Correct info in RIPE-database
Dear members. Last weekend I stumbled on a problem: We had problems in on of our BGP-prefixes. As the RIS Dashboard showed there was an overlapping Network in the same range as our prefix. We then wanted to contact the ISP, so the route could be redrawn (or sort this issue out), however: on the RIPE database we found: - no adress - no telephone-number - a wrong emailadress There was a link to a website, but after 4 phone-calls (where 1 has moved to another location, all the others where voice-mails), we gave up! The ISP that I couldn't reach was telefonica, see it yourself at: http://www.db.ripe.net/whois?form_type=simple&full_query_string=&searchtext=AS12956&do_search=Search Now to tackle this problem: Shouldn't there be a phone-number or a hotline for BGP-issues? Especially with big problems it's a real problem to get to the right helpdesk/support. I know that some endusers who receive a spam email would contact that hotline also, however: is it possible to show that info only if a person is logged in into the LIR-portal? Best regards, Pascal Nobus -- www.webservice.be Amelsdorp 72, 3740 Bilzen, Belgium Tel: +32.89257404, Fax: +32.70423475
-----Original Message----- From: anti-abuse-wg-admin@ripe.net [mailto:anti-abuse-wg- admin@ripe.net] On Behalf Of Webservice Sent: Tuesday, August 09, 2011 5:57 PM To: anti-abuse-wg@ripe.net Cc: Kurt Ghekiere
We then wanted to contact the ISP, so the route could be redrawn (or sort this issue out), however: on the RIPE database we found: - no adress - no telephone-number - a wrong emailadress
The ISP that I couldn't reach was telefonica, see it yourself at: http://www.db.ripe.net/whois?form_type=simple&full_query_string=&se archtext=AS12956&do_search=Search
I see a bunch of addresses, telephone numbers and email addresses for AS12956 technical contacts. OOM-RIPE: address, phone, e-mail RSB20-RIPE: address, phone, e-mail NSA20-RIPE: address, phone, e-mail HNM15-RIPE: address, phone, e-mail COO5-RIPE: address, phone, e-mail CSIR1-RIPE: address, e-mail Note that you must specify -B to see the email addresses. -- Thor Kottelin http://www.anta.net/
Reply from "abuse.tiws@telefonica.com";=> 10 smtpus.telefonica.com [216.177.207.223]. 550 5.1.1 <abuse.tiws>: Recipient address rejected: User unknown in local recipient table. Undersandingly, they are quite a bit far away from you, geographically! Telefonica, Miami, Florida. USA. See the details at that website:=> http://www.senderbase.org/senderbase_queries/detailip?search_string=216.177.... Best of luck to you. ===========================
-----Original Message----- From: thor.kottelin@turvasana.com Sent: Tue, 9 Aug 2011 18:17:33 +0300 To: anti-abuse-wg@ripe.net Subject: RE: [anti-abuse-wg] Correct info in RIPE-database
-----Original Message----- From: anti-abuse-wg-admin@ripe.net [mailto:anti-abuse-wg- admin@ripe.net] On Behalf Of Webservice Sent: Tuesday, August 09, 2011 5:57 PM To: anti-abuse-wg@ripe.net Cc: Kurt Ghekiere
We then wanted to contact the ISP, so the route could be redrawn (or sort this issue out), however: on the RIPE database we found: - no adress - no telephone-number - a wrong emailadress
The ISP that I couldn't reach was telefonica, see it yourself at: http://www.db.ripe.net/whois?form_type=simple&full_query_string=&se archtext=AS12956&do_search=Search
I see a bunch of addresses, telephone numbers and email addresses for AS12956 technical contacts.
OOM-RIPE: address, phone, e-mail RSB20-RIPE: address, phone, e-mail NSA20-RIPE: address, phone, e-mail HNM15-RIPE: address, phone, e-mail COO5-RIPE: address, phone, e-mail CSIR1-RIPE: address, e-mail
Note that you must specify -B to see the email addresses.
-- Thor Kottelin http://www.anta.net/
____________________________________________________________ FREE 3D MARINE AQUARIUM SCREENSAVER - Watch dolphins, sharks & orcas on your desktop! Check it out at http://www.inbox.com/marineaquarium
Dear All, Fir the IP address 216.177.207.223, you send your report to [netops.us@telefonica.com] OR to [ventanillaunica.cpdv@telefonica.es] Thank you, Reza Farzan =============
-----Original Message----- From: anti-abuse-wg-admin@ripe.net [mailto:anti-abuse-wg-admin@ripe.net] On Behalf Of abuse@localhost.com Sent: Tuesday, August 09, 2011 12:02 PM To: anti-abuse-wg@ripe.net Subject: RE: [anti-abuse-wg] Correct info in RIPE-database
Reply from "abuse.tiws@telefonica.com";=> 10 smtpus.telefonica.com [216.177.207.223]. 550 5.1.1 <abuse.tiws>: Recipient address rejected: User unknown in local recipient table.
