anti-abuse-wg

Download

anti-abuse-wg@ripe.net

July 2009

3 participants
2 discussions

Attack
by Bruce Fornes 30 Jul '09

30 Jul '09

My home computer is being attacked by 78.47.186.165, 80. So far Symantec has stopped this illegal entry attempt. Following is the text from my Norton history: An intrusion attempt by 78.47.186.165 was blocked Application path \DEVICE\HARDDISKVOLUME1\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE Risk Name: HTTP Malicious Toolkit Variant Activity Attacking Computer: 78.47.186.165,80 Attacker URL: kb952069.in/eng.php?grp=15&trk=07292004728241237 Traffic Description: TCP-www-http I would appreciate if you stop these attacks coming through RIPE. Bruce Fornes Valdosta, GA USA

2 1

Re: [db-wg] please test email validity in whois records
by Marco Hogewoning 30 Jul '09

30 Jul '09

Hi Tobias, Have a look at the archives[1]. I think I answered them years ago already. IRT is virtually non existent and the database has already been changed to contain abuse related information in an attribute clearly named "abuse-mailbox" to try and get away from the freeform remarks fields people tend to use. So basically it's al there but nobody uses it, not every address user fills in the right details and when the information is there people are happily ignoring it by only searching for the least specific range. Now I might be a bit biased regarding the technical solutions being in place but I do think database wise all mechanisms and fields are there. What's left is to get people to use it and I'm not only talking about the people who register address blocks in the database but also the people who retrieve that information (or at least try to). Now obviously you could try and change the policy that any address blocks registered need to have certain information attached to it, but how to enforce this information is correct and more importantly stays correct and what to do with the over 3 billion addresses registered already today ? Secondly you might still want to try and get more information out there on how to use the information in the ripe database to get to the correct people, we had some attempts when working on the abuse-mailbox attr but it never really took off. Grtx, Marco [1] http://www.ripe.net/ripe/meetings/ripe-47/presentations/ripe47-db-abusec.pdf On Jul 29, 2009, at 8:31 PM, Tobias Knecht wrote: > Hi, > > we are talking to the Abuse Working Group at the moment and we will > start a discussion soon about exactly this. > > Parts of the discussion will be: > - IRT Object usage > - One place to put the abuse@ contact data. (not neccesarily making it > mandatory, but if somebody wants to offer it, everybody should do it > at > the same place. > - ... > > While waiting for that discussion you could have a look at this. > > http://www.abusix.de/abuse-contact-db/ > > We build up this Database and you can use it for free. > Next step is to get it out the beta status, which has nothing to do > with > the data accuracy, more with speeding up some update processes in the > backend. > > Another thing we are working on at the moment is a validation of email > addresses we offer and give back status codes for working or not > working > addresses. Since abusix.org is a volunteer driven project, this > takes a > little bit of time. ;-) > > So feel free to use it and give us hints or suggestions what is good > and > what is not good. > > Thanks, > > Tobias > > -- > abusix.org >

1 0