Re: [anti-abuse-wg] Definition of Abuse - preamble
On 08/24/2016 12:21 PM, ox wrote:
yes at least 2 different resources always has to be involved for it to be Internet Abuse
Thanks for pointing this out, but I don't get it .. why do you want ro restrict the definition in this way? There might be the case that next year someone brings up a topic of abuse not covered by this restriction and people involved start to argue. I prefer to be as general as possible when defining such a word. ...
if you use the same resource it is not Internet Abuse - as in your own example using someone's CPU to mine bitcoin and doing so on the CPU directly, is not Internet Abuse (it is very abusive, though!)
Of course it is - I remotely (via the internet) control your server, doing abusive things. If someone would complain at abuse@ about such an incident I would expect the source provider to act accordingly. The remote control can be a security breach, but that is not the point.
if you have broken in/compromised security etc - it is Internet abuse, in terms of the current definition In the example of directly using my email server to send spam it falls within the definition of Internet abuse as defined above :)
I do not see the second resource involved in this case. So therefore I would like to change the sentence to: "The infringement of usage rights by the non sanctioned use of resources" along with your additional definitions.. (This includes >=1 resources..) (Someone might correct my english) (instead of: "The non sanctioned use of a resource to infringe upon the usage rights of another resource" ") and btw .. I would also like to see Ronald's valid questions answered. If there are no actions, sanctions whatsoever following the definition of abuse and the ongoing discussions here than this Group has officially turned into a Debate Club of old nerds (including me:), beeing probably kind of ... how do I say...inefficient? (at least as a RIPE working group) ...But.. On the other hand: https://www.ripe.net/support/abuse : "The RIPE community has an Anti-Abuse Working Group <https://www.ripe.net/ripe/groups/wg/anti-abuse> that discusses topics relating to Internet abuse and ways to prevent it. If you are interested in abuse topics, you may want to join the Anti-Abuse Working Group Mailing List <http://www.ripe.net/mailman/listinfo/anti-abuse-wg/>." and: https://www.ripe.net/participate/ripe/wg/anti-abuse : (as Brian said in 2013: "The main text of that page is the WG Charter. It may be useful to be more explicit on this, but that is the charter. " "...The working group considers both technical and non-technical aspects of abuse, with the following goals: * Produce and continue to update a BCP (Best Common Practice) document for ISPs similar in nature to RIPE-409 <https://www.ripe.net/publications/docs/ripe-409> but covering a wider range of possible abusive behaviours. * Provide advice (beyond that of the BCP) to relevant parties within the RIPE region such as ISPs, governments and law enforcement agencies on strategic and operational matters. * Discuss and disseminate information on technical and non-technical methods of preventing or reducing network abuse." That could mean we should just focus on the configuration of spamassassin and force the use of dmarc and x-arf and talk about "to block or not to block a failed DKIM E-Mail" like other anti-abuse groups do instead of e.g. trying to force RIPE NCC to terminate LIR contracts based on abusive behaviour. (no irony) So instead of searching a definition of abuse (which will be really helpful I believe) we also could start to (re-)define the goals of this group. If there would be consensus that it is not the task of this group to discuss also anti-abuse behaviour of RIPE/RIPE NCC or how to treat LIRs, then we can happily focus on other things. (In that case: sorry Ronald..) But that would not be my opinion..
Andre
(searching for cover:) best greetings, Gunther NetCologne Systemadministration -- (The opinions expressed here represent my own and not those of my employer.) NetCologne Gesellschaft für Telekommunikation mbH Am Coloneum 9 ; 50829 Köln Geschäftsführer: Timo von Lepel, Mario Wilhelm Vorsitzender des Aufsichtsrates: Dr. Andreas Cerbe HRB 25580, AG Köln
Hello Gunther, Okay, I have read through your reply and it seems you do not understand that a single resource is not a network. Internet Abuse - Needs two resources - otherwise it is not a network and by default - not Internet Abuse. If you are on my server: unauthorized - is abuse authorized - is not abuse If you use my server to do something to another resource... Get it yet? Hope this helps you Kind Regards Andre On Thu, 25 Aug 2016 14:17:01 +0200 Gunther Nitzsche <gnitzsche@netcologne.de> wrote:
On 08/24/2016 12:21 PM, ox wrote:
yes at least 2 different resources always has to be involved for it to be Internet Abuse
Thanks for pointing this out, but I don't get it .. why do you want ro restrict the definition in this way? There might be the case that next year someone brings up a topic of abuse not covered by this restriction and people involved start to argue. I prefer to be as general as possible when defining such a word.
