Russian carding... no, Islandic carding... no Belizian carding!
https://www.verified.is/ (Gee! Big surprise! Russian language only.) -> .IS = Iceland -> 82.221.130.101 That site is obviously all written in Russian, but it is resident on a little /26 IP address block that's pretending to be owned by a Belizian company. (See below.) But of course, it's actually physically sitting in a data center somewhere in Iceland, and on an Icelandic AS. I am seeing this kind of thing almost every day now... bullshit domains sitting on bullshit networks, almost always in RIPE IP space, but all claiming to be in either Belize or UAE. I've given up any hope that posting any of this kind of information here will have any impact on anything, ever. A part of me wants to scream "Which part of this repeating pattern do you folks not understand?" but I know that doing so here is pointless. So I'm really only posting this here so that later on, nobdy can say to me "Gee Ron, why didn't you ever say anything to anybody about that?" I did say something. In fact I said plenty... about both Belize and UAE. It's not my fault if everybody with power and influence within RIPE continued to ignore the now all-too-obvious patterns because the self- evident truths about what's been going on doesn't suit their own financial interests. Regards, rfg P.S. At least the .IS domain administrators are looking at possibly suspending the doamin name on the grounds that the registration info "isn't accurate". I commend them for that. That's one hell of a lot more than the network operator (AS50613, Advania) is willing to do. Advania didn't even have the courtesy to answer my email, even if only to tell me to go pound sand. ========================================================================= inetnum: 82.221.130.64 - 82.221.130.127 netname: ORANGEWEB descr: OrangeWebsite.com - Network org: ORG-IL351-RIPE country: IS admin-c: OTD3-RIPE tech-c: OTD3-RIPE status: ASSIGNED PA mnt-by: MNT-ADVANIA created: 2016-01-27T15:08:11Z last-modified: 2016-01-27T15:08:11Z source: RIPE organisation: ORG-IL351-RIPE org-name: Icenetworks Ltd. org-type: OTHER address: 60 Market Square address: Belize City, Belize <== I hope they speak Russian down there! e-mail: sales@orangewebsite.com abuse-c: OTD3-RIPE mnt-ref: MNT-ADVANIA mnt-by: MNT-ADVANIA created: 2014-11-05T10:30:10Z last-modified: 2014-11-05T10:46:28Z source: RIPE role: OrangeWebsite.com Technical Department address: OrangeWebsite.com address: Klapparstigur 7 address: 101 Reykjavik address: Iceland abuse-mailbox: abuse@orangewebsite.com e-mail: support@orangewebsite.com admin-c: AK12182-RIPE tech-c: AK12182-RIPE mnt-by: MNT-ADVANIA nic-hdl: OTD3-RIPE created: 2013-12-16T09:41:11Z last-modified: 2013-12-16T09:41:11Z source: RIPE % Information related to '82.221.128.0/19AS50613' route: 82.221.128.0/19 descr: Advania / Thor Data Center origin: AS50613 mnt-by: THOR-MNT mnt-lower: THOR-MNT created: 2013-07-30T12:15:23Z last-modified: 2013-07-30T12:15:23Z source: RIPE
Speaking on general terms, not on the specific website, anything you cite could also occur in a legit website. In a globalized world, users are free to deal with any service provider they trust and register domains in any TLD they chose. There is nothing fishy about that per se. The domain name string you cite is quite a nice string, which probably was not available in many TLDs anymore. Further, the TLD sting. ".is" can be used as a hack as it is an English language word. Just my 2 cents, Volker Am 09.08.2016 um 05:14 schrieb Ronald F. Guilmette:
https://www.verified.is/ (Gee! Big surprise! Russian language only.) -> .IS = Iceland -> 82.221.130.101
That site is obviously all written in Russian, but it is resident on a little /26 IP address block that's pretending to be owned by a Belizian company. (See below.) But of course, it's actually physically sitting in a data center somewhere in Iceland, and on an Icelandic AS.
I am seeing this kind of thing almost every day now... bullshit domains sitting on bullshit networks, almost always in RIPE IP space, but all claiming to be in either Belize or UAE.
I've given up any hope that posting any of this kind of information here will have any impact on anything, ever. A part of me wants to scream "Which part of this repeating pattern do you folks not understand?" but I know that doing so here is pointless. So I'm really only posting this here so that later on, nobdy can say to me "Gee Ron, why didn't you ever say anything to anybody about that?"
I did say something. In fact I said plenty... about both Belize and UAE. It's not my fault if everybody with power and influence within RIPE continued to ignore the now all-too-obvious patterns because the self- evident truths about what's been going on doesn't suit their own financial interests.
Regards, rfg
P.S. At least the .IS domain administrators are looking at possibly suspending the doamin name on the grounds that the registration info "isn't accurate". I commend them for that. That's one hell of a lot more than the network operator (AS50613, Advania) is willing to do. Advania didn't even have the courtesy to answer my email, even if only to tell me to go pound sand.