Undersandingly, they are quite a bit far away from you, geographically! Telefonica, Miami, Florida. USA.
See the details at that website:=> http://www.senderbase.org/senderbase_queries/detailip?search_s tring=216.177.207.223
Best of luck to you. ===========================
-----Original Message----- From: thor.kottelin@turvasana.com Sent: Tue, 9 Aug 2011 18:17:33 +0300 To: anti-abuse-wg@ripe.net Subject: RE: [anti-abuse-wg] Correct info in RIPE-database
-----Original Message----- From: anti-abuse-wg-admin@ripe.net [mailto:anti-abuse-wg- admin@ripe.net] On Behalf Of Webservice Sent: Tuesday, August 09, 2011 5:57 PM To: anti-abuse-wg@ripe.net Cc: Kurt Ghekiere
We then wanted to contact the ISP, so the route could be redrawn (or sort this issue out), however: on the RIPE database we found: - no adress - no telephone-number - a wrong emailadress
The ISP that I couldn't reach was telefonica, see it yourself at: http://www.db.ripe.net/whois?form_type=simple&full_query_string=&se archtext=AS12956&do_search=Search
I see a bunch of addresses, telephone numbers and email addresses for AS12956 technical contacts.
OOM-RIPE: address, phone, e-mail RSB20-RIPE: address, phone, e-mail NSA20-RIPE: address, phone, e-mail HNM15-RIPE: address, phone, e-mail COO5-RIPE: address, phone, e-mail CSIR1-RIPE: address, e-mail
Note that you must specify -B to see the email addresses.
-- Thor Kottelin http://www.anta.net/
____________________________________________________________ FREE 3D MARINE AQUARIUM SCREENSAVER - Watch dolphins, sharks & orcas on your desktop! Check it out at http://www.inbox.com/marineaquarium
======= Email scanned by PC Tools - No viruses or spyware found. (Email Guard: 7.0.0.26, Virus/Spyware Database: 6.18090) http://www.pctools.com/ =======
On 09/08/11 17:01, abuse@localhost.com wrote:
Reply from "abuse.tiws@telefonica.com";=> 10 smtpus.telefonica.com [216.177.207.223]. 550 5.1.1 <abuse.tiws>: Recipient address rejected: User unknown in local recipient table.
I don't know how you're testing but please check your methods: niall@ernie:~$ dig mx telefonica.com +short 10 smtpar.telefonica.com. 10 smtpus.telefonica.com. niall@ernie:~$ telnet smtpus.telefonica.com. 25 Trying 216.177.207.223... Connected to smtpus.telefonica.com. Escape character is '^]'. 220 ESMTP IMSVA EHLO ernie.blacknight.ie 250-USHASGWP002.ustdata.net 250-PIPELINING 250-SIZE 20971520 250-VRFY 250-ETRN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN MAIL FROM: <null@blacknight.com> 250 2.1.0 Ok RCPT TO: <abuse.tiws@telefonica.com> 250 2.1.5 Ok quit 221 2.0.0 Bye niall@ernie:~$ telnet smtpar.telefonica.com. 25 Trying 200.51.80.21... Connected to smtpar.telefonica.com. Escape character is '^]'. 220 ESMTP IMSVA EHLO ernie.blacknight.ie 250-artasgw002.latam.telefonica.corp 250-PIPELINING 250-SIZE 20971520 250-VRFY 250-ETRN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN MAIL FROM: <null@blacknight.com> 250 2.1.0 Ok RCPT TO: <abuse.tiws@telefonica.com> 250 2.1.5 Ok quit 221 2.0.0 Bye niall@ernie:~$ Niall.
Undersandingly, they are quite a bit far away from you, geographically! Telefonica, Miami, Florida. USA.
See the details at that website:=> http://www.senderbase.org/senderbase_queries/detailip?search_string=216.177....
