[anti-abuse-wg] New Abuse Information on RIPE NCC Website

Ripe is a bookkeeper, not a law enforcer. and I guess we had enough
law enforcer around every of us.

On Tue, Jun 18, 2013 at 5:09 PM, Brian Nisbet <brian.nisbet at heanet.ie> wrote:
>
> Suresh Ramasubramanian wrote the following on 18/06/2013 15:22:
>
>> As a thought experiment, if Furio were to remove LIRs from Eastern
>> Europe, in particular, Romania, from his list below, what would RIPE
>> NCC's figures fall to?
>>
>> Most of those /14s are swipped and then re-swipped to a succession of
>> shell companies that appear to remain valid for the minimum possible
>> duration - and are typically (as creating a shell company in romania
>> requires valid ID) set up by the simple expedient of walking into a bar
>> and paying a guy there a few euro to get him to use his ID to set up the
>> shell company.
>>
>> So even "a much larger number of customers in the RIPE region" is a
>> figure that you would have to allow for substantial inflation in, when
>> you consider these numbers.
>
>
> There is no question in my mind that there is a massive problem in the RIPE
> NCC service region, just as there is elsewhere. I'm not convinced that
> there's any good in comparing them, rather we should admit that there is
> such a problem.
>
> I remain to be convinced that we will ever reach an agreed definition of
> network abuse, but I do think there are types of activity that are generally
> agreed to be abusive. But even with these, do we want the NCC to say "Ah,
> you have operated a botnet to crack credit card numbers, we will now
> deregulate!" I do not believe we will ever reach consensus on such a policy.
>
> I *do* believe that there should be more rigour involved in obtaining
> addresses, but there you also have a problem of national law. If a state
> says "this company is a legitimate company" does the NCC have any right to
> argue?
>
> Ronald, I ask this sincerely, and I apologise if I missed it before, but
> what is your definition of 'network abuse'? I'm not asking this to call you
> out, I'm genuinely interested. I know why definitions are important, but I
> also know how hard they can be and given the limitations of what the NCC can
> do (and what I, as an operator, want it to do) I'm not sure how much use it
> will actually be to pursue such a thing.
>
> Are there other ways of looking at this, of tackling it, that have more
> chance of success?
>
> Brian
>



-- 
--
Kind regards.
Lu

This transmission is intended solely for the addressee(s) shown above.
It may contain information that is privileged, confidential or
otherwise protected from disclosure. Any review, dissemination or use
of this transmission or its contents by persons other than the
intended addressee(s) is strictly prohibited. If you have received
this transmission in error, please notify this office immediately and
e-mail the original at the sender's address above by replying to this
message and including the text of the transmission received.