Re: [anti-abuse-wg] Introducing the RIPE NCC Report Form
Florian commented: #I looked at "Incorrect contact information in the RIPE Database", and #"I confirm that I have reported the incorrect information to all of #the contacts listed in the relevant object" is a required checkbox. # #This seems to require that complainants try postal addresses, phone #and fax numbers before reporting errors in email addresses. Is this #really your goal? Isn't this a step backwards? I agree.
From my POV, each data element should be treated independently. The existence of a valid FAX number, for example, should not offset or eliminate the importance (or the reportability) of working to correct an invalid/non-deliverable email address.
Similarly, having found an invalid field in the whois, the reporter's "responsibility" should be considered discharged upon their identifying and reporting that data to RIPE. They should not be expected to exhaust all potential contact methods, or to make multiple attempts to the broken contact channel, or to hypothetically attempt to visit the listed address in person, :-), just in order to be eligible to report a problem with data of record. The goal should be correcting potentially bad data, not making it hard to report bad data or shifting work back upon public spirited community volunteers. Regards, Joe
i agree. RIPE NCC shouldnt be trying to make it this hard to report things to them RIPE should be relying on its LIRs to reach out to customers with incomplete whois records, and possibly also collecting information on how many allocations with totally fake addresses (maildrops, empty lots) are made by a single LIR. Especially for /17 and larger, or /16 and larger netblocks. And also, a closer look at netblocks assigned to entities that are outside the normal geographical area that ripe serves. like 95.130.120.0/21registered to some entity apparently in Panama --srs On Saturday, April 7, 2012, Joe St Sauver wrote:
Florian commented:
#I looked at "Incorrect contact information in the RIPE Database", and #"I confirm that I have reported the incorrect information to all of #the contacts listed in the relevant object" is a required checkbox. # #This seems to require that complainants try postal addresses, phone #and fax numbers before reporting errors in email addresses. Is this #really your goal? Isn't this a step backwards?
I agree.
From my POV, each data element should be treated independently. The existence of a valid FAX number, for example, should not offset or eliminate the importance (or the reportability) of working to correct an invalid/non-deliverable email address.
Similarly, having found an invalid field in the whois, the reporter's "responsibility" should be considered discharged upon their identifying and reporting that data to RIPE. They should not be expected to exhaust all potential contact methods, or to make multiple attempts to the broken contact channel, or to hypothetically attempt to visit the listed address in person, :-), just in order to be eligible to report a problem with data of record.
The goal should be correcting potentially bad data, not making it hard to report bad data or shifting work back upon public spirited community volunteers.
Regards,
Joe
-- Suresh Ramasubramanian (ops.lists@gmail.com)
Suresh Just because an entity isn't based in the EU / RIPE region doesn't mean that they are up to no good or that they don't have a valid reason to have an allocation We have clients from over 120 countries and obviously a lot of those countries are outside the RIPE region. Assuming that my non-RIPE region clients are up to no good is a dangerous assumption. It also assumes that those from within the RIPE region are "kosher". I would agree with you, however, that reporting potential issues should be made as easy as possible. Regards Michele -- Mr Michele Neylon Blacknight Solutions Hosting & Colocation, Brand Protection http://www.blacknight.com/ http://blog.blacknight.com/ http://mneylon.tel/ Intl. +353 (0) 59 9183072 Locall: 1850 929 929 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 1 4811 763 Twitter: http://twitter.com/mneylon ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,Ireland Company No.: 370845 ________________________________ From: anti-abuse-wg-bounces@ripe.net [anti-abuse-wg-bounces@ripe.net] on behalf of Suresh Ramasubramanian [ops.lists@gmail.com] Sent: 07 April 2012 02:42 To: Joe St Sauver Cc: fw@deneb.enyo.de; anti-abuse-wg@ripe.net Subject: {Disarmed} Re: [anti-abuse-wg] Introducing the RIPE NCC Report Form i agree. RIPE NCC shouldnt be trying to make it this hard to report things to them RIPE should be relying on its LIRs to reach out to customers with incomplete whois records, and possibly also collecting information on how many allocations with totally fake addresses (maildrops, empty lots) are made by a single LIR. Especially for /17 and larger, or /16 and larger netblocks. And also, a closer look at netblocks assigned to entities that are outside the normal geographical area that ripe serves. like MailScanner has detected a possible fraud attempt from "95.130.120.0" claiming to be 95.130.120.0/21<http://95.130.120.0/21> registered to some entity apparently in Panama --srs On Saturday, April 7, 2012, Joe St Sauver wrote: Florian commented: #I looked at "Incorrect contact information in the RIPE Database", and #"I confirm that I have reported the incorrect information to all of #the contacts listed in the relevant object" is a required checkbox. # #This seems to require that complainants try postal addresses, phone #and fax numbers before reporting errors in email addresses. Is this #really your goal? Isn't this a step backwards? I agree.
From my POV, each data element should be treated independently. The existence of a valid FAX number, for example, should not offset or eliminate the importance (or the reportability) of working to correct an invalid/non-deliverable email address.