========================================================================= inetnum: 82.221.130.64 - 82.221.130.127 netname: ORANGEWEB descr: OrangeWebsite.com - Network org: ORG-IL351-RIPE country: IS admin-c: OTD3-RIPE tech-c: OTD3-RIPE status: ASSIGNED PA mnt-by: MNT-ADVANIA created: 2016-01-27T15:08:11Z last-modified: 2016-01-27T15:08:11Z source: RIPE
organisation: ORG-IL351-RIPE org-name: Icenetworks Ltd. org-type: OTHER address: 60 Market Square address: Belize City, Belize <== I hope they speak Russian down there! e-mail: sales@orangewebsite.com abuse-c: OTD3-RIPE mnt-ref: MNT-ADVANIA mnt-by: MNT-ADVANIA created: 2014-11-05T10:30:10Z last-modified: 2014-11-05T10:46:28Z source: RIPE
role: OrangeWebsite.com Technical Department address: OrangeWebsite.com address: Klapparstigur 7 address: 101 Reykjavik address: Iceland abuse-mailbox: abuse@orangewebsite.com e-mail: support@orangewebsite.com admin-c: AK12182-RIPE tech-c: AK12182-RIPE mnt-by: MNT-ADVANIA nic-hdl: OTD3-RIPE created: 2013-12-16T09:41:11Z last-modified: 2013-12-16T09:41:11Z source: RIPE
% Information related to '82.221.128.0/19AS50613'
route: 82.221.128.0/19 descr: Advania / Thor Data Center origin: AS50613 mnt-by: THOR-MNT mnt-lower: THOR-MNT created: 2013-07-30T12:15:23Z last-modified: 2013-07-30T12:15:23Z source: RIPE
-- Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung. Mit freundlichen Grüßen, Volker A. Greimann - Rechtsabteilung - Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901 Fax.: +49 (0) 6894 - 9396 851 Email: vgreimann@key-systems.net Web: www.key-systems.net / www.RRPproxy.net www.domaindiscount24.com / www.BrandShelter.com Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook: www.facebook.com/KeySystems www.twitter.com/key_systems Geschäftsführer: Alexander Siffrin Handelsregister Nr.: HR B 18835 - Saarbruecken Umsatzsteuer ID.: DE211006534 Member of the KEYDRIVE GROUP www.keydrive.lu Der Inhalt dieser Nachricht ist vertraulich und nur für den angegebenen Empfänger bestimmt. Jede Form der Kenntnisgabe, Veröffentlichung oder Weitergabe an Dritte durch den Empfänger ist unzulässig. Sollte diese Nachricht nicht für Sie bestimmt sein, so bitten wir Sie, sich mit uns per E-Mail oder telefonisch in Verbindung zu setzen. -------------------------------------------- Should you have any further questions, please do not hesitate to contact us. Best regards, Volker A. Greimann - legal department - Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901 Fax.: +49 (0) 6894 - 9396 851 Email: vgreimann@key-systems.net Web: www.key-systems.net / www.RRPproxy.net www.domaindiscount24.com / www.BrandShelter.com Follow us on Twitter or join our fan community on Facebook and stay updated: www.facebook.com/KeySystems www.twitter.com/key_systems CEO: Alexander Siffrin Registration No.: HR B 18835 - Saarbruecken V.A.T. ID.: DE211006534 Member of the KEYDRIVE GROUP www.keydrive.lu This e-mail and its attachments is intended only for the person to whom it is addressed. Furthermore it is not permitted to publish any content of this email. You must not use, disclose, copy, print or rely on this e-mail. If an addressing or transmission error has misdirected this e-mail, kindly notify the author by replying to this e-mail or contacting us by telephone.
It entirely depends whether the ccTLD / RIR is competent (and/or willing) to invest in people and processes for efficient abuse management or not. Much the same as with ISPs. Where there is a lack of expertise, will or both, you will have far more issues than elsewhere. While RIPE NCC certainly doesn’t lack experience and knowhow in this area, it is hampered by a lack of willpower and an even more serious utter lack of community support. Sooner or later, but eventually, there will be a tipping point sort of moment. The .hk ccTLD faced just such a moment back in I think 2005, before they were goaded into taking action. --srs On 09/08/16, 4:41 PM, "anti-abuse-wg on behalf of Volker Greimann" <anti-abuse-wg-bounces@ripe.net on behalf of vgreimann@key-systems.net> wrote: Speaking on general terms, not on the specific website, anything you cite could also occur in a legit website. In a globalized world, users are free to deal with any service provider they trust and register domains in any TLD they chose. There is nothing fishy about that per se. The domain name string you cite is quite a nice string, which probably was not available in many TLDs anymore. Further, the TLD sting. ".is" can be used as a hack as it is an English language word. Just my 2 cents, Volker Am 09.08.2016 um 05:14 schrieb Ronald F. Guilmette: > https://www.verified.is/ (Gee! Big surprise! Russian language only.) > -> .IS = Iceland > -> 82.221.130.101 > > That site is obviously all written in Russian, but it is resident on > a little /26 IP address block that's pretending to be owned by a Belizian > company. (See below.) But of course, it's actually physically sitting > in a data center somewhere in Iceland, and on an Icelandic AS. > > I am seeing this kind of thing almost every day now... bullshit domains > sitting on bullshit networks, almost always in RIPE IP space, but all > claiming to be in either Belize or UAE. > > I've given up any hope that posting any of this kind of information here > will have any impact on anything, ever. A part of me wants to scream > "Which part of this repeating pattern do you folks not understand?" but > I know that doing so here is pointless. So I'm really only posting this > here so that later on, nobdy can say to me "Gee Ron, why didn't you ever > say anything to anybody about that?" > > I did say something. In fact I said plenty... about both Belize and UAE. > It's not my fault if everybody with power and influence within RIPE > continued to ignore the now all-too-obvious patterns because the self- > evident truths about what's been going on doesn't suit their own financial > interests. > > > Regards, > rfg > > P.S. At least the .IS domain administrators are looking at possibly > suspending the doamin name on the grounds that the registration info > "isn't accurate". I commend them for that. That's one hell of a > lot more than the network operator (AS50613, Advania) is willing to do. > Advania didn't even have the courtesy to answer my email, even if only > to tell me to go pound sand. > > ========================================================================= > inetnum: 82.221.130.64 - 82.221.130.127 > netname: ORANGEWEB > descr: OrangeWebsite.com - Network > org: ORG-IL351-RIPE > country: IS > admin-c: OTD3-RIPE > tech-c: OTD3-RIPE > status: ASSIGNED PA > mnt-by: MNT-ADVANIA > created: 2016-01-27T15:08:11Z > last-modified: 2016-01-27T15:08:11Z > source: RIPE > > organisation: ORG-IL351-RIPE > org-name: Icenetworks Ltd. > org-type: OTHER > address: 60 Market Square > address: Belize City, Belize <== I hope they speak Russian down there! > e-mail: sales@orangewebsite.com > abuse-c: OTD3-RIPE > mnt-ref: MNT-ADVANIA > mnt-by: MNT-ADVANIA > created: 2014-11-05T10:30:10Z > last-modified: 2014-11-05T10:46:28Z > source: RIPE > > role: OrangeWebsite.com Technical Department > address: OrangeWebsite.com > address: Klapparstigur 7 > address: 101 Reykjavik > address: Iceland > abuse-mailbox: abuse@orangewebsite.com > e-mail: support@orangewebsite.com > admin-c: AK12182-RIPE > tech-c: AK12182-RIPE > mnt-by: MNT-ADVANIA > nic-hdl: OTD3-RIPE > created: 2013-12-16T09:41:11Z > last-modified: 2013-12-16T09:41:11Z > source: RIPE > > % Information related to '82.221.128.0/19AS50613' > > route: 82.221.128.0/19 > descr: Advania / Thor Data Center > origin: AS50613 > mnt-by: THOR-MNT > mnt-lower: THOR-MNT > created: 2013-07-30T12:15:23Z > last-modified: 2013-07-30T12:15:23Z > source: RIPE > > -- Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung. Mit freundlichen Grüßen, Volker A. Greimann - Rechtsabteilung - Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901 Fax.: +49 (0) 6894 - 9396 851 Email: vgreimann@key-systems.net Web: www.key-systems.net / www.RRPproxy.net www.domaindiscount24.com / www.BrandShelter.com Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook: www.facebook.com/KeySystems www.twitter.com/key_systems Geschäftsführer: Alexander Siffrin Handelsregister Nr.: HR B 18835 - Saarbruecken Umsatzsteuer ID.: DE211006534 Member of the KEYDRIVE GROUP www.keydrive.lu Der Inhalt dieser Nachricht ist vertraulich und nur für den angegebenen Empfänger bestimmt. Jede Form der Kenntnisgabe, Veröffentlichung oder Weitergabe an Dritte durch den Empfänger ist unzulässig. Sollte diese Nachricht nicht für Sie bestimmt sein, so bitten wir Sie, sich mit uns per E-Mail oder telefonisch in Verbindung zu setzen. -------------------------------------------- Should you have any further questions, please do not hesitate to contact us. Best regards, Volker A. Greimann - legal department - Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901 Fax.: +49 (0) 6894 - 9396 851 Email: vgreimann@key-systems.net Web: www.key-systems.net / www.RRPproxy.net www.domaindiscount24.com / www.BrandShelter.com Follow us on Twitter or join our fan community on Facebook and stay updated: www.facebook.com/KeySystems www.twitter.com/key_systems CEO: Alexander Siffrin Registration No.: HR B 18835 - Saarbruecken V.A.T. ID.: DE211006534 Member of the KEYDRIVE GROUP www.keydrive.lu This e-mail and its attachments is intended only for the person to whom it is addressed. Furthermore it is not permitted to publish any content of this email. You must not use, disclose, copy, print or rely on this e-mail. If an addressing or transmission error has misdirected this e-mail, kindly notify the author by replying to this e-mail or contacting us by telephone.
