spammers"
>>
>>> That make money on it.
>>> That make money with things that are illegal in other countries.
>>
>> That's an inane comment.
>>
>> Lots of things are illegal in lots of countries.
>>
>> You cannot honestly expect an Irish ISP to impose a German law on its Irish customers, can you?
>>
>>
>>> That dont care about hacked servers or hacked dialin customers.
>>>
>>>>>> The only people who seem to benefit from lots of data are vendors trying to sell "solutions"
>>>>>
>>>>> Why that ?
>>>>> RIPE will not have to buy any "solution".
>>>>> RIPE NCC has a own programmers team.
>>>>> They will have to buy servers and bandwidth, thats it.
>>>>
>>>> Please actually read what I wrote
>>>
>>> Well, your comment was out of scope
>>
>> Why?
>>
>> Just because you are having difficulties understanding my reasoning does not render my comment "out of scope" and in any case, who are you to decide what is "in scope" and what isn't?
>>
>>
>>
>>> , so you mean, that a system like
>>> I described will cut the revenue of vendors selling antispam or
>>> antivirus solutions ?
>>>
>>> Well, who cares ?
>>> Internet is free.
>>
>> No it isn't
>>
>>
>>> And business is, when you can sell something.
>>>
>>> If there is no oil anymore tomorrow, well sell electric cars ...
>>>
>>>>>> Not all RIPE members offer connectivity in the same way nor do they have the same types of services.
>>>>>
>>>>> Do you mean Universities or others with free access ?
>>>>
>>>> Have a look at the full list of RIPE members and have a look at what each and every one of them is doing.
>>>
>>> Come on, I you that wise, please let me participate at your knowledge ...
>>
>> You are the one proposing a well meaning, but very badly thought out concept.
>> You have not taken into consideration a lot of factors that you probably should.
>>
>>
>>
>>>
>>>>> Where a needed abuse team would cause additional costs ?
>>>>>
>>>>> Come on, if any non-provit organisation is not taking into account what they
>>>>> cause by ignoring the risks they cause, there is something wrong in the calulation
>>>>> anyway.
>>>>
>>>> I never said anything about non-profits
>>>
>>> Yes, buts the only organisation form I can think of, that will have a problem
>>> in developing an abuse team.
>>
>>
>> Then maybe you need to broaden your mind.
>>
>> As I already suggested, have a closer look at the RIPE member list
>>
>>
>>>
>>>>>> You assume that my comment about business models infers that people would ignore an issue. This is not in the least bit helpful
>>>>>
>>>>> Well, a lot are ignoring it, and even worse, a lot make profit with it
>>>>
>>>> Again - accusing RIPE members of profiting from something that you consider to be criminal is NOT helpful
>>>
>>> Why not ?
>>> Naming things is always helpfull.
>>
>> Being sued isn't ..
>>
>>>
>>> Do you think that RIPE is a cleaner region than others ?
>>> Look at the worsed spammer at spamhaus, where are they located ?
>>> USA, Russia, Korea ... oops, Russia is the RIPE region.
>>>
>>>
>>> Kind regards, Frank
>>>
>>>>
>>>> Please tone it down
>>>>
>>>>
>>>>
>>>>> (if its only, that they charged the traffic and are happy about every
>>>>> spam that comes out of a spambotted PC).
>>>>>
>>>>>> What you need to understand is that not every single RIPE member is going to be doing the same thing and may not be aware of or need to be aware of certain things.
>>>>>
>>>>> Thats the basic problem, like I wrote an hour ago.
>>>>>
>>>>> Is the community willing to accept the fact, that there are members causing
>>>>> a lot of problems, that they harm others, that they create costs for others
>>>>> and even act against laws in other countries, just because they are
>>>>> not willing to take responsibility for the services they get from RIPE ?
>>>>>
>>>>> And is RIPE willing to do nothing against those members ?
>>>>>
>>>>>> Lack of awareness does not equate with anything more than lack of awareness, however you seem to think that a bit of ignorance equates with culpability.
>>>>>
>>>>> Missing awareness could be changed with education ...
