This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/anti-abuse-wg@ripe.net/
[anti-abuse-wg] 2010-08 New Policy Proposal (Abuse contact information)
- Previous message (by thread): [anti-abuse-wg] 2010-08 New Policy Proposal (Abuse contact information)
- Next message (by thread): [anti-abuse-wg] 2010-08 New Policy Proposal (Abuse contact information)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Frank Gadegast
ripe-anti-spam-wg at powerweb.de
Thu Nov 11 10:21:29 CET 2010
Jørgen Hovland wrote: > On 11/10/10 17:42, Frank Gadegast wrote: >> >> I simply want ONE clearly defined contact instead of the messy >> whois we currentyl have. > > But making things mandatory doesn't solve poor design. ??? please explain, dont get it. >> Not at all. >> We report all spam our customers receive. > > My ideas about this is probably a bit drastic, but I usually never > report spam unless I know the ISP/system because it doesn't make any > sense. We do however block it (the spam, not the ISP). It doesn't give > us any benefits to report it. We get paid to filter spam. If I reported > it the spam would stop. That's bad for business. You should report all spam. Most good working ISPs are very happy to be informed, when one of their dialin customer has a trojan installed. We also get a lot of feedback from end users, that they fixed the security hole of their housing server, after we informed them. >> All password-checking, > Why are you reporting that? We have things like that constantly 24/7. In > a perfect world, your system should be designed to filter this instead. Surely we block them also, but we report this, to that the end customer is informed about the trojan hes running, or his ISP is informed. Every day, we stop a couple of hundred botted PCs and servers world-wide. >> sniffing > I'm not sure if I understand what this means, but you would probably > spend your time changing passwords instead of complaining that somebody > stole them. Nevertheless, this would be a case for law enforcement if > it's so important. We detect network sniffing BEFORE it actually steals passwords, by monitoring the MAC-addresses in our network. >> and DDoS-Attacks >> > Seriously. The 90s just called. They want you back. ???? DDoS attacks happen every day, get detected and blocked. We use advanced flow-control to detect this traffic and complain to the ISPs this traffic is really coming from. It helps a lot. Cannot see the 90er here. Not telling anybody about his security holes because of lazyness or not enough knowledge is 80th ... BTW: your mailserver does not read our SPF-records right and denies mail from us ... > I think people often mix contact information with abuse contact > information. Sometimes it's the same, sometimes not. Some people don't > understand the difference and some people don't care and mail everyone > anyway. This is where the database design/language perhaps could be > improved. > Contact information is to me more important than abuse contact > information because it lets me get in touch with the legal entity. Legal issues are comunicated still via paper (and have to) or fax or phone (for the first contact). There is no need for an email address of the admin-c. Simple leave too email address via whois: routing and abuse > Remember that a complaint is just a message saying you are unhappy with > something. You can never expect anyone to reply or even do anything > about it, and they have their fully right to do so. Well, I see all the mails coming back and we surely store statistics about any IP causing abuse. And we see how many of those get fixed, so a lot of people are happy about reports (I even know this from talks to major German ISPs, they all have a working abuse department and all really DO something these days). Kind regards, Frank -- PHADE Software - PowerWeb http://www.powerweb.de Inh. Dipl.-Inform. Frank Gadegast mailto:frank at powerweb.de Schinkelstrasse 17 fon: +49 33200 52920 14558 Nuthetal OT Rehbruecke, Germany fax: +49 33200 52921 ====================================================================== Public PGP Key available for frank at powerweb.de -- Mit freundlichen Gruessen, -- PHADE Software - PowerWeb http://www.powerweb.de Inh. Dipl.-Inform. Frank Gadegast mailto:frank at powerweb.de Schinkelstrasse 17 fon: +49 33200 52920 14558 Nuthetal OT Rehbruecke, Germany fax: +49 33200 52921 ====================================================================== Public PGP Key available for frank at powerweb.de
- Previous message (by thread): [anti-abuse-wg] 2010-08 New Policy Proposal (Abuse contact information)
- Next message (by thread): [anti-abuse-wg] 2010-08 New Policy Proposal (Abuse contact information)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]