Agreed. I do not understand what Ronald F. Guilmette is complaining about or even what this thread is about... I own some and operate many other .com domains, I also operate .me (like example https://wishes.me ) Speaking of which, I recently created this: https://about.me/andrecoetzee - kinda cool! no? this does not mean that I am pretending to be in Montenegro, just that some countries are more open, free and forward thinking and that some domain tld's are suitable for custom type names, for example .is and .in and others. So, as I said, I have absolutely no idea what the initial post is even about at all, maybe Ronald F. Guilmette can point out the ABUSE that will be super helpful and not seem like such a complete waste of time. Andre On Tue, 9 Aug 2016 13:11:21 +0200 Volker Greimann <vgreimann@key-systems.net> wrote:
Speaking on general terms, not on the specific website, anything you cite could also occur in a legit website. In a globalized world, users are free to deal with any service provider they trust and register domains in any TLD they chose. There is nothing fishy about that per se.
The domain name string you cite is quite a nice string, which probably was not available in many TLDs anymore. Further, the TLD sting. ".is" can be used as a hack as it is an English language word.
Just my 2 cents,
Volker
Am 09.08.2016 um 05:14 schrieb Ronald F. Guilmette:
https://www.verified.is/ (Gee! Big surprise! Russian language only.) -> .IS = Iceland -> 82.221.130.101
That site is obviously all written in Russian, but it is resident on a little /26 IP address block that's pretending to be owned by a Belizian company. (See below.) But of course, it's actually physically sitting in a data center somewhere in Iceland, and on an Icelandic AS.
I am seeing this kind of thing almost every day now... bullshit domains sitting on bullshit networks, almost always in RIPE IP space, but all claiming to be in either Belize or UAE.
I've given up any hope that posting any of this kind of information here will have any impact on anything, ever. A part of me wants to scream "Which part of this repeating pattern do you folks not understand?" but I know that doing so here is pointless. So I'm really only posting this here so that later on, nobdy can say to me "Gee Ron, why didn't you ever say anything to anybody about that?"
I did say something. In fact I said plenty... about both Belize and UAE. It's not my fault if everybody with power and influence within RIPE continued to ignore the now all-too-obvious patterns because the self- evident truths about what's been going on doesn't suit their own financial interests.
Regards, rfg
P.S. At least the .IS domain administrators are looking at possibly suspending the doamin name on the grounds that the registration info "isn't accurate". I commend them for that. That's one hell of a lot more than the network operator (AS50613, Advania) is willing to do. Advania didn't even have the courtesy to answer my email, even if only to tell me to go pound sand.
========================================================================= inetnum: 82.221.130.64 - 82.221.130.127 netname: ORANGEWEB descr: OrangeWebsite.com - Network org: ORG-IL351-RIPE country: IS admin-c: OTD3-RIPE tech-c: OTD3-RIPE status: ASSIGNED PA mnt-by: MNT-ADVANIA created: 2016-01-27T15:08:11Z last-modified: 2016-01-27T15:08:11Z source: RIPE
organisation: ORG-IL351-RIPE org-name: Icenetworks Ltd. org-type: OTHER address: 60 Market Square address: Belize City, Belize <== I hope they speak Russian down there! e-mail: sales@orangewebsite.com abuse-c: OTD3-RIPE mnt-ref: MNT-ADVANIA mnt-by: MNT-ADVANIA created: 2014-11-05T10:30:10Z last-modified: 2014-11-05T10:46:28Z source: RIPE
role: OrangeWebsite.com Technical Department address: OrangeWebsite.com address: Klapparstigur 7 address: 101 Reykjavik address: Iceland abuse-mailbox: abuse@orangewebsite.com e-mail: support@orangewebsite.com admin-c: AK12182-RIPE tech-c: AK12182-RIPE mnt-by: MNT-ADVANIA nic-hdl: OTD3-RIPE created: 2013-12-16T09:41:11Z last-modified: 2013-12-16T09:41:11Z source: RIPE
% Information related to '82.221.128.0/19AS50613'
route: 82.221.128.0/19 descr: Advania / Thor Data Center origin: AS50613 mnt-by: THOR-MNT mnt-lower: THOR-MNT created: 2013-07-30T12:15:23Z last-modified: 2013-07-30T12:15:23Z source: RIPE
I just realised that I am guilty of not communicating properly, and I do apologise. simply having a domain name here.it.is or come.in or about.me or whatever, and hosting parts of it in the UK, parts of it in Belize, parts of it in Cuba and some of it in the USA - there is absolutely nothing wrong with that - it is actually quite normal - no abuse I do exactly the same thing. for example ox.co.za is in Germany (and in Canada and elsewhere) then, the entire Internet is full of 'ironic' content websites. Just because some website claims to supply live moon dust, or sell whatever does not make it a crime. And, just to also complete this idea: If some website or domain is selling children, endangered species, credit card numbers, etc etc etc - This is not abuse? - It is crime and/or criminal activity - and has to be reported to the relevant authorities - It is not abuse and has Zero relevance to an abuse list? And, even then, the domain name is not the place to start. One starts at the IP number - the actual physical location of the crime (and/or data) Then, is whatever whomever is doing legal? or illegal.? For example, many things that are illegal in the West are legal in other parts of the world. It is perfectly fine to buy a Crocodile in the Congo, but in the Congo it is very illegal to buy a Bonobo. So, these criminal activities are for the various geo areas in terms of where the servers and operators are - and are criminal - and not much abuse related, how is RIPE supposed to discuss illegal activities, there is nothing to discuss - it is crime and has to be prosecuted, if it is in fact crime and not just ironic content... my 1c (for clarity) Andre On Tue, 9 Aug 2016 13:24:39 +0200 andre@ox.co.za wrote:
Agreed.
