Enabling community self-help?
All, warning: crazy idea time Does it seem like a good idea to provide a way to attach "user comments" to network information? Background... Some people want someone to force ISP's to take responsibility for fixing abuse originating in their networks. The natural place for this enforcement appears to them to be the RIPE NCC (*). Contrariwise, the RIPE NCC is unable to unwilling to change its role from a fundamentally administrative to one that involves setting network usage policies. This involves risks in terms of anti-trust regulators, need to carefully define the limits of control, and setting up what amounts to a industry legal system (with both judges and police). Plus it is hard to get the RIPE NCC membership to support mechanisms which cost them money and limit their freedoms. On the 3rd hand, some people in the RIPE community (including me) also feel that it is very, very difficult to define what the required actions would be in the case of reported abuse. This reporting mechanism itself might indeed be a source of abuse (rivalries between companies could be fought by each accusing the other of hosting criminal activity). Crazy Idea... Lets crowd-source it. Maybe it makes sense to make something like a web forum for each allocated resource, or perhaps for the organization responsible for each. It could be something like a blog article with the contact and other information about each resource, and then a way to post comments about it. So, you might see that ISP ShaNet has working e-mail for abuse, but nobody ever sees any action beyond automated response. Such reports could be useful for people who *can* investigate and do something, such as law enforcement or regulators. A few decades of Internet forums have given us best practices in terms of policing forums for spam and abuse, for evaluating user trustworthiness and helpfulness, and for evaluating the value of individual comments or replies (+1). I think something like this would be within the realm of things that the RIPE NCC could provide. We could link to these pages from the WHOIS results (or go straight there for web queries perhaps). There are lots of web sites which publish consumer evaluations of various companies and products, so this really is not so different. -- Shane (*) Well, normally confused with RIPE (or Ripe). But the RIPE NCC is what they mean.
On Thu, Mar 29, 2012 at 2:23 PM, Shane Kerr <shane@time-travellers.org>wrote:
Some people want someone to force ISP's to take responsibility for fixing abuse originating in their networks. The natural place for this enforcement appears to them to be the RIPE NCC (*).
The issue isn't forcing ISPs to fix abuse at all - lots of blocklists and whatever else for that. The issue is making sure that the bad guys are simply not able to get themselves a /15 whenever they like simply because the paperwork verification is close enough to nonexistent. As for "picking on RIPE NCC", do please let me know if another RIR with an LIR model AND a bunch of criminals who have got the idea of setting themselves up as LIRs Contrariwise, the RIPE NCC is unable to unwilling to change its role
from a fundamentally administrative to one that involves setting network usage policies. This involves risks in terms of anti-trust regulators, need to carefully define the limits of control, and setting
This is an entirely strawman set of arguments. Can you please explain to me what part of SOCA's proposals about crosschecking ID / email address etc triggers a single antitrust regulation? Or a privacy regulation for that matter?
On the 3rd hand, some people in the RIPE community (including me) also feel that it is very, very difficult to define what the required actions would be in the case of reported abuse. This reporting mechanism itself might indeed be a source of abuse (rivalries between companies could be fought by each accusing the other of hosting criminal activity).
You might actually know if there's criiminal activity actually hosted there? As in some random guy asking "do you beat your wife" versus a lot of people coming up and saying that there's often scenes like loud arguments, screams, the sounds of blows / slaps etc being dealt, your wife turning up in public crying and with a black eye etc? ["generic you" of course], followed by a quick check that simply says you're a bigamist and so the marriage just wasn't valid, obtained under false pretences. Yes the analogy is stupid. Thank you in advance for pointing that out. about it. So, you might see that ISP ShaNet has working e-mail for
abuse, but nobody ever sees any action beyond automated response. Such reports could be useful for people who *can* investigate and do something, such as law enforcement or regulators.
Various blocklists and antispam forums / security lists do discuss that. However the point here is entirely different. Let us put it this way - provider X has lax security policies, hosts a bunch of spammers and has a ton of blocklist listings. But it also has legitimate customers and does provide what it says it provides - colo services. Provider Y in Eastern Europe is a front for a botmaster, hosts nothing but bot traffic and got itself an assigned-PA or PI /20 from RIPE NCC, after telling RIPE NCC its going to host whatever .. say some guy's family dog's homepage. The point here is not crowdsourcing opinion about a CIDR. The point is getting hostmasters to see the difference between provider X and provider Y, and see if they can't give X a /20 and deny Y his /20. SOCA appears to have a workable and standards based, complaint with european law, model there, as it happens. --srs
hi, On different occasions, Suresh Ramasubramanian wrote: [a lot of stuff] you seem to misunderstand the players in this game. ripe is the community. ripe ncc is just there to help organize. it handles coordination of ips and ases, as (or: where) they have to be unique. the only reason why ripe doesn't simply hand out any number of resources to anybody is that these are finite (well, in fact, otherwise ripe simply wouldn't exist). the only decisions on handing out resources done at ripe are regarding fairness (and subordinate/derived technical decisions on coordination). that's what constitutes its legitimacy. apart from that it is totally irrelevant who the requesting party is or is not. what you are wailing about is criminal proceedings, policing (and actually also judiciary and legislative proceedings, but i think you probably didn't realise that). this is the job of law courts and police, so you should refer to them. regards, Chris
On Thu, Mar 29, 2012 at 5:22 PM, Chris <chrish@consol.net> wrote:
ripe is the community. ripe ncc is just there to help organize. it handles coordination of ips and ases, as (or: where) they have to be unique. the only reason why ripe doesn't simply hand out any number of resources to anybody is that these are finite (well, in fact, otherwise ripe simply wouldn't exist). the only decisions on handing out resources done at ripe are regarding fairness (and subordinate/derived technical decisions on coordination). that's what constitutes its legitimacy. apart from that it is totally irrelevant who the requesting party is or is not.
I am sorry but yes I do understand that difference. I do still maintain that being the custodian of v4 and v6 address space for the RIPE community, RIPE NCC has a fiduciary (for lack of a better word, this isn't finance) responsibility to detect and deny fraudulent IP allocations.
what you are wailing about is criminal proceedings, policing (and actually also judiciary and legislative proceedings, but i think you probably didn't realise that). this is the job of law courts and police, so you should refer to them.
The problem is when they start to refer to the RIR. Which might happen sooner rather than later. That quote about "the police COULD HAVE VIEWED giving RBN an LIR status and lots of IP space as a money laundering offense" is entirely correct. In other words, a slightly more hard nosed cop and/or a more critical situation than that might trigger law enforcement or regulatory action because "I didn't know" is very rarely a valid excuse, and which is why several other more regulated industries have rather stricter due diligence requirements than what we're seeing here. -- Suresh Ramasubramanian (ops.lists@gmail.com)
[and by the way, hands up for those of you who are postmaster@ for a significant sized ISP and still believe in the "we are not the internet police" kool aid to the extent that it gets believed in by a lot of the IP engineering people who are posting here].
On 03/29/2012 02:09 PM, Suresh Ramasubramanian wrote:
I am sorry but yes I do understand that difference. I do still maintain
no you didn't.
On Thu, Mar 29, 2012 at 5:46 PM, Chris <chrish@consol.net> wrote:
On 03/29/2012 02:09 PM, Suresh Ramasubramanian wrote:
I am sorry but yes I do understand that difference. I do still maintain
no you didn't.