Best of luck to you. ===========================
-----Original Message----- From: thor.kottelin@turvasana.com Sent: Tue, 9 Aug 2011 18:17:33 +0300 To: anti-abuse-wg@ripe.net Subject: RE: [anti-abuse-wg] Correct info in RIPE-database
-----Original Message----- From: anti-abuse-wg-admin@ripe.net [mailto:anti-abuse-wg- admin@ripe.net] On Behalf Of Webservice Sent: Tuesday, August 09, 2011 5:57 PM To: anti-abuse-wg@ripe.net Cc: Kurt Ghekiere
We then wanted to contact the ISP, so the route could be redrawn (or sort this issue out), however: on the RIPE database we found: - no adress - no telephone-number - a wrong emailadress
The ISP that I couldn't reach was telefonica, see it yourself at: http://www.db.ripe.net/whois?form_type=simple&full_query_string=&se archtext=AS12956&do_search=Search
I see a bunch of addresses, telephone numbers and email addresses for AS12956 technical contacts.
OOM-RIPE: address, phone, e-mail RSB20-RIPE: address, phone, e-mail NSA20-RIPE: address, phone, e-mail HNM15-RIPE: address, phone, e-mail COO5-RIPE: address, phone, e-mail CSIR1-RIPE: address, e-mail
Note that you must specify -B to see the email addresses.
-- Thor Kottelin http://www.anta.net/
____________________________________________________________ FREE 3D MARINE AQUARIUM SCREENSAVER - Watch dolphins, sharks & orcas on your desktop! Check it out at http://www.inbox.com/marineaquarium
-- Niall Donegan ---------------- http://www.blacknight.com Blacknight Internet Solutions Ltd, Unit 12A, Barrowside Business Park, Sleaty Road, Graiguecullen, Carlow, Ireland Company No.: 370845
-----Original Message----- From: anti-abuse-wg-admin@ripe.net [mailto:anti-abuse-wg- admin@ripe.net] On Behalf Of abuse@localhost.com Sent: Tuesday, August 09, 2011 7:02 PM To: anti-abuse-wg@ripe.net
Reply from "abuse.tiws@telefonica.com";=> 10 smtpus.telefonica.com [216.177.207.223]. 550 5.1.1 <abuse.tiws>: Recipient address rejected: User unknown in local recipient table.
rcpt to:<abuse.tiws@telefonica.com> 250 2.1.5 Ok Did you, by any chance, omit the domain name (as "<abuse.tiws>" would seem to indicate), or did you actually send mail and receive a bounce afterwards? If the address is incorrect, you could report the matter to the RIPE NCC, as Ms Fragkouli explained a few days ago. The remaining addresses also seem to work:
-----Original Message----- From: thor.kottelin@turvasana.com Sent: Tue, 9 Aug 2011 18:17:33 +0300 To: anti-abuse-wg@ripe.net
OOM-RIPE
250 2.1.5 Ok
RSB20-RIPE
250 2.1.5 Ok
NSA20-RIPE
250 2.1.5 Ok
HNM15-RIPE
250 2.1.5 Ok
COO5-RIPE
250 2.1.5 Ok -- Thor Kottelin http://www.anta.net/
The emailadress I contacted was the one where they mention the AS-number remarks: Any Notification about AS12956 security please e-mail to : remarks: security.tiws@telefonica.com I got a bounce from it: Generating server: latam.telefonica.corp security.tiws@telefonica.com #550 5.1.1 RESOLVER.ADR.RecipNotFound; not found ##rfc822;security.tiws@telefonica.com Original message headers: Received: from ARTASMSP072.latam.telefonica.corp (10.213.2.21) by ARTASMSP063.latam.telefonica.corp (10.213.1.32) with Microsoft SMTP Server (TLS) id 8.3.83.0; Mon, 8 Aug 2011 09:12:06 -0300 Received: from artasgw002.latam.telefonica.corp (192.168.200.7) by ARTASMSP072.latam.telefonica.corp (10.213.2.21) with Microsoft SMTP Server id 8.3.83.0; Mon, 8 Aug 2011 09:16:14 -0300 Received: from artasgw002.latam.telefonica.corp (unknown [127.0.0.1]) by IMSA (Postfix) with ESMTP id C35D02C8065 for <security.tiws@telefonica.com>; Mon, 8 Aug 2011 11:56:46 -0300 (ART) Received: from smtpauth.pi-group.net (unknown [94.126.48.65]) by artasgw002.latam.telefonica.corp (Postfix) with ESMTP id 5341C2C8059 for <security.tiws@telefonica.com>; Mon, 8 Aug 2011 11:56:45 -0300 (ART) Received: from [192.168.0.129] (d54C0DB02.access.telenet.be [84.192.219.2]) (Authenticated sender: admingent) by smtpauth.pi-group.net (Postfix) with ESMTPA id B96A01D4175; Mon, 8 Aug 2011 14:11:54 +0200 (CEST) Message-ID: <4E3FD2A2.4050605@webservice.be> Date: Mon, 8 Aug 2011 14:12:18 +0200 From: Webservice <info@webservice.be> User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.18) Gecko/20110617 Lightning/1.0b2 Thunderbird/3.1.11 MIME-Version: 1.0 To: <security.tiws@telefonica.com> CC: Cloudforce <cloudforce@ris.be> Subject: BGP conflict Op 09-08-11 18:59, Thor Kottelin schreef:
-----Original Message----- From: anti-abuse-wg-admin@ripe.net [mailto:anti-abuse-wg- admin@ripe.net] On Behalf Of abuse@localhost.com Sent: Tuesday, August 09, 2011 7:02 PM To: anti-abuse-wg@ripe.net
Reply from "abuse.tiws@telefonica.com";=> 10 smtpus.telefonica.com [216.177.207.223]. 550 5.1.1 <abuse.tiws>: Recipient address rejected: User unknown in local recipient table.
