This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/anti-abuse-wg@ripe.net/
[anti-abuse-wg] Russian carding... no, Islandic carding... no Belizian carding!
- Previous message (by thread): [anti-abuse-wg] Russian carding... no, Islandic carding... no Belizian carding!
- Next message (by thread): [anti-abuse-wg] Russian carding... no, Islandic carding... no Belizian carding!
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
andre at ox.co.za
andre at ox.co.za
Tue Aug 9 14:58:38 CEST 2016
On Tue, 09 Aug 2016 17:35:24 +0530 Suresh Ramasubramanian <ops.lists at gmail.com> wrote: just to also properly respond to you, Suresh > [applause] > applause at what? Content police? Trademark dispute Police? Copyright dispute Police? Decide what is or what is not acceptable content? For example: we are supposed to do what "Google" is doing? Decide what is abuse (yet it is okay if we are the abuse ourselves? ) That we now have to decide the age of a porn actor, is he/she/it 17 or 18 years old? (One is child porn and the other is legal) - and then to also verify what content is legal in some areas and what is illegal in other areas?) that we now have to decide which trademark is the strongest, the one registered in Greece or the one registered in the UK, so that we can "null route" the traffic to the illegal domain name? > > IP addresses are in short enough supply that this would be breach of > fiduciary trust, if we were talking about a bank manager and loans, > rather than allocating IP addresses. > (and no, don’t tell me v6 – there’s far more of this going on there, > and that is something we will regret a few decades or less down the > line). > Oh, and for those of you who want to trot out that “we are not the > internet police” meme .. keep at it. We’ll all collectively regret > it some day. > No, there is actual real Police and law enforcement in all the Subject line countries. These countries (societies) all have laws, law enforcement as well as courts and prisons. What we should discuss is our own internal Abuse/Crime Intelligence/etc policies: 1. When we find crime, child porn, credit card scams, etc on networks, we should immediately report it to the Police in the jurisdiction where the data is. We must not, discuss this on a public list before the Police has at the very least, had the opportunity to first ensure that they have secured the data/servers/evidence that may be required to prosecute. 2. If, after a reasonable amount of time, we receive no feedback (as in back off, we are investigating this - or we are busy prosecuting or whatever) then we should do what? If the ISP or resource holder is actually guilty of a crime or is non responsive or non co-operative with law enforcement then of course I do agree that it is resource abuse and that should have consequences, but you cannot simply find a random domain, note content on it that seems as if there may possibly be criminal activity and/or abuse. It seems that they are offering to spam - do they actually spam? I also publish http://ascams.com I cannot publish anything about this website or this content on there as their is simply no due process, no proof of actual illegal activity, no actual trial, guilt, verdict, etc. So, [Applause] you say? We should start filtering/editing/censoring content deciding to 'null-route' entire IP ranges because of our content decisions? seriously? We can also maybe build a huge wall around our networks? Maybe we should not route any traffic that we have not properly inspected? Now if we can just get those pesky Mexicans to pay for our walls... > > > From: anti-abuse-wg <anti-abuse-wg-bounces at ripe.net> on behalf of > Sergey <gforgx at fotontel.ru> Date: Tuesday, 9 August 2016 at 5:32 PM > To: <andre at ox.co.za>, <anti-abuse-wg at ripe.net> > Subject: Re: [anti-abuse-wg] Russian carding... no, Islandic > carding... no Belizian carding! > > > > Are you blind, Andre? > > Okay, I'll cite the website rfg has pointed at for you then: > > > Hacking services > > > Email marketing - SPAM (the Russian text says it clearly: "spam > > sending services") > > > Malware & Coding > > > Sell CC & DUMPs, Enroll, Bank accounts, DOB+SSN > > That is okay, you think? I don't think so. I think this mailing list > is intended to deal with all of this. > > Don't be pretend to be a fool by sending links to pages which are > innocent in comparison this. It's not about TLDs. It's about the > content. > > On 08/09/16 14:24, andre at ox.co.za wrote: > Agreed. > > I do not understand what Ronald F. Guilmette is complaining about or > even what this thread is about... > > I own some and operate many other .com domains, I also operate .me > (like