[anti-abuse-wg] Draft Minutes - RIPE 62

And apparently I don't know when I am.

No matter what I might claim in the subject or even in the text below, 
these are the minutes for RIPE 62, held in Amsterdam in May 2011!

Brian.

"Brian Nisbet" wrote the following on 01/07/2011 15:24:
> Colleagues,
>
> These are the draft minutes from RIPE 53, apologies for the delay, the
> lovely folk from the NCC had them a while ago, I was just slow in
> reviewing them and passing them on. As always, please let me know if you
> have any comments or corrections:
>
> RIPE Anti-Abuse Working Group: Draft Minutes – RIPE 62
>
> Thursday, 4 May 2011
> 14:00-15:30
> Co-Chairs: Brian Nisbet and Tobias Knecht
> Scribe: Fergal Cunningham
> Chat Monitor: Sandra Brás
>
> A. Administrative Matters
>
> –Welcome
>
> Working Group co-Chair Brian Nisbet welcomed attendees. He thanked the
> scribe, chat monitor and stenographer, and he asked that those asking
> questions clearly state their name and affiliation.
>
> –Approve Minutes from RIPE 61
>
> Brian noted that there were some initial comments and the minutes were
> updated accordingly. He asked if there were any further comments. There
> were none and Brian deemed the minutes from RIPE 61 to be formally
> approved.
>
> –New Working Group Co-Chair
>
> Tobias Knecht was formally approved as the new Anti-Abuse Working Group
> co-Chair. Brian said that Tobias would help to resurrect the best common
> practice document process. Brian said two documents would be produced –
> an administrative document and a technical document.
>
> –Finalise agenda
>
> There were no additions to the agenda.
>
> B. Update
>
> B1. Recent List Discussion
>
> Brian noted that there was a lot of discussion in the past few months.
> He said the Abuse Contact Task Force was addressing some issues and some
> were being addressed by the ripe-517 Closure and Deregistration
> document. He proposed that the working group not delve into those issues
> at that time.
>
> B2. Admin Tools for Blackhole Administration - Ingvar Mattsson, Google
>
> The presentation is available at:
> http://ripe62.ripe.net/presentations/155-blackholeslides.pdf
>
> David Freedman from Claranet said this approach was to be commended. He
> said he had a similar in-house tool and if anyone wanted to know more
> about that he could show them afterwards. He said the main problem is if
> prefixes are not reaped and remain in blackholing. He said the support
> team needs to be aware of what’s going on and it must be done in an
> intelligent way.
>
> Ignvar asked if it was more pleasant to use blackholing and David said
> it was.
>
> B3. Arbor 2010 Infrastructure Security Report - Darren Anstee, Arbor
> Networks
>
> The presentation is available at:
> http://ripe62.ripe.net/presentations/88-Darren-Anstee-AA-RIPE-2011-DDoS_Trends.ppt.pdf
>
>
> Ian Meikle, RIPE Measurement, Analysis and Tools (MAT) Working Group
> co-Chair, noted that Darren would talk about the ATLAS initiative at the
> MAT Working Group session.
>
> Wout de Natris, Chair of the Cybercrime Working Party, asked if the rise
> of DDoS attacks was down to criminal or political reasons.
>
> Darren said he was not sure. He thought there might be a fair mixture of
> both, but he said people could look and draw their own conclusions.
>
> Wout said he attended a meeting on botnets, where it was noted that
> attacks from mobile devices were not a problem yet. He asked if this was
> becoming a problem.
>
> Darren said more attack traffic was coming from mobile devices. He said
> Symantec have seen a growth in malware targeted at smart devices and it
> is probably only a matter time before we see attacks coming from smart
> devices.
>
> Wout asked if Darren had tips for developing countries.
>
> Darren said diagnostic ACLs and flow tools could be used if these
> countries did not want to use commercial products to detect DDoS attacks.
>
> Daniel Karrenberg, Chief Scientist at the RIPE NCC, asked if on the Port
> 53 attacks there was any differentiation on whether the attack traffic
> was queries or responses.
>
> Darren said there was not.
>
> Daniel asked for more details, saying it would be interesting to see how
> the relative proportion was reflected in the attacks. He said he
> suspected a fair amount of reflection was going on.
>
> Darren said he would be asking what people wanted to see from the Atlas
> initiative, and he said this is one area they would be looking at.
>
