This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/
[anti-abuse-wg] Fwd: Re: botnet controllers
- Previous message (by thread): [anti-abuse-wg] Fwd: Re: botnet controllers
- Next message (by thread): [anti-abuse-wg] Fwd: Re: botnet controllers
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
PP
phishphucker at storey.ovh
Thu Jun 25 09:26:41 CEST 2020
Firstly, reporting it to the LEO does not cause the resources to be de-registered. Secondly, your example regarding IPv6 is another reason why this approach is not sufficient: there are 340,282,366,920,938,000,000,000,000,000,000,000,000 possible IPv6 addresses. It should be that the resources are only allocated to legitimate established corporations. Phone numbers aren't wholly allocated to anyone who asks, they remain controlled by a reputable phone company. Why should IP addresses be different? On 25/06/2020 4:50 pm, Shane Kerr wrote: > Dear Phish Phucker, > > The RIPE NCC is a not-for-profit, membership-based organization based > in the Netherlands. They are responsible for allocating Internet > number resources (IP addresses and AS numbers) in their region. Their > policies are set by RIPE, which is just anyone who joins the RIPE > mailing lists and participates in the policy discussions. > > I'm not sure what policy can be introduced. Historically RIPE > participants have been reluctant to make any value judgements about > what IP resources can and cannot be used for. Currently as long as you > are truthful about your organization's registration information you > have fulfilled the requirements. > > In a sense this should be enough. The information is available for > anyone who cares about protecting their users from spam originating > there. Spamhaus lists the organization, and I am pretty sure that most > e-mail providers either block their IP addresses because of that - or > have their own abuse tracking which identifies them. It's not > perfect... I had to change VPS provider because my previous VPS > provider kept having its IPv6 addresses blocked by Spamhaus and > neither my provider nor Spamhaus would explain why (my provider > claimed to have never received any complains, and Spamhaus never > explains anything). But it seems to be good enough for most people. > > If an organization is breaking a law, then the correct action is to > report them to the law-enforcement organization (LEO) that feels like > it is in their jurisdiction. Again, since the member is required by > the RIPE NCC to have correct information about the person or > organization that has been allocated resources, the LEO can follow-up. > > It's hardly an ideal situation, but difficult to see how to improve it > given the general anti-regulation philosophy of most Internet providers. > > Cheers, > > -- > Shane > > On 25/06/2020 08.03, PP wrote: >> So who at RIPE is responsible for allocating this resource, and what >> policy can be introduced to prevent the allocation of IP address >> resources to irresponsible organizations like this one? >> >> SpamHaus have it listed as the worlds number one source of spam: >> >> https://www.spamhaus.org/statistics/networks/ >> >> >> >> On 25/06/2020 2:10 pm, Tõnu Tammer via anti-abuse-wg wrote: >>> >>> We've had similar experience with this VPN provider. >>> >>> He claims not being able to track malicious actor is for the benefit >>> of free speech but when malware is used to attack people who express >>> free speech he did not understand that his service is not >>> contributing towards free speech but hinders it. >>> >>> Tonu >>> CERT-EE >>> >>> On 25.06.2020 04:15, PP wrote: >>>> >>>> Botnet controllers on VPN provider that refuses to act: >>>> >>>> >>>> organisation: ORG-SL751-RIPE >>>> org-name: Freedom Of Speech VPN >>>> org-type: OTHER >>>> address: P.O. Box 9173 >>>> address: Victoria >>>> address: Mahe Island >>>> address: Seychelles >>>> e-mail: info at FOS-VPN.org >>>> abuse-c: SL12644-RIPE >>>> mnt-ref: FOS-VPN-MNT >>>> mnt-by: FOS-VPN-MNT >>>> created: 2018-07-13T05:33:45Z >>>> last-modified: 2020-02-28T12:37:39Z >>>> source: RIPE >>>> >>>> >>>> >>>> >>>> -------- Forwarded Message -------- >>>> Subject: Re: botnet controllers >>>> Date: Wed, 24 Jun 2020 21:49:21 +0200 >>>> From: info at ghlc.biz >>>> To: PP <phishphucker at storey.ovh> >>>> >>>> >>>> >>>> On 2020-06-24 13:03, PP wrote: >>>> Hello! >>>> >>>> >>>> Please note that all mentioned IPs belong to non-logging VPN services. >>>> >>>> No user logs are kept. >>>> >>>> >>>> Sincerely yours >>>> >>>> David Craig >>>> >>>> >>>>> SBL488704 >>>>> 185.140.53.75/32 >>>>> ghlc.biz >>>>> 23-Jun-2020 05:26 GMT >>>>> Malware botnet controller @185.140.53.75 >>>>> https://www.spamhaus.org/sbl/query/SBL488704 >>>>> >>>>> >>>>> SBL488686 >>>>> 91.193.75.58/32 >>>>> ghlc.biz >>>>> 22-Jun-2020 18:39 GMT >>>>> NanoCore botnet controller @91.193.75.58 >>>>> https://www.spamhaus.org/sbl/query/SBL488686 >>>>> >>>>> >>>>> SBL488548 >>>>> 185.244.30.201/32 >>>>> ghlc.biz >>>>> 19-Jun-2020 13:21 GMT >>>>> QuasarRAT botnet controller @185.244.30.201 >>>>> https://www.spamhaus.org/sbl/query/SBL488548 >>>>> >>>>> >>>>> SBL488006 >>>>> 185.140.53.162/32 >>>>> ghlc.biz >>>>> 18-Jun-2020 10:11 GMT >>>>> NanoCore botnet controller @185.140.53.162 >>>>> https://www.spamhaus.org/sbl/query/SBL488006 >>>>> >>>>> >>>>> SBL487900 >>>>> 185.140.53.229/32 >>>>> ghlc.biz >>>>> 16-Jun-2020 13:28 GMT >>>>> NanoCore botnet controller @185.140.53.229 >>>>> https://www.spamhaus.org/sbl/query/SBL487900 >>>>> >>>>> >>>>> SBL487899 >>>>> 185.244.30.113/32 >>>>> ghlc.biz >>>>> 16-Jun-2020 12:59 GMT >>>>> RemcosRAT botnet controller @185.244.30.113 >>>>> https://www.spamhaus.org/sbl/query/SBL487899 >>>>> >>>>> >>>>> SBL487893 >>>>> 185.140.53.236/32 >>>>> ghlc.biz >>>>> 16-Jun-2020 12:07 GMT >>>>> NanoCore botnet controller @185.140.53.236 >>>>> https://www.spamhaus.org/sbl/query/SBL487893 >>>>> >>>>> >>>>> SBL487886 >>>>> 185.165.153.45/32 >>>>> ghlc.biz >>>>> 16-Jun-2020 10:26 GMT >>>>> NanoCore botnet controller @185.165.153.45 >>>>> >>>>> https://www.spamhaus.org/sbl/query/SBL487886 >
- Previous message (by thread): [anti-abuse-wg] Fwd: Re: botnet controllers
- Next message (by thread): [anti-abuse-wg] Fwd: Re: botnet controllers
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]