"he said, she said" etc. Am I blaming RIPE rather than RIPE NCC for being slack in their IP allocation policies by any chance? -- Suresh Ramasubramanian (ops.lists@gmail.com)
Hi, On Thu, Mar 29, 2012 at 05:39:31PM +0530, Suresh Ramasubramanian wrote:
That quote about "the police COULD HAVE VIEWED giving RBN an LIR status and lots of IP space as a money laundering offense" is entirely correct. In
This is complete bullshit. You don't commit a "money laundering offense" by selling bread to a criminal either. Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (89) 32356-444 USt-IdNr.: DE813185279
Not bread to a criminal. Supplying him money on the other hand? On Thu, Mar 29, 2012 at 6:10 PM, Gert Doering <gert@space.net> wrote:
On Thu, Mar 29, 2012 at 05:39:31PM +0530, Suresh Ramasubramanian wrote:
That quote about "the police COULD HAVE VIEWED giving RBN an LIR status and lots of IP space as a money laundering offense" is entirely correct. In
This is complete bullshit. You don't commit a "money laundering offense" by selling bread to a criminal either.
-- Suresh Ramasubramanian (ops.lists@gmail.com)
Hi, On Thu, Mar 29, 2012 at 06:16:25PM +0530, Suresh Ramasubramanian wrote:
Not bread to a criminal. Supplying him money on the other hand?
Money was flowing from the alleged criminals *to* the RIPE NCC. Is "providing resources in exchange for money" considered "money laundering" these days? And why is an IP address range different from a loaf of bread, or a leased car? Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (89) 32356-444 USt-IdNr.: DE813185279
Eh. The term itself originated because capone set up a chain of laundries which earned him lots of profits, to account for all the money he was raking in from bootleg booze In any case, look at this - http://articles.latimes.com/2011/aug/25/business/la-fi-google-settlement-201... On Thu, Mar 29, 2012 at 6:20 PM, Gert Doering <gert@space.net> wrote:
Money was flowing from the alleged criminals *to* the RIPE NCC.
Is "providing resources in exchange for money" considered "money laundering" these days? And why is an IP address range different from a loaf of bread, or a leased car?
-- Suresh Ramasubramanian (ops.lists@gmail.com)
Hi, On Thu, Mar 29, 2012 at 07:51:10PM +0530, Suresh Ramasubramanian wrote:
Eh. The term itself originated because capone set up a chain of laundries which earned him lots of profits, to account for all the money he was raking in from bootleg booze
You missed answering my question: what makes the RIPE NCC different from any other business making deals with an alleged criminal that happens to have money from dirty sources? Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (89) 32356-444 USt-IdNr.: DE813185279
On Thu, Mar 29, 2012 at 7:58 PM, Gert Doering <gert@space.net> wrote:
You missed answering my question: what makes the RIPE NCC different from any other business making deals with an alleged criminal that happens to have money from dirty sources?
Knowing that it occurs. Not taking adequate due diligence to prevent such occurance. I won't say it - but let me play devils advocate, there won't be any shortage of law enforcement saying if the circumstances are right and if the person handling the case feels it appropriate. -- Suresh Ramasubramanian (ops.lists@gmail.com)
On Thu, Mar 29, 2012 at 8:04 PM, Suresh Ramasubramanian <ops.lists@gmail.com
wrote:
I won't say it - but let me play devils advocate, there won't be any shortage of law enforcement saying if the circumstances are right and if the person handling the case feels it appropriate.
At least in the UK, it is a related concept - and yes it includes money gained from theft http://en.wikipedia.org/wiki/Handling_stolen_goods#Elements_of_the_offence
Includes any proceeds of that property, including money for which it has been sold, and anything bought with those proceeds
The situation is further complicated by the concept of recklessness or wilful blindness to the circumstances; either will be treated as a belief
.. and this part is a bit dodgier because - yes it will depend on interpretation, and will be sufficient grounds to at least launch a prosecution, freezing of accounts while the case is in progress etc. that the goods are stolen. Thus, *suspicion* will be converted into belief when the facts are so obvious that belief may safely be imputed<http://en.wikipedia.org/wiki/Imputation_%28law%29> -- Suresh Ramasubramanian (ops.lists@gmail.com)
Hi, On Thu, Mar 29, 2012 at 08:04:05PM +0530, Suresh Ramasubramanian wrote:
On Thu, Mar 29, 2012 at 7:58 PM, Gert Doering <gert@space.net> wrote:
You missed answering my question: what makes the RIPE NCC different from any other business making deals with an alleged criminal that happens to have money from dirty sources?
Knowing that it occurs. Not taking adequate due diligence to prevent such occurance.
So selling bread to someone that you suspects might do non-lawful stuff makes yourself a villain? Sheesh, don't you see how ridiculous that claim is? Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (89) 32356-444 USt-IdNr.: DE813185279
On Thu, Mar 29, 2012 at 8:10 PM, Gert Doering <gert@space.net> wrote:
So selling bread to someone that you suspects might do non-lawful stuff makes yourself a villain?
Sheesh, don't you see how ridiculous that claim is?
For questions like that, you need something on dutch law and/or what dutch law enforcement will or won't do. But rest assured, you will be hard put to find a jurisdiction where a credible case can't be made out if the prosecuting officer tries to make it. -- Suresh Ramasubramanian (ops.lists@gmail.com)
Knowing that it occurs. Not taking adequate due diligence to prevent such occurance.
So selling bread to someone that you suspects might do non-lawful stuff makes yourself a villain?
There's a difference between 'knowing' and 'suspecting'. And if a company/person knowingly facilitates crime, it could be 'complicity'. Under circumstances. It's another nice busy day here @anti-abuse. +++++++++++++++++++++++++++++++++++++++++++++ Disclaimer Dit e-mailbericht kan vertrouwelijke informatie bevatten of informatie die is beschermd door een beroepsgeheim. Indien dit bericht niet voor u is bestemd, wijzen wij u erop dat elke vorm van verspreiding, vermenigvuldiging of ander gebruik ervan niet is toegestaan. Indien dit bericht blijkbaar bij vergissing bij u terecht is gekomen, verzoeken wij u ons daarvan direct op de hoogte te stellen via tel.nr 070 315 3500 of e-mail mailto:mail@opta.nl en het bericht te vernietigen. Dit e-mailbericht is uitsluitend gecontroleerd op virussen. OPTA aanvaardt geen enkele aansprakelijkheid voor de feitelijke inhoud en juistheid van dit bericht en er kunnen geen rechten aan worden ontleend. This e-mail message may contain confidential information or information protected by professional privilege. If it is not intended for you, you should be aware that any distribution, copying or other form of use of this message is not permitted. If it has apparently reached you by mistake, we urge you to notify us by phone +31 70 315 3500 or e-mail mailto:mail@opta.nl and destroy the message immediately. This e-mail message has only been checked for viruses. The accuracy, relevance, timeliness or completeness of the information provided cannot be guaranteed. OPTA expressly disclaims any responsibility in relation to the information in this e-mail message. No rights can be derived from this message.
And I think most countries - not sure about the netherlands - make it "know or ought to have known" Which is where due diligence, know your customer norms etc come in for bankers. On Thu, Mar 29, 2012 at 8:14 PM, Vissers, Pepijn <P.Vissers@opta.nl> wrote:
There's a difference between 'knowing' and 'suspecting'. And if a company/person knowingly facilitates crime, it could be 'complicity'. Under circumstances.
It's another nice busy day here @anti-abuse.
