Clarification Regarding Needs Assessment and Audits
Dear colleagues, We have been following the recent discussions on the mailing list and would like to offer clarification in relation to a couple of points that were raised. According to "IPv4 Address Allocation and Assignment Policies for the RIPE NCC Service Region" [1], address space is distributed based on demonstrated technical need in order to deliver services. This need is evaluated according to addressing requirements, network infrastructure, equipment and number of customers. The exact services for which the resources are being requested are not considered as part of the evaluation process. As an example, if address space is requested for the technical need of a mail server, it is not verified what type of mails are being sent through that server. This practice is in line with the current IPv4 policy [1]. It is important to note that technical need is evaluated for assignments. The need for an additional allocation is considered based on past and future usage, taking into account all assignments that have been made by the LIR previously. The RIPE NCC does not have a mandate to deregister allocations if the expected growth was less or different than expected. Nevertheless, we do see LIRs voluntarily returning allocations in the event that they no longer have a need for the addresses. As above, this practice is based on current RIPE Policies. When a policy is changed through the RIPE Policy Development Process (PDP) [2], we adjust our processes accordingly. When the RIPE NCC conducts an audit of an LIR, it checks that: - RIPE Policies are followed correctly - Assignments are registered properly and being used for the purpose they were requested for (if not, the technical need is re-evaluated) - Contact information is still correct An LIR is either randomly selected for an audit, or selected following a community report against that member [3]. Last year, the RIPE NCC created a report form to facilitate and simplify reporting on policy violations, provision of untruthful information to the RIPE NCC and incorrect RIPE Database data [4]. Once the reported information and evidence is evaluated, the RIPE NCC investigates the claim and proceeds according to RIPE Policies and RIPE NCC procedures. This can result in address space being deregistered. More detailed information on reasons for deregistration of address space is available in "Closure of Member and Deregistration of Internet Number Resources" [5]. Kind regards Andrew de la Haye Chief Operations Officer RIPE NCC [1] "IPv4 Address Allocation and Assignment Policies for the RIPE NCC Service Region" http://www.ripe.net/ripe/docs/v4policy [2] "RIPE Policy Development" http://www.ripe.net/ripe/policies [3] "RIPE NCC Audit Activity" http://www.ripe.net/ripe/docs/audit [4] "RIPE NCC Reporting Procedure" http://www.ripe.net/contact/ripe-ncc-complaints-procedure [5] "Closure of Member and Deregistration of Internet Number Resources" http://www.ripe.net/ripe/docs/closure
Andrew de la Haye wrote: Hello,
... The exact services for which the resources are being requested are not considered as part of the evaluation process. As an example, if address space is requested for the technical need of a mail server, it is not verified what type of mails are being sent through that server. ... - Assignments are registered properly and being used for the purpose they were requested for (if not, the technical need is re-evaluated)
These two points interest me the most. Lets say, an LIR is requesting IPs for the purpose of access, but then runs mailservers on it, sending lots of spam. - first, how do you find evidence, that the LIR is using the address space now for a different purpose ? - second, did it ever happen, that the NCC revoked address space or allocations or terminated a contract, because the LIR was using the IPs for a different purpose and then denied fix that ? Kind regards, Frank
Kind regards
Andrew de la Haye Chief Operations Officer RIPE NCC
[1] "IPv4 Address Allocation and Assignment Policies for the RIPE NCC Service Region" http://www.ripe.net/ripe/docs/v4policy
[2] "RIPE Policy Development" http://www.ripe.net/ripe/policies
[3] "RIPE NCC Audit Activity" http://www.ripe.net/ripe/docs/audit
[4] "RIPE NCC Reporting Procedure" http://www.ripe.net/contact/ripe-ncc-complaints-procedure
[5] "Closure of Member and Deregistration of Internet Number Resources" http://www.ripe.net/ripe/docs/closure
Hi, On Thu, Jul 04, 2013 at 04:52:14PM +0200, Frank Gadegast wrote:
... The exact services for which the resources are being requested are not considered as part of the evaluation process. As an example, if address space is requested for the technical need of a mail server, it is not verified what type of mails are being sent through that server. ... - Assignments are registered properly and being used for the purpose they were requested for (if not, the technical need is re-evaluated)
These two points interest me the most. Lets say, an LIR is requesting IPs for the purpose of access, but then runs mailservers on it, sending lots of spam.
You're mixing "allocation" and "assignment". The LIR requests an *allocation*, which is not bound to a specific purpose. The end user (which might be the LIR itself, but usually is "a customer of the LIR") receives an *assignment*, which comes with a technical need. Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (89) 32356-444 USt-IdNr.: DE813185279
Gert Doering wrote:
Hi,
On Thu, Jul 04, 2013 at 04:52:14PM +0200, Frank Gadegast wrote:
... The exact services for which the resources are being requested are not considered as part of the evaluation process. As an example, if address space is requested for the technical need of a mail server, it is not verified what type of mails are being sent through that server. ... - Assignments are registered properly and being used for the purpose they were requested for (if not, the technical need is re-evaluated)
These two points interest me the most. Lets say, an LIR is requesting IPs for the purpose of access, but then runs mailservers on it, sending lots of spam.
