This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/anti-abuse-wg@ripe.net/
[anti-abuse-wg] RIPE Autonomous System Numbers
- Previous message (by thread): [anti-abuse-wg] RIPE Autonomous System Numbers
- Next message (by thread): [anti-abuse-wg] RIPE Autonomous System Numbers
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Suresh Ramasubramanian
ops.lists at gmail.com
Wed Nov 5 02:12:09 CET 2014
I thought it was more like "we will set up a shell company by paying some random guy in a bar drinking money to use his ID and register one". At least if we're talking of a certain european country with LIRs known for handing out /14s earlier, smaller but still significant IP blocks now, to some "high volume email deployers" among others. Most of what you ask is, I suspect, doable if people decide to forget that "we're not the internet police" trope. And if there's more active participation from the security and abuse handling side of various RIPE members rather than just their network and DNS people. --srs On Wed, 5 Nov 2014 at 06:07 Ronald F. Guilmette <rfg at tristatelogic.com> wrote: > > In message <5459613B.6010604 at iszt.hu>, > Janos Zsako <zsako at iszt.hu> wrote: > > >I will try to answer some of your questions. > > Thank you. > > >>>> Given some arbitrary record which is stored within the RIPE WHOIS > >>>> data base, such as an organization (ORG-*) record or a record for > >>>> a number resource, such as an AS, how can I determine the date on > >>>> which that record was created? Do I just look for the earliest > >>>> date found in any of the associated changed: fields? > >>... > >I guess there is no good answer to this. As far as I can tell, you have no > >means to find out when an object was first added to the database > >(i.e. created). The earliest changed: field usually gives you only an > upper > >limit (i.e the object is most probably not younger than that date). > > > >You can also look at the historical data of the object, see > >https://labs.ripe.net/Members/kranjbar/proposal-to- > display-history-of-objects- > >in-ripe-database > >however, this does not necessarily help either. > > > >As far as I know, the RIPE NCC, however, in a given case, could tell you > >exactly when the given object was created. > > Thanks, but that begs the question... What exactly do you mean by "case" > in this context? > > (I _had_ vaguely hoped that I might be able to do at least some very > modest and very preliminary investigation of some fishy goings on, > *without* having to initiate a full blown and formal legal proceeding > in order to do so. But it is looking more any more as if RIPE NCC is > not making available even some very basic types of information... e.g. > age... about the objects in its data base. Over here on this side of > the pond, we have a name for this. It's called "hiding the ball.") > > >There are, however, plans to introduce new attributes (created: and > >last-modified:) that would replace the (rather useless) changed: > attribute. > > That will be helpful. > > (Of course, it will be even more helpful if those things actually make > their debut within my lifetime.) > > >> Same again. I am rather astonished that not a single person within > >> a group focused on dealing with network abuse issues within the RIPE > >> region can even say how to find the LIR that issued a given AS. > > > >This is probably due to the fact that there is no such data available > >in the database. You can make some assumptions, but these may be wrong > > So there is no trace... no chain of documentation on how an AS got to > be an AS. Is that correct? Is that really what you are telling me? > > (Where I live, it is necessary to obtain a formal written license from > the state, even if all you want to do is to cut people's hair in exchange > for money. And the relevant documents get filed, in triplicate, and are > available for public inspection in Sacramento. Given what we all know > these days about the kind of damage that can be caused, throughout the > world, and for millions of people and companies, e.g. by a "rogue" AS > operator, I remain both stunned and mystified that in the RIPE region, > no documentation is available on how a given AS came to be.) > > >A question comes to my mind, however, why do you care about who issued > >a given AS? I would think that from an abuse point of view who _uses_ the > AS > >is much more relevant. > > The answer to the question in the first sentence just above is contained > in the second sentence just above. > > I want to know who registered a given AS. And I would like to know how > they demonstrated that they were indeed who they said they were (and/or > I'd like to know if the LIR even bothered to check). > > Remember, I also asked this: > > >>>> What sorts of credentials or bona fides must or should applicants > >>>> who are requesting AS number allocations provide to the RIPE LIR > >>>> which processes the request(s)? > > > At the present moment, it appears to me that a drunken one-eyed sailor > can simply show up in the offices of certain LIRs in certain European > cities, claim to have lost his wallet, driver's license, birth certificate, > and all other forms of identification, and then can ask for his own AS, > which will be awarded to him on the spot, and without any of those silly > annoying questions of the kind those stupid impolite Americans are in > the habit of asking... like for instance who he actually is or whether > or not he had ever been convicted of murdering anyone. > > Alternatively, if you call in to the right LIR(s) and simply pretend to > be some famous big-name movie star who is well known within the country > in question, then in deference to your status, they will give you your > AS, no questions asked... and none of that annoying paperwork stuff. > > > Regards, > rfg > > > P.S. I _would_ just simply ask RIPE NCC for the info I'm seeking, but > past experience suggests to me that if I did that, their first response > would most probably be to start to grill _me_, e.g. asking me who I am > and why I want to know. Then in the end, they would go off and do their > own sooper sekrit investigation, and never tell me a single blessed thing. > > -------------- next part -------------- An HTML attachment was scrubbed... URL: </ripe/mail/archives/anti-abuse-wg/attachments/20141105/3f78b06f/attachment.html>
- Previous message (by thread): [anti-abuse-wg] RIPE Autonomous System Numbers
- Next message (by thread): [anti-abuse-wg] RIPE Autonomous System Numbers
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]