-- Suresh Ramasubramanian (ops.lists@gmail.com)
Hi, On Thu, Mar 29, 2012 at 02:44:33PM +0000, Vissers, Pepijn wrote:
Knowing that it occurs. Not taking adequate due diligence to prevent such occurance.
So selling bread to someone that you suspects might do non-lawful stuff makes yourself a villain?
There's a difference between 'knowing' and 'suspecting'. And if a company/person knowingly facilitates crime, it could be 'complicity'. Under circumstances.
So "selling bread to criminals" is "facilitating crime"? Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (89) 32356-444 USt-IdNr.: DE813185279
On Thu, Mar 29, 2012 at 8:19 PM, Gert Doering <gert@space.net> wrote:
So "selling bread to criminals" is "facilitating crime"?
If you can find a crime where a criminal uses a loaf of bread to commit it - yes certainly. -- Suresh Ramasubramanian (ops.lists@gmail.com)
There's a difference between 'knowing' and 'suspecting'. And if a company/person knowingly facilitates crime, it could be 'complicity'. Under circumstances.
So "selling bread to criminals" is "facilitating crime"?
You pretend to miss the point. I won't feed. Have a nice afternoon all. Pepijn +++++++++++++++++++++++++++++++++++++++++++++ Disclaimer Dit e-mailbericht kan vertrouwelijke informatie bevatten of informatie die is beschermd door een beroepsgeheim. Indien dit bericht niet voor u is bestemd, wijzen wij u erop dat elke vorm van verspreiding, vermenigvuldiging of ander gebruik ervan niet is toegestaan. Indien dit bericht blijkbaar bij vergissing bij u terecht is gekomen, verzoeken wij u ons daarvan direct op de hoogte te stellen via tel.nr 070 315 3500 of e-mail mailto:mail@opta.nl en het bericht te vernietigen. Dit e-mailbericht is uitsluitend gecontroleerd op virussen. OPTA aanvaardt geen enkele aansprakelijkheid voor de feitelijke inhoud en juistheid van dit bericht en er kunnen geen rechten aan worden ontleend. This e-mail message may contain confidential information or information protected by professional privilege. If it is not intended for you, you should be aware that any distribution, copying or other form of use of this message is not permitted. If it has apparently reached you by mistake, we urge you to notify us by phone +31 70 315 3500 or e-mail mailto:mail@opta.nl and destroy the message immediately. This e-mail message has only been checked for viruses. The accuracy, relevance, timeliness or completeness of the information provided cannot be guaranteed. OPTA expressly disclaims any responsibility in relation to the information in this e-mail message. No rights can be derived from this message.
On Thu, Mar 29, 2012 at 8:22 PM, Vissers, Pepijn <P.Vissers@opta.nl> wrote:
So "selling bread to criminals" is "facilitating crime"?
You pretend to miss the point. I won't feed.
Have a nice afternoon all.
and do remember, Gert, "dont want to know" aka "we are not the internet police" != "don't know" or "couldn't possibly know". -- Suresh Ramasubramanian (ops.lists@gmail.com)
Hi, On Thu, Mar 29, 2012 at 02:52:01PM +0000, Vissers, Pepijn wrote:
There's a difference between 'knowing' and 'suspecting'. And if a company/person knowingly facilitates crime, it could be 'complicity'. Under circumstances.
So "selling bread to criminals" is "facilitating crime"?
You pretend to miss the point. I won't feed.
Actually I'm dead serious, and I suspect Suresh is missing the point. I consider the original claim to be completely ridiculous, and I'm trying to find analogies that make this obvious. Or, let's phrase it differently. What do you expect the RIPE NCC to *do* upon registration of a new LIR, if you all think that "check their company registration papers with the company register to see that this is a company in good standing in their home country" is not enough? Requiring the RIPE NCC to get a full police background check on the persons listed as contact persons will cause a massive uproar - and not solve anything either. So: what should the NCC do, to avoid being a "partner in crime"? As long as a prospective LIR and their owners have not actually done anything illegal (as in "have been convicted by proper legal processes" not in "Suresh doesn't like what they are doing"), it's a bit hard to find reasons in the legal framework of the EU to deny them membership and IP addresses. Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (89) 32356-444 USt-IdNr.: DE813185279
Does the SOCA 5C model fail to meet your requirements for IP whois compared to domain whois? On Thu, Mar 29, 2012 at 8:28 PM, Gert Doering <gert@space.net> wrote:
Or, let's phrase it differently. What do you expect the RIPE NCC to *do* upon registration of a new LIR, if you all think that "check their company registration papers with the company register to see that this is a company in good standing in their home country" is not enough?
-- Suresh Ramasubramanian (ops.lists@gmail.com)
Hi, On Thu, Mar 29, 2012 at 08:29:47PM +0530, Suresh Ramasubramanian wrote:
Does the SOCA 5C model fail to meet your requirements for IP whois compared to domain whois?
*My* requirements are already met. *If* the legal authorities in a given country convict the owners of a LIR, the RIPE NCC will take the resources away. This is good enough for me, and this is how *law* works in the EU. You seem to require something else. Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (89) 32356-444 USt-IdNr.: DE813185279
On Thu, Mar 29, 2012 at 8:32 PM, Gert Doering <gert@space.net> wrote:
*My* requirements are already met. *If* the legal authorities in a given country convict the owners of a LIR, the RIPE NCC will take the resources away. This is good enough for me, and this is how *law* works in the EU.
You seem to require something else.
This ignores, for example, that there are several jurisdictions where for various reasons a conviction is hard or impossible for reasons such as - All the illegal actions (whatever they are) are committed against citizens of other countries Inadequate laws in the country where the criminal is based Lack of mutual legal assistance etc treaties with a country where law enforcement is interested + has victims seeking redress Possible bribery of local police and judiciary by the criminals .. etc .. -- Suresh Ramasubramanian (ops.lists@gmail.com)
Hi, On Thu, Mar 29, 2012 at 08:56:49PM +0530, Suresh Ramasubramanian wrote:
*My* requirements are already met. *If* the legal authorities in a given country convict the owners of a LIR, the RIPE NCC will take the resources away. This is good enough for me, and this is how *law* works in the EU.
You seem to require something else.
This ignores, for example, that there are several jurisdictions where for various reasons a conviction is hard or impossible for reasons such as -
All the illegal actions (whatever they are) are committed against citizens of other countries Inadequate laws in the country where the criminal is based Lack of mutual legal assistance etc treaties with a country where law enforcement is interested + has victims seeking redress Possible bribery of local police and judiciary by the criminals
Yes, I understand that. But what's the consequence? What other legal system can we use, if not either the legal system valid in the country a LIR is located, or something like "international maritine law" (which doesn't particularily help here). There is no Internet Law yet that we could use to decide upon someone's "badness". Yelling at the RIPE NCC's refusal to become the Internet Police based on something that's outside the existing legal system is not really helping. To come back to your example: if you think that a specific country, let's call it ".xx", is not up to your legal standards and there is no goodness coming from there - well, filter all networks registered to .xx LIRs in your routers. That will keep the badness out of your network, and if the pressure becomes too high, something *will* change in that country. Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (89) 32356-444 USt-IdNr.: DE813185279
Due diligence to know your customer norms accepted in most if not all the service provider industry is not "internet policing" and I'm certainly not going to block a country at my border routers. On Thu, Mar 29, 2012 at 11:01 PM, Gert Doering <gert@space.net> wrote:
Yelling at the RIPE NCC's refusal to become the Internet Police based on something that's outside the existing legal system is not really helping.