You're mixing "allocation" and "assignment". The LIR requests an *allocation*, which is not bound to a specific purpose.
Im mixing nothing here. You need to specify a purpose for any assignment you make from your allocation, internally or directly to the NCC. And the purpose seems to be re-evaluated when there is an audit started. So the two questions remain: - first, how do you find evidence, that the LIR is using the address space now for a different purpose ? - second, did it ever happen, that the NCC revoked address space or allocations or terminated a contract, because the LIR was using the IPs for a different purpose and then denied fix that ? I could have written here "assignments or allocations or terminated" ...
The end user (which might be the LIR itself, but usually is "a customer of the LIR") receives an *assignment*, which comes with a technical need.
Did not say anything different. Pointing to a possible failure in my wording just stops others in answering important questions (what happens a lot lately), simply because its interupting "the flow" ;o) Its important to know, how the community can help starting an audit process with the goal to revoke some address space that is obviously used for massive abuse. We need to know, how to start this process (e.g. where is this form ?), what to proove, how to give evidence aso and how the NCC handles this. Simply because it seems to be the only mossible procedure to revoke address space, when its not used for its initial purpose anymore. And I really like to have an answer from the NCC about all this. Kind regards, Frank
Gert Doering -- NetMaster
Hi, On Thu, Jul 04, 2013 at 05:16:05PM +0200, Frank Gadegast wrote:
Gert Doering wrote:
On Thu, Jul 04, 2013 at 04:52:14PM +0200, Frank Gadegast wrote:
... The exact services for which the resources are being requested are not considered as part of the evaluation process. As an example, if address space is requested for the technical need of a mail server, it is not verified what type of mails are being sent through that server. ... - Assignments are registered properly and being used for the purpose they were requested for (if not, the technical need is re-evaluated)
These two points interest me the most. Lets say, an LIR is requesting IPs for the purpose of access, but then runs mailservers on it, sending lots of spam.
You're mixing "allocation" and "assignment". The LIR requests an *allocation*, which is not bound to a specific purpose.
Im mixing nothing here. You need to specify a purpose for any assignment you make from your allocation, internally or directly to the NCC.
If you write "the LIR is requesting IPs for the purpose of access", you're mixing up things. LIRs request IP addresses to give them to customers. Not for particular uses.
And the purpose seems to be re-evaluated when there is an audit started.
Read again what Andrew wrote, and keep in mind the difference between "allocation" and "assignment".
So the two questions remain:
- first, how do you find evidence, that the LIR is using the address space now for a different purpose ?
As the *LIR* did not specify a purpose, it can't be "a different purpose" now.
- second, did it ever happen, that the NCC revoked address space or allocations or terminated a contract, because the LIR was using the IPs for a different purpose and then denied fix that ?
No, because that situation can not happen. The LIR does not specify a purpose, so there is no way they could be used for a "different purpose". [..]
Pointing to a possible failure in my wording just stops others in answering important questions (what happens a lot lately), simply because its interupting "the flow" ;o)
Pointing out confusion between allocations and assignments, and who does what, is necessary because the questions can't be answered unless the proper terms are used. Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (89) 32356-444 USt-IdNr.: DE813185279
On Thu, Jul 04, 2013 at 05:31:25PM +0200, Gert Doering wrote:
No, because that situation can not happen. The LIR does not specify a purpose, so there is no way they could be used for a "different purpose".
in all fairness, Andrew's response made the 'purpose' compliance of the assignments subject to the evaluation in his response. Now, I'd appreciate a clarification from the NCC what level of abstraction they consider a 'purpose' in this sense. I'd be surprise to learn this is a website screening or any traffic assessment. I could, however, understand if this included a check of proper application of the assignment rules. To that extent, believe it or not, an assignee stating ''I'm gonna send lotsa mails'' has demonstrated more of a technical need than someone claiming they love and collect small prime numbers in IP addresses. -Peter
Peter Koch wrote:
On Thu, Jul 04, 2013 at 05:31:25PM +0200, Gert Doering wrote:
No, because that situation can not happen.
Sure it can ! If I remember old times right, we first got our allocation when becoming a RIPE member and had a very small assignment window. We had to send network plans to the NCC for the first assignments we made and because they were acceptable, our assignment windows was raised, so we could assign most IP blocks for our customers ourself from then on up to our new assignment windows, but surely we still have to track that our assignments comply and need to know wich customer uses wich block for what. So: theres is a lot of assignment *purposed* RIPE NCC should know about directly and the others should be known to the LIR. The question is: is the NCC ordering network plans from the LIR during an audit to check the purpose ? Lets say the LIR is saying: network xy was assigned to customer yz and the customers sayd the purpose was "routing equipment". And now the NCC realizes that there is lots of spam and other abuse coming out of these assignments. What happens: has the LIR to cancel the contract with its customer ? Or switch the use back to "routing equipment" ? And if this kind of confusion is true for most of the assignments for the LIR ? Will the LIR take this as a sign for a "bad" LIR and terminate its contract ? Or lower his assignment windows ? I would really like to have an example of a audit process that ended bad for the LIR or its customers ... how did it really worked ...