rcpt to:<abuse.tiws@telefonica.com> 250 2.1.5 Ok
Did you, by any chance, omit the domain name (as "<abuse.tiws>" would seem to indicate), or did you actually send mail and receive a bounce afterwards?
If the address is incorrect, you could report the matter to the RIPE NCC, as Ms Fragkouli explained a few days ago.
The remaining addresses also seem to work:
-----Original Message----- From: thor.kottelin@turvasana.com Sent: Tue, 9 Aug 2011 18:17:33 +0300 To: anti-abuse-wg@ripe.net
OOM-RIPE
250 2.1.5 Ok
RSB20-RIPE
250 2.1.5 Ok
NSA20-RIPE
250 2.1.5 Ok
HNM15-RIPE
250 2.1.5 Ok
COO5-RIPE
250 2.1.5 Ok
-- -- www.webservice.be Amelsdorp 72, 3740 Bilzen, Belgium Tel: +32.89257404, Fax: +32.70423475
Nial & me tested "abuse.tiws@telefonica.com" which as well mentioned on the RIPE webpage you mentioned on your 1st thread. In any events, an abuse@ given to RIPE authority by an allocated network should be working for any IP# on planet earth. Then you come up with security.tiws? I get the same reply:550 5.1.1 <abuse.tiws>: Recipient address rejected. This time, that IP# isn't located in Miami USA but rather in Buenos Aires, Bresil. South America. A heck of a nice little walk from where you are. No mistake there, the language over there is Portuguese and not Spanish. Beside, any idea of the distance between those 2 cities? Still, as of now, i didn't seen any threat related to the lack of replies from these peoples? They may be busy fighthing something? Or simply reconfigurating their things with "Trial" IP# ? They seem to establish networks worlwide... Maybe they're using IP# normally under RIPE authority but they'll be back! Who knows? Why would one be so severe? ================================= Resolving smtpar.telefonica.com...] [Contacting smtpar.telefonica.com [200.51.80.21]...] [Connected] 220 ESMTP IMSVA EHLO Network-Tools.com 250-artasgw002.latam.telefonica.corp 250-PIPELINING 250-SIZE 20971520 250-VRFY 250-ETRN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN VRFY security.tiws 550 5.1.1 <security.tiws>: Recipient address rejected: User unknown in local recipient table RSET ============================
-----Original Message----- From: info@webservice.be Sent: Tue, 09 Aug 2011 19:07:30 +0200 To: anti-abuse-wg@ripe.net Subject: Re: [anti-abuse-wg] Correct info in RIPE-database
The emailadress I contacted was the one where they mention the AS-number remarks: Any Notification about AS12956 security please e-mail to : remarks: security.tiws@telefonica.com
I got a bounce from it:
Generating server: latam.telefonica.corp
security.tiws@telefonica.com #550 5.1.1 RESOLVER.ADR.RecipNotFound; not found ##rfc822;security.tiws@telefonica.com
Original message headers:
Received: from ARTASMSP072.latam.telefonica.corp (10.213.2.21) by ARTASMSP063.latam.telefonica.corp (10.213.1.32) with Microsoft SMTP Server (TLS) id 8.3.83.0; Mon, 8 Aug 2011 09:12:06 -0300 Received: from artasgw002.latam.telefonica.corp (192.168.200.7) by ARTASMSP072.latam.telefonica.corp (10.213.2.21) with Microsoft SMTP Server id 8.3.83.0; Mon, 8 Aug 2011 09:16:14 -0300 Received: from artasgw002.latam.telefonica.corp (unknown [127.0.0.1]) by IMSA (Postfix) with ESMTP id C35D02C8065 for <security.tiws@telefonica.com>; Mon, 8 Aug 2011 11:56:46 -0300 (ART) Received: from smtpauth.pi-group.net (unknown [94.126.48.65]) by artasgw002.latam.telefonica.corp (Postfix) with ESMTP id 5341C2C8059 for <security.tiws@telefonica.com>; Mon, 8 Aug 2011 11:56:45 -0300 (ART) Received: from [192.168.0.129] (d54C0DB02.access.telenet.be [84.192.219.2]) (Authenticated sender: admingent) by smtpauth.pi-group.net (Postfix) with ESMTPA id B96A01D4175; Mon, 8 Aug 2011 14:11:54 +0200 (CEST) Message-ID: <4E3FD2A2.4050605@webservice.be> Date: Mon, 8 Aug 2011 14:12:18 +0200 From: Webservice <info@webservice.be> User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.18) Gecko/20110617 Lightning/1.0b2 Thunderbird/3.1.11 MIME-Version: 1.0 To: <security.tiws@telefonica.com> CC: Cloudforce <cloudforce@ris.be> Subject: BGP conflict