...
if you use the same resource it is not Internet Abuse - as in your own example using someone's CPU to mine bitcoin and doing so on the CPU directly, is not Internet Abuse (it is very abusive, though!)
Of course it is - I remotely (via the internet) control your server, doing abusive things. If someone would complain at abuse@ about such an incident I would expect the source provider to act accordingly. The remote control can be a security breach, but that is not the point.
if you have broken in/compromised security etc - it is Internet abuse, in terms of the current definition In the example of directly using my email server to send spam it falls within the definition of Internet abuse as defined above :)
I do not see the second resource involved in this case.
So therefore I would like to change the sentence to:
"The infringement of usage rights by the non sanctioned use of resources"
along with your additional definitions.. (This includes >=1 resources..)
(Someone might correct my english)
(instead of: "The non sanctioned use of a resource to infringe upon the usage rights of another resource" ")
and btw .. I would also like to see Ronald's valid questions answered.
If there are no actions, sanctions whatsoever following the definition of abuse and the ongoing discussions here than this Group has officially turned into a Debate Club of old nerds (including me:), beeing probably kind of ... how do I say...inefficient? (at least as a RIPE working group)
...But.. On the other hand: https://www.ripe.net/support/abuse :
"The RIPE community has an Anti-Abuse Working Group <https://www.ripe.net/ripe/groups/wg/anti-abuse> that discusses topics relating to Internet abuse and ways to prevent it. If you are interested in abuse topics, you may want to join the Anti-Abuse Working Group Mailing List <http://www.ripe.net/mailman/listinfo/anti-abuse-wg/>."
and: https://www.ripe.net/participate/ripe/wg/anti-abuse : (as Brian said in 2013: "The main text of that page is the WG Charter. It may be useful to be more explicit on this, but that is the charter. "
"...The working group considers both technical and non-technical aspects of abuse, with the following goals:
* Produce and continue to update a BCP (Best Common Practice) document for ISPs similar in nature to RIPE-409 <https://www.ripe.net/publications/docs/ripe-409> but covering a wider range of possible abusive behaviours.
* Provide advice (beyond that of the BCP) to relevant parties within the RIPE region such as ISPs, governments and law enforcement agencies on strategic and operational matters.
* Discuss and disseminate information on technical and non-technical methods of preventing or reducing network abuse."
That could mean we should just focus on the configuration of spamassassin and force the use of dmarc and x-arf and talk about "to block or not to block a failed DKIM E-Mail" like other anti-abuse groups do instead of e.g. trying to force RIPE NCC to terminate LIR contracts based on abusive behaviour. (no irony)
So instead of searching a definition of abuse (which will be really helpful I believe) we also could start to (re-)define the goals of this group. If there would be consensus that it is not the task of this group to discuss also anti-abuse behaviour of RIPE/RIPE NCC or how to treat LIRs, then we can happily focus on other things. (In that case: sorry Ronald..) But that would not be my opinion..
Andre
(searching for cover:) best greetings, Gunther
NetCologne Systemadministration
Dear Gunther,
if you use the same resource it is not Internet Abuse - as in your own example using someone's CPU to mine bitcoin and doing so on the CPU directly, is not Internet Abuse (it is very abusive, though!)