> Paul Germano, Google, asked if the data received was just megabits per
> second and Darren said this was indeed the case.
>
> C. Policies
>
> –Abuse Contact Management Task Force
>
> Brian said that the three proposals (2010-08, 2010-09 and 2010-10) that
> were presented at RIPE 61 were withdrawn and that the Abuse Contact
> Management Task Force was formed to look at the issues or concerns in
> the three proposals. Brian gave an update from the task force, which is
> available at:
> http://ripe62.ripe.net/presentations/175-acm_tf_ripe62.ppt
>
> Brian asked if there were any questions. There were no questions, and
> Brian took this to be approval to continue with the work of the task force.
>
> D. Interactions
>
> D1. Working Groups
>
> Brian said the Database Working Group was the one the Anti-Abuse Working
> Group interacted with the most. He said that the main interaction with
> that group currently was concerned with the work of the Abuse Contact
> Management Task Force.
>
> D2. Cybercrime Working Party Update - Wout de Natris
>
> (No presentation was uploaded)
>
> Wout de Natris, Chair of the Cybercrime Working Party (CCWP), described
> the meetings he attended and presented at on behalf of the CCWP. He said
> that the main area the CCWP was looking into was training law
> enforcement agencies (LEAs) on the use of tools and databases that would
> help them in their work. He said a template for information requests
> would be created to send requests to the RIPE NCC. He said a list of LEA
> contacts would enable LEA officials to easily contact each other and
> share experiences. He said LEAs would look at coming up with a list of
> topics that they would want to discuss with the RIPE community.
>
> Wout asked the RIPE community what it would like to discuss with LEAs.
> He said people should bring issues to the CCWP if they wanted
> clarification from LEAs.
>
> Wout concluded by noting that the CCWP was making progress, and he
> reiterated that the process was a two-way street. He said LEAs could use
> the group to bring forward their concerns and the RIPE community could
> do likewise.
>
> Frank Salanitri, APNIC, said APNIC’s IRT object contact address received
> up to 30,000 abuse mails and that it was impossible to check these on an
> individual basis. He suggested they might be used for IP reputation
> services. He said, potentially, they could show the most abused
> allocations and the countries the abuse came from. He said this
> information could be logged in a database that could be made available
> to researchers.
>
> Wout asked if APNIC had contacted the Australian and New Zealand active
> anti-spam LEAs.
>
> Pablo Hinojosa, APNIC Public Affairs Officer, said APNIC was
> corresponding with these groups and was actively looking for ways to
> increase cooperation.
>
> D3. RIPE NCC Government/LEA Interactions Update
>
> Brian said a number of things have happened to give encouragement to
> RIPE and the RIPE NCC’s interactions with LEAs. He said the engagement
> of LEAs with the RIPE community has increased, and they have shown a
> greater understanding of the issues at hand. He said LEAs recognised the
> need to keep a good registry database.
>
> Brian said LEAs were happy with RIPE Policy Proposal 2010-06 on
> registration of IPv6 in the RIPE Database.
>
> He said the RIPE NCC procedural document, ripe-517, on closure and
> deregistration of LIRs was a positive step because it reduces the
> ability to abuse mechanisms there.
>
> Brian added that they also talked about what is likely to happen
> following the exhaustion of the IPv4 address pool. He said interaction
> with both LEAs and government agencies would continue.
>
> Brian noted that there are issues being discussed on the RIPE Address
> Policy Working Group mailing list that the Anti-Abuse Working Group
> should look at. He said the RPKI discussion should be of particular note
> and he asked everyone to pay close attention to these issues.
>
> X. AOB
>
> There was no other business to attend to. Brian asked for items for RIPE
> 63. He noted that Tobias would talk about the best common practice
> documents at RIPE 63 and he promised to have those documents posted to
> the mailing list. Brian thanked the attendees and said he looked forward
> to the next meeting in Vienna.
>
> Recordings of all presentations and discussion in the RIPE Anti-Abuse
> Working Group session at RIPE 62 are available at:
> http://ripe62.ripe.net/archives#Thursday
>
>