I do not understand what Ronald F. Guilmette is complaining about or even what this thread is about...
I own some and operate many other .com domains, I also operate .me (like example https://wishes.me )
Speaking of which, I recently created this: https://about.me/andrecoetzee - kinda cool! no?
this does not mean that I am pretending to be in Montenegro, just that some countries are more open, free and forward thinking and that some domain tld's are suitable for custom type names, for example .is and .in and others.
So, as I said, I have absolutely no idea what the initial post is even about at all, maybe Ronald F. Guilmette can point out the ABUSE that will be super helpful and not seem like such a complete waste of time.
Andre
On Tue, 9 Aug 2016 13:11:21 +0200 Volker Greimann <vgreimann@key-systems.net> wrote:
Speaking on general terms, not on the specific website, anything you cite could also occur in a legit website. In a globalized world, users are free to deal with any service provider they trust and register domains in any TLD they chose. There is nothing fishy about that per se.
The domain name string you cite is quite a nice string, which probably was not available in many TLDs anymore. Further, the TLD sting. ".is" can be used as a hack as it is an English language word.
Just my 2 cents,
Volker
Am 09.08.2016 um 05:14 schrieb Ronald F. Guilmette:
https://www.verified.is/ (Gee! Big surprise! Russian language only.) -> .IS = Iceland -> 82.221.130.101
That site is obviously all written in Russian, but it is resident on a little /26 IP address block that's pretending to be owned by a Belizian company. (See below.) But of course, it's actually physically sitting in a data center somewhere in Iceland, and on an Icelandic AS.
I am seeing this kind of thing almost every day now... bullshit domains sitting on bullshit networks, almost always in RIPE IP space, but all claiming to be in either Belize or UAE.
I've given up any hope that posting any of this kind of information here will have any impact on anything, ever. A part of me wants to scream "Which part of this repeating pattern do you folks not understand?" but I know that doing so here is pointless. So I'm really only posting this here so that later on, nobdy can say to me "Gee Ron, why didn't you ever say anything to anybody about that?"
I did say something. In fact I said plenty... about both Belize and UAE. It's not my fault if everybody with power and influence within RIPE continued to ignore the now all-too-obvious patterns because the self- evident truths about what's been going on doesn't suit their own financial interests.
Regards, rfg
P.S. At least the .IS domain administrators are looking at possibly suspending the doamin name on the grounds that the registration info "isn't accurate". I commend them for that. That's one hell of a lot more than the network operator (AS50613, Advania) is willing to do. Advania didn't even have the courtesy to answer my email, even if only to tell me to go pound sand.
========================================================================= inetnum: 82.221.130.64 - 82.221.130.127 netname: ORANGEWEB descr: OrangeWebsite.com - Network org: ORG-IL351-RIPE country: IS admin-c: OTD3-RIPE tech-c: OTD3-RIPE status: ASSIGNED PA mnt-by: MNT-ADVANIA created: 2016-01-27T15:08:11Z last-modified: 2016-01-27T15:08:11Z source: RIPE
organisation: ORG-IL351-RIPE org-name: Icenetworks Ltd. org-type: OTHER address: 60 Market Square address: Belize City, Belize <== I hope they speak Russian down there! e-mail: sales@orangewebsite.com abuse-c: OTD3-RIPE mnt-ref: MNT-ADVANIA mnt-by: MNT-ADVANIA created: 2014-11-05T10:30:10Z last-modified: 2014-11-05T10:46:28Z source: RIPE
role: OrangeWebsite.com Technical Department address: OrangeWebsite.com address: Klapparstigur 7 address: 101 Reykjavik address: Iceland abuse-mailbox: abuse@orangewebsite.com e-mail: support@orangewebsite.com admin-c: AK12182-RIPE tech-c: AK12182-RIPE mnt-by: MNT-ADVANIA nic-hdl: OTD3-RIPE created: 2013-12-16T09:41:11Z last-modified: 2013-12-16T09:41:11Z source: RIPE
% Information related to '82.221.128.0/19AS50613'
route: 82.221.128.0/19 descr: Advania / Thor Data Center origin: AS50613 mnt-by: THOR-MNT mnt-lower: THOR-MNT created: 2013-07-30T12:15:23Z last-modified: 2013-07-30T12:15:23Z source: RIPE
Are you blind, Andre? Okay, I'll cite the website rfg has pointed at for you then:
Hacking services
Email marketing - SPAM (the Russian text says it clearly: "spam sending services")
Malware & Coding
Sell CC & DUMPs, Enroll, Bank accounts, DOB+SSN
That is okay, you think? I don't think so. I think this mailing list is intended to deal with all of this. Don't be pretend to be a fool by sending links to pages which are innocent in comparison this. It's not about TLDs. It's about the content. On 08/09/16 14:24, andre@ox.co.za wrote:
Agreed.
I do not understand what Ronald F. Guilmette is complaining about or even what this thread is about...
I own some and operate many other .com domains, I also operate .me (like example https://wishes.me )
Speaking of which, I recently created this: https://about.me/andrecoetzee - kinda cool! no?
this does not mean that I am pretending to be in Montenegro, just that some countries are more open, free and forward thinking and that some domain tld's are suitable for custom type names, for example .is and .in and others.
So, as I said, I have absolutely no idea what the initial post is even about at all, maybe Ronald F. Guilmette can point out the ABUSE that will be super helpful and not seem like such a complete waste of time.
Andre
On Tue, 9 Aug 2016 13:11:21 +0200 Volker Greimann <vgreimann@key-systems.net> wrote:
Speaking on general terms, not on the specific website, anything you cite could also occur in a legit website. In a globalized world, users are free to deal with any service provider they trust and register domains in any TLD they chose. There is nothing fishy about that per se.
The domain name string you cite is quite a nice string, which probably was not available in many TLDs anymore. Further, the TLD sting. ".is" can be used as a hack as it is an English language word.
