This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/
[anti-abuse-wg] anti-abuse-wg Digest, Vol 8, Issue 9
- Previous message (by thread): [anti-abuse-wg] Introducing the RIPE NCC Report Form
- Next message (by thread): [anti-abuse-wg] anti-abuse-wg Digest, Vol 8, Issue 9
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Wout de Natris
denatrisconsult at hotmail.nl
Wed Apr 11 17:38:11 CEST 2012
"Re: Contents of anti-abuse-wg digest..." Why does this discussion take so many words and arguments? 1. Primarily RIPE NCC needs or at least should need a proper overview of who its members are for several reasons that all have to do with internal processes like reaching out, billing and maintaining correct records, in short common business practice. 2. There is an abuse function for well ... abuse, so members can reach out to each other and amend whatever goes wrong. All this isn't strange or weird, but normal practice for any company, club, association, etc. As soon as an address isn't correct the company, club, association, university, etc. reaches out to the customer, member, student concerned in order to get new relevant data, so it can do billing, maintenance of records, send news, etc. If the customer, member, et al, does not respond, steps are taken to terminate the relation. This is common practice to any company, club, association, etc. and has, primarily, nothing to do with law enforcement of any kind, but with customer/member relations, correct records, due payment, etc. So how come that as soon as this discussion is about the Internet, whether domain name registrations or in this case IP addresses, this totally normal form of doing business is denied as being standard practice? If data is not correct and there is no way the, in this case RIPE NCC, member can be found, it is not so strange that, after a published notice with a due time frame, a relation is terminated. Certainly in a period of scarcity in IPv4 addresses, this should be common practice. (And if it happens to concern a criminal organisation, they won't show up any way. All others will within about 2 seconds of termination.) So if correct data is standard practice and law enforcement needs them for whatever reason, they can access this data either through Whois of through correct proceedings in the Dutch law. Like it should be. Correct data saves money in the end, for all concerned, and makes becoming a member less attractive for individuals or organisations that most of us agree don't need a place on the internet. I don't think LEAs ask for more than that, but as a RIPE member I would look at my own organisation first. LEAs need to deal with LIRs more than an RIR, I'd guess, so assist them in finding these LIRs. Wout > From: anti-abuse-wg-request at ripe.net > Subject: anti-abuse-wg Digest, Vol 8, Issue 9 > To: anti-abuse-wg at ripe.net > Date: Wed, 11 Apr 2012 16:13:31 +0200 > > Send anti-abuse-wg mailing list submissions to > anti-abuse-wg at ripe.net > > To subscribe or unsubscribe via the World Wide Web, visit > https://www.ripe.net/mailman/listinfo/anti-abuse-wg > or, via email, send a message with subject or body 'help' to > anti-abuse-wg-request at ripe.net > > You can reach the person managing the list at > anti-abuse-wg-owner at ripe.net > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of anti-abuse-wg digest..." > > > Today's Topics: > > 1. Re: Introducing the RIPE NCC Report Form (julien tayon) > 2. Re: current business practices (Frank Gadegast) > 3. Re: Introducing the RIPE NCC Report Form (Chris Heinze) > 4. Re: current business practices (Gert Doering) > 5. Re: current business practices (Michele Neylon :: Blacknight) > 6. Re: current business practices (Suresh Ramasubramanian) > 7. Re: current business practices (Frank Gadegast) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Wed, 11 Apr 2012 15:49:01 +0200 > From: julien tayon <julien at tayon.net> > Subject: