This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/
[anti-abuse-wg] Abuse Report ignored. What to do as next?
- Previous message (by thread): [anti-abuse-wg] Abuse Report ignored. What to do as next?
- Next message (by thread): [anti-abuse-wg] Abuse Report ignored. What to do as next?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Serge Droz
serge.droz at first.org
Sun Dec 3 11:56:40 CET 2023
Maybe it's time to measure these numbers in the RIPE region by trying a time limit experiment. If it doesn't work, we stop it again. We would have to discuss criteria for what "it work" means. That's a discussion I'd like to see on this list. By never trying anything concrete it's easy saying it doesn't work. Fact is, that other players have changed once pressure has been upped. Cheers Serge On 3 December 2023 09:48:43 UTC, Michele Neylon - Blacknight via anti-abuse-wg <anti-abuse-wg at ripe.net> wrote: >Please provide actual data. >Numbers > > >-- >Mr Michele Neylon >Blacknight Solutions >Hosting, Colocation & Domains >https://www.blacknight.com/ >https://blacknight.blog/ >Intl. +353 (0) 59 9183072 >Direct Dial: +353 (0)59 9183090 >Personal blog: https://michele.blog/ >Some thoughts: https://ceo.hosting/ >------------------------------- >Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 > >I have sent this email at a time that is convenient for me. I do not expect you to respond to it outside of your usual working hours. > > >From: anti-abuse-wg <anti-abuse-wg-bounces at ripe.net> on behalf of jordi.palet--- via anti-abuse-wg <anti-abuse-wg at ripe.net> >Date: Friday, 1 December 2023 at 13:38 >To: anti-abuse-wg at ripe.net <anti-abuse-wg at ripe.net> >Subject: Re: [anti-abuse-wg] Abuse Report ignored. What to do as next? >[EXTERNAL EMAIL] Please use caution when opening attachments from unrecognised sources. > >Well … exactly the same way it has been already implemented in 2 other RIRs, working and no issues. > >Regards, >Jordi > >@jordipalet > > >> El 1 dic 2023, a las 14:28, Laura Atkins <laura at wordtothewise.com> escribió: >> >> >> >>> On 1 Dec 2023, at 13:22, U.Mutlu <security at mutluit.com> wrote: >>> >>> Laura Atkins wrote on 12/01/23 13:22: >>> > None of this will make a company who doesn’t want to deal with abuse >>> > complaints deal with abuse complaints. It’s a total waste of resources. >>> >>> Then RIPE has to sanction that member. >> >> So we’re back to: how much will it cost to do this and how much will it actually improve anything? >> >> Which ignores a lot of big questions like: does RIPE actually have the authority to sanction folks, who is going to sanction them, what is the appeals process, how do we get to the sanctioning decision, how are we going to pay for the inevitable lawsuit, and a bunch of other things. >> >> It’s clear, though, that this is actually a much older argument. I’m pretty sure I’m not the first person to ask HOW this will all be implemented. The fact that someone can’t point me to a FAQ or actual proposal addressing these questions tells me how seriously this is being taken by the folks who are proposing it. >> >> laura >> >>> >>> Example of ignored Abuse Reports regarding email hacking attempts: >>> >>> You get countless hacking attempts to your email server >>> (ie. brute-force attacks trying to login as a mail client >>> by using either a valid email login name or some random names; >>> they usually fail b/c of wrong password). >>> It all gets logged in the emailserver logs together with >>> exact timings, so there is enough evidence available for verification. >>> >>> You send an Abuse Report to the owner of the IP from where >>> these hacking attempts occur.But there is no reaction, >>> the hacking attemps day and night continue. So, it's not just a one-time thing. >>> Even if you block that IP, it still generates traffic and eats-up resources on the server. >>> >>> We need an effective solution to stop such abuses. >>> RIPE NCC should ask the client to fix the problem and >>> formally inform the RIPE NCC about the fix within 7 days. >>> >>> If the Abuse Reports still get ignored, then RIPE NCC >>> should issue a 2nd warning and thereafter then terminate >>> or suspend the membership until the issue gets fixed. >>> >>> >>> Laura Atkins wrote on 12/01/23 13:22: >>>> None of this will make a company who doesn’t want to deal with abuse >>>> complaints deal with abuse complaints. It’s a total waste of resources. >>>> >>>> laura >>>> >>>>> On 1 Dec 2023, at 10:53, U.Mutlu <security at mutluit.com> wrote: >>>>> >>>>> For each complaint to RIPE NCC then such an >>>>> (automated) email should be sent by the RIPE NCC >>>>> to the abuse-c of that member. >>>>> This should be the absolute minimum that should be done by the RIPE NCC. >>>>> >>>>> >>>>> Matthias Merkel wrote on 11/30/23 11:47: >>>>>> The proposal is to send verification emails to abuse mailboxes and have a link >>>>>> in them clicked, right? I would have no objection to that. >>>>>> >>>>>> Is there more that is being proposed in this proposal specifically? >>>>>> >>>>>> — >>>>>> Maria Merkel >>>>> >>>>> >>>>> >>>>> -- >>>>> >>>>> To unsubscribe from this mailing list, get a password reminder, or change >>>>> your subscription options, please visit: >>>>> https://mailman.ripe.net/ >>>> >>>> -- >>>> The Delivery Expert >>>> >>>> Laura Atkins >>>> Word to the Wise >>>> laura at wordtothewise.com >>>> >>>> Delivery hints and commentary: http://wordtothewise.com/blog >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>> >>> >> >> -- >> The Delivery Expert >> >> Laura Atkins >> Word to the Wise >> laura at wordtothewise.com >> >> Delivery hints and commentary: http://wordtothewise.com/blog >> >> >> >> >> >> >> -- >> >> To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://mailman.ripe.net/ > > >********************************************** >IPv4 is over >Are you ready for the new Internet ? >http://www.theipv6company.com >The IPv6 Company > >This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it. > > > > > >-- > >To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://mailman.ripe.net/ -- Dr. Serge Droz Director, Forum of Incident Response and Security Teams https://first.org -------------- next part -------------- An HTML attachment was scrubbed... URL: </ripe/mail/archives/anti-abuse-wg/attachments/20231203/ef7f2ac7/attachment-0001.html>
- Previous message (by thread): [anti-abuse-wg] Abuse Report ignored. What to do as next?
- Next message (by thread): [anti-abuse-wg] Abuse Report ignored. What to do as next?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]