[anti-abuse-wg] anti-abuse-wg Digest, Vol 49, Issue 8

By Sander Steffann
>How do you propose to distinguish people/companies with bad intentions (for 
>some value of bad, let's assume "planning to send spam") from normal 
>companies?

With a crystal ball or being victimized of them. As a victim - with disabled 
WPOISON - you may denounce and evaluate the company's behavior, but prepare 
to report the same spammer at the same ISP again and again and again. But 
you will know who is who and will archive evidence.

Sander, the Ronald name is not Roland.

Ronald, the situation you are describing seems to be evading taxes. All this 
mystery would not have intended to avoid payment of rates required by law 
and for years? Spam has not yet been criminalized, but tax evasion, send to 
prison.

What Brian Krebs ex-Washington Post would say about it? “With a small bit of 
Googling I…”  I would say, ask the Olga! You don't know who Olga is? Well, 
ask the RIPE!

I denounced IBM-SoftLayer for Krebs. He was very condescending citing 
Spamhaus: “We believe that SoftLayer, perhaps in an attempt to extend their 
business in the rapidly-growing Brazilian market, deliberately relaxed their 
customer vetting procedures,” they confused greed with carelessness or 
wanted be sympathetic.

The concern of Ronald regarding the identification of these authors is 
legitimate and should be a concern of those who want a clean internet. All 
Brazilian professional spammers appear in the WHOIS record with address and 
false phone. All, without exception. In whose interest is that situation? 
Without these data the victims of spammers feel helpless, they dont have one 
to turn to because the spam has not been criminalized. And in this dishonest 
environment the goal of ISPs is achieved by increasing the traffic on the 
Internet.
Softlayer, IBM, Spamhaus, KrebsonSecurity são partes desse problema:

http://krebsonsecurity.com/2015/10/ibm-runs-worlds-worst-spam-hosting-isp/

I wrote:
>>Michele, you are certainly a clever and apparently competent person in 
>>your role…

Sander replied:
>Marilson, I find this extremely inappropriate and even disgusting. Such 
>personal attacks, insults and threats do not belong here (or anywhere else)

Michele, you are NOT a clever and apparently competent person in your role…

Tell me Sander, did you kill today, some refugee child or kicked?

BTW. I'm exceedingly serious too. And, as an architect, I dont design 
environments to injure, irritate or damage people as you do. Mr. Fox, your 
activity, your actions and the consequences on the population of our planet 
does not give you the right to be arrogant or pass moral lesson. In your 
position I would die of shame. Scott Richter is part of your roll of 
friends? Shame on you!

Brian Nisbet, my dear, Now I Know, your words sound like a poem, but you 
died on May 04. My condolences!

There is a moral to this dastardly deed
I’ll tell you in just a smidgeon,
to flying fish of all species take heed
it’s a tale as old as the venerable Bede
be ware of organised companions.

No memories
Marilson


-----Mensagem Original----- 
From: anti-abuse-wg-request at ripe.net
Sent: Tuesday, November 03, 2015 9:00 AM
To: anti-abuse-wg at ripe.net
Subject: anti-abuse-wg Digest, Vol 49, Issue 8

Send anti-abuse-wg mailing list submissions to
anti-abuse-wg at ripe.net

To subscribe or unsubscribe via the World Wide Web, visit
https://www.ripe.net/mailman/listinfo/anti-abuse-wg
or, via email, send a message with subject or body 'help' to
anti-abuse-wg-request at ripe.net

You can reach the person managing the list at
anti-abuse-wg-owner at ripe.net

When replying, please edit your Subject line so it is more specific
than "Re: Contents of anti-abuse-wg digest..."


Today's Topics:

   1. Re: WHOIS (AS204224) (Sander Steffann)


----------------------------------------------------------------------

Message: 1
Date: Tue, 3 Nov 2015 11:48:50 +0100
From: Sander Steffann <sander at steffann.nl>
To: "Ronald F. Guilmette" <rfg at tristatelogic.com>
Cc: anti-abuse-wg at ripe.net
Subject: Re: [anti-abuse-wg] WHOIS (AS204224)
Message-ID: <7780CEC5-E3EF-444B-A734-8DE4DFB571EA at steffann.nl>
Content-Type: text/plain; charset=us-ascii

Hi Roland,

> The old saying is "The best is the enemy of the good".  Validation and/or
> verification of RIPE WHOIS data can be improved, even though any system
> which attempts to do so most probably cannot be made foolproof.

Ok

> No.  You're still thinking in terms of constructing an iron-clad and
> absolutely foolproof system that utterly prevents all fraud.  I'm
> suggesting a system with vastly less ambitious goals, one which would
> simply check that the voice phone number for a given person or entity
> listed in the RIPE WHOIS db *isn't* simply disconnected, out-of-service,
> the number of a FAX machine, the number of a company or individual whose
> identity has been stolen, or the number of an unrelated brothel in
> Amsterdam.   That alone would be a vast improvement over the current
> status quo, I think.

Agreed

> Similarly, in the case of mailing addresses, either RIPE NCC or the LIRs
> could check the data base of one of the aforementioned service bureaus
> that serve that mailing industry, to see if the addresses in RIPE WHOIS
> records even exist.  A clever crook will still put in the address of
> some vacant lot somewhere, or maybe his local meat market or police
> station, but at least we wouldn't be looking at "123 Galaxy St., Mars,
> The Universe" and such utter nonsense as that.

NASA is going to be so disappointed ;)
But seriously: I agree

>> My apologies. I didn't mean to imply that accuracy of the RIPE DB is a
>> mere detail. That accuracy has been the reason behind quite a few
>> policies! I meant to say that policy doesn't contain implementation
>> details. The way a policy is implemented is left to the RIPE NCC. The
>> policy just says that contact information has to be up to date.
>
> I want to understand.  Are you saying that RIPE NCC could unilaterally
> just decide to start performing phone verification of contact points
> listed in the WHOIS data base?

It probably would need a mandate from its members to approve the extra 
budget for implementing those checks etc. But I don't see why they couldn't.

> Even for amateur sleuths such as myself, every additional data point
> helps during an investigation.  The example of AS204224 is illustrative.
> If I knew for certain that someone had positively validated the phone
> number when that AS has been assigned in July, then I would also know,
> almost to a moral certainty, that the company itself, and not some
> identity thief, was the party engaged in the recent routing hanky
> panky.

Understood

> You are thinking about formal, government-held business records.  I myself
> am not.  Official government business records, when available, are helpful
> to investigations.  But if they aren't available, then they aren't, and
> that's all there is to it.  You work with what you have.

+1

> OK.  I promise not to attach too much value to a validated phone
> number.  Seriously, I agree with you that checking the phone number
> isn't a panacea, but it's better than nothing.

Glad we're agreeing :)

> I apologize.  You are correct,   That comment on my part was utterly
> uncalled for, and I would very much like to retract it.

Consider it retracted :)

> But I hope that you understand my sensitivity.

I do. Sometimes when discussing difficult subjects the wording can get a bit 
too strong. I can deal with that, and I know you have good intentions.

I now understand your ideas better, and understand that you are looking for 
a first step in improving the database accuracy. Not looking for a complete 
solution as I was :)  I think we reached the point where we should ask the 
RIPE NCC on their opinion on this and to see what they think is doable.

Cheers,
Sander




End of anti-abuse-wg Digest, Vol 49, Issue 8
********************************************