Similarly, having found an invalid field in the whois, the reporter's "responsibility" should be considered discharged upon their identifying and reporting that data to RIPE. They should not be expected to exhaust all potential contact methods, or to make multiple attempts to the broken contact channel, or to hypothetically attempt to visit the listed address in person, :-), just in order to be eligible to report a problem with data of record. The goal should be correcting potentially bad data, not making it hard to report bad data or shifting work back upon public spirited community volunteers. Regards, Joe -- Suresh Ramasubramanian (ops.lists@gmail.com<mailto:ops.lists@gmail.com>)
On Tue, Apr 10, 2012 at 10:09 PM, Michele Neylon :: Blacknight <michele@blacknight.ie> wrote:
Just because an entity isn't based in the EU / RIPE region doesn't mean that they are up to no good or that they don't have a valid reason to have an allocation
I'm not talking about *all* out of region allocations. However a company with the german GmbH in it and with an accomodation address in Panama .. The point is that if you see signs that a range is bad, and you also see signs of strangeness in the whois, sometimes it is a good idea to correlate them The same thing with ARIN or any other RIR whois .. if you find a UPS store maildrop with a bunch of /20s mapped to it .. and each successive /20 you find is entirely populated with "something bad" .. then a full text search of the RIR's db for all netblocks registered to that UPS store might be instructive. --srs
* Suresh Ramasubramanian:
The same thing with ARIN or any other RIR whois .. if you find a UPS store maildrop with a bunch of /20s mapped to it .. and each successive /20 you find is entirely populated with "something bad" .. then a full text search of the RIR's db for all netblocks registered to that UPS store might be instructive.
Instructive for what? As long as the responsible LIR is readily identifiable, I don't think RIPE NCC needs to get involved, at least from a network abuse perspective. Typically, the LIR is in a much better position to implement effective measures. Other LIRs may have concerns about misuse of address resources and encourage RIPE NCC to investigate things more aggressively from a resource usage perspective, but this is unrelated to actual network and abuse, and it is totally unclear whether we will experience address shortage in a significant way, ever. Admittedly, proper LIR identification is not a completely solved issue, mainly because the RIPE DB does not contain cross-references to official registers (where applicable; these are generally provided during LIR enrollment), the database does not contain the contracting LIR for provider-independent objects, and tools like the abuse mailbox finder do not implement LIR fallback even if the required information is present in the public database.
it depends, on whether we saw a pattern of such large allocations coming through the same LIR on multiple occasions. engaging the LIR might work in some but not all cases such as where the LIR itself is a front for whatever activity you are complaining to it about. Like say sending an abuse report to estdomains that a domain registered through them was used by the rbn. --srs (iPad) On 11-Apr-2012, at 23:46, Florian Weimer <fw@deneb.enyo.de> wrote:
* Suresh Ramasubramanian:
The same thing with ARIN or any other RIR whois .. if you find a UPS store maildrop with a bunch of /20s mapped to it .. and each successive /20 you find is entirely populated with "something bad" .. then a full text search of the RIR's db for all netblocks registered to that UPS store might be instructive.
Instructive for what?
As long as the responsible LIR is readily identifiable, I don't think RIPE NCC needs to get involved, at least from a network abuse perspective. Typically, the LIR is in a much better position to implement effective measures. Other LIRs may have concerns about misuse of address resources and encourage RIPE NCC to investigate things more aggressively from a resource usage perspective, but this is unrelated to actual network and abuse, and it is totally unclear whether we will experience address shortage in a significant way, ever.
Admittedly, proper LIR identification is not a completely solved issue, mainly because the RIPE DB does not contain cross-references to official registers (where applicable; these are generally provided during LIR enrollment), the database does not contain the contracting LIR for provider-independent objects, and tools like the abuse mailbox finder do not implement LIR fallback even if the required information is present in the public database.
On 04/06/2012 10:25 PM, Joe St Sauver wrote:
#This seems to require that complainants try postal addresses, phone #and fax numbers before reporting errors in email addresses. Is this #really your goal? Isn't this a step backwards?
I agree.
i disagree. 1) if you have a legal problem, go to a legal organisation ("police"), not ripe. clarify your legal issues there. ripe isn't the place for this. 2) i generally appreciate ripe ncc's efforts to provide adequate aid in case of any problems - nevertheless it has it's functions and tasks to stick to, letting sbdy use it to mess with ripe-external stuff inevitably has to create big trouble (and if we're talking about legal stuff: doubly so). and especially when it comes to spending money on non-ripe-tasks i strongly oppose, as i don't accept being charged for such. non-ripe-charged 'ripe-extraterritorials' creating lengthy flamey threats as to what kind of services they "demand" from ripe, i btw find - err - "curious"... 3) if the complainant isn't prepared, able, or willing to express his complaint against the alleged suspect, this probably already says it all... (ok so much: then ncc shouldn't play bully for some troll) regards, Chris
participants (5)
-
chrish@consol.net -
Florian Weimer -
Joe St Sauver -
Michele Neylon :: Blacknight -
Suresh Ramasubramanian