Just my 2 cents,
Volker
Am 09.08.2016 um 05:14 schrieb Ronald F. Guilmette:
https://www.verified.is/ (Gee! Big surprise! Russian language only.) -> .IS = Iceland -> 82.221.130.101
That site is obviously all written in Russian, but it is resident on a little /26 IP address block that's pretending to be owned by a Belizian company. (See below.) But of course, it's actually physically sitting in a data center somewhere in Iceland, and on an Icelandic AS.
I am seeing this kind of thing almost every day now... bullshit domains sitting on bullshit networks, almost always in RIPE IP space, but all claiming to be in either Belize or UAE.
I've given up any hope that posting any of this kind of information here will have any impact on anything, ever. A part of me wants to scream "Which part of this repeating pattern do you folks not understand?" but I know that doing so here is pointless. So I'm really only posting this here so that later on, nobdy can say to me "Gee Ron, why didn't you ever say anything to anybody about that?"
I did say something. In fact I said plenty... about both Belize and UAE. It's not my fault if everybody with power and influence within RIPE continued to ignore the now all-too-obvious patterns because the self- evident truths about what's been going on doesn't suit their own financial interests.
Regards, rfg
P.S. At least the .IS domain administrators are looking at possibly suspending the doamin name on the grounds that the registration info "isn't accurate". I commend them for that. That's one hell of a lot more than the network operator (AS50613, Advania) is willing to do. Advania didn't even have the courtesy to answer my email, even if only to tell me to go pound sand.
========================================================================= inetnum: 82.221.130.64 - 82.221.130.127 netname: ORANGEWEB descr: OrangeWebsite.com - Network org: ORG-IL351-RIPE country: IS admin-c: OTD3-RIPE tech-c: OTD3-RIPE status: ASSIGNED PA mnt-by: MNT-ADVANIA created: 2016-01-27T15:08:11Z last-modified: 2016-01-27T15:08:11Z source: RIPE
organisation: ORG-IL351-RIPE org-name: Icenetworks Ltd. org-type: OTHER address: 60 Market Square address: Belize City, Belize <== I hope they speak Russian down there! e-mail: sales@orangewebsite.com abuse-c: OTD3-RIPE mnt-ref: MNT-ADVANIA mnt-by: MNT-ADVANIA created: 2014-11-05T10:30:10Z last-modified: 2014-11-05T10:46:28Z source: RIPE
role: OrangeWebsite.com Technical Department address: OrangeWebsite.com address: Klapparstigur 7 address: 101 Reykjavik address: Iceland abuse-mailbox: abuse@orangewebsite.com e-mail: support@orangewebsite.com admin-c: AK12182-RIPE tech-c: AK12182-RIPE mnt-by: MNT-ADVANIA nic-hdl: OTD3-RIPE created: 2013-12-16T09:41:11Z last-modified: 2013-12-16T09:41:11Z source: RIPE
% Information related to '82.221.128.0/19AS50613'
route: 82.221.128.0/19 descr: Advania / Thor Data Center origin: AS50613 mnt-by: THOR-MNT mnt-lower: THOR-MNT created: 2013-07-30T12:15:23Z last-modified: 2013-07-30T12:15:23Z source: RIPE
-- Kind regards, CTO at *Foton Telecom CJSC* Tel.: +7 (499) 679-99-99 AS42861 on PeeringDB <http://as42861.peeringdb.com/>, Qrator <https://radar.qrator.net/as42861>, BGP.HE.NET <http://bgp.he.net/AS42861> http://ipv6actnow.org/ <%0Ahttp://ipv6actnow.org/>
[applause] IP addresses are in short enough supply that this would be breach of fiduciary trust, if we were talking about a bank manager and loans, rather than allocating IP addresses. (and no, don’t tell me v6 – there’s far more of this going on there, and that is something we will regret a few decades or less down the line). Oh, and for those of you who want to trot out that “we are not the internet police” meme .. keep at it. We’ll all collectively regret it some day. From: anti-abuse-wg <anti-abuse-wg-bounces@ripe.net> on behalf of Sergey <gforgx@fotontel.ru> Date: Tuesday, 9 August 2016 at 5:32 PM To: <andre@ox.co.za>, <anti-abuse-wg@ripe.net> Subject: Re: [anti-abuse-wg] Russian carding... no, Islandic carding... no Belizian carding! Are you blind, Andre? Okay, I'll cite the website rfg has pointed at for you then:
Hacking services
Email marketing - SPAM (the Russian text says it clearly: "spam sending services")
Malware & Coding
Sell CC & DUMPs, Enroll, Bank accounts, DOB+SSN
That is okay, you think? I don't think so. I think this mailing list is intended to deal with all of this. Don't be pretend to be a fool by sending links to pages which are innocent in comparison this. It's not about TLDs. It's about the content. On 08/09/16 14:24, andre@ox.co.za wrote: Agreed. I do not understand what Ronald F. Guilmette is complaining about or even what this thread is about... I own some and operate many other .com domains, I also operate .me (like example https://wishes.me ) Speaking of which, I recently created this: https://about.me/andrecoetzee - kinda cool! no? this does not mean that I am pretending to be in Montenegro, just that some countries are more open, free and forward thinking and that some domain tld's are suitable for custom type names, for example .is and .in and others. So, as I said, I have absolutely no idea what the initial post is even about at all, maybe Ronald F. Guilmette can point out the ABUSE that will be super helpful and not seem like such a complete waste of time. Andre On Tue, 9 Aug 2016 13:11:21 +0200 Volker Greimann <vgreimann@key-systems.net> wrote: Speaking on general terms, not on the specific website, anything you cite could also occur in a legit website. In a globalized world, users are free to deal with any service provider they trust and register domains in any TLD they chose. There is nothing fishy about that per se. The domain name string you cite is quite a nice string, which probably was not available in many TLDs anymore. Further, the TLD sting. ".is" can be used as a hack as it is an English language word. Just my 2 cents, Volker Am 09.08.2016 um 05:14 schrieb Ronald F. Guilmette: https://www.verified.is/ (Gee! Big surprise! Russian language only.) -> .IS = Iceland -> 82.221.130.101 That site is obviously all written in Russian, but it is resident on a little /26 IP address block that's pretending to be owned by a Belizian company. (See below.) But of course, it's actually physically sitting in a data center somewhere in Iceland, and on an Icelandic AS. I am seeing this kind of thing almost every day now... bullshit domains sitting on bullshit networks, almost always in RIPE IP space, but all claiming to be in either Belize or UAE. I've given up any hope that posting any of this kind of information here will have any impact on anything, ever. A part of me wants to scream "Which part of this repeating pattern do you folks not understand?" but I know that doing so here is pointless. So I'm really only posting this here so that later on, nobdy can say to me "Gee Ron, why didn't you ever say anything to anybody about that?" I did say something. In fact I said plenty... about both Belize and UAE. It's not my fault if everybody