[anti-abuse-wg] VoIP

On Thu, 25 Apr 2019 16:45:18 +0200
JORDI PALET MARTINEZ via anti-abuse-wg <anti-abuse-wg at ripe.net> wrote:
> I will rather prefer an IETF standard for abuse reporting ... already
> thought about starting it several times ... sooner or later I will
> write down something, so may be some other people interested to
> co-author?
> Regards,
> Jordi
> 
I have been thinking around the same lines as then I can add the
protocols in the initial PS to also include the resolver library use
case i mentioned, - unless it gets kicked in the maturity track :)
i kinda like the idea of using a dnsl in a two way for reporting as
well, I think it is sliced bread good :)

ietf/rfc/ps: you will recall that i already started talking about a definition of
abuse a while ago (in this group, i think... - the idea then was the
rfc route...)

anyhoo, mail me off list when/if we do this :)

Kind Regards

Andre

> El 25/4/19 16:14, "anti-abuse-wg en nombre de ac"
> <anti-abuse-wg-bounces at ripe.net en nombre de ac at main.me> escribió:
> 
>     On Thu, 25 Apr 2019 14:06:39 +0200
>     JORDI PALET MARTINEZ via anti-abuse-wg <anti-abuse-wg at ripe.net>
> wrote:
>     > Reading the article in a minute !
>     > However, as an information pointer I've some data ...
>     > I've an VM with asterisk at home, and every day I've to ban (I
>     > use fail2ban to do it automatically after 3 failed attempts
>     > from the same IP), average about 20 IPs attempting to use my
>     > SIP service to my provider. This turns into 100 per day in the
>     > office (average). Of course, if they succeed, they can make
>     > "free" calls that I need to pay from my pocket ... So, I report
>     > automatically those attempts (once banned), including the logs,
>     > to the abuse contacts of the IP holder.
>     > Some of them just don't care, unfortunately, as many abuse
>     > contacts, just don't work, or the mailboxes aren't being read,
>     > or they respond that you must fill in a form.
>     > Regards,
>     > Jordi
>     >    
>     this is something very worthy of discussion, listing services has
>     always existed for dynamic blocks, email abuse, bad neighborhood
> etc etc - and these lists are reflected/delivered/offered as rbl,
> dnsbl, wrbl, text, sql, etc etc - imho, the latest trends are weird
> as the generic lists are becoming too generic and specific or
> specialisation is the "next big thingTM" - as in not unicorny big but
> tech useful (mostly free) big... As an example of this, an combined
> email rbl (which also contains certain dynamic ranges known for not
> filtering egress, would be completely (or mostly) useless for
> filtering IP on SIP (or even brute) and a comment form rbl would be
> well suited for iptables on a web server... 
>     
>     My latest new and shiny big idea is:
>     
>     I have an idea and a plan to dev a dynamic ip use dnsl which will
> return a flag on query... 
>     
>     The idea is that any device would receive a code when query a RR
>     
>     The result on query would be multi digit and reflect the known
> data for that resource (examples: User Dynamic/Static - Abuse
> Reported Y/N - Port of abuse (all(dul)/21/22/25/53/80/443/etc) -
> Resource holder responsive Y/N - etc etc etc
>     
>     The further idea is to have exchangeable data streams so that the
>     query (as well as the IPv4/6 of the query) becomes a data
> provider and then the reporting can be automated (or not) depending
> on the resource holder itself...
>     
>     What do you think?
>     
>     Kind Regards
>     
>     Andre
>     
>     
> 
> 
> 
> **********************************************
> IPv4 is over
> Are you ready for the new Internet ?
> http://www.theipv6company.com
> The IPv6 Company
> 
> This electronic message contains information which may be privileged
> or confidential. The information is intended to be for the exclusive
> use of the individual(s) named above and further non-explicilty
> authorized disclosure, copying, distribution or use of the contents
> of this information, even if partially, including attached files, is
> strictly prohibited and will be considered a criminal offense. If you
> are not the intended recipient be aware that any disclosure, copying,
> distribution or use of the contents of this information, even if
> partially, including attached files, is strictly prohibited, will be
> considered a criminal offense, so you must reply to the original
> sender to inform about this communication and delete it.
> 
> 
> 
> 
>