>>>>
>>>>
>>>> Yes, but your concept of education would not be conducive to anyone actually wanting to learn ..
>>>>
>>>>>
>>>>>
>>>>>
>>>>> Kind regards, Frank
>>>>> --
>>>>> PHADE Software - PowerWeb                       http://www.powerweb.de
>>>>> Inh. Dipl.-Inform. Frank Gadegast             mailto:frank at powerweb.de
>>>>> Schinkelstrasse 17                                fon: +49 33200 52920
>>>>> 14558 Nuthetal OT Rehbruecke, Germany             fax: +49 33200 52921
>>>>> ======================================================================
>>>>> Public PGP Key available for frank at powerweb.de
>>>>>>
>>>>>>
>>>>>>>
>>>>>>> An example please.
>>>>>>>
>>>>>>>>>>> "Bad providers" could be even published by RIPE :o)
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> Are you insane? RIPE cannot open itself up for that kind of liability
>>>>>>>>>
>>>>>>>>> Why not, blacklists are doing the same, whats the difference ?
>>>>>>>>
>>>>>>>> Ask a lawyer.
>>>>>>>
>>>>>>> More details please.
>>>>>>
>>>>>> Seriously - if you cannot understand why RIPE (or anyone else) publishing a list of companies that are described as "bad" does not open it up to liability then you really need to talk to your legal team (if you have one)
>>>>>>
>>>>>> Spamhaus et al get hit with legal threats on a regular basis.
>>>>>>
>>>>>> As a sponsor of Spamhaus we've had people try to get us involved in the past ..
>>>>>>
>>>>>>>
>>>>>>>>>>> Well, thats only work at RIPE NCC, its not that complicated to
>>>>>>>>>>> automated bounces ...
>>>>>>>>>>
>>>>>>>>>> So you say ..
>>>>>>>>>
>>>>>>>>> Yes, its quite easy.
>>>>>>>>
>>>>>>>> No it isn't.
>>>>>>>
>>>>>>> It is, we developed our own blacklist, and that wasnt that much work.
>>>>>>
>>>>>> You obviously have a lot of technical staff. Not every RIPE member does nor needs to.
>>>>>>
>>>>>> You need to understand that just because something is "easy" for you due to your particular setup does not mean that it is going to be as "easy" for everyone else
>>>>>>
>>>>>>
>>>>>>> A powerfull organisation with competent workers like RIPE would create
>>>>>>> that in really short time.
>>>>>>>
>>>>>>> Please give me arguments, why its soo complicated.
>>>>>>>
>>>>>>> Mailtools are wellknown, open source and available for nearly everything
>>>>>>> you might want to do with mail.
>>>>>>> It is easy, I was even already thinking about to use our own
>>>>>>> blacklist as testbed, we not all available abuse contacts anyway
>>>>>>> and to setup a general formatted email address is two lines
>>>>>>> in the mailserver config and to pump that in a script that
>>>>>>> forwards the mail after looking up the correct address is a
>>>>>>> ten-liner in perl.
>>>>>>>
>>>>>>> Im still thinking about this testbed, the only problem is:
>>>>>>> - our abuse addresses we have might not be as reliable
>>>>>>> than RIPE will have them and it would be really bad to accuse
>>>>>>> the wrong person or even expose details to the wrong
>>>>>>> person
>>>>>>>
>>>>>>> If I would get complete access to all personal objects at RIPE in
>>>>>>> a live process, a would think about the testbed again ...
>>>>>>>
>>>>>>> I could even sign whatever non-disclosure to ensure, that we
>>>>>>> are not doing anything wrong with this data.
>>>>>>>
>>>>>>>> Either:
>>>>>>>>
>>>>>>>> - learn how to discuss this with other RIPE members
>>>>>>>> or
>>>>>>>>
>>>>>>>> keep on with your stupid attitude and see how far it gets you
>>>>>>>
>>>>>>> Hm, Im not starting with words like "stupid", so please do not
>>>>>>> reglement my tone and cool down first.