Of course it is - I remotely (via the internet) control your server,
I think the key word here is _remotely_. I think what Andre was saying above is that if you log in _locally_ (e.g. on the console) and use the CPU to mine bitcoins, it is not Internet abuse (in fact the machine may not even be connected to the Internet). I hope I did not get it wrong myself. Best regards, Janos
On Thu, 25 Aug 2016 15:25:03 +0200 Janos Zsako <zsako@iszt.hu> wrote:
Dear Gunther,
if you use the same resource it is not Internet Abuse - as in your own example using someone's CPU to mine bitcoin and doing so on the CPU directly, is not Internet Abuse (it is very abusive, though!) Of course it is - I remotely (via the internet) control your server, I think the key word here is _remotely_. I think what Andre was saying above is that if you log in _locally_ (e.g. on the console) and use the CPU to mine bitcoins, it is not Internet abuse (in fact the machine may not even be connected to the Internet). I hope I did not get it wrong myself.
Hi Janos :) 100% correct :) Also, we should maybe change the definition header to add the word "Internet Abuse" to the actual definition? As it can obviously be confusing to just read 'abuse'... because just normal old abuse if I am using your cpu to mine bitcoin, could be abuse... just not network or Internet Abuse... ============ Internet Abuse ============ Understanding what constitutes Internet Abuse is not an easy undertaking as the topic is very technical. The Internet consists of resources and the understanding of Internet abuse relates to also understanding the use and interaction between these resources. Examples of Internet resources include also processes, protocols,credentials as well as other types of resources. More practical examples could be Internet Protocol numbers, Domain names or even Email addresses. This technical definition of abuse does not include identifying the authority for any specific resource as it is not intended to define any rights to resources but simply to define what technically constitutes Internet abuse as it relates to all Internet resources. ======================= Definition of Internet Abuse ======================= "The non sanctioned use of a resource to infringe upon the usage rights of another resource" ---------------------------------------------- Terminology used in the definition ----------------------------------------------- (1) Resource Any Internet Resource (2) Use and Usage Any direct or indirect action involving a resource (3) Rights The correct assignment or allocation of a resource by he authoritative holder of such a resource which results in the entitlement to use such an allocated or assigned resource (4) Sanctioned An action, event or situation originating from the authoritative holder of rights to a resource that gives permission, or permission is granted by direct implication, which authorises that situation, event or action. (5) Infringe An action, event or situation which limits, reduces, undermines or encroaches upon the fair use of a resource Andre On Thu, 25 Aug 2016 14:38:20 +0200 ox <andre@ox.co.za> wrote:
Hello Gunther,
Okay, I have read through your reply and it seems you do not understand that a single resource is not a network.
Internet Abuse - Needs two resources - otherwise it is not a network and by default - not Internet Abuse.
If you are on my server: unauthorized - is abuse authorized - is not abuse
If you use my server to do something to another resource...
Get it yet?
Hope this helps you
Kind Regards
Andre
On Thu, 25 Aug 2016 14:17:01 +0200 Gunther Nitzsche <gnitzsche@netcologne.de> wrote:
On 08/24/2016 12:21 PM, ox wrote:
yes at least 2 different resources always has to be involved for it to be Internet Abuse
Thanks for pointing this out, but I don't get it .. why do you want ro restrict the definition in this way? There might be the case that next year someone brings up a topic of abuse not covered by this restriction and people involved start to argue. I prefer to be as general as possible when defining such a word.
...
if you use the same resource it is not Internet Abuse - as in your own example using someone's CPU to mine bitcoin and doing so on the CPU directly, is not Internet Abuse (it is very abusive, though!)
Of course it is - I remotely (via the internet) control your server, doing abusive things. If someone would complain at abuse@ about such an incident I would expect the source provider to act accordingly. The remote control can be a security breach, but that is not the point.
if you have broken in/compromised security etc - it is Internet abuse, in terms of the current definition In the example of directly using my email server to send spam it falls within the definition of Internet abuse as defined above :)
I do not see the second resource involved in this case.
So therefore I would like to change the sentence to:
"The infringement of usage rights by the non sanctioned use of resources"
along with your additional definitions.. (This includes >=1 resources..)
(Someone might correct my english)
(instead of: "The non sanctioned use of a resource to infringe upon the usage rights of another resource" ")
participants (3)
-
Gunther Nitzsche -
Janos Zsako -
ox