with power and influence within RIPE continued to ignore the now all-too-obvious patterns because the self- evident truths about what's been going on doesn't suit their own financial interests. Regards, rfg P.S. At least the .IS domain administrators are looking at possibly suspending the doamin name on the grounds that the registration info "isn't accurate". I commend them for that. That's one hell of a lot more than the network operator (AS50613, Advania) is willing to do. Advania didn't even have the courtesy to answer my email, even if only to tell me to go pound sand. ========================================================================= inetnum: 82.221.130.64 - 82.221.130.127 netname: ORANGEWEB descr: OrangeWebsite.com - Network org: ORG-IL351-RIPE country: IS admin-c: OTD3-RIPE tech-c: OTD3-RIPE status: ASSIGNED PA mnt-by: MNT-ADVANIA created: 2016-01-27T15:08:11Z last-modified: 2016-01-27T15:08:11Z source: RIPE organisation: ORG-IL351-RIPE org-name: Icenetworks Ltd. org-type: OTHER address: 60 Market Square address: Belize City, Belize <== I hope they speak Russian down there! e-mail: sales@orangewebsite.com abuse-c: OTD3-RIPE mnt-ref: MNT-ADVANIA mnt-by: MNT-ADVANIA created: 2014-11-05T10:30:10Z last-modified: 2014-11-05T10:46:28Z source: RIPE role: OrangeWebsite.com Technical Department address: OrangeWebsite.com address: Klapparstigur 7 address: 101 Reykjavik address: Iceland abuse-mailbox: abuse@orangewebsite.com e-mail: support@orangewebsite.com admin-c: AK12182-RIPE tech-c: AK12182-RIPE mnt-by: MNT-ADVANIA nic-hdl: OTD3-RIPE created: 2013-12-16T09:41:11Z last-modified: 2013-12-16T09:41:11Z source: RIPE % Information related to '82.221.128.0/19AS50613' route: 82.221.128.0/19 descr: Advania / Thor Data Center origin: AS50613 mnt-by: THOR-MNT mnt-lower: THOR-MNT created: 2013-07-30T12:15:23Z last-modified: 2013-07-30T12:15:23Z source: RIPE -- Kind regards, CTO at Foton Telecom CJSC Tel.: +7 (499) 679-99-99 AS42861 on PeeringDB, Qrator, BGP.HE.NET http://ipv6actnow.org/
On Tue, 09 Aug 2016 17:35:24 +0530 Suresh Ramasubramanian <ops.lists@gmail.com> wrote: just to also properly respond to you, Suresh
[applause]
applause at what? Content police? Trademark dispute Police? Copyright dispute Police? Decide what is or what is not acceptable content? For example: we are supposed to do what "Google" is doing? Decide what is abuse (yet it is okay if we are the abuse ourselves? ) That we now have to decide the age of a porn actor, is he/she/it 17 or 18 years old? (One is child porn and the other is legal) - and then to also verify what content is legal in some areas and what is illegal in other areas?) that we now have to decide which trademark is the strongest, the one registered in Greece or the one registered in the UK, so that we can "null route" the traffic to the illegal domain name?
IP addresses are in short enough supply that this would be breach of fiduciary trust, if we were talking about a bank manager and loans, rather than allocating IP addresses. (and no, don’t tell me v6 – there’s far more of this going on there, and that is something we will regret a few decades or less down the line). Oh, and for those of you who want to trot out that “we are not the internet police” meme .. keep at it. We’ll all collectively regret it some day.
No, there is actual real Police and law enforcement in all the Subject line countries. These countries (societies) all have laws, law enforcement as well as courts and prisons. What we should discuss is our own internal Abuse/Crime Intelligence/etc policies: 1. When we find crime, child porn, credit card scams, etc on networks, we should immediately report it to the Police in the jurisdiction where the data is. We must not, discuss this on a public list before the Police has at the very least, had the opportunity to first ensure that they have secured the data/servers/evidence that may be required to prosecute. 2. If, after a reasonable amount of time, we receive no feedback (as in back off, we are investigating this - or we are busy prosecuting or whatever) then we should do what? If the ISP or resource holder is actually guilty of a crime or is non responsive or non co-operative with law enforcement then of course I do agree that it is resource abuse and that should have consequences, but you cannot simply find a random domain, note content on it that seems as if there may possibly be criminal activity and/or abuse. It seems that they are offering to spam - do they actually spam? I also publish http://ascams.com I cannot publish anything about this website or this content on there as their is simply no due process, no proof of actual illegal activity, no actual trial, guilt, verdict, etc. So, [Applause] you say? We should start filtering/editing/censoring content deciding to 'null-route' entire IP ranges because of our content decisions? seriously? We can also maybe build a huge wall around our networks? Maybe we should not route any traffic that we have not properly inspected? Now if we can just get those pesky Mexicans to pay for our walls...
From: anti-abuse-wg <anti-abuse-wg-bounces@ripe.net> on behalf of Sergey <gforgx@fotontel.ru> Date: Tuesday, 9 August 2016 at 5:32 PM To: <andre@ox.co.za>, <anti-abuse-wg@ripe.net> Subject: Re: [anti-abuse-wg] Russian carding... no, Islandic carding... no Belizian carding!
Are you blind, Andre?
Okay, I'll cite the website rfg has pointed at for you then:
Hacking services
Email marketing - SPAM (the Russian text says it clearly: "spam sending services")
Malware & Coding
Sell CC & DUMPs, Enroll, Bank accounts, DOB+SSN
That is okay, you think? I don't think so. I think this mailing list is intended to deal with all of this.
Don't be pretend to be a fool by sending links to pages which are innocent in comparison this. It's not about TLDs. It's about the content.
On 08/09/16 14:24, andre@ox.co.za wrote: Agreed.
I do not understand what Ronald F. Guilmette is complaining about or even what this thread is about...
I own some and operate many other .com domains, I also operate .me (like example https://wishes.me )
Speaking of which, I recently created this: https://about.me/andrecoetzee - kinda cool! no?
this does not mean that I am pretending to be in Montenegro, just that some countries are more open, free and forward thinking and that some domain tld's are suitable for custom type names, for example .is and .in and others.
So, as I said, I have absolutely no idea what the initial post is even about at all, maybe Ronald F. Guilmette can point out the ABUSE that will be super helpful and not seem like such a complete waste of time.
Andre
On Tue, 9 Aug 2016 13:11:21 +0200 Volker Greimann <vgreimann@key-systems.net> wrote:
Speaking on general terms, not on the specific website, anything you cite could also occur in a legit website. In a globalized world, users are free to deal with any service provider they trust and register domains in any TLD they chose. There is nothing fishy about that per se.