The LIR does not specify
a purpose, so there is no way they could be used for a "different purpose".
in all fairness, Andrew's response made the 'purpose' compliance of the assignments subject to the evaluation in his response. Now, I'd appreciate a clarification from the NCC what level of abstraction they consider a 'purpose' in this sense.
Exactly :o)
I'd be surprise to learn this is a website screening or any traffic assessment. I could, however, understand if this included a check of proper application of the assignment rules. To that extent, believe it or not, an assignee stating ''I'm gonna send lotsa mails'' has demonstrated more of a technical need than someone claiming they love and collect small prime numbers in IP addresses.
-Peter
Kind regards, Frank -- PHADE Software - PowerWeb http://www.powerweb.de Inh. Dipl.-Inform. Frank Gadegast mailto:frank@powerweb.de Schinkelstrasse 17 fon: +49 33200 52920 14558 Nuthetal OT Rehbruecke, Germany fax: +49 33200 52921 ======================================================================
On Thu, Jul 04, 2013 at 08:22:25PM +0200, Frank Gadegast wrote:
Lets say the LIR is saying: network xy was assigned to customer yz and the customers sayd the purpose was "routing equipment". And now the NCC realizes that there is lots of spam and other abuse coming out of these assignments.
I don't speak for the NCC but IIRC the NCC checks that *a* technical need for the assignment still exist, *not* that it is the same topology as 10 years ago when the block was first assigned. In real network operations, the network does not stay the same forever, what was assigned to a router 3 years ago may be assigned to a mail server or a DSL line today.
What happens: has the LIR to cancel the contract with its customer ?
If there still is a need for the assignemnt, nothing happens. If not, the assignment must be returned to the LIR. The NCC has no authority over who a LIR does business with. rgds, Sascha Luck
Sascha Luck wrote:
What happens: has the LIR to cancel the contract with its customer ?
If there still is a need for the assignemnt, nothing happens. If not, the assignment must be returned to the LIR. The NCC has no authority over who a LIR does business with. rgds, Sascha Luck
So, does anybody knows any reason how the NCC could revoke an assignment or even an allocation, if there is a technical need and all contract data and RIPE entries are conform to the current regulations ? There SHOULD be a possibility how the NCC could revoke assignments, if they are used for obvious abuse. Sounds ridiculous to me, if there is none (yet). Sounds like to me, if an owner of a house is renting the appartments in his house to criminals, wich build bombs, plan bank robberies and train terrorists and he has no way to terminate or restrict the contract as long as the criminals pay the rent and empty the letterbox ... (sorry for the harsh example, but I think it somehow fits). (and dont tell me we need the descision of a judge in the Netherlands) Kind regards, Frank -- PHADE Software - PowerWeb http://www.powerweb.de Inh. Dipl.-Inform. Frank Gadegast mailto:frank@powerweb.de Schinkelstrasse 17 fon: +49 33200 52920 14558 Nuthetal OT Rehbruecke, Germany fax: +49 33200 52921 ====================================================================== -- Mit freundlichen Gruessen, -- PHADE Software - PowerWeb http://www.powerweb.de Inh. Dipl.-Inform. Frank Gadegast mailto:frank@powerweb.de Schinkelstrasse 17 fon: +49 33200 52920 14558 Nuthetal OT Rehbruecke, Germany fax: +49 33200 52921 ======================================================================
On Thu, Jul 04, 2013 at 09:53:31PM +0200, Frank Gadegast wrote:
So, does anybody knows any reason how the NCC could revoke an assignment or even an allocation, if there is a technical need and all contract data and RIPE entries are conform to the current regulations ?
TTBOMK, as long as policy requirements are fulfilled there is no mandate to revoke resources. Even if a LIR is closed for being on an embargo list, as happened recently, the resources were transferred to another, unaffected, LIR.
There SHOULD be a possibility how the NCC could revoke assignments, if they are used for obvious abuse.
You are, of course free to initiate a policy proposal to that effect. I don't think there is much political will in the community to give the NCC a mandate to police content, however.
Sounds like to me, if an owner of a house is renting the appartments in his house to criminals, wich build bombs, plan bank robberies and train terrorists and he has no way to terminate or restrict the contract as long as the criminals pay the rent and empty the letterbox ... (sorry for the harsh example, but I think it somehow fits).
I propose that the use of "terrorist" in any argument renders this argument invalid immediately. You may call it "Luck's Law" if it hasn't got a name yet... rgds, Sascha Luck
Sascha Luck wrote:
TTBOMK, as long as policy requirements are fulfilled there is no mandate to revoke resources.