>>>>>>
>>>>>>
>>>>>>>
>>>>>>> You seem to fight heavily against any idea arriving here.
>>>>>>> What are you so frightened about ?
>>>>>>
>>>>>> If you present what could be potentially be a positive thing in this manner it will not be accepted by people for a multitude of reasons, not least your tunneled view of the world.
>>>>>>
>>>>>>
>>>>>>
>>>>>>>
>>>>>>>>>> You cannot speak for all providers / RIPE members.
>>>>>>>>>
>>>>>>>>> Thats one of the reasons for a centralized system located at RIPE.
>>>>>>>>> The system only needs to be implemented once, there will be nearly
>>>>>>>>> no costs on the members side (except that they have
>>>>>>>>> to deal with report, but they can still ignore them and except
>>>>>>>>> the costs that might be added to RIPEs fees, but that should not be that
>>>>>>>>> much.
>>>>>>>>
>>>>>>>> You do not know that.
>>>>>>>>
>>>>>>>> You have no way of knowing how much of a load would be placed on RIPE's systems
>>>>>>>
>>>>>>> Sure, but RIPE is using millions of EUR yearly to get everything going.
>>>>>>> You are an ISP yourself, make a guess, how much that costs
>>>>>>> if you do not have to make provit.
>>>>>>>
>>>>>>> I quick guess:
>>>>>>> - a redundant mailserver environment capable of what ? deliver 50 mio mails a day ?
>>>>>>> - a would say 100GB traffic/day and 25 highend server
>>>>>>> - thats about 3000 EUR traffic-costs a month
>>>>>>> - and about 50 thousand one time invest for the servers
>>>>>>>
>>>>>>> - plus the development, I would implement something like this with
>>>>>>> one month work, ok 5.000
>>>>>>> - plus hirering one person to take care about hardware and special cases, that
>>>>>>> 3.000/month
>>>>>>
>>>>>> OK, but centralising anything like this has a lot of negative consequences that other list members have outlined.
>>>>>>
>>>>>>>
>>>>>>> All together, lets say 6.000 per month plus the invest.
>>>>>>> And now devide this to all members with the usual scale
>>>>>>> (small pay less than big members), how much would that add
>>>>>>> to the normal yearly membership costs ?
>>>>>>> Could somebody could quickly compare that to the last yearly costs at RIPE ?
>>>>>>>
>>>>>>> You can save that if you only cut 30 peoples journeys to nice holiday locations
>>>>>>> for "meetings" that could be done via modern comunication techniques anyway
>>>>>>> per year.
>>>>>>
>>>>>> Face to face meetings work better for a LOT of people.
>>>>>>
>>>>>>
>>>>>>
>>>>>>>
>>>>>>>>>>> Well, the monitoring system could send always the same backlink
>>>>>>>>>>> for the same IP, so that the ISP could still count the amount
>>>>>>>>>>> of incoming reports for one IP automatically and then
>>>>>>>>>>> "answers" it as being closed with just clicking ONE link.
>>>>>>>>>>>
>>>>>>>>>>> Good idea ?
>>>>>>>>>>
>>>>>>>>>> So you expect RIPE members to completely rework their abuse desks to fit into your view of the world?
>>>>>>>>>
>>>>>>>>> Not MY VIEW, a standarized view.
>>>>>>>>
>>>>>>>> You're not a very good listener, are you?
>>>>>>>
>>>>>>> Might be because Im not english-speaking ... (like I noted when I was sending the draft).
>>>>>>>
>>>>>>> But, like I outlined above, a rework is not really neccessary.
>>>>>>> Currently members are receiving lots of different formatted reports
>>>>>>> to their abuse desk (if they have one) and have to read them all manually.
>>>>>>> It isnt that bad, if you will get reports, that are more standarized.
>>>>>>>
>>>>>>>>> Thats the goal.
>>>>>>>>>
>>>>>>>>> Lets see it this way: providers have to change their infrastructure
>>>>>>>>> regulary for a couple or reasons and always have done.
>>>>>>>>> Serverhousing changed pretty much during the last years.
