[anti-abuse-wg] current business practices

Vissers, Pepijn wrote:
> Hi Frank,

Hi,

>
>
>
> Interesting story. Here in NL, we act as LEA towards an ISP if the abuse we see is related to spam and/or malware (because that is our (OPTA) function as telco regulator). In most cases, abuse reports from a law enforcement agency tend to be picked up with a little more urgency so the strategy is quite effective.
>
>
>
> If the ISP is non-cooperative, we might choose to apply a little more pressure by a subpoena of some kind. Usually applying such pressure results in a positively correlated attitude towards handling said abuse tickets. The strategy is derived from the theory of 'responsive regulation' by Braithwait.
>
>
>
> Do you have such a regulator (with investigative capabilities) who you could team up with in DE?

Surely not.

Its the role of RIPE NCC (too my understanding) to keep their database 
up-to-date. subpoena by deleting the wrong AS object from the database
;o)

Pretty simple ...


Kind regards, Frank
>
>
>
> Kind regards,
>
> Pepijn
>
>
>
>> -----Oorspronkelijk bericht-----
>
>> Van: anti-abuse-wg-bounces at ripe.net [mailto:anti-abuse-wg-
>
>> bounces at ripe.net] Namens Frank Gadegast
>
>> Verzonden: woensdag 11 april 2012 15:18
>
>> Aan: anti-abuse-wg at ripe.net
>
>> Onderwerp: Re: [anti-abuse-wg] current business practices
>
>>
>
>> Laura Cobley wrote:
>
>>> Dear Florian and all,
>
>>
>
>> Hi,
>
>>
>
>> (some details from our current experiences with RIPE NCC and accuracy
>
>>    of the RIPE objects)
>
>>
>
>> we currently have one case where a really big German cablenet ISP is
>
>> having exacly one abuse-eMail address for their tech-c, abuse-mailbox
>
>> and admin-c, for all their objects.
>
>>
>
>> And this one email has a domain, what does not belong to the ISP
>
>> anymore, since  November 2011, its currently owned by a domain grabber,
>
>> because the ISP deleted the domain on purpose (on behalf of a change in
>
>> the company name years ago).
>
>> There is no other working contact information (phone lets you end up at
>
>> their hotline where they have absolutly no idea about abuse), snail
>
>> mail is no option, fax number is not supplied.
>
>>
>
>> We tried mailing there peering contact, their normal customer email
>
>> from their website, filled their online feedback form and then opened a
>
>> normal ticket at RIPE NCC, were just told to open another ticket at
>
>> RIPE NCC and invested about 5 hours already describing the problem at
>
>> RIPE NCC.
>
>> Simply no chance, RIPE NCC is responding to tickets on a daily basis,
>
>> even during business hours (jesus, we will respond in about 5 minutes
>
>> if something serious like that will happen to our networks).
>
>> The interest at the RIPE NCC to fix database problems does not seem to
>
>> have any priority.
>
>>
>
>> Ah, I forgot:
>
>> the maillist server mamba.ripe.net has technical problems during the
>
>> last 3 weeks, we opened tickets for that as well and even got a
>
>> response once, still not fixed, the maillist server is probably not
>
>> reacheable for 90% of the members ... whoever will receives this could
>
>> please make a telnet mamba.ripe.net 25 from some IPs he own (best would
>
>> be not using his or her usual IP, if he or she likes, lets see how big
>
>> that problem really is, thats why I have to mail the most active people
>
>> directly).
>
>>
>
>> --------
>
>> Little update: seems like RIPE NCC changed the maillist server to
>
>> postgirl.ripe.net and that one works.
>
>> Looks like they had to change this in a hurry, because the old server
>
>> did hang in the nameserver caches quite long (great, that I have to
>
>> find that out myself, instead that
>
>>    somebody from the RIPE NCC is simply telling me that or posting
>
>>    to the list).
>
>> --------
>
>> Sorry, if nearly the same email comes twice now ... have to test it.
>
>>
>
>> So: abuse does not have priority in a lot of peoples heads those days,
>
>> even when they tell you that daily ...
>
>>
>
>> (we have about 100 abuse incidents with that ISP monthly and the ISP
>
>>    even resides in the same country than we are, but its still, if they
>
>>    reside on the other side of the moon, maybe I should demonstrate
>
>>    if front of the office building with a big sign saying:
>
>>    "you dont have a working abuse appartment")
>
>>
>
>>
>
>> Kind regards, Frank
>
>>>
>