-- Suresh Ramasubramanian (ops.lists@gmail.com)
Hi, On Thu, Mar 29, 2012 at 11:03:36PM +0530, Suresh Ramasubramanian wrote:
Due diligence to know your customer norms accepted in most if not all the service provider industry is not "internet policing" and I'm certainly not going to block a country at my border routers.
If the customer is not doing anything illegal, their papers are in order (contracts on paper arrive at the address given, and come back with a signature), and they are paying their fees, what else do you want to see for due diligence? So what? Not accept customers/members because they don't wash, and smell bad? I wonder when someone will show up and demands to reject LIRs that host content for adult entertainment... because that's illegal in some states in the world. Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (89) 32356-444 USt-IdNr.: DE813185279
The swiss ccTLD seems to have things set up just right - and I would be interested to find out if you think they're in breach of any european law for doing what RIPE NCC appears to steadfastly refuse to do. https://www.nic.ch/reg/cm/wcm-page/index.html?res=EF6GW2JBPVTG67DLNIQXU234MN... 2.5 Duty of data maintenance The holder is responsible for ensuring that all the data of domain names registered for the holder and recorded by SWITCH in the database, such as the data of the contact persons and technical details of the domain name, are kept up-to-date, complete and correct for the entire term of registration. For SWITCH, only the respective data registered in its database are authoritative. SWITCH is not obliged to take note of data communicated other than via www.nic.ch or the interface or to itself conduct research into the accuracy of these data. If the data prove to be incomplete, inaccurate or not up-to-date, particularly with regard to references to a third party, and if as a result the identity of the holder can be determined only at disproportionate time and effort or if messages to the holder and/or the billing contact are undeliverable, SWITCH is entitled to revoke this holder's domain name. 2.6 Holder's correspondence address SWITCH may demand that the holder of a domain name without a correspondence address in Switzerland for .ch domain names, or in Liechtenstein for .li domain names, supply such an address within 30 calendar days upon a demand to this effect from a Swiss authority for .ch or the Liechtenstein Office of Telecommunications (AK) for .li. Should the holder fail to supply any address or fail to supply a valid and correct correspondence address in Switzerland or Liechtenstein within this deadline, SWITCH will revoke his domain name. *3.2.3* *Temporary blocking of domain names and/or deletion of the name server assignment* b) Blocking of a domain name on suspicion of abuse If there is a justified suspicion that the domain name is being used to obtain sensitive data by wrongful means or to disseminate harmful software (malicious code), SWITCH may delete the name server assignment to a domain name and block it for five days. SWITCH is obliged to block a domain name for 30 days if an application to this effect is made by an agency appropriately recognised by the Swiss Federal Office of Communications (OFCOM). The holder may demand a contestable order against the block from the Federal Office of Police (FEDPOL) within 30 days of its commencement. Otherwise, the further procedure and process is governed by the relevant provisions of the Ordinance on Addressing Resources in the Telecommunications Sector (OARTS). On Thu, Mar 29, 2012 at 11:11 PM, Gert Doering <gert@space.net> wrote:
If the customer is not doing anything illegal, their papers are in order (contracts on paper arrive at the address given, and come back with a signature), and they are paying their fees, what else do you want to see for due diligence?
-- Suresh Ramasubramanian (ops.lists@gmail.com)
On Thu, Mar 29, 2012 at 11:33:15PM +0530, Suresh Ramasubramanian wrote: Suresh,
The swiss ccTLD seems to have things set up just right - and I would be
Correct me if I am wrong, but this was about RIPE is (not) doing?
for 30 days if an application to this effect is made by an agency appropriately recognised by the Swiss Federal Office of Communications (OFCOM). The holder may demand a contestable order against the block from the Federal Office of Police (FEDPOL) within 30 days of its commencement. Otherwise, the further procedure and process is governed by the relevant provisions of the Ordinance on Addressing Resources in the Telecommunications Sector (OARTS).
This defines how things are running after complaints are raised. I doubt they would go deeper other than checking if their standards are met, so this would not prevent me from setting up a malicious .ch domain. Cheers, Adrian
i agree with suresh - ripe has been handing over /15 or even /13 lately to criminals who know how to use high bandwidth pipes to spam like crazy. I am not worried about a /24 given to bad guys - but in this world where ipv4 addresses are so scarce, handing over such huge range of addresses is not correct and it is common sense for everyone to understand this - how can somebody who did right paper work get /15 without proper justification ? On Thu, Mar 29, 2012 at 10:41 AM, Gert Doering <gert@space.net> wrote:
Hi,
On Thu, Mar 29, 2012 at 11:03:36PM +0530, Suresh Ramasubramanian wrote:
Due diligence to know your customer norms accepted in most if not all the service provider industry is not "internet policing" and I'm certainly not going to block a country at my border routers.
If the customer is not doing anything illegal, their papers are in order (contracts on paper arrive at the address given, and come back with a signature), and they are paying their fees, what else do you want to see for due diligence?
So what? Not accept customers/members because they don't wash, and smell bad?
I wonder when someone will show up and demands to reject LIRs that host content for adult entertainment... because that's illegal in some states in the world.
Gert Doering -- NetMaster -- have you enabled IPv6 on something today...?
SpaceNet AG Vorstand: Sebastian v. Bomhard Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (89) 32356-444 USt-IdNr.: DE813185279
Hi, On Thu, Mar 29, 2012 at 12:32:02PM -0700, Vijay Eranti (??? ??????????????? ???????????????) wrote:
i agree with suresh - ripe has been handing over /15 or even /13 lately to criminals who know how to use high bandwidth pipes to spam like crazy. I am
Are these criminals because a judge said so, or because you do not like their business practices? This is a serious question. (Don't get me wrong: I'm not defending spammers, but I *do* like the fact that the RIPE NCC operates inside the legal framework of the countries it's serving) Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (89) 32356-444 USt-IdNr.: DE813185279
A lot of antispam laws (eg: australia, canada etc) use the "country link" concept If the spam was originated from an IP in australia, paid for by an australian, **received by an australian**, then australian law has jurisdiction over it and the competent authority (telecom regulator / law enforcement) can decide to follow up on the case So just because spam isn't illegal in, say, romania might be moot On 3/30/12, Gert Doering <gert@space.net> wrote:
Hi,
On Thu, Mar 29, 2012 at 12:32:02PM -0700, Vijay Eranti (??? ??????????????? ???????????????) wrote:
i agree with suresh - ripe has been handing over /15 or even /13 lately to criminals who know how to use high bandwidth pipes to spam like crazy. I am
Are these criminals because a judge said so, or because you do not like their business practices?
This is a serious question.
(Don't get me wrong: I'm not defending spammers, but I *do* like the fact that the RIPE NCC operates inside the legal framework of the countries it's serving)
Gert Doering -- NetMaster -- have you enabled IPv6 on something today...?