The domain name string you cite is quite a nice string, which probably was not available in many TLDs anymore. Further, the TLD sting. ".is" can be used as a hack as it is an English language word.
Just my 2 cents,
Volker
Am 09.08.2016 um 05:14 schrieb Ronald F. Guilmette: https://www.verified.is/ (Gee! Big surprise! Russian language only.) -> .IS = Iceland -> 82.221.130.101
That site is obviously all written in Russian, but it is resident on a little /26 IP address block that's pretending to be owned by a Belizian company. (See below.) But of course, it's actually physically sitting in a data center somewhere in Iceland, and on an Icelandic AS.
I am seeing this kind of thing almost every day now... bullshit domains sitting on bullshit networks, almost always in RIPE IP space, but all claiming to be in either Belize or UAE.
I've given up any hope that posting any of this kind of information here will have any impact on anything, ever. A part of me wants to scream "Which part of this repeating pattern do you folks not understand?" but I know that doing so here is pointless. So I'm really only posting this here so that later on, nobdy can say to me "Gee Ron, why didn't you ever say anything to anybody about that?"
I did say something. In fact I said plenty... about both Belize and UAE. It's not my fault if everybody with power and influence within RIPE continued to ignore the now all-too-obvious patterns because the self- evident truths about what's been going on doesn't suit their own financial interests.
Regards, rfg
P.S. At least the .IS domain administrators are looking at possibly suspending the doamin name on the grounds that the registration info "isn't accurate". I commend them for that. That's one hell of a lot more than the network operator (AS50613, Advania) is willing to do. Advania didn't even have the courtesy to answer my email, even if only to tell me to go pound sand.
========================================================================= inetnum: 82.221.130.64 - 82.221.130.127 netname: ORANGEWEB descr: OrangeWebsite.com - Network org: ORG-IL351-RIPE country: IS admin-c: OTD3-RIPE tech-c: OTD3-RIPE status: ASSIGNED PA mnt-by: MNT-ADVANIA created: 2016-01-27T15:08:11Z last-modified: 2016-01-27T15:08:11Z source: RIPE
organisation: ORG-IL351-RIPE org-name: Icenetworks Ltd. org-type: OTHER address: 60 Market Square address: Belize City, Belize <== I hope they speak Russian down there! e-mail: sales@orangewebsite.com abuse-c: OTD3-RIPE mnt-ref: MNT-ADVANIA mnt-by: MNT-ADVANIA created: 2014-11-05T10:30:10Z last-modified: 2014-11-05T10:46:28Z source: RIPE
role: OrangeWebsite.com Technical Department address: OrangeWebsite.com address: Klapparstigur 7 address: 101 Reykjavik address: Iceland abuse-mailbox: abuse@orangewebsite.com e-mail: support@orangewebsite.com admin-c: AK12182-RIPE tech-c: AK12182-RIPE mnt-by: MNT-ADVANIA nic-hdl: OTD3-RIPE created: 2013-12-16T09:41:11Z last-modified: 2013-12-16T09:41:11Z source: RIPE
% Information related to '82.221.128.0/19AS50613'
route: 82.221.128.0/19 descr: Advania / Thor Data Center origin: AS50613 mnt-by: THOR-MNT mnt-lower: THOR-MNT created: 2013-07-30T12:15:23Z last-modified: 2013-07-30T12:15:23Z source: RIPE
On Tue, 9 Aug 2016 15:02:28 +0300 Sergey <gforgx@fotontel.ru> wrote:
Are you blind, Andre?
nope, my eyes and brai nwork well, thank you for asking though :)
Okay, I'll cite the website rfg has pointed at for you then:
Hacking services Email marketing - SPAM (the Russian text says it clearly: "spam sending services") Malware & Coding Sell CC & DUMPs, Enroll, Bank accounts, DOB+SSN That is okay, you think? I don't think so. I think this mailing list is intended to deal with all of this. Don't be pretend to be a fool by sending links to pages which are innocent in comparison this. It's not about TLDs. It's about the content.
So, what you are saying is that if someone places some content on a website - that seems to be criminal or maybe may be criminal or seems to be criminal then we should: We should not report this to the relevant Police and/or Interpol and/or law enforcement - as we should first discuss this on an Abuse mailing list? As crime is now also abuse? Warn the ISP - so that by the tiome the Police arrive the disks are wiped or the site has moved Or, what are you saying Sergey? You asked if I am blind, let me ask you if you think? Andre
On 08/09/16 14:24, andre@ox.co.za wrote:
Agreed.
I do not understand what Ronald F. Guilmette is complaining about or even what this thread is about...
I own some and operate many other .com domains, I also operate .me (like example https://wishes.me )
Speaking of which, I recently created this: https://about.me/andrecoetzee - kinda cool! no?
this does not mean that I am pretending to be in Montenegro, just that some countries are more open, free and forward thinking and that some domain tld's are suitable for custom type names, for example .is and .in and others.
So, as I said, I have absolutely no idea what the initial post is even about at all, maybe Ronald F. Guilmette can point out the ABUSE that will be super helpful and not seem like such a complete waste of time.
Andre
On Tue, 9 Aug 2016 13:11:21 +0200 Volker Greimann <vgreimann@key-systems.net> wrote:
Speaking on general terms, not on the specific website, anything you cite could also occur in a legit website. In a globalized world, users are free to deal with any service provider they trust and register domains in any TLD they chose. There is nothing fishy about that per se.
The domain name string you cite is quite a nice string, which probably was not available in many TLDs anymore. Further, the TLD sting. ".is" can be used as a hack as it is an English language word.
Just my 2 cents,
Volker
Am 09.08.2016 um 05:14 schrieb Ronald F. Guilmette:
https://www.verified.is/ (Gee! Big surprise! Russian language only.) -> .IS = Iceland -> 82.221.130.101
That site is obviously all written in Russian, but it is resident on a little /26 IP address block that's pretending to be owned by a Belizian company. (See below.) But of course, it's actually physically sitting in a data center somewhere in Iceland, and on an Icelandic AS.
I am seeing this kind of thing almost every day now... bullshit domains sitting on bullshit networks, almost always in RIPE IP space, but all claiming to be in either Belize or UAE.
I've given up any hope that posting any of this kind of information here will have any impact on anything, ever. A part of me wants to scream "Which part of this repeating pattern do you folks not understand?" but I know that doing so here is pointless. So I'm really only posting this here so that later on, nobdy can say to me "Gee Ron, why didn't you ever say anything to anybody about that?"
I did say something. In fact I said plenty... about both Belize and UAE. It's not my fault if everybody with power and influence within RIPE continued to ignore the now all-too-obvious patterns because the self- evident truths about what's been going on doesn't suit their own financial interests.