example https://wishes.me ) > > Speaking of which, I recently created this: > https://about.me/andrecoetzee - kinda cool! no? > > this does not mean that I am pretending to be in Montenegro, just that > some countries are more open, free and forward thinking and that some > domain tld's are suitable for custom type names, for example .is > and .in and others. > > So, as I said, I have absolutely no idea what the initial post is even > about at all, maybe Ronald F. Guilmette can point out the ABUSE that > will be super helpful and not seem like such a complete waste of time. > > Andre > > On Tue, 9 Aug 2016 13:11:21 +0200 > Volker Greimann <vgreimann at key-systems.net> wrote: > > Speaking on general terms, not on the specific website, anything you > cite could also occur in a legit website. In a globalized world, > users are free to deal with any service provider they trust and > register domains in any TLD they chose. There is nothing fishy about > that per se. > > The domain name string you cite is quite a nice string, which > probably was not available in many TLDs anymore. Further, the TLD > sting. ".is" can be used as a hack as it is an English language word. > > Just my 2 cents, > > Volker > > > Am 09.08.2016 um 05:14 schrieb Ronald F. Guilmette: > https://www.verified.is/ (Gee! Big surprise! Russian language > only.) -> .IS = Iceland > -> 82.221.130.101 > > That site is obviously all written in Russian, but it is resident on > a little /26 IP address block that's pretending to be owned by a > Belizian company. (See below.) But of course, it's actually > physically sitting in a data center somewhere in Iceland, and on an > Icelandic AS. > > I am seeing this kind of thing almost every day now... bullshit > domains sitting on bullshit networks, almost always in RIPE IP > space, but all claiming to be in either Belize or UAE. > > I've given up any hope that posting any of this kind of information > here will have any impact on anything, ever. A part of me wants to > scream "Which part of this repeating pattern do you folks not > understand?" but I know that doing so here is pointless. So I'm > really only posting this here so that later on, nobdy can say to me > "Gee Ron, why didn't you ever say anything to anybody about that?" > > I did say something. In fact I said plenty... about both Belize > and UAE. It's not my fault if everybody with power and influence > within RIPE continued to ignore the now all-too-obvious patterns > because the self- evident truths about what's been going on doesn't > suit their own financial interests. > > > Regards, > rfg > > P.S. At least the .IS domain administrators are looking at possibly > suspending the doamin name on the grounds that the registration info > "isn't accurate". I commend them for that. That's one hell of a > lot more than the network operator (AS50613, Advania) is willing to > do. Advania didn't even have the courtesy to answer my email, even > if only to tell me to go pound sand. > > ========================================================================= > inetnum: 82.221.130.64 - 82.221.130.127 > netname: ORANGEWEB > descr: OrangeWebsite.com - Network > org: ORG-IL351-RIPE > country: IS > admin-c: OTD3-RIPE > tech-c: OTD3-RIPE > status: ASSIGNED PA > mnt-by: MNT-ADVANIA > created: 2016-01-27T15:08:11Z > last-modified: 2016-01-27T15:08:11Z > source: RIPE > > organisation: ORG-IL351-RIPE > org-name: Icenetworks Ltd. > org-type: OTHER > address: 60 Market Square > address: Belize City, Belize <== I hope they speak Russian > down there! e-mail: sales at orangewebsite.com > abuse-c: OTD3-RIPE > mnt-ref: MNT-ADVANIA > mnt-by: MNT-ADVANIA > created: 2014-11-05T10:30:10Z > last-modified: 2014-11-05T10:46:28Z > source: RIPE > > role: OrangeWebsite.com Technical Department > address: OrangeWebsite.com > address: Klapparstigur 7 > address: 101 Reykjavik > address: Iceland > abuse-mailbox: abuse at orangewebsite.com > e-mail: support at orangewebsite.com > admin-c: AK12182-RIPE > tech-c: AK12182-RIPE > mnt-by: MNT-ADVANIA > nic-hdl: OTD3-RIPE > created: 2013-12-16T09:41:11Z > last-modified: 2013-12-16T09:41:11Z > source: RIPE > > % Information related to '82.221.128.0/19AS50613' > > route: 82.221.128.0/19 > descr: Advania / Thor Data Center > origin: AS50613 > mnt-by: THOR-MNT > mnt-lower: THOR-MNT > created: 2013-07-30T12:15:23Z > last-modified: 2013-07-30T12:15:23Z > source: RIPE > > > > >
- Previous message (by thread): [anti-abuse-wg] Russian carding... no, Islandic carding... no Belizian carding!
- Next message (by thread): [anti-abuse-wg] Russian carding... no, Islandic carding... no Belizian carding!
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]