This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/
[anti-abuse-wg] Hijacked netblocks - any SOP for these?
- Previous message (by thread): [anti-abuse-wg] Hijacked netblocks - any SOP for these?
- Next message (by thread): [anti-abuse-wg] Hijacked netblocks - any SOP for these?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Aftab Siddiqui
aftab.siddiqui at gmail.com
Thu Jul 28 12:55:38 CEST 2011
If you check the weekly CIDR-Report than you will find certain prefixes in bogus adv head for many many months. NO RIR cares about it. we've been attacked/spammed/phished by such bogus prefix adv in past. Regards, Aftab A. Siddiqui On Thu, Jul 28, 2011 at 3:33 PM, Frank Gadegast < ripe-anti-spam-wg at powerweb.de> wrote: > Michele Neylon :: Blacknight wrote: > >> >> On 28 Jul 2011, at 09:48, Frank Gadegast wrote: >> >>> >>>> >>> Not at all out of scope. >>> >> >> I think it is out of scope >> >> It is a slippery slope >> >> Next you'll have people demanding that RIPE check what content is >> published on IP blocks .. >> > > Good idea. > > Other organisations are monitoring content too to prevent abuse, like > search engines that do not even want results from hacked sites > in their index. > > RIPE is defny responsible for any abuse, whatever it is. > > Lets have an example: > A highjacker is using some netblocks to attack a big bank. > They are flodded from this IP block and the attacker also > sets up a lot of pishing servers using these IPs. > > Will RIPE ask the LIR about whats going on with his assignment ? > Will RIPE deroute this netblock at all ? > Just after the bank complaints ? > After somebody complains to RIPE that there are pishing servers on this > netblock ? > > What will happen ? > > Cant be, that RIPE is doing nothing (to my opinion). > And it would be very interesting what RIPE would do right now > in this scenario. > Who knows more ? > > > Kind regards, Frank > > > >> >> >> >>> You are right saying, that a listing does not proof anything, >>> but its a good indication (like I sayd above). >>> >> >> Not necessarily. >> >> There are a multitude of reasons why an IP block can get listed - while it >> *might* be an indicator that you or I can use for our own *private* >> networks, it is not something that an organization like RIPE should be >> doing, as there is absolutely no standard or certification of DNS >> blacklists. >> >> >> >>> RIPE NCC could ask the member, whats going on with that netblock, >>> if they see a listing. I guess a lot of members do not >>> even realize, that their old netblocks are routed >>> somewhere else. >>> >>> RIPE NCC has to check the use of assigned netblocks anyway >>> (if I understand some rules right). >>> >> >> No - the "usage" is related to the assignment rules >> >> >> It cannot be that >>> assigned netblocks are used by non-members or members >>> the netblock wasnt assigned to … >>> >> >> Sorry, but I don't understand what you mean here >> >> regards >> >> Michele >> >> Mr Michele Neylon >> Blacknight Solutions >> Hosting& Colocation, Brand Protection >> ICANN Accredited Registrar >> http://www.blacknight.com/ >> http://blog.blacknight.com/ >> http://blacknight.mobi/ >> http://mneylon.tel >> Intl. +353 (0) 59 9183072 >> US: 213-233-1612 >> UK: 0844 484 9361 >> Locall: 1850 929 929 >> Direct Dial: +353 (0)59 9183090 >> Twitter: http://twitter.com/mneylon >> ------------------------------**- >> Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business >> Park,Sleaty >> Road,Graiguecullen,Carlow,**Ireland Company No.: 370845 >> >> >> >> >> > > -- > > Mit freundlichen Gruessen, > -- > PHADE Software - PowerWeb http://www.powerweb.de > Inh. Dipl.-Inform. Frank Gadegast mailto:frank at powerweb.de > Schinkelstrasse 17 fon: +49 33200 52920 > 14558 Nuthetal OT Rehbruecke, Germany fax: +49 33200 52921 > ==============================**==============================**========== > Public PGP Key available for frank at powerweb.de > > -------------- next part -------------- An HTML attachment was scrubbed... URL: </ripe/mail/archives/anti-abuse-wg/attachments/20110728/dc3eca3e/attachment.html>
- Previous message (by thread): [anti-abuse-wg] Hijacked netblocks - any SOP for these?
- Next message (by thread): [anti-abuse-wg] Hijacked netblocks - any SOP for these?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]