Any spammer on this list (think so, simply because of the lack of progress) ? * Im starting now a second carrier in renting all the IPv4 addresses left in our allocation exclusively to abusers and make a lot of money with it. Just make offers now. * Will surely put a working abuse contact email address in RIPEs db, that gets directed to /dev/null and have a correct postal address somewhere on a funny island ... And it looks like if nobody could ever do anything against it. The current regulations are simply slippery as an eel (like we say in Germany), no way to catch anybody responsible. Again, ridicolous ... Kind regards, Frank -- PHADE Software - PowerWeb http://www.powerweb.de Inh. Dipl.-Inform. Frank Gadegast mailto:frank@powerweb.de Schinkelstrasse 17 fon: +49 33200 52920 14558 Nuthetal OT Rehbruecke, Germany fax: +49 33200 52921 ======================================================================
The lack of progress is simply because you have very few people who are in a security rather than IP admin or network ops role. Security as in for a seriously large provider. The other lack of progress - well, changing entrenched policies, or enforcing them beyond a point where the enforcer is reluctant to investigate (or is it "play police" according to the local meme) is as tough as it sounds. On Friday, July 5, 2013, Frank Gadegast wrote:
Sascha Luck wrote:
TTBOMK, as long as policy requirements are fulfilled
there is no mandate to revoke resources.
Any spammer on this list (think so, simply because of the lack of progress) ?
* Im starting now a second carrier in renting all the IPv4 addresses left in our allocation exclusively to abusers and make a lot of money with it. Just make offers now. *
Will surely put a working abuse contact email address in RIPEs db, that gets directed to /dev/null and have a correct postal address somewhere on a funny island ...
And it looks like if nobody could ever do anything against it.
The current regulations are simply slippery as an eel (like we say in Germany), no way to catch anybody responsible. Again, ridicolous ...
Kind regards, Frank -- PHADE Software - PowerWeb http://www.powerweb.de Inh. Dipl.-Inform. Frank Gadegast mailto:frank@powerweb.de Schinkelstrasse 17 fon: +49 33200 52920 14558 Nuthetal OT Rehbruecke, Germany fax: +49 33200 52921 ==============================**==============================**==========
-- --srs (iPad)
i agree with suresh's assessment. Lately lot of spammers are getting /32 ipv6 assignments with their own ASNs and having a nice run. The ipv4 allotment is seriously broken in ripe - just having paperwork with valid forms filled is good enough to allot what ever range the spammers can ask. regards vijay On Mon, Jul 8, 2013 at 12:04 AM, Suresh Ramasubramanian <ops.lists@gmail.com
wrote:
The lack of progress is simply because you have very few people who are in a security rather than IP admin or network ops role. Security as in for a seriously large provider.
The other lack of progress - well, changing entrenched policies, or enforcing them beyond a point where the enforcer is reluctant to investigate (or is it "play police" according to the local meme) is as tough as it sounds.
On Friday, July 5, 2013, Frank Gadegast wrote:
Sascha Luck wrote:
TTBOMK, as long as policy requirements are fulfilled
there is no mandate to revoke resources.
Any spammer on this list (think so, simply because of the lack of progress) ?
* Im starting now a second carrier in renting all the IPv4 addresses left in our allocation exclusively to abusers and make a lot of money with it. Just make offers now. *
Will surely put a working abuse contact email address in RIPEs db, that gets directed to /dev/null and have a correct postal address somewhere on a funny island ...
And it looks like if nobody could ever do anything against it.
The current regulations are simply slippery as an eel (like we say in Germany), no way to catch anybody responsible. Again, ridicolous ...
Kind regards, Frank -- PHADE Software - PowerWeb http://www.powerweb.de Inh. Dipl.-Inform. Frank Gadegast mailto:frank@powerweb.de Schinkelstrasse 17 fon: +49 33200 52920 14558 Nuthetal OT Rehbruecke, Germany fax: +49 33200 52921 ==============================**==============================** ==========
-- --srs (iPad)
I was starting to wonder whether anybody else with an operational antispam and security role for a large provider was around here. :) Thanks for chiming in, vijay. At a guess those v6 /32s are all registered in Romania? --srs On Saturday, August 31, 2013, Vijay Eranti (✌ విజయ్ ఈరంటి) wrote:
i agree with suresh's assessment.
Lately lot of spammers are getting /32 ipv6 assignments with their own ASNs and having a nice run. The ipv4 allotment is seriously broken in ripe - just having paperwork with valid forms filled is good enough to allot what ever range the spammers can ask.
regards vijay
On Mon, Jul 8, 2013 at 12:04 AM, Suresh Ramasubramanian < ops.lists@gmail.com <javascript:_e({}, 'cvml', 'ops.lists@gmail.com');>>wrote:
The lack of progress is simply because you have very few people who are in a security rather than IP admin or network ops role. Security as in for a seriously large provider.
The other lack of progress - well, changing entrenched policies, or enforcing them beyond a point where the enforcer is reluctant to investigate (or is it "play police" according to the local meme) is as tough as it sounds.
On Friday, July 5, 2013, Frank Gadegast wrote:
Sascha Luck wrote:
TTBOMK, as long as policy requirements are fulfilled
there is no mandate to revoke resources.
Any spammer on this list (think so, simply because of the lack of progress) ?
* Im starting now a second carrier in renting all the IPv4 addresses left in our allocation exclusively to abusers and make a lot of money with it. Just make offers now. *
Will surely put a working abuse contact email address in RIPEs db, that gets directed to /dev/null and have a correct postal address somewhere on a funny island ...
And it looks like if nobody could ever do anything against it.
The current regulations are simply slippery as an eel (like we say in Germany), no way to catch anybody responsible. Again, ridicolous ...
