6,000 abusive IPs is quite few. I think most people on this list are aware about abuse on the internet (this is what the group is about after all).

The question is not whether this usage is wrong, it's whether RIPE is the right venue to enforce it. RIPE is only one of several RIRs, so this would hardly be a worldwide solution. Police also cooperate internationally (especially within certain regions such as the EU), so I'm not sure how RIPE would be better there. Some countries, such as the UK and US, have websites where you can report internet-based crime originating from their jurisdictions.

If RIPE were to enforce anti-abuse rules, we would need an objective definition of abuse. We can't have the service operator define it for every case because then people would just say anything except paying customers is abuse as they have a financial incentive to do so. Also, what happens if abusive traffic is generated due to hacked devices for example?

Matthias Merkel

On June 2, 2022, 4:16 PM GMT+2 jeroen@hackersbescherming.nl wrote:

Ok, in a period of 6-7 weeks i gathered 6425 unique IP addresses that where
used in an abusive way on a single online service, excluding the 21 that
where found in the access log.
So i blocked 99,66% of the unwanted traffic fort his particular service
Think about;

- scanning for vulnarabilities
- overloading resources
- unwanted search engines
- data mining
What gives them the right to use the end customers resources without the end
customers permission (that is abuse)

Since nobody will goto the police with this since they only have national
authorities, what u people are suggesting is just crazy and shows me that u
people never looked at log files in a way to determine what quality traffic
is and everything else is unwanted "abusive" traffic.
When i show this data to the end customers they first of all never knew this
was happening and they think this is discusting.

The owner of the service should always be the one who decides what is
abusive!!!

The fact that u don't know who is going to enforce something like this and
send people to the police who are uncapable todo anything with this kind of
data only shows how bad the current (stoneage) solution is.

When i then come with a possible solution that would actually solve the
problem (it is not helping at all to say a solution is not helping when u
don't have an alternative). And yes there would still be a lot of variables
that need tobe looked at as desribed below, but when done the right way it
would solve the problem and evolve the internet to a better place.

But again, i get the feeling this group hardly has any people in it from the
public interest and is bassicly filled with internet cowboys who don't care
about all the crap that is being pushed over the internet.

I have gotten the feeling that Ripe is just a waste of my time when u give
answers like u have done so far!

And with that being said, this will be my last reply in Ripe mailing lists
since i get the feeling that the whole Ripe organisation is just looking the
other way when something obviously wrong is going on....

Kind regards,

Jeroen


-----Oorspronkelijk bericht-----
Van: Michele Neylon - Blacknight <michele@blacknight.com>
Verzonden: donderdag 2 juni 2022 15:36
Aan: jeroen@hackersbescherming.nl; 'denis walker' <ripedenis@gmail.com>
CC: 'anti-abuse-wg' <anti-abuse-wg@ripe.net>
Onderwerp: Re: [anti-abuse-wg] personal data in the RIPE Database

Jeroen

RIPE policy is not decided by a vote or astro-turfing.

Also what you are proposing is over simplistic and would be impossible to
operationalise without bankrupting the NCC.

What is "abusive traffic"?

Who decides what is or is not "abusive"?

Who is going to enforce this?

How?

Bear in mind that RIPE does not have the power to fine a member, so that
would have to change. And I can't imagine RIPE's Board or management would
want to be put in that position. I know that most of the members wouldn't
want RIPE to have that kind of power.

Now if you want to run your own network and impose those kind of sanctions
on your own users you are free to do so.

Also if you want to effect change then you should do research into why
things are the way they are now and who you are dealing with and where they
are coming from.