SpaceNet AG Vorstand: Sebastian v. Bomhard Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (89) 32356-444 USt-IdNr.: DE813185279
-- Suresh Ramasubramanian (ops.lists@gmail.com)
BTW Gert - never mind the "spam is illegal or not" type argument here. Let us try it another way. Does the average russian botmaster who submits paperwork for a new /20 say he needs the /20 to host his botnet c&cs? Or something else entirely? In other words, besides all the ranting about how you are not the document police so you can't possibly verify the registrant .. does that document policing argument also extend to not verifying all the weird and wonderful stories about media streaming, colo etc that the botmaster spins RIPE NCC in his allocation paperwork? Kind of reminds me of all the interesting stories I get when I evaluate apricot and sanog fellowship applications .. some people will write anything at all they please to get a paid holiday to Singapore or wherever.. so there absolutely has to be verification and feedback somewhere in the process or else deserving candidates get left out while some freeloader with a convincing application manages to get himself a paid holiday. So how would "document police" be an accepted and necessary practice in ops and RIR circles when verifying something like awarding a few hundred dollars worth of fellowship to a person, and become taboo when talking about verifying who is applying for all that IP space, and for what purpose? --srs On Fri, Mar 30, 2012 at 1:32 AM, Gert Doering <gert@space.net> wrote:
Are these criminals because a judge said so, or because you do not like their business practices?
This is a serious question.
-- Suresh Ramasubramanian (ops.lists@gmail.com)
HI, On Fri, Mar 30, 2012 at 09:36:38AM +0530, Suresh Ramasubramanian wrote:
BTW Gert - never mind the "spam is illegal or not" type argument here. Let us try it another way.
Does the average russian botmaster who submits paperwork for a new /20 say he needs the /20 to host his botnet c&cs?
Or something else entirely?
In other words, besides all the ranting about how you are not the document police so you can't possibly verify the registrant .. does that document policing argument also extend to not verifying all the weird and wonderful stories about media streaming, colo etc that the botmaster spins RIPE NCC in his allocation paperwork?
So how exactly do you verify business *plans*? We've seen enough customers come up with wonderful ideas about their Internet application, requesting a /22 or similar, only to figure out half a year later that their idea wasn't so good in the end, they have only used 5 IP addresses, and are nearly bancrupt. So how can you see at application time whether something is a cool idea that might or might not work out (but you wouldn't know until half a year later) or is a blatant lie (which you wouldn't see unless they start using the space and complaints come in)? Besides... sending mail *is* a perfectly acceptable usage of IP addresses. Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (89) 32356-444 USt-IdNr.: DE813185279
On Fri, Mar 30, 2012 at 1:19 PM, Gert Doering <gert@space.net> wrote:
Besides... sending mail *is* a perfectly acceptable usage of IP addresses.
Let us leave the romanian snowshoe spammers getting their /15s aside for the moment and focus on no shortage of PI / PA netblocks assigned to botmasters, shall we? I hope running a botnet isn't a perfectly acceptable usage of IP addresses? -- Suresh Ramasubramanian (ops.lists@gmail.com)
* Suresh Ramasubramanian:
Does the average russian botmaster who submits paperwork for a new /20 say he needs the /20 to host his botnet c&cs?
I think the LIR submits a request for "dedicated server hosting for customers" to RIPE NCC. The LIR might not even know the actual purpose because it is providing infrastructure to a reseller.
On Sun, Apr 8, 2012 at 6:01 PM, Florian Weimer <fw@deneb.enyo.de> wrote:
I think the LIR submits a request for "dedicated server hosting for customers" to RIPE NCC. The LIR might not even know the actual purpose because it is providing infrastructure to a reseller.
Given the right LIR .. yes, dedicated server hosting for customers would cover that use case. Just about. They never did say what sort of customer did they? :) -- Suresh Ramasubramanian (ops.lists@gmail.com)
hi! On 03/29/2012 09:32 PM, Vijay Eranti (✌ విజయ్ ఈరంటి) wrote:
i agree with suresh - ripe has been handing over /15 or even /13 lately to criminals who know how to use high bandwidth pipes to spam like crazy. I am
i'm not happy with this either, there are a lot of things i'd personally regard as criminal, not only google. but it's plain madness to believe that i or you or ripe or anybody else than a state can define and enforce - well, law. go to your legal agencies and follow the legal procedures. and btw: ip space is a commons. ripe doesn't sell any resources, it doesn't have any (well - not those we're talking about here) it just coordinates inside the community. and again btw, regarding one of the irrelevant parts of this thread: a botnet is not a criminal registering a /20, installing 2^12 boxes with a bot-trojan on it. it's a bunch of independent windows-boxes connecting to some services used as c&c channel (who don't know anything about all this). so persons taking the botnet-angst seriously, actually really have to desperately want to take action against windows... sbdy registering a /20, installing "bot-clients" on his boxes - that's called "cloud" i believe. and i don't think it is correct to assume they are all illegal. like i don't think cars should be illegal just because some of them kill people... and while we're at it: looking at guns - posession of a gun is illegal. i don't think it's a good idea trying to make ips illegal... regards, Chris
*boggle* ok. so where do I start .. explaining what a botnet c&c is? or what "cloud" is? or ... oh forget it. *plonk* On Fri, Mar 30, 2012 at 3:57 PM, <chrish@consol.net> wrote:
and again btw, regarding one of the irrelevant parts of this thread: a botnet is not a criminal registering a /20, installing 2^12 boxes with a bot-trojan on it. it's a bunch of independent windows-boxes connecting to some services used as c&c channel (who don't know anything about all this). so persons taking the botnet-angst seriously, actually really have to desperately want to take action against windows... sbdy registering a /20, installing "bot-clients" on his boxes - that's called "cloud" i believe. and i don't think it is correct to assume they are all illegal. like i don't think cars should be illegal just because some of them kill people... and while we're at it: looking at guns - posession of a gun is illegal. i don't think it's a good idea trying to make ips illegal...
-- Suresh Ramasubramanian (ops.lists@gmail.com)
On Fri, Mar 30, 2012 at 12:27:01PM +0200, chrish@consol.net wrote:
[...] and again btw, regarding one of the irrelevant parts of this thread: a botnet is not a criminal registering a /20, installing 2^12 boxes with a bot-trojan on it. it's a bunch of independent windows-boxes connecting to some services used as c&c channel (who don't know anything about all this). so persons taking the botnet-angst seriously, actually really have to desperately want to take action against windows... sbdy registering a /20, installing "bot-clients" on his boxes - that's called "cloud" i believe. and i don't think it is correct to assume they are all illegal. like i don't think cars should be illegal just because some of them kill people... and while we're at it: looking at guns - posession of a gun is illegal. i don't think it's a good idea trying to make ips illegal...
From what I understood, the discussion was about networks controlled by criminals, not about networks abused by criminals.
For instance, one of such networks _was_ RBN, as described in: http://en.wikipedia.org/wiki/Russian_Business_Network Before being shut down and going to the general press and in Wikipedia, RBN was extremely well known to the antiabuse community. At the present time, there are dozens of similar networks, entirely controlled by criminals and used exclusively for criminal activity, as for instance determined by the impossibility to locate any legitimate service in them, the network operators simulating fake terminations while moving the criminals from one range to another, etc. Such networks always remain rather obscure and not known outside the anti-abuse community, until some law enforcements agency or possibly Microsoft or other actors take it down and start issuing press releases at full throttle. Then everybody says "Aaaah! Good! Well done!". But, unfortunately, this happens only in a small fraction of cases. The remaining cases.. well, they are the problem under discussion. We see it right here in this thread: people working in the field know very well what these networks are, but they are not believed, discussions expand to entirely non-related issues, and in any case nothing can be done on the RIR side ever because it's not in the RIR mandate. And I found it absolutely disheartening that a person that was putting work and energy on this problem in the RIPE area - where this problem is bigger than in the other regions - was removed from the co-chair position of this working group, without even discussing it in the list. Since then, my impression is that the problem of large allocations to criminals is being swept under the carpet, with no hope for any solution in the short or medium term. furio
That was about the strangest bit of voting I ever saw Various SIG / WG chairs just happening to be there at that time, Richard not around either .. On Fri, Mar 30, 2012 at 7:00 PM, furio ercolessi <furio+as@spin.it> wrote:
And I found it absolutely disheartening that a person that was putting work and energy on this problem in the RIPE area - where this problem is bigger than in the other regions - was removed from the co-chair position of this working group, without even discussing it in the list. Since then, my impression is that the problem of large allocations to criminals is being swept under the carpet, with no hope for any solution in the short or medium term.
