This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/
[anti-abuse-wg] 2017-02 Review Phase Reminder
- Previous message (by thread): [anti-abuse-wg] 2017-02 Review Phase Reminder
- Next message (by thread): [anti-abuse-wg] 2017-02 Review Phase Reminder
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Alexander Isavnin
isavnin at gmail.com
Sat Feb 17 11:02:44 CET 2018
Dear Troy! Thank you for reply. On 2018-02-16 21:30:53 CET, Troy Mursch wrote: > > 1) With a lot of words about improving trust and safety in Proposal's > > summary, there is no evidence about issues with trust and safety with > > uncheked "abuse-c:" > I've seen plenty of evidence and ramifications from first hand experience > when abuse notifications go ignored/unanswered. Please, notice difference between "checked by RIPE NCC" and responsive to abuse notifications. Which will lead us to: > > > 2) In my experience, real abusers have all their contacts valid (and > > responsive). > Please share more of your experiences. I've never heard of this claim nor > understand what a "real abuser" is. Most of the routing incidents are misconfigurations, and we can't call it malicious. But some are really planned and in this case, you might (and will) recieve reply like "dumb first line support" or even "it's not us, it's our customer's customer and they have everything registered in routing registry well, so we are filtering with RIPE DB, and everything is ok, and we'll do nothing". Dear Troy! Phone number without country code let me guess that you are from the country, where 13 marsh trolls led by Chef with $10K budget may affect presidental elections, which is out of RIPE NCC service region, so you might be a little out of the context. Let me give you some information in following answers. > > 3) Why only abuse-c have to be checked? There are a lot of different > > contacts or information, that could be verified. > Because that's where you send abuse notifications. In many cases, these > will be critical messages regarding ongoing threats, such as a denial of > service attack or malware distribution. RIPE Database (operated by RIPE NCC) have a number of different contacts where you may need to send critical messages. AFAIK abuse-c was introduced to add another contact point, which in modern businesses might be different from admitstrative or technical, and also have another privacy protection level. But RIPE Database main purpose is not to do the job of security researchers or police officers. There was a funny presentation by a police officer at RIPE Meeting in Madrid, crying that he could not catch a criminal just by quering RIPE Database and looking at Street view. Once i had to consult LIR, which had no valid contacts at database at all, but having maintainer password and working postal address allowed it operate well. And support of entities of Global IP connectivity - is what RIPE NCC is mostly about. From the other hand, we have live example here, in Russia. All kinds of LEAs introducing more and more regulations adding additional data retention responsibilities to ISPs. And for LEAs surprise, such regulations doesn't help to prevent or investigate real crime. Would you like me to make presentation on this topic? > > Also, RIPE NCC executive just got extraordinary powers to revoke resource > False - no new powers are granted to RIPE NCC by this proposal. You are out of context. Managing Director got powers with RIPE NCC Article of Association change (i suspect that voting was also inferred by trolls :) ). And immediately after such change we got this policy, which can be really easily abused (see concerns in previous discussions, for example e-mail is not intended to be 100% reliable) to revoke resources. It's sad, but once First RIPE Chair ensured me, that revocation of resources is not an option for enforcing RIPE policies. Seems we starting to forget him. Hope, we all are willing prevent and resolse threats. But not with "security theater". Kind regards, Alexander Isavnin Sent via RIPE Forum -- https://www.ripe.net/participate/mail/forum
- Previous message (by thread): [anti-abuse-wg] 2017-02 Review Phase Reminder
- Next message (by thread): [anti-abuse-wg] 2017-02 Review Phase Reminder
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]