This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/anti-abuse-wg@ripe.net/
[anti-abuse-wg] Reporting Fraud
- Previous message (by thread): [anti-abuse-wg] Reporting Fraud
- Next message (by thread): [anti-abuse-wg] Reporting Fraud
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Ronald F. Guilmette
rfg at tristatelogic.com
Tue Sep 28 22:05:33 CEST 2010
In message <A.1P0dJI-000Kvu-EO at smtp-ext-layer.spamhaus.org>, you wrote: >Brian Nisbet <brian.nisbet at heanet.ie> wrote: > >> There's no webform for this, no, but if you email ncc at ripe.net >> and/or abuse at ripe.net, this should get things to the right >> person and it can go from there. > >Given the number of cases I've reported to RIPE, and the apparent >inaction, I'm not convinced that either of those would be a viable >communications channel. Perhaps we do need a webform. No doubt >the RIPE NCC will protest that since there isn't a policy that tells >them to actually do anything about such cases, there's no point us >having a webform anyway. Hummm... OK. I didn't realize things were that bad. So, ah, maybe the Right Place To Start would be for somebody (perhaps even this working group?) to propose at least some sort of a policy (e.g. on hijacked ASNs and/or address blocks) for RIPE's consideration (?) I do agree that in the absence of any policy to even investigate, a web form for submissions isn't going to help a lot. Meanwhile, on a related topic... Now that people here were kind enough to point me at the -B option for the RIPE whois server, I did manage to get a tiny bit more information about that Belize-domiciled network (INSTANTEXCHANGER-NET) that I mentioned earlier: % fgrep ' 20' INSTANTEXCHANGER-NET changed: hostmaster at ripe.net 20100414 changed: sp at instant-exchanger.com 20100410 changed: sp at instant-exchanger.com 20100410 % fgrep ' 20' AS50877 changed: hostmaster at ripe.net 20100414 changed: sp at instant-exchanger.com 20100410 changed: sp at instant-exchanger.com 20100410 So it would appear that I may have been correct, and that this ``European'' oddity was issued only just earlier this year... in April to be precise. Short of traveling a long distance by plane and showing up physically to the next RIPE meeting, is there any way for me to find out why an ASN (AS50877) and also a non-trivial amount of IPv4 space (195.80.148.0/22) would have been assigned by RIPE staff to a company that, according to the RIPE whois records themselves, is domiciled in Latin America? (Separate question: Is there any way to obtain archived dumps of the RIPE whois data base, e.g. from April of this year, so that I might be able to check and see if the original whois for the AS & IP block also said "Belize", as I suspect it did?) Certainly, if RIPE is not responding at all to reports of hijackings of pre-existing & previously allocated ASNs and/or IP blocks, then I would say that that is certainly a problem. But this whole Belize thing is different, I think, and perhaps in some ways worse. Why would anyone bother to hijack an IP block or an ASN if RIPE will just issue you either of those things, willy nilly, no matter where you live? Regards, rfg
- Previous message (by thread): [anti-abuse-wg] Reporting Fraud
- Next message (by thread): [anti-abuse-wg] Reporting Fraud
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]