>>>>>>>>> There was the change from ISDN to DSL dialin, there are new
>>>>>>>>> technologies for HTML, Flash and Mail every day.
>>>>>>>>>
>>>>>>>>> And do not forget IPv6, EVERY member has to change that in the new future.
>>>>>>>>>
>>>>>>>>>> I can't see that happening, because not all RIPE members are the same or work in the same way.
>>>>>>>>>
>>>>>>>>> Well they work on the same basics, what are allocations and other resources.
>>>>>>>>> Resources cause traffic, and every members uses resources like nameservices,
>>>>>>>>> webpages and email. And spam problem comes into play with the later.
>>>>>>>>>
>>>>>>>>> The difference isnt that big.
>>>>>>>>> Business models have nothing to do with how to deal with resources the got from RIPE.
>>>>>>>>
>>>>>>>> Yes it does
>>>>>>>>
>>>>>>>> If you think that you can live in a world where business models have zero impact on reality then you are deluded
>>>>>>>
>>>>>>> Example, please give an example ....
>>>>>>
>>>>>> I don't need to
>>>>>>
>>>>>> It's a simple fact.
>>>>>>
>>>>>> The fact that I've raised it (more than once) is enough (we are a RIPE member among other things .. )
>>>>>>
>>>>>>
>>>>>>
>>>>>> Mr Michele Neylon
>>>>>> Blacknight Solutions
>>>>>> Hosting & Colocation, Brand Protection
>>>>>> ICANN Accredited Registrar
>>>>>> http://www.blacknight.com/
>>>>>> http://blog.blacknight.com/
>>>>>> http://mneylon.tel
>>>>>> Intl. +353 (0) 59  9183072
>>>>>> US: 213-233-1612
>>>>>> UK: 0844 484 9361
>>>>>> Locall: 1850 929 929
>>>>>> Direct Dial: +353 (0)59 9183090
>>>>>> Twitter: http://twitter.com/mneylon
>>>>>> -------------------------------
>>>>>> Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty
>>>>>> Road,Graiguecullen,Carlow,Ireland  Company No.: 370845
>>>>>>
>>>>>>
>>>>>
>>>>
>>>> Mr Michele Neylon
>>>> Blacknight Solutions
>>>> Hosting & Colocation, Brand Protection
>>>> ICANN Accredited Registrar
>>>> http://www.blacknight.com/
>>>> http://blog.blacknight.com/
>>>> http://mneylon.tel
>>>> Intl. +353 (0) 59  9183072
>>>> US: 213-233-1612
>>>> UK: 0844 484 9361
>>>> Locall: 1850 929 929
>>>> Direct Dial: +353 (0)59 9183090
>>>> Twitter: http://twitter.com/mneylon
>>>> -------------------------------
>>>> Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty
>>>> Road,Graiguecullen,Carlow,Ireland  Company No.: 370845
>>>>
>>>>
>>>
>>
>> Mr Michele Neylon
>> Blacknight Solutions
>> Hosting & Colocation, Brand Protection
>> ICANN Accredited Registrar
>> http://www.blacknight.com/
>> http://blog.blacknight.com/
>> http://mneylon.tel
>> Intl. +353 (0) 59  9183072
>> US: 213-233-1612
>> UK: 0844 484 9361
>> Locall: 1850 929 929
>> Direct Dial: +353 (0)59 9183090
>> Twitter: http://twitter.com/mneylon
>> -------------------------------
>> Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty
>> Road,Graiguecullen,Carlow,Ireland  Company No.: 370845
>>
>>
>

Mr Michele Neylon
Blacknight Solutions
Hosting & Colocation, Brand Protection
ICANN Accredited Registrar
http://www.blacknight.com/
http://blog.blacknight.com/
http://mneylon.tel
Intl. +353 (0) 59  9183072
US: 213-233-1612
UK: 0844 484 9361
Locall: 1850 929 929
Direct Dial: +353 (0)59 9183090
Twitter: http://twitter.com/mneylon
-------------------------------
Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty
Road,Graiguecullen,Carlow,Ireland  Company No.: 370845