-- Suresh Ramasubramanian (ops.lists@gmail.com)
That was about the strangest bit of voting I ever saw Various SIG / WG chairs just happening to be there at that time, Richard not around either ..
It is pretty obvious to anyone that these procedures and working groups are not legitimate community participation, they are shams so a small group of people can do what they want and they point to these groups as justification for what they are doing .... still waiting for RIPE to release the legal opinions they say they have related to whois access.
On 03/30/2012 03:30 PM, furio ercolessi wrote:
From what I understood, the discussion was about networks controlled by criminals, not about networks abused by criminals.
...and they were called bot-nets. quite ri... err - wrong. ;)
RBN was extremely well known to the antiabuse community.
also extremely well known is that the legal situation in russia is quite different from many others. which brings us back to the core of the thread again: no, ripe was not, is not, and can never be a legislative, judicative, or police. if you think you are dealing with criminal activity, go to the legal organisations. if you are unhappy with a country's legislative - well, i don't know, start some war or whatever you do in such cases...
controlled by criminals and used exclusively for criminal activity,
to make it short: if you want to deal with criminals, go to the police! apart from that i take it as probable libel. i mean, even if i believed you might sort of really know what you're talking about: 'exclusively for criminal activity' - come on, maybe you're not jurisprudence, but nevertheless, to take part in such discussions, a basic level of accurateness is really a must. at least to be taken seriously, i mean otherwise people just hardly have a choice than to assume what you say is not true. to decide about this is a court's responsibility anyway.
anti-abuse community, until some law enforcements agency or possibly
see, you know how it works. (let's ignore the or-part, for civilisation's sake...)
it right here in this thread: people working in the field know very well
that's not what i observe. i mean taking away some ips to stop a bot-network... let's just stick to the topic's facts in this discussion, i'd very much appreciate that. what's the point in pointing out how good or bad you think sbdy might be. and from what i see it's more like a political wannabe-fight that can be observed here, than a substantiated technical discussion. (actually, a few of them :)
the RIR side ever because it's not in the RIR mandate.
again, in the end you seem to know how it works.
is bigger than in the other regions - was removed from the co-chair
i don't know about this issue, what happened and what not - but what i can say is that a chair having problems understanding the nature of ripe - i'd certainly vote to drop that one.
to criminals is being swept under the carpet, with no hope for any
when i read this kind of rants, imagining the same people declaring who or what is criminal and what not sends shivers down my spine... let's hope rule of law will be a surviving concept. regards, Chris
On Thu, Mar 29, 2012 at 04:58:05PM +0200, Gert Doering wrote: Gert,
not solve anything either. So: what should the NCC do, to avoid
Second that. Such a system could be subverted easily by criminals (bet they do), thus not improving the current situation. Cheers, Adrian
what makes the RIPE NCC different from any other business making deals with an alleged criminal that happens to have money from dirty sources? Gert Doering -- NetMaster
There is no restriction on a business doing business with alleged criminals and there is no definition of "dirty sources" so there is no restriction there either. What is normally done in those situations is that court order is obtained if there are illegal activities.
The resource that RIPE NCC is provides (in exchange for money) directly enables them to commit their crime.. and worse provides them some amount of cover for it. --heather On Thu, Mar 29, 2012 at 10:28 AM, Gert Doering <gert@space.net> wrote:
Hi,
On Thu, Mar 29, 2012 at 07:51:10PM +0530, Suresh Ramasubramanian wrote:
Eh. The term itself originated because capone set up a chain of laundries which earned him lots of profits, to account for all the money he was raking in from bootleg booze
You missed answering my question: what makes the RIPE NCC different from any other business making deals with an alleged criminal that happens to have money from dirty sources?
Gert Doering -- NetMaster -- have you enabled IPv6 on something today...?
SpaceNet AG Vorstand: Sebastian v. Bomhard Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (89) 32356-444 USt-IdNr.: DE813185279
On Fri, Mar 30, 2012 at 12:58 AM, Heather Schiller <heather.skanks@gmail.com> wrote:
The resource that RIPE NCC is provides (in exchange for money) directly enables them to commit their crime.. and worse provides them some amount of cover for it.
To use a similar - and very loaded - argument - look at gun shops. The majority of people buying guns use them for home defense, hunting, target shooting for fun, whatever. There's a tiny minority who will buy the guns to actually go out and rob a bank or murder someone or whatever. That still means gun shops have a requirement to verify ID, and a gun store owner telling a cop tracing a murder weapon that "I am not the document police" would be in for a very interesting experience indeed. Of if you don't like the idea of guns, try locksmith tools - the sale of which is just as carefully controlled. Or anything else at all that is dual use in nature. -- Suresh Ramasubramanian (ops.lists@gmail.com)
*Suresh Bhaiya,
To use a similar - and very loaded - argument - look at gun shops.
The majority of people buying guns use them for home defense, hunting, target shooting for fun, whatever.
There's a tiny minority who will buy the guns to actually go out and rob a bank or murder someone or whatever.
That still means gun shops have a requirement to verify ID, and a gun store owner telling a cop tracing a murder weapon that "I am not the document police" would be in for a very interesting experience indeed.
If we keep this analogy as benchmark (which many would mind). Gun Shop verified the ID and it was legitimate by the look of the card or document but they has no means to trace back the documents/ID to a real person. No online verification. So whats the purpose of having such verification. Same is the case with RIR, isn't it? They check the documents but they don't have the means to traceback the legitimacy of all the documents and claims the customer is posing. Correct me if I'm wrong? Regards Aftab A. Siddiqui.
Hi Aftab - its not just wave an ID and you can get a gun, there's a background check too :) http://www.ehow.com/way_5958275_do-background-check-firearm-purchase_.html Not very topical here and I think RIPE NCC just might have a heart attack if someone went and mandated background checks to acquire IP space .. but well, there's other ways, including revocation of resources. On Fri, Mar 30, 2012 at 11:17 AM, Aftab Siddiqui <aftab.siddiqui@gmail.com> wrote:
If we keep this analogy as benchmark (which many would mind). Gun Shop verified the ID and it was legitimate by the look of the card or document but they has no means to trace back the documents/ID to a real person. No online verification.
So whats the purpose of having such verification. Same is the case with RIR, isn't it? They check the documents but they don't have the means to traceback the legitimacy of all the documents and claims the customer is posing.
-- Suresh Ramasubramanian (ops.lists@gmail.com)
Suresh, [ Sorry for the late reply! ] On Thursday, 2012-03-29 15:57:07 +0530, Suresh Ramasubramanian <ops.lists@gmail.com> wrote:
On Thu, Mar 29, 2012 at 2:23 PM, Shane Kerr <shane@time-travellers.org>wrote:
The issue is making sure that the bad guys are simply not able to get themselves a /15 whenever they like simply because the paperwork verification is close enough to nonexistent.
