On 8 Apr 2010, at 19:27, Frank Gadegast , Dipl-Inform. Frank Gadegast wrote:
You dont need to know the real one until you have one for every IP.
As I mentioned, you might simply want to contact the abuse team regarding a more general issue. Quite often if I can't find a published abuse contact for foo.com so I'll dig www.foo.com and then lookup the returned address in the RIPE DB - I'm not at all interested in an address specific to that IP address though.
well, you can still look it up.
But see it this way: - most provider use anti spam tools like SpamAssassin to protect there customer - SA surely lists the IP that was connecting and causing the spam - you can then automatically forward the spam plus a initial text, describing that you do not want this to the general "IP like" address - and the monitoring system will then forward it to the right RIPE member (and to EVERY member)
So if a machine on a network were compromised / abused and a large amount of spam was sent out, how many of these emails would you see being relayed via RIPE to the abuse contact??
You can then look up the report (or even automate it), reset his radius password and kick him out, waiting for him to phone your support :o)
Not everyone has the same business model
Or you could redirect him to a webpage describing that there are too many reports coming in for his IP in a whatever time. Its all up you.
My dream system looks like this: - abuse reports will get standarized
that would be helpful
- monitoring systems will be developed at all RIRs
Monitoring for what exactly???
- spam detection will be automated at the providers side and send standarized reports to the RIRs monitoring system
- and the RIRs member automates and scans the incoming reports like he wants (maybe by devining minimum values and limits) and automates the blockage and information of his users
Sounds great ?
Well, thats actually what we are doing already with our own users. If we detect incoming spam with high scores a couple of times in a short time we kick the users offline automatically and redirect him next time he loggs in to a information page, where he finds our support numbers :o)
Wroks simply great, and I would love to get closer to such a system together with ALL ISP
And again you are working under the false assumption that ALL RIPE members offer the same services as you do and in the same way.
"Bad providers" could be even published by RIPE :o)
Are you insane? RIPE cannot open itself up for that kind of liability
Well, thats only work at RIPE NCC, its not that complicated to automated bounces ...
So you say .. You cannot speak for all providers / RIPE members. You are also suggesting putting a very heavy load on RIPE's systems which someone will have to pay for. Who?
confirmation would be enough, although you'd need some way to deal with automated reports.
Well, the monitoring system could send always the same backlink for the same IP, so that the ISP could still count the amount of incoming reports for one IP automatically and then "answers" it as being closed with just clicking ONE link.
Good idea ?
So you expect RIPE members to completely rework their abuse desks to fit into your view of the world? I can't see that happening, because not all RIPE members are the same or work in the same way. Mr Michele Neylon Blacknight Solutions Hosting & Colocation, Brand Protection ICANN Accredited Registrar http://www.blacknight.com/ http://blog.blacknight.com/ http://mneylon.tel Intl. +353 (0) 59 9183072 US: 213-233-1612 UK: 0844 484 9361 Locall: 1850 929 929 Twitter: http://twitter.com/mneylon ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,Ireland Company No.: 370845