Re: [anti-abuse-wg] Introducing the RIPE NCC Report Form > To: Brian Nisbet <brian.nisbet at heanet.ie> > Cc: anti-abuse-wg at ripe.net > Message-ID: > <CAFpLVkyZQb0W3iCTMuq_uK3fBysQf8gHt8sP23MLypu3P4hriw at mail.gmail.com> > Content-Type: text/plain; charset=UTF-8 > > 2012/4/11 Brian Nisbet <brian.nisbet at heanet.ie>: > > Chris, > > > > "Chris" wrote the following on 11/04/2012 11:03: > >> > >> On 04/10/2012 05:18 PM, Joe St Sauver wrote: > >>> > >>> Maintenance of the database documenting who's been allocated/assigned > >>> space is *core* to RIPE's mission. > >> > >> > >> simply wrong. > >> ripe's core is allocation. that's what they do. your mission is your > >> private error. > > > > > Ripe's core is at least to provide **change management** over > contact on allocation of internet resources (IP, AS) so that > stakeholder's can cooperate, since internet protocols relies on swift > cooperation between entities. Imagine a world in which you cannot > reach a LIR or RIR having wrong BGP rules ? > > Furthermore, RIPE NCC is bound by its contract with ICANN in its > mission of allocating resources. I think reading the actual contract > might settle the topic pretty fast. > > Since I don't have the contract under my eyes right now, I will make a > simple reasoning based on public informations and personnal > experience. > > Let's stick to the common sense of database first : > *Data accuracy is the most important property of a database.* Ripe NCC > is entitled to manage the whois database, therefore it is in their > mission to ensure DB integrity. > > If it is not convincing enough, let's remember data accuracy is > considered by ICANN as a **MUST DO** for delegated entities (both for > gTLD and resources). > Just search ICANN web sites and you'll have extended papers explaining > why accuracy matters, and how this responsability is also delegated. > http://www.icann.org/en/gsearch/accuracy > > In a world without accurate whois contact it will be the the > strongest's rule that shall prevail. > > What tickles me is how can RIPE NCC bill instances they don't have the > **accurate** contacts ? Are there 2 DBs one for billing (with accurate > data) and another one for public access with inaccurate data ? > > RIPE NCC cant choose the parts it likes in its delegated mission from > ICANN. A contract is a contract and RIPE NCC is bound by its duties > regarding ICANN. If ICANN states RIPE NCC MUST have accurates data, > and MUST enforce internet policies I cannot see how RIPE NCC or RIPE > can decide it is does not fall into their responsabilities. > > Now, all everybody needs to know : > * what level of accuracy ICANN can realistcly expect from its delegates ? > * what are the internet policies ICANN mentions ? > > Cheers. > > -- > Jul > Experienced freelance for years (having worked for ISP). > > > > ------------------------------ > > Message: 2 > Date: Wed, 11 Apr 2012 16:08:11 +0200 > From: Frank Gadegast <ripe-anti-spam-wg at powerweb.de> > Subject: Re: [anti-abuse-wg] current business practices > To: "anti-abuse-wg at ripe.net" <anti-abuse-wg at ripe.net> > Message-ID: <4F85904B.8090203 at powerweb.de> > Content-Type: text/plain; charset=ISO-8859-1; format=flowed > > V > > >> > subpoena by deleting the wrong AS object from the database > > > >> ;o) > > > > > > > > Heh. ACK on the role. But I was thinking towards urging the ISP itself to take action (once you HAVE contacted them) on the abuse complaints. That's where the pressure of a lea agency can come in handy, if such a regulator is available. > > > > > > Well, the only possibility would be the police. > They do care here in Germany are kind of > technical disadvanced :o( > > There is some organizations this ISP is a member of > (like the ECO), and they have also a abuse clearing > board, but that one isnt really useful because > it never did anything against their members ... > > And why