If that is the only issue that you care about, then a community self-help site is not what you want. I was going to go through your long mail point by point but then realized that it would be a waste of time. I think that it is fair that you have other goals, but perhaps you can refrain from commenting further on this proposal so that people who might find it useful can discuss it? Thanks.
This is an entirely strawman set of arguments. Can you please explain to me what part of SOCA's proposals about crosschecking ID / email address etc triggers a single antitrust regulation? Or a privacy regulation for that matter?
I guess you mean the British Serious Organised Crime Agency? I have no idea what that proposal is. Was it discussed on this list? Can you please send a link? -- Shane
Hi Shane First, for SOCA's proposal - here you go. http://news.dot-nxt.com/2012/03/12/five-cs-whois-validation-model Let us put it this way. There's nothing that stops you or RIPE NCC or anyone else from creating such a "community resource" It would not be the brightest idea in the world to treat that as a viable alternative for action to prevent and revoke bogus allocations, and wash your hands off the matter. Personally speaking, I find it rather amusing when people from an organization have a different set of opinions in one community, whereas their counterparts from other parts (say the security side rather than the IP engg side) of the organization have an entirely different set of opinions in a totally different community. Sure there's absolutely nothing wrong in having and holding different opinions, but when it translates to entirely different kinds of policy .. and when it also translates to one community being not entirely happy with the policy decisions coming from the other community .. It would be an interesting thought experiment to have most of the RIPE NCC members most supportive of the "we are not the document police" idea turn up at, say, a MAAWG meeting, while their counterparts who usually go to MAAWG come to a RIPE meeting [and yes, participate in the mailing lists of those communities during the months that lead up to the meeting]. Especially when there are several key proposals on whois, IP allocation and vetting policies etc on the agenda .. Do remember that the "community" in both cases, RIPE and MAAWG, is basically individuals in their capacity as representatives of an organization such as a broadband carrier, datacenter, or say ISC in your case. So it is no longer a question of personal opinion - it is a question of deciding on policies that, at times, severely affect your colleagues from other parts of your organization. --srs On Thu, Apr 5, 2012 at 6:45 PM, Shane Kerr <shane@time-travellers.org> wrote:
I think that it is fair that you have other goals, but perhaps you can refrain from commenting further on this proposal so that people who might find it useful can discuss it? Thanks.
-- Suresh Ramasubramanian (ops.lists@gmail.com)
Personally speaking, I find it rather amusing when people from an organization have a different set of opinions in one community, whereas their counterparts from other parts (say the security side rather than the IP engg side) of the organization have an entirely different set of opinions in a totally different community.
You do the same thing. You never want to balance security, privacy and legal issues. Because you deal with spam complaints all day you tend to disregard privacy and legal issues. The privacy and legal people often do the same thing and issues often never get resolved.
First, for SOCA's proposal - here you go. http://news.dot-nxt.com/2012/03/12/five-cs-whois-validation-model No, this is what somebody thinks what that the model is. I tried to find documentation on it on the SOCA site, but a search for "validation model" doesn't give a satisfying result. Searching for "whois validation" gives no results at all. jaap
* Shane Kerr:
Contrariwise, the RIPE NCC is unable to unwilling to change its role from a fundamentally administrative to one that involves setting network usage policies.
Certain network usage policies. They do seem to care if you use IPv6 PI space to connect customers. 8-)
Plus it is hard to get the RIPE NCC membership to support mechanisms which cost them money and limit their freedoms.
Is it? As a first approximation, RIPE NCC only executes the policies set by the RIPE community. Their function is mostly bureaucratic, so as an organization, RIPE NCC inevitably has a tendency to acquire additional responsibilities, diversify and grow. This is especially important because we're approaching the end of address scarcity.
On the 3rd hand, some people in the RIPE community (including me) also feel that it is very, very difficult to define what the required actions would be in the case of reported abuse. This reporting mechanism itself might indeed be a source of abuse (rivalries between companies could be fought by each accusing the other of hosting criminal activity).
Yes, that's certainly a problem.
Maybe it makes sense to make something like a web forum for each allocated resource, or perhaps for the organization responsible for each.
We'd have to find someone host such a site in the U.S. because otherwise, the hoster will be responsible for such user-generated content. There are also privacy issues. Alternatively, with heavy moderation, the net result would not be that much different from Spamhaus' ROKSO list, would it?
Florian, On Thursday, 2012-03-29 21:34:44 +0200, Florian Weimer <fw@deneb.enyo.de> wrote:
Plus it is hard to get the RIPE NCC membership to support mechanisms which cost them money and limit their freedoms.
Is it? As a first approximation, RIPE NCC only executes the policies set by the RIPE community. Their function is mostly bureaucratic, so as an organization, RIPE NCC inevitably has a tendency to acquire additional responsibilities, diversify and grow. This is especially important because we're approaching the end of address scarcity.
It might be a failure of imagination on my part, but I think that attempting to prevent "bad guys" from getting addresses involves extra work to prove somehow that they companies not criminal. I don't see a lot of call by LIRs to increase the amount of paperwork and delay when dealing with the RIPE NCC. :)
Maybe it makes sense to make something like a web forum for each allocated resource, or perhaps for the organization responsible for each.
We'd have to find someone host such a site in the U.S. because otherwise, the hoster will be responsible for such user-generated content. There are also privacy issues.
Interesting, because we have sites that review online resellers here in Holland, and that seems to work somehow. So maybe this is possible in some countries in the RIPE region too?
Alternatively, with heavy moderation, the net result would not be that much different from Spamhaus' ROKSO list, would it?
Does ROKSO cover any issue, or just spam? Certainly there is nothing preventing anyone who can afford a VPS from setting up some reputation site, but if it was RIPE NCC-hosted it might have a different level of gravitas. Cheers, -- Shane
On Thu, Apr 5, 2012 at 7:57 PM, Shane Kerr <shane@time-travellers.org> wrote:
It might be a failure of imagination on my part, but I think that attempting to prevent "bad guys" from getting addresses involves extra work to prove somehow that they companies not criminal. I don't see a lot of call by LIRs to increase the amount of paperwork and delay when dealing with the RIPE NCC. :)
Did you calculate just how much expense your colleagues in another department (security or spam filtering or whatever) face because you can't collectively be bothered to do some paperwork, and/or RIPE NCC can't be bothered to streamline and automate their processes?
Does ROKSO cover any issue, or just spam? Certainly there is nothing preventing anyone who can afford a VPS from setting up some reputation site, but if it was RIPE NCC-hosted it might have a different level of gravitas.
It covers groups or people that have a long history of spam and termination from at least three service providers for violation of their policies. But the word "spam" - and so the category of people listed in ROKSO - covers everything from unsolicited marketing of mail order junk (borderline fraud at worst), to criminals involved in credit card theft and child pornography. As for "reputation" wrt spam - I would take spamhaus' word for this over the word of any organization or community that is "not the document police". You see, if you are not the document police and then go around publishing something about a netblock's reputation being bad or fishy .. well then, you have published that based on very little actual fact available to you. So why would I or anybody else value it for more than the paper (or sectors on a hard disk) it is written on? --srs
Suresh, On Friday, 2012-04-06 09:07:05 +0530, Suresh Ramasubramanian <ops.lists@gmail.com> wrote:
On Thu, Apr 5, 2012 at 7:57 PM, Shane Kerr <shane@time-travellers.org> wrote:
It might be a failure of imagination on my part, but I think that attempting to prevent "bad guys" from getting addresses involves extra work to prove somehow that they companies not criminal. I don't see a lot of call by LIRs to increase the amount of paperwork and delay when dealing with the RIPE NCC. :)
Did you calculate just how much expense your colleagues in another department (security or spam filtering or whatever) face because you can't collectively be bothered to do some paperwork, and/or RIPE NCC can't be bothered to streamline and automate their processes?