>>> Over time, contact information in the RIPE Database can become
>
>>> outdated due to staffing changes, oversight and lack of knowledge on
>
>>> the part of the maintainer. Bringing the irregularity directly to the
>
>>> attention of this maintainer can be the quickest way to get it fixed.
>
>>>
>
>>> If you subsequently experience difficulties with this, we can help
>
>> you
>
>>> to get in touch with the maintainer by forwarding your report to the
>
>>> person responsible for the Internet number resource registration.
>
>>> Handling reports is a normal part of our operations within the RIPE
>
>>> NCC and the report form makes it easier to get in touch with us.
>
>>>
>
>>> We ask you to include information such as mail delivery failure
>
>>> notices and copies of emails with headers, which clearly show the
>
>>> problem and the subsequent difficulties you are having. These help to
>
>>> substantiate the report. Our aim is to work together with you to
>
>>> further improve the quality of the data in the Internet number
>
>> resource registry.
>
>>>
>
>>> Best regards,
>
>>>
>
>>> Laura Cobley
>
>>> RIPE NCC
>
>>>
>
>>> On 4/6/12 8:45 PM, Florian Weimer wrote:
>
>>>> * Laura Cobley:
>
>>>>
>
>>>>> Using this form, you can now easily report various issues,
>
>> including
>
>>>>> abnormalities in Internet number resource registrations, to us for
>
>>>>> further investigation.
>
>>>>
>
>>>> I looked at "Incorrect contact information in the RIPE Database",
>
>> and
>
>>>> "I confirm that I have reported the incorrect information to all of
>
>>>> the contacts listed in the relevant object" is a required checkbox.
>
>>>>
>
>>>> This seems to require that complainants try postal addresses, phone
>
>>>> and fax numbers before reporting errors in email addresses.  Is this
>
>>>> really your goal?  Isn't this a step backwards?
>
>>>>
>
>>>
>
>>>
>
>>>
>
>>
>
>>
>
>> --
>
>>
>
>> Mit freundlichen Gruessen,
>
>> --
>
>> MOTD: "have you enabled SSL on a website or mailbox today ?"
>
>> --
>
>> PHADE Software - PowerWeb                       http://www.powerweb.de
>
>> Inh. Dipl.-Inform. Frank Gadegast             mailto:frank at powerweb.de
>
>> Schinkelstrasse 17                                fon: +49 33200 52920
>
>> 14558 Nuthetal OT Rehbruecke, Germany             fax: +49 33200 52921
>
>> ======================================================================
>
>>
>
>>
>
>
>
> +++++++++++++++++++++++++++++++++++++++++++++
>
> Disclaimer
>
> Dit e-mailbericht kan vertrouwelijke informatie bevatten of informatie die is beschermd door een beroepsgeheim.
>
> Indien dit bericht niet voor u is bestemd, wijzen wij u erop dat elke vorm van verspreiding, vermenigvuldiging
>
> of ander gebruik ervan niet is toegestaan.
>
> Indien dit bericht blijkbaar bij vergissing bij u terecht is gekomen, verzoeken wij u ons daarvan
>
> direct op de hoogte te stellen via tel.nr 070 315 3500 of e-mail mailto:mail at opta.nl en het bericht te vernietigen.
>
> Dit e-mailbericht is uitsluitend gecontroleerd op virussen.
>
> OPTA aanvaardt geen enkele aansprakelijkheid voor de feitelijke inhoud en juistheid van dit bericht en er kunnen
>
> geen rechten aan worden ontleend.
>
>
>
>
>
> This e-mail message may contain confidential information or information protected by professional privilege.
>
> If it is not intended for you, you should be aware that any distribution, copying or other form of use of
>
> this message is not permitted.
>
> If it has apparently reached you by mistake, we urge you to notify us by phone +31 70 315 3500
>
> or e-mail mailto:mail at opta.nl and destroy the message immediately.
>
> This e-mail message has only been checked for viruses.
>
> The accuracy, relevance, timeliness or completeness of the information provided cannot be guaranteed.
>
> OPTA expressly disclaims any responsibility in relation to the information in this e-mail message.
>
> No rights can be derived from this message.
>
>
>
>
>


-- 

Mit freundlichen Gruessen,
--
MOTD: "have you enabled SSL on a website or mailbox today ?"
--
PHADE Software - PowerWeb                       http://www.powerweb.de
Inh. Dipl.-Inform. Frank Gadegast             mailto:frank at powerweb.de
Schinkelstrasse 17                                fon: +49 33200 52920
14558 Nuthetal OT Rehbruecke, Germany             fax: +49 33200 52921
======================================================================