should they do something, they are not > responsible for the resources ... > > > Kind regards, Frank > > > > > Pepijn > > > > +++++++++++++++++++++++++++++++++++++++++++++ > > > > Disclaimer > > > > Dit e-mailbericht kan vertrouwelijke informatie bevatten of informatie die is beschermd door een beroepsgeheim. > > > > Indien dit bericht niet voor u is bestemd, wijzen wij u erop dat elke vorm van verspreiding, vermenigvuldiging > > > > of ander gebruik ervan niet is toegestaan. > > > > Indien dit bericht blijkbaar bij vergissing bij u terecht is gekomen, verzoeken wij u ons daarvan > > > > direct op de hoogte te stellen via tel.nr 070 315 3500 of e-mail mailto:mail at opta.nl en het bericht te vernietigen. > > > > Dit e-mailbericht is uitsluitend gecontroleerd op virussen. > > > > OPTA aanvaardt geen enkele aansprakelijkheid voor de feitelijke inhoud en juistheid van dit bericht en er kunnen > > > > geen rechten aan worden ontleend. > > > > > > > > > > > > This e-mail message may contain confidential information or information protected by professional privilege. > > > > If it is not intended for you, you should be aware that any distribution, copying or other form of use of > > > > this message is not permitted. > > > > If it has apparently reached you by mistake, we urge you to notify us by phone +31 70 315 3500 > > > > or e-mail mailto:mail at opta.nl and destroy the message immediately. > > > > This e-mail message has only been checked for viruses. > > > > The accuracy, relevance, timeliness or completeness of the information provided cannot be guaranteed. > > > > OPTA expressly disclaims any responsibility in relation to the information in this e-mail message. > > > > No rights can be derived from this message. > > > > > > > > > > > > > -- > > Mit freundlichen Gruessen, > -- > MOTD: "have you enabled SSL on a website or mailbox today ?" > -- > PHADE Software - PowerWeb http://www.powerweb.de > Inh. Dipl.-Inform. Frank Gadegast mailto:frank at powerweb.de > Schinkelstrasse 17 fon: +49 33200 52920 > 14558 Nuthetal OT Rehbruecke, Germany fax: +49 33200 52921 > ====================================================================== > > > > > ------------------------------ > > Message: 3 > Date: Wed, 11 Apr 2012 14:49:13 +0200 > From: Chris Heinze <Chris.Heinze at consol.de> > Subject: Re: [anti-abuse-wg] Introducing the RIPE NCC Report Form > To: anti-abuse-wg at ripe.net > Message-ID: <4F857DC9.8060905 at consol.de> > Content-Type: text/plain; charset=UTF-8 > > On 04/11/2012 02:13 PM, Brian Nisbet wrote: > >> ripe's core is allocation. that's what they do. your mission is your private error. > > > > http://www.ripe.net/lir-services/ncc/functions > > right, that sums it up nicely, thanks. > > > Once all of v4 space is allocated (soon now, soon), the primary job of the NCC and the other four RIRs will be keeping a good registry. > > ripe's job isn't defined by and doesn't depend on whether or not v4 space is completely allocated (which it btw probably never will). > keeping a good registry is as explained a service kindly provided by ripe to help - and it did that since the beginning. > > regards, > > Chris > > > > ------------------------------ > > Message: 4 > Date: Wed, 11 Apr 2012 15:29:17 +0200 > From: Gert Doering <gert at space.net> > Subject: Re: [anti-abuse-wg] current business practices > To: Suresh Ramasubramanian <ops.lists at gmail.com> > Cc: shane at time-travellers.org, Brian Nisbet <brian.nisbet at heanet.ie>, > anti-abuse-wg at ripe.net, Tobias Knecht <tk at abusix.com>, "Michele Neylon > :: Blacknight" <michele at blacknight.ie>, Laura Cobley <laura at ripe.net>, > Florian Weimer <fw at deneb.enyo.de>, Frank Gadegast > <ripe-anti-spam-wg at powerweb.de>, Gert Doering <gert at space.net> > Message-ID: <20120411132917.GN84425 at Space.Net> > Content-Type: text/plain; charset="us-ascii" > > hi, > > On Wed, Apr 11, 2012 at 06:50:02PM +0530, Suresh