[anti-abuse-wg] Reporting Fraud

Ronald

If we were putting servers in the US we would probably have to get an AS number and allocation from ARIN. We also would have non-EU clients with RIPE space.

Regards

Michele

Mr. Michele Neylon
Blacknight
http://Blacknight.tel

Via iPhone so excuse typos and brevity

On 28 Sep 2010, at 22:06, "Ronald F. Guilmette" <rfg at tristatelogic.com> wrote:

> 
> In message <A.1P0dJI-000Kvu-EO at smtp-ext-layer.spamhaus.org>, you wrote:
> 
>> Brian Nisbet <brian.nisbet at heanet.ie> wrote:
>> 
>>> There's no webform for this, no, but if you email ncc at ripe.net
>>> and/or abuse at ripe.net, this should get things to the right
>>> person and it can go from there.
>> 
>> Given the number of cases I've reported to RIPE, and the apparent
>> inaction, I'm not convinced that either of those would be a viable
>> communications channel.  Perhaps we do need a webform.  No doubt
>> the RIPE NCC will protest that since there isn't a policy that tells
>> them to actually do anything about such cases, there's no point us
>> having a webform anyway.
> 
> Hummm... OK.  I didn't realize things were that bad.
> 
> So, ah, maybe the Right Place To Start would be for somebody (perhaps
> even this working group?) to propose at least some sort of a policy
> (e.g. on hijacked ASNs and/or address blocks) for RIPE's consideration (?)
> 
> I do agree that in the absence of any policy to even investigate, a web
> form for submissions isn't going to help a lot.
> 
> Meanwhile, on a related topic...
> 
> Now that people here were kind enough to point me at the -B option for the
> RIPE whois server, I did manage to get a tiny bit more information about
> that Belize-domiciled network (INSTANTEXCHANGER-NET) that I mentioned earlier:
> 
> % fgrep ' 20' INSTANTEXCHANGER-NET
> changed:        hostmaster at ripe.net 20100414
> changed:        sp at instant-exchanger.com 20100410
> changed:        sp at instant-exchanger.com 20100410
> 
> % fgrep ' 20' AS50877
> changed:        hostmaster at ripe.net 20100414
> changed:        sp at instant-exchanger.com 20100410
> changed:        sp at instant-exchanger.com 20100410
> 
> So it would appear that I may have been correct, and that this ``European''
> oddity was issued only just earlier this year... in April to be precise.
> 
> Short of traveling a long distance by plane and showing up physically to
> the next RIPE meeting, is there any way for me to find out why an ASN
> (AS50877) and also a non-trivial amount of IPv4 space (195.80.148.0/22)
> would have been assigned by RIPE staff to a company that, according to
> the RIPE whois records themselves, is domiciled in Latin America?
> 
> (Separate question:  Is there any way to obtain archived dumps of the
> RIPE whois data base, e.g. from April of this year, so that I might be
> able to check and see if the original whois for the AS & IP block also
> said "Belize", as I suspect it did?)
> 
> Certainly, if RIPE is not responding at all to reports of hijackings of
> pre-existing & previously allocated ASNs and/or IP blocks, then I would
> say that that is certainly a problem.  But this whole Belize thing is
> different, I think, and perhaps in some ways worse.  Why would anyone
> bother to hijack an IP block or an ASN if RIPE will just issue you either
> of those things, willy nilly, no matter where you live?
> 
> 
> Regards,
> rfg
>