Kind regards, Frank -- PHADE Software - PowerWeb http://www.powerweb.de Inh. Dipl.-Inform. Frank Gadegast mailto:frank@powerweb.de Schinkelstrasse 17 fon: +49 33200 52920 14558 Nuthetal OT Rehbruecke, Germany fax: +49 33200 52921 ==============================**==============================** ==========
-- --srs (iPad)
-- --srs (iPad)
Hi Suresh, Firstly, any member (LIR) can receive by default a /32 (up to a /29) ALLOCATION and NOT assignment. It's a /48 PI assignment that you can get if you are not an LIR. Secondly, @Suresh - have a look at who is leading the world in IPv6 deployment and then you may want to be careful with trowing stones at Romania. Romania IS and has been for at least one year the leader in IPv6 deployment in the whole world, if you are badmouthing Romania for it's spam, try to praise it for it's IPv6 deployment, that would be fair. My 2 cents, Elvis Daniel Velea (proud Romanian) On 8/31/13 7:11 AM, Suresh Ramasubramanian wrote:
I was starting to wonder whether anybody else with an operational antispam and security role for a large provider was around here. :)
Thanks for chiming in, vijay. At a guess those v6 /32s are all registered in Romania?
--srs
On Saturday, August 31, 2013, Vijay Eranti (✌ విజయ్ ఈరంటి) wrote:
i agree with suresh's assessment.
Lately lot of spammers are getting /32 ipv6 assignments with their own ASNs and having a nice run. The ipv4 allotment is seriously broken in ripe - just having paperwork with valid forms filled is good enough to allot what ever range the spammers can ask.
regards vijay
On Mon, Jul 8, 2013 at 12:04 AM, Suresh Ramasubramanian <ops.lists@gmail.com <javascript:_e({}, 'cvml', 'ops.lists@gmail.com');>> wrote:
The lack of progress is simply because you have very few people who are in a security rather than IP admin or network ops role. Security as in for a seriously large provider.
The other lack of progress - well, changing entrenched policies, or enforcing them beyond a point where the enforcer is reluctant to investigate (or is it "play police" according to the local meme) is as tough as it sounds.
On Friday, July 5, 2013, Frank Gadegast wrote:
Sascha Luck wrote:
TTBOMK, as long as policy requirements are fulfilled there is no mandate to revoke resources.
Any spammer on this list (think so, simply because of the lack of progress) ?
* Im starting now a second carrier in renting all the IPv4 addresses left in our allocation exclusively to abusers and make a lot of money with it. Just make offers now. *
Will surely put a working abuse contact email address in RIPEs db, that gets directed to /dev/null and have a correct postal address somewhere on a funny island ...
And it looks like if nobody could ever do anything against it.
The current regulations are simply slippery as an eel (like we say in Germany), no way to catch anybody responsible. Again, ridicolous ...
Kind regards, Frank -- PHADE Software - PowerWeb http://www.powerweb.de Inh. Dipl.-Inform. Frank Gadegast mailto:frank@powerweb.de Schinkelstrasse 17 fon: +49 33200 52920 <tel:%2B49%2033200%2052920> 14558 Nuthetal OT Rehbruecke, Germany fax: +49 33200 52921 <tel:%2B49%2033200%2052921> ==============================__==============================__==========
-- --srs (iPad)
-- --srs (iPad)
-- Kind regards, Elvis Velea
Nothing against all of romania but there appears to be more than one rogue operation there that used to hand out quite a few /15 v4 netblocks to US based spammers and are now registering quite a lot of /32 v6 netblocks --srs (htc one x) On 31-Aug-2013 6:05 PM, "Elvis Velea" <elvis@velea.eu> wrote:
Hi Suresh,
Firstly, any member (LIR) can receive by default a /32 (up to a /29) ALLOCATION and NOT assignment. It's a /48 PI assignment that you can get if you are not an LIR.
Secondly, @Suresh - have a look at who is leading the world in IPv6 deployment and then you may want to be careful with trowing stones at Romania. Romania IS and has been for at least one year the leader in IPv6 deployment in the whole world, if you are badmouthing Romania for it's spam, try to praise it for it's IPv6 deployment, that would be fair.
My 2 cents, Elvis Daniel Velea (proud Romanian)
On 8/31/13 7:11 AM, Suresh Ramasubramanian wrote:
I was starting to wonder whether anybody else with an operational antispam and security role for a large provider was around here. :)
Thanks for chiming in, vijay. At a guess those v6 /32s are all registered in Romania?
--srs
On Saturday, August 31, 2013, Vijay Eranti (✌ విజయ్ ఈరంటి) wrote:
i agree with suresh's assessment.
Lately lot of spammers are getting /32 ipv6 assignments with their own ASNs and having a nice run. The ipv4 allotment is seriously broken in ripe - just having paperwork with valid forms filled is good enough to allot what ever range the spammers can ask.
regards vijay
On Mon, Jul 8, 2013 at 12:04 AM, Suresh Ramasubramanian <ops.lists@gmail.com <javascript:_e({}, 'cvml', 'ops.lists@gmail.com');>> wrote:
The lack of progress is simply because you have very few people who are in a security rather than IP admin or network ops role. Security as in for a seriously large provider.