Op 09-08-11 18:59, Thor Kottelin schreef:
-----Original Message----- From: anti-abuse-wg-admin@ripe.net [mailto:anti-abuse-wg- admin@ripe.net] On Behalf Of abuse@localhost.com Sent: Tuesday, August 09, 2011 7:02 PM To: anti-abuse-wg@ripe.net
Reply from "abuse.tiws@telefonica.com";=> 10 smtpus.telefonica.com [216.177.207.223]. 550 5.1.1 <abuse.tiws>: Recipient address rejected: User unknown in local recipient table.
rcpt to:<abuse.tiws@telefonica.com> 250 2.1.5 Ok
Did you, by any chance, omit the domain name (as "<abuse.tiws>" would seem to indicate), or did you actually send mail and receive a bounce afterwards?
If the address is incorrect, you could report the matter to the RIPE NCC, as Ms Fragkouli explained a few days ago.
The remaining addresses also seem to work:
-----Original Message----- From: thor.kottelin@turvasana.com Sent: Tue, 9 Aug 2011 18:17:33 +0300 To: anti-abuse-wg@ripe.net
OOM-RIPE
250 2.1.5 Ok
RSB20-RIPE
250 2.1.5 Ok
NSA20-RIPE
250 2.1.5 Ok
HNM15-RIPE
250 2.1.5 Ok
COO5-RIPE
250 2.1.5 Ok
-- -- www.webservice.be Amelsdorp 72, 3740 Bilzen, Belgium Tel: +32.89257404, Fax: +32.70423475
____________________________________________________________ Receive Notifications of Incoming Messages Easily monitor multiple email accounts & access them with a click. Visit http://www.inbox.com/notifier and check it out!
I'm a tad puzzled... abuse@localhost.com wrote: [...] Trying to help with geography, and due to this being OT, trying to do an individual reply to the sender, I get: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Subject: Mail delivery failed: returning message to sender [...] This message was created automatically by mail delivery software. A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed: abuse@localhost.com all relevant MX records point to non-existent hosts ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Hm, I think I can draw some conclusions for my end? Wilfrid.
Yes Wilfried. The thing is that I use this present email box only to read the "anti-abuse-wg@ripe.net" mailing list. Nothing else. I don't use this email address as an email client. So? If anyone wants to contact me for "X" reason, it can be done through the anti-abuse-wg@ripe.net mailing list. And I try as much as possible to respect the mailing list regulations. You may well have noted (I hope) that I stopped reporting "Bizarre" RIPE datas that some allocated IP allocated network have given to RIPE? It just happened that I never seen the place on RIPE's wdbsite where we can request RIPE to check this or that "Bizarre" registraton data. It took a few days and I got the answer. But then, you seen as much as me that there was another RIPE network operator who asked about the same question as me a little while after me? So, it could be that it ain't so simple and obvious to find the right place on RIPE website where one can request a verification of registration datas? But frankly, I'd prefer to remain sort of a little confidential if I'd have to request a registration verification to RIPE authority. Coze in any events, I take RIPE decisions as they are just like any other netizens on planet earth. If they decide that this or that is OK or not, I'd even never hear about it after I request a reggy verification. For the rest, I prefer to just sit and watch. I have the weird feeling that other net-ops will keep on asking questions on this very same topic: Non updated reggy datas or erroneous ones. Even though it is explicitly expressed in this mailing list charter that this group is not the place to do that! In addition, giving a specific example can be understood as a blame. We may well be all human beings.
