This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/anti-abuse-wg@ripe.net/
[anti-abuse-wg] Straw-man abuse reporting system (was: New on RIPE Labs: Botnets: As We See Them in 2017)
- Previous message (by thread): [anti-abuse-wg] New on RIPE Labs: Botnets: As We See Them in 2017
- Next message (by thread): [anti-abuse-wg] Straw-man abuse reporting system (was: New on RIPE Labs: Botnets: As We See Them in 2017)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Shane Kerr
shane at time-travellers.org
Fri Aug 4 09:49:59 CEST 2017
Hello Phishing, The RIPE NCC cannot "suspend" anyone. There is no "ISP License", at least not from the RIPE NCC. They could, however, revoke resources (address space and ASN) or increase fees. In order for such a system to be effective, you would need to define what "respond appropriately" means. Also, one would need a way to verify that the complaints were valid, to prevent evil or ignorant people from using the complaint system against responsible ISP's. These things are tricky to get correct. They are expensive, and make both the RIPE NCC and the abuse reporter potentially legally liable for damages. They also tend to be hard to change once in place (notice that phone number is still required on RIPE person objects in the RIPE Whois database, while e-mail address is optional). In the past that this has come up, nobody who wants a system of accountability has produced workable, concrete proposals. As my first boss told me long, long ago: "It's easy to criticize, but hard to create." I can imagine a relatively simple system though. Here's a straw-man proposal: * RIPE NCC members can report abuse by other RIPE NCC members via a web portal. The abuse report identifies both members, and is visible to both of them. RIPE NCC staff may access reports if either member requests it, but reports are otherwise confidential. Abuse reports are kept for 12 months and then deleted. * Abuse reports must be responded to within 72 hours using the web portal. Every late response results in a warning. * After 3 calendar months where warnings are received each month, the member is put on notice. No new resources can be allocated or transferred to or from the member until a month has passed without late responses. The member is given a list of abuse reports for the 3 month period. * After a year where warnings are received each month, the membership is revoked, and their resources returned to the RIPE NCC for allocation. The former member is given a list of abuse reports for the 12 month period. * The RIPE NCC Arbiters Panel resolves any disputes. Note that this does nothing to prevent ISP's from just clicking "abuse report handled", but it does require ISP's take some action. It also requires that non-members convince a member to make a complaint on their behalf. It is somewhat resistant against people making false claims, since both parties know who made the complaint. It preserves privacy since claims are not published. It gives some time for ISP's to sort things out, but has hard limits. It also has the drawback (or benefit) of not defining abuse. This proposal is flawed and thrown out here when I'm cutting back on caffeine. But I think it shows that maybe a system can be put in place. Cheers, -- Shane At 2017-08-03 20:51:15 -0700 " " <phishing at storey.xxx> wrote: > Well it would help if RIPE introduced a policy of accountability, that saw ISP's suspended if they don't respond appropriately to abuse complaints regarding said botnet infections............ > > > -------- Original Message -------- > > Subject: [anti-abuse-wg] New on RIPE Labs: Botnets: As We See Them in > > 2017 > > From: Vesna Manojlovic <BECHA at ripe.net> > > Date: Thu, August 03, 2017 3:54 am > > To: RIPE Anti-Abuse WG <anti-abuse-wg at ripe.net> > > > > Dear colleagues, > > > > As a part of his research into detecting malicious network activities, > > Alireza Vaziri is sharing his network/system engineer experiences on > > defend network's infrastructure from outages. > > > > Please read about it in this new article on RIPE Labs: > > https://labs.ripe.net/Members/alireza_vaziri/botnet > > > > Regards, > > Vesna Manojlovic > > Community Builder > > RIPE NCC > > > > > > -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 833 bytes Desc: OpenPGP digitale handtekening URL: </ripe/mail/archives/anti-abuse-wg/attachments/20170804/ebece03d/attachment.sig>
- Previous message (by thread): [anti-abuse-wg] New on RIPE Labs: Botnets: As We See Them in 2017
- Next message (by thread): [anti-abuse-wg] Straw-man abuse reporting system (was: New on RIPE Labs: Botnets: As We See Them in 2017)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]