This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/anti-abuse-wg@ripe.net/
[anti-abuse-wg] the mandatory abuse field
- Previous message (by thread): [anti-abuse-wg] the mandatory abuse field
- Next message (by thread): [anti-abuse-wg] Public Status of AA-WG Mailing List (was Re: the mandatory abuse field)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Frank Gadegast
ripe-anti-spam-wg at powerweb.de
Fri Aug 3 10:20:04 CEST 2012
Dan Luedtke wrote: Hi, > On Sat, Jul 28, 2012 at 9:19 PM, Frank Gadegast > <ripe-anti-spam-wg at powerweb.de> wrote: >> Anybody, who is against a mandatory abuse field, >> is a professional spammer, abuser, maintains >> a bot net or sells open proxies or other services >> used for abusing others. >> They are criminals to my opinion. > > Hopefully your opinion stays where it is, and you don't start calling > people criminal for not supporting a mandatory field in a database > that is full of fake data. Well, you have either none and fake data, like it is now or you make it mandatory and will have correct data (but a lot will be unread). Whats better ? > In my country, calling people criminal in public violates the law. > We happen to live in the same country, don't we, Frank? Sure, and its always puzzeling me, that a lot of people do not know the law in their country even when its regulating their profession. (btw: this list is not public at all, open to everybody, but not public, its like a big garden party and every friend is invited) > I know abuse sucks The abuse does not suck, the ignorance of responsible people does (next real life story below). > and it's natural to become bitter and angry about > those *&#(@ that eat up valued resources, but we re talking about a > database change that would not help at all if we'd change it from > "optional" to "mandatory". Just more mails bouncing back. > It's not the "abuse field" I am against, it's the "mandatory" since it > would impact workflows seriously and Hm, are you in trouble, that every member now has to ask his customer for an abuse address, when creating a subdelegation for them ? Thats not really changing the "workflow" a lot ... Or whatever else "workflow" do you mean ? And who cares how much additional work members and subdelegation admins have with additional abuse reports ? You have to prevent crime in a lot of countries in the RIPE region anyway, see below ... > create much more trouble than it avoids. Please explain that somehow generic argument. Please give us a summary of your point of view. And now the real live story: 2 days ago a customers nameserver serving a good bunch of domains was DDoSed through a botnet. The attackers did send UDP packets asking for always the same hostname but faked the sender address to DDoS a third party. Surely our customers nameserver did not answer, because its was not asked for a hostname they serve, so no third party was harmed, but the load was immense and troubling the server a lot until we could filter the real source IPs via NetFlow. The bots were mostly located in the usual countries, like India, China, Korea, Kazachstan and worldwide, we did send reports to the responsible admins (well there are nearly none in Kazachstan. Who knows, why they mostly have none there ? somebody from Kazachstan on the list here ?) There were also some in Germany, but only a few. One ISP (a quite big German ISP) wrote us back, that they are only forced by law to store, wich of their customer is using what address at a given time, if they would need it for billing. But they do not need it for billing, because they only offer flatrates. Thats why they cannot find out, wich customers PC has a bot and could not help. Well, wrong. In Germany you have to prevent computer crime, when its easy to detect and easy to prevent and you have knowledge, otherwise you are a "Mitstoerer". Sure you can argue, that you do not have to log anything in general to enforce data protection, but you will defny have to turn logging on, after you have knowledge and this attack is ungoing and the IP (well the IP changes daily, but there is still one IP from this ISP part of the attack). You can easily log, wich customer is logged in at a given time using what IP and you can change his logging password easily and wait for the customer to call to explain the situation to him. So, easy to detect and easy to prevent and you can log only after you are informed about the problem and only to prevent the crime. The case is already reported to the police, lets see how quick they will have a working abuse team in place ... Kind regards, Frank > > Regards, > > Dan > > > -- Mit freundlichen Gruessen, -- MOTD: "have you enabled SSL on a website or mailbox today ?" -- PHADE Software - PowerWeb http://www.powerweb.de Inh. Dipl.-Inform. Frank Gadegast mailto:frank at powerweb.de Schinkelstrasse 17 fon: +49 33200 52920 14558 Nuthetal OT Rehbruecke, Germany fax: +49 33200 52921 ======================================================================
- Previous message (by thread): [anti-abuse-wg] the mandatory abuse field
- Next message (by thread): [anti-abuse-wg] Public Status of AA-WG Mailing List (was Re: the mandatory abuse field)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]