-----Original Message----- From: woeber@cc.univie.ac.at Sent: Tue, 09 Aug 2011 19:11:57 +0000 To: anti-abuse-wg@ripe.net Subject: Re: [anti-abuse-wg] Correct info in RIPE-database
I'm a tad puzzled...
abuse@localhost.com wrote: [...]
Trying to help with geography, and due to this being OT, trying to do an individual reply to the sender, I get:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Subject: Mail delivery failed: returning message to sender [...] This message was created automatically by mail delivery software.
A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed:
abuse@localhost.com all relevant MX records point to non-existent hosts
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Hm, I think I can draw some conclusions for my end? Wilfrid.
____________________________________________________________ Send any screenshot to your friends in seconds... Works in all emails, instant messengers, blogs, forums and social networks. TRY IM TOOLPACK at http://www.imtoolpack.com/default.aspx?rc=if2 for FREE
Yes, I sure did used the whole email address and repeated once the first time I seen the post. Then, when I saw Nial post getting the server "Live" reply, I repeated that email abuse.tiws@telefonica.com testing. Same reply: "550 5.1.1 Recipient address rejected: User unknown in local recipient table". However, I used a webased engine for the testing since I didn't had time to install all my tools on this little puter I use. I mean, and I know for a fact that many networks that offer that type of tool (Testing email addresses) can be blocked, blacklisted AKA refused connection with given networks. And misery! For now, it's the only website that I have a bookmark on my present puter. "I" wouldn't file a complaint to any RIPE official 'cause I went to see the main webage of that network and it is rather easy to see that it is an Europeen network that initiated a USA based outlet. In short, we ain't talking 'bout rogue abusers!... Maybe the tech. over there had things to do and got a little late? I feel that if there was no mention of virus or trojan source in the first post talking about that topic, I wouldn't like to be in the same situation and be brought down. That is one of the reason I rather remain confidential. Relax & enjoy! =========================================
-----Original Message----- From: thor.kottelin@turvasana.com Sent: Tue, 9 Aug 2011 19:59:32 +0300 To: anti-abuse-wg@ripe.net Subject: RE: [anti-abuse-wg] Correct info in RIPE-database
-----Original Message----- From: anti-abuse-wg-admin@ripe.net [mailto:anti-abuse-wg- admin@ripe.net] On Behalf Of abuse@localhost.com Sent: Tuesday, August 09, 2011 7:02 PM To: anti-abuse-wg@ripe.net
Reply from "abuse.tiws@telefonica.com";=> 10 smtpus.telefonica.com [216.177.207.223]. 550 5.1.1 <abuse.tiws>: Recipient address rejected: User unknown in local recipient table.
rcpt to:<abuse.tiws@telefonica.com> 250 2.1.5 Ok
Did you, by any chance, omit the domain name (as "<abuse.tiws>" would seem to indicate), or did you actually send mail and receive a bounce afterwards?
If the address is incorrect, you could report the matter to the RIPE NCC, as Ms Fragkouli explained a few days ago.
The remaining addresses also seem to work:
-----Original Message----- From: thor.kottelin@turvasana.com Sent: Tue, 9 Aug 2011 18:17:33 +0300 To: anti-abuse-wg@ripe.net
OOM-RIPE
250 2.1.5 Ok
RSB20-RIPE
250 2.1.5 Ok
NSA20-RIPE
250 2.1.5 Ok
HNM15-RIPE
250 2.1.5 Ok
COO5-RIPE
250 2.1.5 Ok
-- Thor Kottelin http://www.anta.net/
____________________________________________________________ TRY FREE IM TOOLPACK at http://www.imtoolpack.com/default.aspx?rc=if5 Capture screenshots, upload images, edit and send them to your friends through IMs, post on Twitter®, Facebook®, MySpace™, LinkedIn® – FAST!
On 9 Aug 2011, at 18:30, abuse@localhost.com wrote:
Yes, I sure did used the whole email address and repeated once the first time I seen the post. Then, when I saw Nial post getting the server "Live" reply, I repeated that email abuse.tiws@telefonica.com testing. Same reply: "550 5.1.1 Recipient address rejected: User unknown in local recipient table".
However, I used a webased engine for the testing since I didn't had time to install all my tools on this little puter I use.