Ramasubramanian wrote: > > On Wed, Apr 11, 2012 at 6:32 PM, Frank Gadegast > > <ripe-anti-spam-wg at powerweb.de> wrote: > > > will receives this could please make a > > > telnet mamba.ripe.net 25 > > > from some IPs he own (best would be not using his or her usual IP, > > > if he or she likes, lets see how big that problem really > > > is, thats why I have to mail the most active people directly). > > > > suresh at frodo 03:54:25 :~$ telnet mamba.ripe.net smtp > > Trying 2001:67c:2e8:11::c100:1328... > > Trying 193.0.19.40... > > telnet: Unable to connect to remote host: Connection refused > > > > Things seem to be RIPE for a change eh? > > So, what exactly causes the assumption that mamba is supposed to be > reachable from the outside, on Port 25? > > $ host -t mx ripe.net > ripe.net mail is handled by 250 postlady.ripe.net. > ripe.net mail is handled by 200 postgirl.ripe.net. > > Now, obviously, expecting anti-spammers to understand about MX records > and how to read Received: lines might be asking for a bit much... > > Gert Doering > -- NetMaster > -- > have you enabled IPv6 on something today...? > > SpaceNet AG Vorstand: Sebastian v. Bomhard > Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann > D-80807 Muenchen HRB: 136055 (AG Muenchen) > Tel: +49 (89) 32356-444 USt-IdNr.: DE813185279 > -------------- next part -------------- > A non-text attachment was scrubbed... > Name: not available > Type: application/pgp-signature > Size: 306 bytes > Desc: not available > Url : https://www.ripe.net/ripe/mail/archives/anti-abuse-wg/attachments/20120411/76082102/attachment-0001.bin > > ------------------------------ > > Message: 5 > Date: Wed, 11 Apr 2012 13:32:48 +0000 > From: "Michele Neylon :: Blacknight" <michele at blacknight.ie> > Subject: Re: [anti-abuse-wg] current business practices > To: Gert Doering <gert at space.net>, Suresh Ramasubramanian > <ops.lists at gmail.com> > Cc: "shane at time-travellers.org" <shane at time-travellers.org>, Brian > Nisbet <brian.nisbet at heanet.ie>, "anti-abuse-wg at ripe.net" > <anti-abuse-wg at ripe.net>, Tobias Knecht <tk at abusix.com>, Laura Cobley > <laura at ripe.net>, Florian Weimer <fw at deneb.enyo.de>, Frank Gadegast > <ripe-anti-spam-wg at powerweb.de> > Message-ID: > <4F2538C315ACAC42AD334C533C247C47263EFF60 at bkexchmbx01.blacknight.local> > > Content-Type: text/plain; charset="us-ascii" > > So this list is now turned into an "experts" exchange on SMTP? > > *sigh* > > -- > Mr Michele Neylon > Blacknight Solutions > Hosting & Colocation, Brand Protection > http://www.blacknight.com/ > http://blog.blacknight.com/ > http://mneylon.tel/ > Intl. +353 (0) 59 9183072 > Locall: 1850 929 929 > Direct Dial: +353 (0)59 9183090 > Fax. +353 (0) 1 4811 763 > Twitter: http://twitter.com/mneylon > ------------------------------- > Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty > Road,Graiguecullen,Carlow,Ireland Company No.: 370845 > > ________________________________________ > From: Gert Doering [gert at space.net] > Sent: 11 April 2012 14:29 > To: Suresh Ramasubramanian > Cc: Frank Gadegast; Laura Cobley; Florian Weimer; anti-abuse-wg at ripe.net; Brian Nisbet; chrish at consol.net; shane at time-travellers.org; Michele Neylon :: Blacknight; Gert Doering; Tobias Knecht > Subject: Re: [anti-abuse-wg] current business practices > > hi, > > On Wed, Apr 11, 2012 at 06:50:02PM +0530, Suresh Ramasubramanian wrote: > > On Wed, Apr 11, 2012 at 6:32 PM, Frank Gadegast > > <ripe-anti-spam-wg at powerweb.de> wrote: > > > will receives this could please make a > > > telnet mamba.ripe.net 25 > > > from some IPs he own (best would be not using his or her usual IP, > > > if he or she likes, lets see how big that problem really > > > is, thats why I have to mail the most active people directly). > > > > suresh at frodo 03:54:25 :~$ telnet mamba.ripe.net smtp > > Trying 2001:67c:2e8:11::c100:1328... > > Trying 