The other lack of progress - well, changing entrenched policies, or enforcing them beyond a point where the enforcer is reluctant to investigate (or is it "play police" according to the local meme) is as tough as it sounds.
On Friday, July 5, 2013, Frank Gadegast wrote:
Sascha Luck wrote:
TTBOMK, as long as policy requirements are fulfilled there is no mandate to revoke resources.
Any spammer on this list (think so, simply because of the lack of progress) ?
* Im starting now a second carrier in renting all the IPv4 addresses left in our allocation exclusively to abusers and make a lot of money with it. Just make offers now. *
Will surely put a working abuse contact email address in RIPEs db, that gets directed to /dev/null and have a correct postal address somewhere on a funny island ...
And it looks like if nobody could ever do anything against it.
The current regulations are simply slippery as an eel (like we say in Germany), no way to catch anybody responsible. Again, ridicolous ...
Kind regards, Frank -- PHADE Software - PowerWeb http://www.powerweb.de Inh. Dipl.-Inform. Frank Gadegast mailto:frank@powerweb.de Schinkelstrasse 17 fon: +49 33200 52920 <tel:%2B49%2033200%2052920> 14558 Nuthetal OT Rehbruecke, Germany fax: +49 33200 52921 <tel:%2B49%2033200%2052921> ==============================** __============================**==__==========
-- --srs (iPad)
-- --srs (iPad)
-- Kind regards, Elvis Velea
Hi, On 8/31/13 9:18 PM, Suresh Ramasubramanian wrote:
Nothing against all of romania
then maybe it would be a great idea to stop trowing rocks at it
but there appears to be more than one rogue operation there
Even better, use the RIPE NCC form and report the things you think are wrong with those /32s.. you probably know how to fill in a form, right?
[...] are now registering quite a lot of /32 v6 netblocks
you can only get one /32 per LIR, how many is quite a lot to you? I have the feeling you exaggerate 'quite a bit' as there are (as it appears in the members list) _in total_ 45 members from Romania, out of each at least 5-10% belong to governmental agencies. You surely do not want to blame the Government for all the spam you receive, right? So, I'd recommend you to stop blaming Romania for all the bad things happening in your life and look at the facts as well, Romanian LEADS the World IPv6 deployment and you are the only person in this community blaming everything you think is wrong unto Romania. Every country has it's own rogue companies, stop pointing fingers at only one.. you make everyone believe there is only one problem. I'd recommend looking at your friends' site [1] and see who you should point fingers at, or look at all the statistics showing that India is fighting with USA for #1 spam country in the world. I'd suggest that next time you want to say the words Romania and spam on a public mailing list to look first in your own garden.. it may be filled with rogue 'plants' cheers, Elvis [1] http://www.spamhaus.org/statistics/countries/
--srs (htc one x)
On 31-Aug-2013 6:05 PM, "Elvis Velea" <elvis@velea.eu <mailto:elvis@velea.eu>> wrote:
Hi Suresh,
Firstly, any member (LIR) can receive by default a /32 (up to a /29) ALLOCATION and NOT assignment. It's a /48 PI assignment that you can get if you are not an LIR.
Secondly, @Suresh - have a look at who is leading the world in IPv6 deployment and then you may want to be careful with trowing stones at Romania. Romania IS and has been for at least one year the leader in IPv6 deployment in the whole world, if you are badmouthing Romania for it's spam, try to praise it for it's IPv6 deployment, that would be fair.
My 2 cents, Elvis Daniel Velea (proud Romanian)
On 8/31/13 7:11 AM, Suresh Ramasubramanian wrote:
I was starting to wonder whether anybody else with an operational antispam and security role for a large provider was around here. :)
Thanks for chiming in, vijay. At a guess those v6 /32s are all registered in Romania?
--srs
On Saturday, August 31, 2013, Vijay Eranti (✌ విజయ్ ఈరంటి) wrote:
i agree with suresh's assessment.
Lately lot of spammers are getting /32 ipv6 assignments with their own ASNs and having a nice run. The ipv4 allotment is seriously broken in ripe - just having paperwork with valid forms filled is good enough to allot what ever range the spammers can ask.
regards vijay
On Mon, Jul 8, 2013 at 12:04 AM, Suresh Ramasubramanian <ops.lists@gmail.com <mailto:ops.lists@gmail.com> <javascript:_e({}, 'cvml', 'ops.lists@gmail.com <mailto:ops.lists@gmail.com>');>> wrote:
The lack of progress is simply because you have very few people who are in a security rather than IP admin or network ops role. Security as in for a seriously large provider.
The other lack of progress - well, changing entrenched policies, or enforcing them beyond a point where the enforcer is reluctant to investigate (or is it "play police" according to the local meme) is as tough as it sounds.
On Friday, July 5, 2013, Frank Gadegast wrote:
Sascha Luck wrote:
TTBOMK, as long as policy requirements are fulfilled there is no mandate to revoke resources.
Any spammer on this list (think so, simply because of the lack of progress) ?
* Im starting now a second carrier in renting all the IPv4 addresses left in our allocation exclusively to abusers and make a lot of money with it. Just make offers now. *
Will surely put a working abuse contact email address in RIPEs db, that gets directed to /dev/null and have a correct postal address somewhere on a funny island ...