Just so we're clear - I don't represent an LIR, and never have. I don't vote on the RIPE NCC budget or the RIPE NCC board. I agree that there are externalized costs in handling network abuse. That's the very reason the spam problem exists!!! However companies are by and large short-sighted and selfish - even more than human beings, since companies have neither friends nor families. Externalized costs ("somebody else has to pay for my expenses, increasing my profits") are good from their point of view. RIPE allows not a level playing field, but one just balanced enough to allow necessary cooperation. This is true of any forum used for collaboration within a particular industry. (Vodafone and T-Mobile may be competitors, but their customers need to be able to call each other.) I neither defend nor attack the views of people regarding how much control is needed for stopping abuse, but I do recognize that these views exist. If you want any agenda pushed forward, I believe you need to recognize that other people have other positions and try to come up with solutions that work for them too.
Does ROKSO cover any issue, or just spam? Certainly there is nothing preventing anyone who can afford a VPS from setting up some reputation site, but if it was RIPE NCC-hosted it might have a different level of gravitas.
It covers groups or people that have a long history of spam and termination from at least three service providers for violation of their policies.
So from your point of view, there already exists a reasonable reputation service that covers both networks and their operators. I guess ROKSO provides some sort of networking blacklisting automation, right? (Or perhaps even whitelisting?) Is there a reason not to use that for filtering and not worry whether the RIPE NCC or any other LIR has allocated any particular addresses?
But the word "spam" - and so the category of people listed in ROKSO - covers everything from unsolicited marketing of mail order junk (borderline fraud at worst), to criminals involved in credit card theft and child pornography.
I guess I was wondering if it covered literally any nefarious activities, so that it could be used as a general reputation service. If I am getting DoS'd or penetration tested from an ISP who doesn't do anything about it, I'd want that sort of thing tracked too.
As for "reputation" wrt spam - I would take spamhaus' word for this over the word of any organization or community that is "not the document police". You see, if you are not the document police and then go around publishing something about a netblock's reputation being bad or fishy .. well then, you have published that based on very little actual fact available to you. So why would I or anybody else value it for more than the paper (or sectors on a hard disk) it is written on?
I actually think you *should* take a 3rd-party reputation service's opinion more seriously. Realistically the RIPE NCC will *always* have a conflict of interest - they want to serve the wider community but their direct members are the LIRs. (OTOH 3rd-party reputation is not a cure-all if not set up properly, as the recent collapse of the Certificate Authority (CA) system has shown us.) My goal of putting some sort of forum associated with the RIPE allocation information was to get this 3rd-party information as close as possible to the "authoritative" information about network addresses without triggering any conflict of interests. I never claimed it was a completely baked idea, certainly. :-P -- Shane
On Fri, Apr 6, 2012 at 12:23 PM, Shane Kerr <shane@time-travellers.org> wrote:
Just so we're clear - I don't represent an LIR, and never have. I don't vote on the RIPE NCC budget or the RIPE NCC board.
Never said that was the case.
However companies are by and large short-sighted and selfish - even more than human beings, since companies have neither friends nor families. Externalized costs ("somebody else has to pay for my expenses, increasing my profits") are good from their point of view.
If that externalized cost is passed on to another department and it causes a longer term increase in overall costs - you'd hear from the CFO if that cost spiked to a strange extent.
RIPE allows not a level playing field, but one just balanced enough to allow necessary cooperation. This is true of any forum used for
So does MAAWG - you have microsoft and google and ... and comcast and att and ... the sort of companies that compete against each other, and on occasion take each other before the FTC. There's this unique kind of cooperation in both the RIPE and MAAWG communities though that cuts across organizational boundaries. It is "operational" cooperation as you will admit.
So from your point of view, there already exists a reasonable reputation service that covers both networks and their operators.
I would call it so, yes.
I guess ROKSO provides some sort of networking blacklisting automation, right? (Or perhaps even whitelisting?) Is there a reason not to use that for filtering and not worry whether the RIPE NCC or any other LIR has allocated any particular addresses?
Umm. That is like "I have efficient pest control in my house and I don't care that there's an uncleared garbage dump outside"? And if the spammers get themselves /13s to burn through for a period of spamming and then essentially discard, what do you do when some poor network in some part of africa (or a small dutch consulting firm for that matter) wants some v4 space? And who do you find that's going to be stupid enough to take any part of that /13 or whatever when RIPE eventually reclaims it because the guy didn't pay his bills?
I guess I was wondering if it covered literally any nefarious activities, so that it could be used as a general reputation service. If I am getting DoS'd or penetration tested from an ISP who doesn't do anything about it, I'd want that sort of thing tracked too.
That is for an IDS / IPS and there are blocklists that target that too - possibly much more widely known in the firewall vendor community rather than the spam filtering community. Blackhole communities, s/rtbh etc etc. Spamhaus does list DDoS botnet c2 infrastructure by the way .. http://www.spamhaus.org/sbl/query/SBL131169 for example. Only - it is mixed in with a lot of other stuff that's primarily targeted at smtp blocking so it is not exactly what you want to feed to an IDS / IPS [and you ever try stuffing 6 or 7 million IPs into an IDS's memory?]
I actually think you *should* take a 3rd-party reputation service's opinion more seriously. Realistically the RIPE NCC will *always* have a conflict of interest - they want to serve the wider community but their direct members are the LIRs. (OTOH 3rd-party reputation is not a
.. and maawg's members are ISPs and datacenter hosts, some of which might have bad customers downstream. But a major focus is on policy improvements to remove and/or prevent such customers from even signing on in the first place .. definitely not just working on newer and better spam filtering and reputation mechanisms. So - just relying on filters to deter spam is not going to scale, like that analogy of pest control inside your home when there's a city dump with tonnes of uncleared and rotting garbage next door.
My goal of putting some sort of forum associated with the RIPE allocation information was to get this 3rd-party information as close as possible to the "authoritative" information about network addresses without triggering any conflict of interests. I never claimed it was a completely baked idea, certainly. :-P
Spamhaus does list a lot of RIPE (and ARIN, and APNIC and ..) whois listings in the record for various IP ranges that it blocks. That's as close enough I guess. The focus here is on trying to conserve a scarce resource, not let the bad guys have as much of it as they can (and lay in huge stocks of v6 for the future). If you believe v6 won't ever run out .. that's what people thought when v4 first came into the picture so I won't play futurist and second guess what's going to go on 30 years down the line. Not even given the size of v6.
participants (10)
-
Adrian -
Aftab Siddiqui -
Chris -
chrish@consol.net
-
Florian Weimer -
furio ercolessi -
Gert Doering -
Heather Schiller -
Jaap Akkerhuis -
russ@consumer.net -
Shane Kerr -
Suresh Ramasubramanian -
Vijay Eranti (✌ విజయ్ ఈరంటి) -
Vissers, Pepijn