Regards

Michele













--

Mr Michele Neylon

Blacknight Solutions

Hosting, Colocation & Domains

https://www.blacknight.com/

https://blacknight.blog/
http://ceo.hosting/
Intl. +353 (0) 59 9183072

Direct Dial: +353 (0)59 9183090


-------------------------------

Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty
Road,Graiguecullen,Carlow,R93 X265, Ireland Company No.: 370845










________________________________________
From: jeroen@hackersbescherming.nl <jeroen@hackersbescherming.nl>
Sent: Thursday 2 June 2022 14:27
To: Michele Neylon - Blacknight; 'denis walker'
Cc: 'anti-abuse-wg'
Subject: RE: [anti-abuse-wg] personal data in the RIPE Database

[EXTERNAL EMAIL] Please use caution when opening attachments from
unrecognised sources.
Michele,

I have a question for u then.

What would happen if i can find more people that actually would want this
then u can find people that don't want this.

Would that make a difference?

I'm very curious on your answer.

Kind regards

Van: Michele Neylon - Blacknight <michele@blacknight.com>
Verzonden: woensdag 1 juni 2022 13:05
Aan: jeroen@hackersbescherming.nl; 'denis walker' <ripedenis@gmail.com>
CC: 'anti-abuse-wg' <anti-abuse-wg@ripe.net>
Onderwerp: Re: [anti-abuse-wg] personal data in the RIPE Database

Jeroen

"- Change the current contracts with all responsible companies where they
will have to pay a fine if any of their ip's has been detected and confirmed
to produce abusive traffic.
"

That will never happen and suggesting it is not helpful.

Nobody is ever going to agree to it and it's completely unworkable.

Regards

Michele


--
Mr Michele Neylon
Blacknight Solutions
Hosting, Colocation & Domains
https://www.blacknight.com/
https://blacknight.blog/
Intl. +353 (0) 59 9183072
Direct Dial: +353 (0)59 9183090
Personal blog: https://michele.blog/
Some thoughts: https://ceo.hosting/
-------------------------------
Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty
Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845


From: anti-abuse-wg
<anti-abuse-wg-bounces@ripe.net<mailto:anti-abuse-wg-bounces@ripe.net>> on
behalf of jeroen@hackersbescherming.nl<mailto:jeroen@hackersbescherming.nl>
<jeroen@hackersbescherming.nl<mailto:jeroen@hackersbescherming.nl>>
Date: Wednesday, 1 June 2022 at 11:01
To: 'denis walker' <ripedenis@gmail.com<mailto:ripedenis@gmail.com>>
Cc: 'anti-abuse-wg' <anti-abuse-wg@ripe.net<mailto:anti-abuse-wg@ripe.net>>
Subject: Re: [anti-abuse-wg] personal data in the RIPE Database [EXTERNAL
EMAIL] Please use caution when opening attachments from unrecognised
sources.

Good morning Denis/everyone,

I believe that personal data in the RIPE public database is unwanted and
adds no value at all to the public interest.

Removing personal data instead of replacing it with actual "responsible
organisation" data is unwanted also.

To me as a public interest user personal data like assignments of ip
addresses is the same as no data at all and should be avoided at all costs.

The fact that a real person can be responsible for an ip address shows how
immature the solution actually is.

When i look at the abuse that online services receive my guess is that ~50%
of online traffic is unwanted!
I'm currently crunching the numbers so i can back my statements but this is
what i got so far.

Access log for one online service

Total different ip's : little over 11K
High risk ip's: 276 (combined hosting/rdp/etc)
Abusers: 21 (blocked in next update)

In the same period i blocked 173K requests (not IP still need to process
this part)

This would mean in terms of abuse i would have to send thousands of abuse
emails for this single service only (this would be just stupid) how
effective will that be if u send them to a "responsible person"?

When i goto a grocery and steal or wreck something on purpose and get caught
the police will come and i will get a big fine..... or even jail time.
When i catch an abuser in the Wild Wild West, the internet makes it cost me
even more money! (shouldn't i be payed for catching them?)

Clearly the whole abuse part of Ripe isn't working and will never goto work
as long as nobody can be held responsible for the actual damage that has
been done.

I would like to suggest the following:

- Remove all personal data and replace with actual data from responsible
companies
- Change the current contracts with all responsible companies where they
will have to pay a fine if any of their ip's has been detected and confirmed
to produce abusive traffic.
- Part of the fine will be payed to the company that caught the abuser and
other part goes to Ripe for administrative costs.