And it looks like if nobody could ever do anything against it.
The current regulations are simply slippery as an eel (like we say in Germany), no way to catch anybody responsible. Again, ridicolous ...
Kind regards, Frank -- PHADE Software - PowerWeb http://www.powerweb.de Inh. Dipl.-Inform. Frank Gadegast mailto:frank@powerweb.de <mailto:frank@powerweb.de> Schinkelstrasse 17 fon: +49 33200 52920 <tel:%2B49%2033200%2052920> 14558 Nuthetal OT Rehbruecke, Germany fax: +49 33200 52921 <tel:%2B49%2033200%2052921>
==============================____============================__==__==========
-- --srs (iPad)
-- --srs (iPad)
-- Kind regards, Elvis Velea
-- Kind regards, Elvis Velea
I have not had very much success following that process to report more than one shady /15 in the past. And as for india that is mostly botted IPs rather than a cash and carry IP address market. So far APNIC seems to have its act together rather better on that front. Again as for india there is active outreach going on, where quite a few people are helping indian isps work on their security. --srs (htc one x) On 31-Aug-2013 7:20 PM, "Elvis Velea" <elvis@velea.eu> wrote:
Hi,
On 8/31/13 9:18 PM, Suresh Ramasubramanian wrote:
Nothing against all of romania
then maybe it would be a great idea to stop trowing rocks at it
but there appears to be more than one rogue operation there
Even better, use the RIPE NCC form and report the things you think are wrong with those /32s.. you probably know how to fill in a form, right?
[...] are now registering quite a lot of /32 v6 netblocks
you can only get one /32 per LIR, how many is quite a lot to you?
I have the feeling you exaggerate 'quite a bit' as there are (as it appears in the members list) _in total_ 45 members from Romania, out of each at least 5-10% belong to governmental agencies. You surely do not want to blame the Government for all the spam you receive, right?
So, I'd recommend you to stop blaming Romania for all the bad things happening in your life and look at the facts as well, Romanian LEADS the World IPv6 deployment and you are the only person in this community blaming everything you think is wrong unto Romania. Every country has it's own rogue companies, stop pointing fingers at only one.. you make everyone believe there is only one problem.
I'd recommend looking at your friends' site [1] and see who you should point fingers at, or look at all the statistics showing that India is fighting with USA for #1 spam country in the world.
I'd suggest that next time you want to say the words Romania and spam on a public mailing list to look first in your own garden.. it may be filled with rogue 'plants'
cheers, Elvis
[1] http://www.spamhaus.org/**statistics/countries/<http://www.spamhaus.org/statistics/countries/>
--srs (htc one x)
On 31-Aug-2013 6:05 PM, "Elvis Velea" <elvis@velea.eu <mailto:elvis@velea.eu>> wrote:
Hi Suresh,
Firstly, any member (LIR) can receive by default a /32 (up to a /29) ALLOCATION and NOT assignment. It's a /48 PI assignment that you can get if you are not an LIR.
Secondly, @Suresh - have a look at who is leading the world in IPv6 deployment and then you may want to be careful with trowing stones at Romania. Romania IS and has been for at least one year the leader in IPv6 deployment in the whole world, if you are badmouthing Romania for it's spam, try to praise it for it's IPv6 deployment, that would be fair.
My 2 cents, Elvis Daniel Velea (proud Romanian)
On 8/31/13 7:11 AM, Suresh Ramasubramanian wrote:
I was starting to wonder whether anybody else with an operational antispam and security role for a large provider was around here. :)
Thanks for chiming in, vijay. At a guess those v6 /32s are all registered in Romania?
--srs
On Saturday, August 31, 2013, Vijay Eranti (✌ విజయ్ ఈరంటి) wrote:
i agree with suresh's assessment.
Lately lot of spammers are getting /32 ipv6 assignments with their own ASNs and having a nice run. The ipv4 allotment is seriously broken in ripe - just having paperwork with valid forms filled is good enough to allot what ever range the spammers can ask.
regards vijay
On Mon, Jul 8, 2013 at 12:04 AM, Suresh Ramasubramanian <ops.lists@gmail.com <mailto:ops.lists@gmail.com> <javascript:_e({}, 'cvml', 'ops.lists@gmail.com <mailto:ops.lists@gmail.com>')**;>> wrote:
The lack of progress is simply because you have very few people who are in a security rather than IP admin or network ops role. Security as in for a seriously large provider.
The other lack of progress - well, changing entrenched policies, or enforcing them beyond a point where the enforcer is reluctant to investigate (or is it "play police" according to the local meme) is as tough as it sounds.
On Friday, July 5, 2013, Frank Gadegast wrote:
Sascha Luck wrote:
TTBOMK, as long as policy requirements are fulfilled there is no mandate to revoke resources.
Any spammer on this list (think so, simply because of the lack of progress) ?
* Im starting now a second carrier in renting all the IPv4 addresses left in our allocation exclusively to abusers and make a lot of money with it. Just make offers now. *
Will surely put a working abuse contact email address in RIPEs db, that gets directed to /dev/null and have a correct postal address somewhere on a funny island ...
