[anti-abuse-wg] Hijacked netblocks - any SOP for these?

If you check the weekly CIDR-Report than you will find certain prefixes in
bogus adv head for many many months. NO RIR cares about it.

we've been attacked/spammed/phished by such bogus prefix adv in past.

Regards,

Aftab A. Siddiqui


On Thu, Jul 28, 2011 at 3:33 PM, Frank Gadegast <
ripe-anti-spam-wg at powerweb.de> wrote:

> Michele Neylon :: Blacknight wrote:
>
>>
>> On 28 Jul 2011, at 09:48, Frank Gadegast wrote:
>>
>>>
>>>>
>>> Not at all out of scope.
>>>
>>
>> I think it is out of scope
>>
>> It is a slippery slope
>>
>> Next you'll have people demanding that RIPE check what content is
>> published on IP blocks ..
>>
>
> Good idea.
>
> Other organisations are monitoring content too to prevent abuse, like
> search engines that do not even want results from hacked sites
> in their index.
>
> RIPE is defny responsible for any abuse, whatever it is.
>
> Lets have an example:
> A highjacker is using some netblocks to attack a big bank.
> They are flodded from this IP block and the attacker also
> sets up a lot of pishing servers using these IPs.
>
> Will RIPE ask the LIR about whats going on with his assignment ?
> Will RIPE deroute this netblock at all ?
> Just after the bank complaints ?
> After somebody complains to RIPE that there are pishing servers on this
> netblock ?
>
> What will happen ?
>
> Cant be, that RIPE is doing nothing (to my opinion).
> And it would be very interesting what RIPE would do right now
> in this scenario.
> Who knows more ?
>
>
> Kind regards, Frank
>
>
>
>>
>>
>>
>>> You are right saying, that a listing does not proof anything,
>>> but its a good indication (like I sayd above).
>>>
>>
>> Not necessarily.
>>
>> There are a multitude of reasons why an IP block can get listed - while it
>> *might* be an indicator that you or I can use for our own *private*
>> networks, it is not something that an organization like RIPE should be
>> doing, as there is absolutely no standard or certification of DNS
>> blacklists.
>>
>>
>>
>>> RIPE NCC could ask the member, whats going on with that netblock,
>>> if they see a listing. I guess a lot of members do not
>>> even realize, that their old netblocks are routed
>>> somewhere else.
>>>
>>> RIPE NCC has to check the use of assigned netblocks anyway
>>> (if I understand some rules right).
>>>
>>
>> No - the "usage" is related to the assignment rules
>>
>>
>>  It cannot be that
>>> assigned netblocks are used by non-members or members
>>> the netblock wasnt assigned to …
>>>
>>
>> Sorry, but I don't understand what you mean here
>>
>> regards
>>
>> Michele
>>
>> Mr Michele Neylon
>> Blacknight Solutions
>> Hosting&  Colocation, Brand Protection
>> ICANN Accredited Registrar
>> http://www.blacknight.com/
>> http://blog.blacknight.com/
>> http://blacknight.mobi/
>> http://mneylon.tel
>> Intl. +353 (0) 59 9183072
>> US: 213-233-1612
>> UK: 0844 484 9361
>> Locall: 1850 929 929
>> Direct Dial: +353 (0)59 9183090
>> Twitter: http://twitter.com/mneylon
>> ------------------------------**-
>> Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business
>> Park,Sleaty
>> Road,Graiguecullen,Carlow,**Ireland  Company No.: 370845
>>
>>
>>
>>
>>
>
> --
>
> Mit freundlichen Gruessen,
> --
> PHADE Software - PowerWeb                       http://www.powerweb.de
> Inh. Dipl.-Inform. Frank Gadegast             mailto:frank at powerweb.de
> Schinkelstrasse 17                                fon: +49 33200 52920
> 14558 Nuthetal OT Rehbruecke, Germany             fax: +49 33200 52921
> ==============================**==============================**==========
> Public PGP Key available for frank at powerweb.de
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </ripe/mail/archives/anti-abuse-wg/attachments/20110728/dc3eca3e/attachment.html>