This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/
[anti-abuse-wg] DRAFT: RIPE proposal - implementation of an
- Previous message (by thread): [anti-abuse-wg] DRAFT: RIPE proposal - implementation of an
- Next message (by thread): [anti-abuse-wg] DRAFT: RIPE proposal - implementation of an
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Frank Gadegast
phade at www.powerweb.de
Fri Apr 9 21:43:11 CEST 2010
Hello Leo, > > The benefit is clear: > > - it will give RIPE NCC the chance to seperate good from > > "spam-friendly" members, prepare impresive statistics > > for further discussions (e.g. with Governments) and much more > > - it will simplify the process of reporting spam > > and reacting to spam reports for everybody, querying > > whois is still too complicated and unknown to the normal > > end user and hard to automate for blacklists or other > > services, because there are about 20 different whois > > output formats worldwide (inserting an abuse-address into > > an IRT object will even make it more complicated) > > - having an easy and unique address to report to, is another > > step in standarizing the report format, what would make > > it much more easy for members that are willing to deal > > with abuse reports > > You didn't answer the question, though. Why would you proposal make ISPs want to deal with abuse reports when they are not doing so already? I did answer this a couple of times now, but ok, again. The first version will not work against members, that are not willing to do something against abuse that is coming from their networks. Working against them will need some kind of "punishment", and sure there is more to talk about first with this. But at least there will be some kind of identification, wich one needs to be educated or even "punished" with this kind of system. The consequences are still for further discussion. > As to the claim that whois is to complicated to normal end users, I would contend that normal end users should not have to try and work out where abuse actually originates from. That is something that service providers should be doing. As someone who receives abuse reports for most of the special use IPv4 addresses reserved in various RFCs I can assure you that end users have a very hard time reading mail headers or understanding the warning messages provided by their firewall software. whois is even too complicated for normal people even for ISPs or blacklist owners like we are. Or even for super-professionals. - abuse-records are mostly hidden in remark-field because the abuse-field isnt used very often, because its non-mandatory (yet). - whois is showing IP ranges and ranges are often quite small, what means that you have to look up each range, better each IP seperatly - whois has only a connection to the owner of the range and not to the member, unless you do even more queries - queries to personal objects are limited, what makes automated systems impossible, if they are not starting to cache queries or read old database dumps or have the special right to receive as many infos as they need - caching query results are causing delays, what means that the abuse contacts cant be correct all the time, because they could have changed already - if the IRT object is introduced including abuse records, you will have to look up the normal whois AND the IRT object, and what result will you prefer, if both is available ? and if you see it world-wide: - the formatting of the world wide whois systems is not equal and sometimes even hard to parse, even if they nearly have the same fields - IPv4 ranges are widely spread between all RIRs, you will need to look up arins whois first, to find out, where the range actually belongs to, and then ask that RIR - dont forget the early registration blocks spread all over the world - arins whois requires up to three queries to finally get the abuse contact hidden in several possible objects, multi-range listings with more than one correct answer. What field will you really look for in arins whois ? OrgTechHandle, OrgAbuseHandle, RAbuseEmail, OrgNOCEmail, OrgTechEmail ? - apnics whois is now spread along several other referral whois in different countries and there is not clear and often changing relocation or change in the size of the assigned blocks for those sub-RIRs - lacnic also spreads, brasil has its own whois - lacnic always includes the mains RIRs abuse contats, relevant ? yes, no, both ? - the objects changed-date is not visible on all whois worldwide - tools that should make this more easy (like jwhois for domainname) are always developed with big delays and are never accurate And many more problems, thats not what I understand as standarized .... And if there is an RFC nearly for everything, its pretty weird, that whois is not equal all over the world. (well, but the same with domain whois, at least the output format could be the same, even if every country will hide fields or not like its needed by local law or commitment) > >> A system like the one proposed would add an extra layer between the complainant and the relevant network and could well become a target for abuse itself. I am not sure how it would make network managers want to deal with abuse complaints that they are currently ignoring, though. Can you expand on that? > > > > Thats right, the possible amount of reports arriving could be a real > > problem and could use more resources than expected. The problem is, > > that the amount is not really predictable until maybe even > > a testbed is implemented. > > > > Members that are ignoring spam reports could be at least > > identified, whatever "punishment" ( starting from public > > blame reaching up to real sanctions) will appear after > > identification, is for further discussions. > > > > It could start with a blacklist filled from RIPEs data, > > lets call it the "spam report ignoring RIPE member blacklist", > > or SRIRMB ;o) > > So, if I understand your proposal correctly, you want RIPE NCC membership fees to be used to create a system that will be used to 'name and shame' RIPE NCC members. I think this brings me back to the question I asked in my last message and which you did not answer: what is the incentive for RIPE NCC members to finance this system? Yes, because the development and maintance cost are spread on all members, instead on only those, that are willing to do something, this would be one way to "punish" the others :o) And the system only has to be developed once. And it will get even cheaper for everybody, if you add more functionality in the next steps ... And no member that already receives and reads and works on abuse reports has to fear this system, that how it should be constructed. It should help members with working abuse departments to simplify their work. It should also be a starting point to get report formats standarized, to simplify the lookup of abuse contacts (or even make lookups unnessessary). It should be a start to talk about consequences if a member ignores abuse reports. Kind regards, Frank -- PHADE Software - PowerWeb http://www.powerweb.de Inh. Dipl.-Inform. Frank Gadegast mailto:frank at powerweb.de Schinkelstrasse 17 fon: +49 33200 52920 14558 Nuthetal OT Rehbruecke, Germany fax: +49 33200 52921 ====================================================================== Public PGP Key available for frank at powerweb.de > > Regards, > > Leo >
- Previous message (by thread): [anti-abuse-wg] DRAFT: RIPE proposal - implementation of an
- Next message (by thread): [anti-abuse-wg] DRAFT: RIPE proposal - implementation of an
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]