This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/anti-abuse-wg@ripe.net/
[anti-abuse-wg] Please unblock 80.71.128.0/20
- Previous message (by thread): [anti-abuse-wg] Please unblock 80.71.128.0/20
- Next message (by thread): [anti-abuse-wg] proberry.de
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Frank Gadegast
ripe-anti-spam-wg at powerweb.de
Thu Jan 24 14:44:21 CET 2013
Thilo Bangert wrote: Hi, > On Thursday, January 24, 2013 06:19:40 PM you wrote: >> Someone got a whole /20 with the justification that he wanted to ddos >> Israeli websites? > > ah, sorry - it wasnt RIPE telling us that the subnet had been used for > hacking. how would they know? That made me really laugh (5 seconds later it nearly made me cry) ... RIPE NCC should be the FIRST organization to know about misuse of any network in their region and not the last ... Thats what our group should work on. BTW: the German government thinks about a regulation, that any hack on an organization server HAS to be reported to the government, when personal data has been lost. Whats about a regulation than misuse of RIPEs resources HAS to be reported to RIPE NCC ? Sounds like a similar approach. At least brnic does something like this by adding a % Security and mail abuse issues should also be addressed to % cert.br, http://www.cert.br/, respectivelly to cert at cert.br % and mail-abuse at cert.br to all there whois output. Kind regards, Frank > We received such information from networks where we were successfull in > removing the null route. > > so, no - nobody got a /20 with the justification that he wanted to ddos > Israeli websites. > > thanks > Thilo > >> >> --srs (htc one x) >> >> On 24-Jan-2013 6:05 PM, "Thilo Bangert" <thilo.bangert at gmail.com> wrote: >>> Hi, >>> >>> we were, a little more than 2 years ago, allocated above subnet and have >>> since >>> struggeled with it, since apparently its previous owner had not treated it >>> well. >>> >>> While it appears that many of the GeoIP issues have been fixed -- its >>> surprising how many sites are out there which NEVER update their maxmind >>> or >>> other databases -- we still have reachability issues, especially into >>> Israeli >>> networks. It has been communicated to us that the past owner had >>> notoriously >>> attacked Israeli websites, which is why the netblok 80.71.128.0/20 had >>> been >>> null routed. >>> >>> One of the websites our customers complain about not being able to view is >>> http://www.english.machonmeir.net/ were we cant get to the DNS server >>> which >>> lives at 62.219.11.42. Trying to reach someone from the other network has >>> thus >>> far not been fruitful. Any help in establishing communication is greatly >>> appreciated. >>> >>> If you null route, could you pleae check whether you are blocking our >>> subnet, >>> and if so kindly reevaluate that decision. >>> >>> Thank you for your help. >>> >>> kind regards >>> Thilo > >
- Previous message (by thread): [anti-abuse-wg] Please unblock 80.71.128.0/20
- Next message (by thread): [anti-abuse-wg] proberry.de
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]