Niall used telnet - it's been available on pretty much any computer I've ever used since Windows 3.1 Mr Michele Neylon Blacknight Solutions Hosting & Colocation, Brand Protection ICANN Accredited Registrar http://www.blacknight.com/ http://blog.blacknight.com/ http://blacknight.mobi/ http://mneylon.tel Intl. +353 (0) 59 9183072 US: 213-233-1612 UK: 0844 484 9361 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 1 4811 763 ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,Ireland Company No.: 370845
Webservice wrote:
Now to tackle this problem: Shouldn't there be a phone-number or a hotline for BGP-issues? Especially with big problems it's a real problem to get to the right helpdesk/support. I know that some endusers who receive a spam email would contact that hotline also, however: is it possible to show that info only if a person is logged in into the LIR-portal?
Just what Im asking for years now for. More easier would be an anonymous abuse contact wich could only by emailed to from registered email addresses from other RIPE members. So: every member would simply enter too email addresses and one (or more) IPs into their basic data at the portal. - one abuse contact - one sender email address - one or more IP address of the own sending mailservers And the Mailserver at RIPE will e.g. redirected a general as1234@members.ripe.net to the right abuse contact of that member. And: RIPE could even monitor outbreaks to one or the other member address to get an indication if there is an eval or non-responsive member (e.g. with not working mail addresses, full mailboxes aso). RIPE NCC could also monitor if a member becomes a bit to active or tries to flood other members. Telephone numbers seem to spread, so they will not be hidden after a while, but email is cool, because the receiver could handle these emails much quicker, because they could be more sure, that its coming from qualified other members, hopefully resulting in a much quicker action. Just an example: we filed a report at the usual abuse address of a bigger server housing provider in Germany arround 3 weeks ago , that one of their servers seemed to be captured and started to guess passwords on some of our POP3 servers. Now: after 3 weeks, be received a note, that our report will now be analysed. Whats about all those spam, all those DDoS attacks, pishing sites, whatever abuse, this server was causing the last 3 weeks to others ? And: just fiddled with our firewalls and can see, that this server is still trying to attack us ! Kind regards, Frank
Best regards, Pascal Nobus -- www.webservice.be Amelsdorp 72, 3740 Bilzen, Belgium Tel: +32.89257404, Fax: +32.70423475
-- Mit freundlichen Gruessen, -- PHADE Software - PowerWeb http://www.powerweb.de Inh. Dipl.-Inform. Frank Gadegast mailto:frank@powerweb.de Schinkelstrasse 17 fon: +49 33200 52920 14558 Nuthetal OT Rehbruecke, Germany fax: +49 33200 52921 ====================================================================== Public PGP Key available for frank@powerweb.de
See the official reply of RIPE officials here below. The charter of the present mailing list explicitly state:=> -"This anti-abuse-wg list is explicitly not the place to report spam". Or to give factual examples of new trends related to methods either of either spammers or trojans can be "Tools" to abusives end-uses like I once did. Need to find another way...! By doing so, it potentially can be understood as a suggestion, that this network you have mentioned here below did omited or forged the RIPE's datas with a deliberate and intentional crooked intention. while it could also be that the network operator has a heck of a wild time fighting trojans or virus intruding his network. And that he just simply happened lately that he forgot to update his registration datas at RIPE. There may be a more diplomatic method that would resolve the case? For instance, why whouldn't blacklist the whole IP# block numbers until that network finds it strange that he cannot connect to your allocated IPs? And he never does, everything's is for the best, isn't it? ==============================
Sent: Tue, 09 Aug 2011 12:40:46 +0100 To: anti-abuse-wg@ripe.net Subject: Re: [anti-abuse-wg] Abuse report.
"abuse@localhost.com" wrote the following on 09/08/2011 12:15:
James? Have you noticed the name of this present mailing list? Why would there be the word "anti-abuse" in it? Is an uncared for spam complaint "Off Topic"?
I don't think so.
Please look at the URL Kostas has posted, and sure I'll post it here again myself:
http://www.ripe.net/ripe/groups/wg/anti-abuse
This list is explicitly not the place to report spam. It is also not a place for seemingly random and extremely difficult to follow digressions and accusations. Could you please review the charter of the group and the behaviour of others on the mailing list before posting further.
Thanks,
Brian,
-----Original Message----- From: info@webservice.be Sent: Tue, 09 Aug 2011 16:56:32 +0200 To: anti-abuse-wg@ripe.net Subject: [anti-abuse-wg] Correct info in RIPE-database
Dear members.
Last weekend I stumbled on a problem: We had problems in on of our BGP-prefixes. As the RIS Dashboard showed there was an overlapping Network in the same range as our prefix.
