This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/
[anti-abuse-wg] Re: Interaction between the RIPE and anti-abuse communities
- Previous message (by thread): [anti-abuse-wg] Re: Interaction between the RIPE and anti-abuse communities, was Draft Anti-Abuse WG Minutes ? RIPE 61
- Next message (by thread): [anti-abuse-wg] Re: Interaction between the RIPE and anti-abuse communities, was Draft Anti-Abuse WG Minutes ? RIPE 61
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Kauto Huopio
kauto.huopio at ficora.fi
Wed Feb 2 11:25:16 CET 2011
Greetings all, I am a relative newcomer within RIPE community - but been working for some 10 years with CERT-FI, the national CERT team in Finland. During this period I have got a feeling (no statistics - yet) that the majority of cases where the validity of ipv4 / AS resource registration details can be questioned are within RIPE service area. APNIC, AFRINIC, LACNIC, ARIN -provided resources with this suspicion are quite rare on my radar. I have a couple of questions on my mind: 1) What is the current procedure to initiate an investigation with RIPE NCC on resource registration data consistency? 2) Are there any spesific requirements to be filled to trigger investiation procedures - what proof of suspicious registration data is needed? 3) Where I can find the current RIPE policies applied on this type of investigation request? 4) What kind of reply time one could expect from RIPE NCC for this type of request? 5) What methods I could use to extract -sponsoring LIR data of a inetnum / autnum object -all inetnum/autnum objects delegated by a spesified LIR from RIPE NCC WHOIS database? (personally I think there is no need to hide this information - all customer networks of an ISP can be easily extracted from BGP routing data, business protection needs IMHO do not warrant blocking this information) I have a couple of examples that could perhaps warrant a concentrated look. First is a recent and public one, documented here: http://www.abuse.ch/?p=3130 Could regisgtry consistency procedures be initiated on the suspicious resources mentioned in the blog post? A second case I would like to work with appropriate RIPE NCC staff directly. --Kauto -- Kauto Huopio - kauto.huopio at ficora.fi Senior information security adviser Finnish Communications Regulatory Authority / CERT-FI tel. +358-9-6966772, fax +358-9-6966515, mobile +358-50-5826131 CERT-FI watch desk daytime: +358-9-6966510 / http://www.cert.fi
- Previous message (by thread): [anti-abuse-wg] Re: Interaction between the RIPE and anti-abuse communities, was Draft Anti-Abuse WG Minutes ? RIPE 61
- Next message (by thread): [anti-abuse-wg] Re: Interaction between the RIPE and anti-abuse communities, was Draft Anti-Abuse WG Minutes ? RIPE 61
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]