With the above we move the problem away from the victims to the causers as
it should have been from the beginning!
And yes the hosting companies will start crying about this since they never
really had to take responsibility for their end-users and probably only see
a small portion of the actual abuse since most abuse never get's reported
since it costs the victims extra money....

If for some reason there is no company behind any personal registration i
believe the resources should be removed from that member unless there is a
very goo reason to keep a person responsible (i can't think of any)

I'm not good at putting documents or presentations together (Ripe 84), so my
excuse for that but i do have the data to backup all of the above!

Kind regards,

Jeroen


-----Oorspronkelijk bericht-----
Van: anti-abuse-wg
<anti-abuse-wg-bounces@ripe.net<mailto:anti-abuse-wg-bounces@ripe.net>>
Namens denis walker
Verzonden: dinsdag 31 mei 2022 19:27
Aan: Michele Neylon - Blacknight
<michele@blacknight.com<mailto:michele@blacknight.com>>
CC: anti-abuse-wg <anti-abuse-wg@ripe.net<mailto:anti-abuse-wg@ripe.net>>
Onderwerp: Re: [anti-abuse-wg] personal data in the RIPE Database

Hi Michele

The proposal is here
https://www.ripe.net/participate/policies/proposals/2022-01

cheers
denis
proposal author


On Tue, 31 May 2022 at 18:07, Michele Neylon - Blacknight
<michele@blacknight.com<mailto:michele@blacknight.com>> wrote:

>
> Denis
>
>
>
> Where's the actual proposal?
>
>
>
> I'd love to get my personal details removed - especially as they're for an
address I no longer occupy!
>
>
>
> Regards
>
>
> Michele
>
>
>
>
>
> --
>
> Mr Michele Neylon
>
> Blacknight Solutions
>
> Hosting, Colocation & Domains
>
> https://www.blacknight.com/
>
> https://blacknight.blog/
>
> Intl. +353 (0) 59 9183072
>
> Direct Dial: +353 (0)59 9183090
>
> Personal blog: https://michele.blog/
>
> Some thoughts: https://ceo.hosting/
>
> -------------------------------
>
> Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business
> Park,Sleaty
>
> Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845
>
>
>
>
>
> From: anti-abuse-wg
> <anti-abuse-wg-bounces@ripe.net<mailto:anti-abuse-wg-bounces@ripe.net>
> > on behalf of denis walker
> <ripedenis@gmail.com<mailto:ripedenis@gmail.com>>
> Date: Tuesday, 31 May 2022 at 14:12
> To: anti-abuse-wg
> <anti-abuse-wg@ripe.net<mailto:anti-abuse-wg@ripe.net>>
> Subject: [anti-abuse-wg] personal data in the RIPE Database
>
> [EXTERNAL EMAIL] Please use caution when opening attachments from
unrecognised sources.
>
> Colleagues
>
> I have raised an issue on the DB WG mailing list about publishing in
> the database the identity of natural persons holding resources. So far
> no one has been willing or able to support any public interest value
> in doing so. As things stand all personal data in the RIPE Database
> will have to be removed, or hidden from public view. If you have an
> opinion about this the conversation is here
> https://www.ripe.net/ripe/mail/archives/db-wg/2022-May/007432.html
>
> cheers
> denis
> 2022-01 proposal author
>
> --
>
> To unsubscribe from this mailing list, get a password reminder, or
> change your subscription options, please visit:
> https://lists.ripe.net/mailman/listinfo/anti-abuse-wg

--

To unsubscribe from this mailing list, get a password reminder, or change
your subscription options, please visit:
https://lists.ripe.net/mailman/listinfo/anti-abuse-wg


--

To unsubscribe from this mailing list, get a password reminder, or change
your subscription options, please visit:
https://lists.ripe.net/mailman/listinfo/anti-abuse-wg


--

To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/anti-abuse-wg