We then wanted to contact the ISP, so the route could be redrawn (or sort this issue out), however: on the RIPE database we found: - no adress - no telephone-number - a wrong emailadress
There was a link to a website, but after 4 phone-calls (where 1 has moved to another location, all the others where voice-mails), we gave up!
The ISP that I couldn't reach was telefonica, see it yourself at: http://www.db.ripe.net/whois?form_type=simple&full_query_string=&searchtext=AS12956&do_search=Search
Now to tackle this problem: Shouldn't there be a phone-number or a hotline for BGP-issues? Especially with big problems it's a real problem to get to the right helpdesk/support. I know that some endusers who receive a spam email would contact that hotline also, however: is it possible to show that info only if a person is logged in into the LIR-portal?
Best regards, Pascal Nobus -- www.webservice.be Amelsdorp 72, 3740 Bilzen, Belgium Tel: +32.89257404, Fax: +32.70423475
____________________________________________________________ FREE 3D MARINE AQUARIUM SCREENSAVER - Watch dolphins, sharks & orcas on your desktop! Check it out at http://www.inbox.com/marineaquarium
On 09/08/11 15:56, Webservice wrote:
Shouldn't there be a phone-number or a hotline for BGP-issues?
There's already an attempt being made at such a system, have a look at http://www.pch.net/inoc-dba/, or the explanation at https://www.pch.net/inoc-dba/docs/qanda.html
I know that some endusers who receive a spam email would contact that hotline also, however: is it possible to show that info only if a person is logged in into the LIR-portal?
After seeing our AOL Scomp feed and the obviously legit email that often gets reported as spam by their users, I'm not sure if I'd like it to be made too easy for the mass unwashed to report "spam" or "abuse". Niall. -- Niall Donegan ---------------- http://www.blacknight.com Blacknight Internet Solutions Ltd, Unit 12A, Barrowside Business Park, Sleaty Road, Graiguecullen, Carlow, Ireland Company No.: 370845
A common fallacy Think on the lines of "there are lots of people who vote for a politician you consider a jackass, but he hardly ever wins an election anyway" Then think how many complaints about a valid user you get when just one or two stray emails of his get misreported, compared to when that user gets his password compromised by a nigerian or has his PC infected by a virus. Clear enough now? It becomes crystal clear when you have a userbase of, say, a couple of million like I do now, or 40 million ++ like I had till about 2009. Becomes even clearer when you offer feedback loops yourself based on spam reported by your users. --srs On Wed, Aug 10, 2011 at 4:11 PM, Niall Donegan <niall@blacknight.com> wrote:
After seeing our AOL Scomp feed and the obviously legit email that often gets reported as spam by their users, I'm not sure if I'd like it to be made too easy for the mass unwashed to report "spam" or "abuse".
-- Suresh Ramasubramanian (ops.lists@gmail.com)
On 10.08.2011 12:45, Suresh Ramasubramanian wrote:
Think on the lines of "there are lots of people who vote for a politician you consider a jackass, but he hardly ever wins an election anyway"
Then think how many complaints about a valid user you get when just one or two stray emails of his get misreported, compared to when that user gets his password compromised by a nigerian or has his PC infected by a virus.
This comparison apparently suggests that misreports ought to be handled and repaired, just like viruses or compromised passwords, however statistically negligible they might be. (It could even possible to devise methods to handle misreports so as to minimize the amount of time that the relevant abuse team has to spend on manual investigation.) Is that what you meant?
This doesn't suggest "repairing" misreports, it suggests ignoring them as not statistically significant enough to affect a particular account's reputation. So, your automated FBL processing doesn't freeze the account, while the guy with a virus or a compromise gets his account detected and frozen by that very same script. "Handling" or "repairing" misreports any further is just not needed when you look at it that way. --srs On Sat, Aug 13, 2011 at 11:16 PM, Alessandro Vesely <vesely@tana.it> wrote:
This comparison apparently suggests that misreports ought to be handled and repaired, just like viruses or compromised passwords, however statistically negligible they might be. (It could even possible to devise methods to handle misreports so as to minimize the amount of time that the relevant abuse team has to spend on manual investigation.)
Is that what you meant?
-- Suresh Ramasubramanian (ops.lists@gmail.com)
participants (10)
-
abuse@localhost.com -
Alessandro Vesely -
Frank Gadegast -
Michele Neylon :: Blacknight -
Niall Donegan -
Reza Farzan -
Suresh Ramasubramanian -
Thor Kottelin -
Webservice -
Wilfried Woeber, UniVie/ACOnet