On Wednesday 31 August 2011 21.15, Vijay Eranti wrote:

hi ripe folks,

I work on spam filter and we notice very gross abuse of very large internet ranges by blatant spammers posing as ISPs - all of which are allocated by ripe. I totally understand that ripe is not to deal with the spam but it will be totally unjust to say they will allocate a /13 to a spammer and have spammer wreak havoc or do what ever crap he wants to do. I posted a couple of messages to ripe and all I get is the same routine message saying they wont police this. But, why are they giving the address ranges of such huge magnitude to criminals if they cannot police it ? It will be a great disservice if this continues to happen. We always notice the spammer is always from same place or address RIPE ( and others ) has an assymmetrical role, the are supposed to give never to reclaim.

We already blocked a bunch of /13s allocated by ripe to spammers and at some point may have to block even wider range since all we see from every ip in that range is spam or phishing or no activity.

By all means continue blocking.

Always, the whois refers to a guy with address in sector 3, bucharest, romania.

I know ipv4 addresses are running out but even ipv6 will run out if we do same thing like allocating like crazy very large netblock ranges to spammers.

the solution is surpricingly easy ( and old) : lease out ip-addresses, as long as the customer pays it will function, when the lease terminates the range will be leased to someone else. Thus it's no longer a free resource that can be polluted ( and replaced at no cost when blocked). This would give income to IETF that could pay for a substantial part of Internet infrastructure & services including BGB4 route announcements globally. Note that any resource that is *free* will be exhausted, let it be air, clean water or fish in the sea. Setting a price on a scarce resource will create pressure on usage.

Can ripe do anything here or of any help here other than just saying they just give away ip addresses ranges to ISPs (which inturn some are criminals) but do not police ?

The thing that changes is the name of the person - either berar george or somethign else etc.,. for instance today the spammer is using range :

vijaye@veranti:~$ whois 193.254.53.34 % This is the RIPE Database query service. % The objects are in RPSL format. % % The RIPE Database is subject to Terms and Conditions. % See http://www.ripe.net/db/support/db-terms-conditions.pdf

% Note: this output has been filtered. % To receive output for a database update, use the "-B" flag.

% Information related to '193.254.48.0 - 193.254.63.255'

inetnum: 193.254.48.0 - 193.254.63.255 netname: COMTEL-SUPERNET descr: COMTEL Supernet srl descr: COMTEL dedicated customers country: RO tech-c: GDG620-RIPE admin-c: GDG620-RIPE admin-c: CT19-RIPE tech-c: CT19-RIPE status: ASSIGNED PA mnt-by: COMTEL-MNT source: RIPE # Filtered

person: Corneliu Tanasa address: COMTEL TELECOM NETWORK SRL address: 18 Decebal Blvd., Sector 3 address: Bucharest, ROMANIA phone: +40-21-3229390 fax-no: +40-21-3229391 e-mail: ggoran@comtelnetworks.ro mnt-by: COMTEL-MNT nic-hdl: CT19-RIPE source: RIPE # Filtered

This range was new to me, now it's included in my blocklist ( we had a block on : 193.254.32.0/19 ) regards -- Peter Håkanson There's never money to do it right, but always money to do it again ... and again ... and again ... and again. ( Det är billigare att göra rätt. Det är dyrt att laga fel. )