This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/anti-abuse-wg@ripe.net/
[anti-abuse-wg] Reporting Fraud
- Previous message (by thread): [anti-abuse-wg] Reporting Fraud
- Next message (by thread): [anti-abuse-wg] Reporting Fraud
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Michele Neylon :: Blacknight
michele at blacknight.ie
Wed Sep 29 10:45:58 CEST 2010
Ronald If we were putting servers in the US we would probably have to get an AS number and allocation from ARIN. We also would have non-EU clients with RIPE space. Regards Michele Mr. Michele Neylon Blacknight http://Blacknight.tel Via iPhone so excuse typos and brevity On 28 Sep 2010, at 22:06, "Ronald F. Guilmette" <rfg at tristatelogic.com> wrote: > > In message <A.1P0dJI-000Kvu-EO at smtp-ext-layer.spamhaus.org>, you wrote: > >> Brian Nisbet <brian.nisbet at heanet.ie> wrote: >> >>> There's no webform for this, no, but if you email ncc at ripe.net >>> and/or abuse at ripe.net, this should get things to the right >>> person and it can go from there. >> >> Given the number of cases I've reported to RIPE, and the apparent >> inaction, I'm not convinced that either of those would be a viable >> communications channel. Perhaps we do need a webform. No doubt >> the RIPE NCC will protest that since there isn't a policy that tells >> them to actually do anything about such cases, there's no point us >> having a webform anyway. > > Hummm... OK. I didn't realize things were that bad. > > So, ah, maybe the Right Place To Start would be for somebody (perhaps > even this working group?) to propose at least some sort of a policy > (e.g. on hijacked ASNs and/or address blocks) for RIPE's consideration (?) > > I do agree that in the absence of any policy to even investigate, a web > form for submissions isn't going to help a lot. > > Meanwhile, on a related topic... > > Now that people here were kind enough to point me at the -B option for the > RIPE whois server, I did manage to get a tiny bit more information about > that Belize-domiciled network (INSTANTEXCHANGER-NET) that I mentioned earlier: > > % fgrep ' 20' INSTANTEXCHANGER-NET > changed: hostmaster at ripe.net 20100414 > changed: sp at instant-exchanger.com 20100410 > changed: sp at instant-exchanger.com 20100410 > > % fgrep ' 20' AS50877 > changed: hostmaster at ripe.net 20100414 > changed: sp at instant-exchanger.com 20100410 > changed: sp at instant-exchanger.com 20100410 > > So it would appear that I may have been correct, and that this ``European'' > oddity was issued only just earlier this year... in April to be precise. > > Short of traveling a long distance by plane and showing up physically to > the next RIPE meeting, is there any way for me to find out why an ASN > (AS50877) and also a non-trivial amount of IPv4 space (195.80.148.0/22) > would have been assigned by RIPE staff to a company that, according to > the RIPE whois records themselves, is domiciled in Latin America? > > (Separate question: Is there any way to obtain archived dumps of the > RIPE whois data base, e.g. from April of this year, so that I might be > able to check and see if the original whois for the AS & IP block also > said "Belize", as I suspect it did?) > > Certainly, if RIPE is not responding at all to reports of hijackings of > pre-existing & previously allocated ASNs and/or IP blocks, then I would > say that that is certainly a problem. But this whole Belize thing is > different, I think, and perhaps in some ways worse. Why would anyone > bother to hijack an IP block or an ASN if RIPE will just issue you either > of those things, willy nilly, no matter where you live? > > > Regards, > rfg >
- Previous message (by thread): [anti-abuse-wg] Reporting Fraud
- Next message (by thread): [anti-abuse-wg] Reporting Fraud
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]