193.0.19.40... > > telnet: Unable to connect to remote host: Connection refused > > > > Things seem to be RIPE for a change eh? > > So, what exactly causes the assumption that mamba is supposed to be > reachable from the outside, on Port 25? > > $ host -t mx ripe.net > ripe.net mail is handled by 250 postlady.ripe.net. > ripe.net mail is handled by 200 postgirl.ripe.net. > > Now, obviously, expecting anti-spammers to understand about MX records > and how to read Received: lines might be asking for a bit much... > > Gert Doering > -- NetMaster > -- > have you enabled IPv6 on something today...? > > SpaceNet AG Vorstand: Sebastian v. Bomhard > Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann > D-80807 Muenchen HRB: 136055 (AG Muenchen) > Tel: +49 (89) 32356-444 USt-IdNr.: DE813185279 > > > > ------------------------------ > > Message: 6 > Date: Wed, 11 Apr 2012 18:50:02 +0530 > From: Suresh Ramasubramanian <ops.lists at gmail.com> > Subject: Re: [anti-abuse-wg] current business practices > To: Frank Gadegast <ripe-anti-spam-wg at powerweb.de> > Cc: shane at time-travellers.org, Brian Nisbet <brian.nisbet at heanet.ie>, > anti-abuse-wg at ripe.net, Tobias Knecht <tk at abusix.com>, "Michele Neylon > :: Blacknight" <michele at blacknight.ie>, Laura Cobley <laura at ripe.net>, > Florian Weimer <fw at deneb.enyo.de>, Gert Doering <gert at space.net> > Message-ID: > <CAArzuosp9co8UyZW9Cogo6ov_-qt9hy9WeYgTP7OmGOY0q5z5A at mail.gmail.com> > Content-Type: text/plain; charset=UTF-8 > > On Wed, Apr 11, 2012 at 6:32 PM, Frank Gadegast > <ripe-anti-spam-wg at powerweb.de> wrote: > > will receives this could please make a > > telnet mamba.ripe.net 25 > > from some IPs he own (best would be not using his or her usual IP, > > if he or she likes, lets see how big that problem really > > is, thats why I have to mail the most active people directly). > > suresh at frodo 03:54:25 :~$ telnet mamba.ripe.net smtp > Trying 2001:67c:2e8:11::c100:1328... > Trying 193.0.19.40... > telnet: Unable to connect to remote host: Connection refused > > Things seem to be RIPE for a change eh? > > -- > Suresh Ramasubramanian (ops.lists at gmail.com) > > > > ------------------------------ > > Message: 7 > Date: Wed, 11 Apr 2012 15:02:05 +0200 > From: Frank Gadegast <ripe-anti-spam-wg at powerweb.de> > Subject: Re: [anti-abuse-wg] current business practices > To: Laura Cobley <laura at ripe.net> > Cc: shane at time-travellers.org, Brian Nisbet <brian.nisbet at heanet.ie>, > anti-abuse-wg at ripe.net, Tobias Knecht <tk at abusix.com>, "Michele Neylon > :: Blacknight" <michele at blacknight.ie>, Florian Weimer > <fw at deneb.enyo.de>, ops.lists at gmail.com, Gert Doering <gert at space.net> > Message-ID: <4F8580CD.4000502 at powerweb.de> > Content-Type: text/plain; charset=ISO-8859-1; format=flowed > > Laura Cobley wrote: > > Dear Florian and all, > > Hi, > > (some details from our current experiences with RIPE NCC and accuracy > of the RIPE objects) > > we currently have one case where a really big German cablenet ISP > is having exacly one abuse-eMail address for their tech-c, abuse-mailbox > and admin-c, for all their objects. > > And this one email has a domain, what does not belong to the ISP > anymore, since November 2011, its currently owned by a domain grabber, > because the ISP deleted the domain on purpose (on behalf of a > change in the company name years ago). > There is no other working contact information (phone lets you end up at > their hotline where they have absolutly no idea about abuse), snail mail > is no option, fax number is not supplied. > > We tried mailing there peering contact, their normal customer email > from their website, filled their online feedback form and then > opened a normal ticket at RIPE NCC, were just told > to open another ticket at RIPE NCC and invested about 5 hours > already describing the problem at RIPE NCC. > Simply no chance, RIPE NCC is