And it looks like if nobody could ever do anything against it.
The current regulations are simply slippery as an eel (like we say in Germany), no way to catch anybody responsible. Again, ridicolous ...
Kind regards, Frank -- PHADE Software - PowerWeb http://www.powerweb.de Inh. Dipl.-Inform. Frank Gadegast mailto:frank@powerweb.de <mailto:frank@powerweb.de> Schinkelstrasse 17 fon: +49 33200 52920 <tel:%2B49%2033200%2052920> 14558 Nuthetal OT Rehbruecke, Germany fax: +49 33200 52921 <tel:%2B49%2033200%2052921>
==============================**____==========================** ==__==__==========
-- --srs (iPad)
-- --srs (iPad)
-- Kind regards, Elvis Velea
-- Kind regards, Elvis Velea
Hi, On Fri, Aug 30, 2013 at 03:41:27PM -0700, Vijay Eranti (??? ??????????????? ???????????????) wrote:
i agree with suresh's assessment.
Lately lot of spammers are getting /32 ipv6 assignments with their own ASNs and having a nice run. The ipv4 allotment is seriously broken in ripe - just having paperwork with valid forms filled is good enough to allot what ever range the spammers can ask.
I'm not sure where that rumor is coming from, but since a *year*, the RIPE NCC has run out of IPv4 addresses - that is, the "last /8" policy kicked in, and each LIR will only receive a single /22 of IPv4 space, nothing more than that. "What ever range <anyone> can ask" is a done thing. Gert -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (89) 32356-444 USt-IdNr.: DE813185279
On Sat, Aug 31, 2013 at 01:59:32PM +0200, Gert Doering wrote:
Hi,
On Fri, Aug 30, 2013 at 03:41:27PM -0700, Vijay Eranti (??? ??????????????? ???????????????) wrote:
i agree with suresh's assessment.
Lately lot of spammers are getting /32 ipv6 assignments with their own ASNs and having a nice run. The ipv4 allotment is seriously broken in ripe - just having paperwork with valid forms filled is good enough to allot what ever range the spammers can ask.
I'm not sure where that rumor is coming from, but since a *year*, the RIPE NCC has run out of IPv4 addresses - that is, the "last /8" policy kicked in, and each LIR will only receive a single /22 of IPv4 space, nothing more than that. "What ever range <anyone> can ask" is a done thing.
/21, /20 networks assigned to Romanian networks that appear to be completely dedicated to abuse are quite common. Evidently, these networks are assigned out of existing allocations. Current problems with 'snowshoe' spammers in Romania gravitate around announcements made by AS38913 Enter-Net Team SRL AS40994 Internet Network Vision SRL AS44739 IZO GROUP NETWORK SRL AS50525 IT'S OK SRL AS50704 Benefic Consult SRL AS58096 RTA Erendi Consult SRL AS58113 LIR DATACENTER TELECOM SRL AS58214 INTERWEB CONSULTING SRL AS59590 LINKZONE MEDIA S.R.L. AS60539 Newton Advertising S.R.L. AS60998 LEX Media Concepts SRL (This is just to offer a starting point to get real, current data). In the RIPE area, Ukraine and Russia are also pretty bad in this respect. furio
Hi, On Thu, Jul 04, 2013 at 09:53:31PM +0200, Frank Gadegast wrote:
Sounds like to me, if an owner of a house is renting the appartments in his house to criminals, wich build bombs, plan bank robberies and train terrorists and he has no way to terminate or restrict the contract as long as the criminals pay the rent and empty the letterbox ...
You might want to check german law on this. And indeed, as long as the criminal doesn't make too much noise or dirt with this and doesn't annoy the neighbours, it will be *quite* difficult to terminate the contract on short notice. Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (89) 32356-444 USt-IdNr.: DE813185279
I am not a lawyer, and certainly not eine rechtsanwalt, but it is a universal principle of contract law that a contract formed for a criminal actions / with criminal intent (actus reus / mens rea) is invalid, ab initio. You may want to examine how this affects your statement. On Friday, July 5, 2013, Gert Doering wrote:
Hi,
On Thu, Jul 04, 2013 at 09:53:31PM +0200, Frank Gadegast wrote:
Sounds like to me, if an owner of a house is renting the appartments in his house to criminals, wich build bombs, plan bank robberies and train terrorists and he has no way to terminate or restrict the contract as long as the criminals pay the rent and empty the letterbox ...
You might want to check german law on this. And indeed, as long as the criminal doesn't make too much noise or dirt with this and doesn't annoy the neighbours, it will be *quite* difficult to terminate the contract on short notice.
Gert Doering -- NetMaster -- have you enabled IPv6 on something today...?
SpaceNet AG Vorstand: Sebastian v. Bomhard Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (89) 32356-444 USt-IdNr.: DE813185279
-- --srs (iPad)
participants (10)
-
Andrew de la Haye -
Elvis Velea -
Frank Gadegast -
Frank Gadegast -
furio ercolessi -
Gert Doering -
Peter Koch -
Sascha Luck -
Suresh Ramasubramanian -
Vijay Eranti (✌ విజయ్ ఈరంటి)