This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/
[anti-abuse-wg] UCEPROTECT DNSBL possibly abusive practice and RIPEStat Blacklist entries widget
- Previous message (by thread): [anti-abuse-wg] UCEPROTECT DNSBL possibly abusive practice and RIPEStat Blacklist entries widget
- Next message (by thread): [anti-abuse-wg] UCEPROTECT DNSBL possibly abusive practice and RIPEStat Blacklist entries widget
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Brian Nisbet
brian.nisbet at heanet.ie
Thu Mar 4 17:33:38 CET 2021
Christian, Speaking purely personally, I would certainly be in favour of RIPEstat featuring more RBLs, yes. Brian Brian Nisbet Service Operations Manager HEAnet CLG, Ireland's National Education and Research Network 1st Floor, 5 George's Dock, IFSC, Dublin D01 X8N7, Ireland +35316609040 brian.nisbet at heanet.ie www.heanet.ie Registered in Ireland, No. 275301. CRA No. 20036270 ________________________________ From: anti-abuse-wg <anti-abuse-wg-bounces at ripe.net> on behalf of Christian Teuschel <cteusche at ripe.net> Sent: Thursday 4 March 2021 16:16 To: anti-abuse-wg at ripe.net <anti-abuse-wg at ripe.net> Subject: Re: [anti-abuse-wg] UCEPROTECT DNSBL possibly abusive practice and RIPEStat Blacklist entries widget CAUTION[External]: This email originated from outside of the organisation. Do not click on links or open the attachments unless you recognise the sender and know the content is safe. Hi Elvis and Suresh, dear colleagues, Putting exact numbers on how many operators are using UCEProtect is difficult, but through feedback from users, network operators and members we understand that it is in use and that the provisioning of this RBL on RIPEstat has value. If I am reading the feedback in this discussion correctly, the sentiment is leaning towards adding more RBLs instead of less and if that is the case we are going to look into how and when we can achieve this. Please let me know if that is aligned with your requirements/expectations. Best regards, Christian On 04/03/2021 09:54, Elvis Daniel Velea wrote: > Hi Christian, > > while it may be useful to have their data source, it only shows the RIPE > NCC favors one or two operators and I think that is damaging to the > whole idea of being impartial. > > You either include a good list of blacklist operators and their data or > none. Including only a couple will lead to the impression that only > those are important enough to be considered by the RIPE NCC. > > my 2 cents, > Elvis > > On 3/3/21 8:27 AM, Christian Teuschel wrote: >> Dear colleagues, >> >> RIPEstat is a neutral source of information and we aim to provide users >> with access to as many data sources as possible to provide insights. >> >> UCEProtect was added as a data source prior to 2010 and is still used by >> several network operators to filter traffic into their networks. >> Including it as a data source in RIPEstat allows users to see whether >> resources are included in their lists. >> >> RIPE NCC does not pay for, support or endorse their practices, although >> we understand that continuing to include UCEProtect as a data source >> could be misunderstood as such. We also do not use their lists to filter >> traffic on our services. >> >> Our goal remains to provide the best visibility and tools for network >> operators to diagnose their networks. We have also heard your feedback >> regarding including more RBLs. It is something that we have considered >> in the past, and we are open to revisiting this. >> >> RIPEstat is driven by the community. We would like to hear from you >> about whether including UCEProtect as a data source is useful. >> >> Regards, >> Christian >> >> On 02/03/2021 00:08, Kristijonas Lukas Bukauskas via anti-abuse-wg wrote: >>> Hello, >>> >>> I noticed that RIPE NCC uses uceprotect-level1, uceprotect-level2 and >>> uceprotect-level3 in RIPEStat Anti Abuse Blacklist Entries widget. >>> >>> There have been controversial positions about this blacklist recently: >>> >>> 1) >>> https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsuccess.trendmicro.com%2Fsolution%2F000236583-Emails-being-rejected-by-RBL-UCEPROTECL-in-Hosted-Email-Security-and-Email-Security&data=04%7C01%7C%7Cd6eabb75245d44d761c208d8df28ed57%7Ccd9e8269dfb648e082538b7baf8d3391%7C0%7C0%7C637504714184253161%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=yFgzAJGezG7oQtmEAhB0s8Mp9Cq5EgGAJYxlh88v2Ic%3D&reserved=0 >>> >>> <https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsuccess.trendmicro.com%2Fsolution%2F000236583-Emails-being-rejected-by-RBL-UCEPROTECL-in-Hosted-Email-Security-and-Email-Security&data=04%7C01%7C%7Cd6eabb75245d44d761c208d8df28ed57%7Ccd9e8269dfb648e082538b7baf8d3391%7C0%7C0%7C637504714184253161%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=yFgzAJGezG7oQtmEAhB0s8Mp9Cq5EgGAJYxlh88v2Ic%3D&reserved=0> >>> >>> 2) https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fblog.sucuri.net%2F2021%2F02%2Fuceprotect-when-rbls-go-bad.html&data=04%7C01%7C%7Cd6eabb75245d44d761c208d8df28ed57%7Ccd9e8269dfb648e082538b7baf8d3391%7C0%7C0%7C637504714184263120%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=%2BTvsNRt4eyvmEkZT4rq2x09%2FJ%2FsIjRpMx%2FgpCRV0x6o%3D&reserved=0 >>> <https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fblog.sucuri.net%2F2021%2F02%2Fuceprotect-when-rbls-go-bad.html&data=04%7C01%7C%7Cd6eabb75245d44d761c208d8df28ed57%7Ccd9e8269dfb648e082538b7baf8d3391%7C0%7C0%7C637504714184263120%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=%2BTvsNRt4eyvmEkZT4rq2x09%2FJ%2FsIjRpMx%2FgpCRV0x6o%3D&reserved=0> >>> >>> UCEPROTECT blacklists the whole range of IP addresses, including the >>> full IP range of some autonomous systems: >>> UCEPROTECT states, '/Who is responsible for this listing? YOU ARE NOT! >>> Your IP was NOT directly involved in abuse but has a bad neighborhood. >>> Other customers within this range did not care about their security and >>> got hacked, started spamming, or were even attacking others, while your >>> provider has possibly not even noticed that there is a serious problem. >>> We are sorry for you, but you have chosen a provider not acting fast >>> enough on abusers'/) [https://eur02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.uceprotect.net%2Fen%2Frblcheck.php&data=04%7C01%7C%7Cd6eabb75245d44d761c208d8df28ed57%7Ccd9e8269dfb648e082538b7baf8d3391%7C0%7C0%7C637504714184263120%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=yKEjd8cb%2BalJ440LDeiSqKWRZJwkNByV1MxCJ9Z36ZE%3D&reserved=0 >>> <https://eur02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.uceprotect.net%2Fen%2Frblcheck.php&data=04%7C01%7C%7Cd6eabb75245d44d761c208d8df28ed57%7Ccd9e8269dfb648e082538b7baf8d3391%7C0%7C0%7C637504714184263120%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=yKEjd8cb%2BalJ440LDeiSqKWRZJwkNByV1MxCJ9Z36ZE%3D&reserved=0>]. >>> It asks for a fee if some individual IP address wants to be >>> whitelisted >>> (https://eur02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.whitelisted.org%2F&data=04%7C01%7C%7Cd6eabb75245d44d761c208d8df28ed57%7Ccd9e8269dfb648e082538b7baf8d3391%7C0%7C0%7C637504714184263120%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=RZRKBzzZ5URWLRov0TpfqnMECng%2FC7Xp09aDC6VfYUE%3D&reserved=0 <https://eur02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.whitelisted.org%2F&data=04%7C01%7C%7Cd6eabb75245d44d761c208d8df28ed57%7Ccd9e8269dfb648e082538b7baf8d3391%7C0%7C0%7C637504714184263120%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=RZRKBzzZ5URWLRov0TpfqnMECng%2FC7Xp09aDC6VfYUE%3D&reserved=0>), >>> It abuses people who decide to challenge their blacklist by publishing >>> conversations in their so-called /Cart00ney/ >>> (https://eur02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.uceprotect.net%2Fen%2Findex.php%3Fm%3D8%26s%3D0&data=04%7C01%7C%7Cd6eabb75245d44d761c208d8df28ed57%7Ccd9e8269dfb648e082538b7baf8d3391%7C0%7C0%7C637504714184263120%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=tcTOzuCEh9X4PScwIWD4K9O5mCjZ0KeX%2FgJH6qFigGc%3D&reserved=0 >>> <https://eur02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.uceprotect.net%2Fen%2Findex.php%3Fm%3D8%26s%3D0&data=04%7C01%7C%7Cd6eabb75245d44d761c208d8df28ed57%7Ccd9e8269dfb648e082538b7baf8d3391%7C0%7C0%7C637504714184263120%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=tcTOzuCEh9X4PScwIWD4K9O5mCjZ0KeX%2FgJH6qFigGc%3D&reserved=0>; >>> https://eur02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.uceprotect.org%2Fcart00neys%2Findex.html&data=04%7C01%7C%7Cd6eabb75245d44d761c208d8df28ed57%7Ccd9e8269dfb648e082538b7baf8d3391%7C0%7C0%7C637504714184263120%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=wILz2CGHYrLz2S2tqsE6lA9PAzJETAPvaCEkGQx0pGg%3D&reserved=0 >>> <https://eur02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.uceprotect.org%2Fcart00neys%2Findex.html&data=04%7C01%7C%7Cd6eabb75245d44d761c208d8df28ed57%7Ccd9e8269dfb648e082538b7baf8d3391%7C0%7C0%7C637504714184263120%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=wILz2CGHYrLz2S2tqsE6lA9PAzJETAPvaCEkGQx0pGg%3D&reserved=0>). >>> And the other type of threatening: https://eur02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.uceprotect.org%2F&data=04%7C01%7C%7Cd6eabb75245d44d761c208d8df28ed57%7Ccd9e8269dfb648e082538b7baf8d3391%7C0%7C0%7C637504714184263120%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=f5c4kh0%2FM1kBzOOt4IBOScm8O0PmN5tVcCpaPR51dP8%3D&reserved=0 >>> <https://eur02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.uceprotect.org%2F&data=04%7C01%7C%7Cd6eabb75245d44d761c208d8df28ed57%7Ccd9e8269dfb648e082538b7baf8d3391%7C0%7C0%7C637504714184263120%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=f5c4kh0%2FM1kBzOOt4IBOScm8O0PmN5tVcCpaPR51dP8%3D&reserved=0> >>> Does RIPE NCC have any position on this specific blacklist? >>> >>> Thank you! >> > > -- Christian Teuschel RIPE NCC | @christian_toysh -------------- next part -------------- An HTML attachment was scrubbed... URL: </ripe/mail/archives/anti-abuse-wg/attachments/20210304/94a418dc/attachment.html>
- Previous message (by thread): [anti-abuse-wg] UCEPROTECT DNSBL possibly abusive practice and RIPEStat Blacklist entries widget
- Next message (by thread): [anti-abuse-wg] UCEPROTECT DNSBL possibly abusive practice and RIPEStat Blacklist entries widget
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]