responding to tickets on a daily basis, > even during business hours (jesus, we will respond in about 5 minutes > if something serious like that will happen to our networks). > The interest at the RIPE NCC to fix database problems does not seem > to have any priority. > > Ah, I forgot: > the maillist server mamba.ripe.net has technical problems during > the last 3 weeks, we opened tickets for that as well and even > got a response once, still not fixed, the maillist server > is probably not reacheable for 90% of the members ... whoever > will receives this could please make a > telnet mamba.ripe.net 25 > from some IPs he own (best would be not using his or her usual IP, > if he or she likes, lets see how big that problem really > is, thats why I have to mail the most active people directly). > > So: abuse does not have priority in a lot of peoples heads those days, > even when they tell you that daily ... > > (we have about 100 abuse incidents with that ISP monthly and the ISP > even resides in the same country than we are, but its still, if they > reside on the other side of the moon, maybe I should demonstrate > if front of the office building with a big sign saying: > "you dont have a working abuse appartment") > > > Kind regards, Frank > > > > Over time, contact information in the RIPE Database can become outdated > > due to staffing changes, oversight and lack of knowledge on the part of > > the maintainer. Bringing the irregularity directly to the attention of > > this maintainer can be the quickest way to get it fixed. > > > > If you subsequently experience difficulties with this, we can help you > > to get in touch with the maintainer by forwarding your report to the > > person responsible for the Internet number resource registration. > > Handling reports is a normal part of our operations within the RIPE NCC > > and the report form makes it easier to get in touch with us. > > > > We ask you to include information such as mail delivery failure notices > > and copies of emails with headers, which clearly show the problem and > > the subsequent difficulties you are having. These help to substantiate > > the report. Our aim is to work together with you to further improve the > > quality of the data in the Internet number resource registry. > > > > Best regards, > > > > Laura Cobley > > RIPE NCC > > > > On 4/6/12 8:45 PM, Florian Weimer wrote: > >> * Laura Cobley: > >> > >>> Using this form, you can now easily report various issues, including > >>> abnormalities in Internet number resource registrations, to us for > >>> further investigation. > >> > >> I looked at "Incorrect contact information in the RIPE Database", and > >> "I confirm that I have reported the incorrect information to all of > >> the contacts listed in the relevant object" is a required checkbox. > >> > >> This seems to require that complainants try postal addresses, phone > >> and fax numbers before reporting errors in email addresses. Is this > >> really your goal? Isn't this a step backwards? > >> > > > > > > > > > -- > > Mit freundlichen Gruessen, > -- > MOTD: "have you enabled SSL on a website or mailbox today ?" > -- > PHADE Software - PowerWeb http://www.powerweb.de > Inh. Dipl.-Inform. Frank Gadegast mailto:frank at powerweb.de > Schinkelstrasse 17 fon: +49 33200 52920 > 14558 Nuthetal OT Rehbruecke, Germany fax: +49 33200 52921 > ====================================================================== > > > > > End of anti-abuse-wg Digest, Vol 8, Issue 9 > ******************************************* -------------- next part -------------- An HTML attachment was scrubbed... URL: </ripe/mail/archives/anti-abuse-wg/attachments/20120411/84f03ea8/attachment.html>
- Previous message (by thread): [anti-abuse-wg] Introducing the RIPE NCC Report Form
- Next message (by thread): [anti-abuse-wg] anti-abuse-wg Digest, Vol 8, Issue 9
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]