Regards, rfg
P.S. At least the .IS domain administrators are looking at possibly suspending the doamin name on the grounds that the registration info "isn't accurate". I commend them for that. That's one hell of a lot more than the network operator (AS50613, Advania) is willing to do. Advania didn't even have the courtesy to answer my email, even if only to tell me to go pound sand.
========================================================================= inetnum: 82.221.130.64 - 82.221.130.127 netname: ORANGEWEB descr: OrangeWebsite.com - Network org: ORG-IL351-RIPE country: IS admin-c: OTD3-RIPE tech-c: OTD3-RIPE status: ASSIGNED PA mnt-by: MNT-ADVANIA created: 2016-01-27T15:08:11Z last-modified: 2016-01-27T15:08:11Z source: RIPE
organisation: ORG-IL351-RIPE org-name: Icenetworks Ltd. org-type: OTHER address: 60 Market Square address: Belize City, Belize <== I hope they speak Russian down there! e-mail: sales@orangewebsite.com abuse-c: OTD3-RIPE mnt-ref: MNT-ADVANIA mnt-by: MNT-ADVANIA created: 2014-11-05T10:30:10Z last-modified: 2014-11-05T10:46:28Z source: RIPE
role: OrangeWebsite.com Technical Department address: OrangeWebsite.com address: Klapparstigur 7 address: 101 Reykjavik address: Iceland abuse-mailbox: abuse@orangewebsite.com e-mail: support@orangewebsite.com admin-c: AK12182-RIPE tech-c: AK12182-RIPE mnt-by: MNT-ADVANIA nic-hdl: OTD3-RIPE created: 2013-12-16T09:41:11Z last-modified: 2013-12-16T09:41:11Z source: RIPE
% Information related to '82.221.128.0/19AS50613'
route: 82.221.128.0/19 descr: Advania / Thor Data Center origin: AS50613 mnt-by: THOR-MNT mnt-lower: THOR-MNT created: 2013-07-30T12:15:23Z last-modified: 2013-07-30T12:15:23Z source: RIPE
It's simple. This simply has no place on the public Internet. A good idea is at the very least to null-route this IP space. On 08/09/16 15:13, andre@ox.co.za wrote:
So, what you are saying is that if someone places some content on a website - that seems to be criminal or maybe may be criminal or seems to be criminal then we should:
-- Kind regards, CTO at *Foton Telecom CJSC* Tel.: +7 (499) 679-99-99 AS42861 on PeeringDB <http://as42861.peeringdb.com/>, Qrator <https://radar.qrator.net/as42861>, BGP.HE.NET <http://bgp.he.net/AS42861> http://ipv6actnow.org/ <%0Ahttp://ipv6actnow.org/>
On Tue, 9 Aug 2016 15:16:36 +0300 Sergey <gforgx@fotontel.ru> wrote:
It's simple. This simply has no place on the public Internet. A good idea is at the very least to null-route this IP space.
On 08/09/16 15:13, andre@ox.co.za wrote:
So, what you are saying is that if someone places some content on a website - that seems to be criminal or maybe may be criminal or seems to be criminal then we should:
how do you know that it is not some law enforcement effort at entrapment of criminals? Any thinking person would know that this is a matter for law enforcement and not for public discussion on a mailing list. If you start deciding to also censor content on your networks, where are the lines? Soon you will be censoring people you do not agree with and "null-route' ip space for your opinion and you will be the prosecutor, jury, judge and hangman, all in one... Not cool Andre
* Ronald F. Guilmette
I've given up any hope that posting any of this kind of information here will have any impact on anything, ever. A part of me wants to scream "Which part of this repeating pattern do you folks not understand?" but I know that doing so here is pointless.
Question is, what exactly do you expect the members of the RIPE Anti-Abuse WG to actually do about these incidents you keep on reporting? We are not law enforcement, nor are we likely to go to someone's door bearing baseball bats and pitch forks. If you want someone to take action against named companies or individuals accused of abuse you should contact law enforcement or someone else that has the actual authority and ability to do so. This would include the NOC of the accused abuser's ISP. If on the other hand you want to give the RIPE NCC the mandate to de-register address space assigned to suspected abusers, you'll need to write a policy proposal to that effect. It won't happen by itself.
So I'm really only posting this here so that later on, nobdy can say to me "Gee Ron, why didn't you ever say anything to anybody about that?"
If this truly that is your only motivation for your postings, then please, stop posting. You really don't have to fear that people will start asking you «why didn't you ever say anything to anybody about that», I promise. Tore
On 09/08/16, 7:06 PM, "anti-abuse-wg on behalf of Tore Anderson" <anti-abuse-wg-bounces@ripe.net on behalf of tore@fud.no> wrote:
write a policy proposal to that effect
If there were, say, the equivalent of the registration abuse policies wg at ICANN, and if the people attending RIPE aawg meetings and providing consensus were actually the abuse management teams at various ISPs, such a policy proposal might even be productive. Previous policy proposals that actually propose anything remotely useful have failed to meet consensus, or even a bare minimum of informed discussion that has any bearing on abuse management, from this wg. For example - https://www.ripe.net/participate/ripe/wg/services/minutes/ripe-59 “You have to get to the box and that could be a botnet”. Ha. Ha. H. Recovering resources assigned to non-existing entities http://www.ripe.net/ripe/meetings/ripe-59/presentations/rasmussen-recovering... Uwe Manuel Rasmussen, Microsoft --srs
On 9 Aug 2016, at 10:09, Suresh Ramasubramanian <ops.lists@gmail.com> wrote:
For example - https://www.ripe.net/participate/ripe/wg/services/minutes/ripe-59
Which is for a different WG and 2009, not AA nor Address Poilcy where such a policy would have been made then. So will Ron step up to write a Policy ? Thanks Fearghas
On Tuesday 09 August 2016 17.21, Fearghas Mckay wrote:
On 9 Aug 2016, at 10:09, Suresh Ramasubramanian <ops.lists@gmail.com> wrote:
For example - https://www.ripe.net/participate/ripe/wg/services/minutes/ripe-59
Which is for a different WG and 2009, not AA nor Address Poilcy where such a policy would have been made then.
So will Ron step up to write a Policy ?
Thanks
Fearghas
Or, another suggestion that _could have been_ done 1981 : Have IANA lease out addresses for, say 1 US$/year and address. Use the money to infrastructure and to fund research. ( managing the BGB announcements is central to reinforcing this policy, that would also prevent ip stealth) I's my firm belief that this would reclaim a vast number of addresses and atthe same time give those with a good motivation a possibility to get addresses.
-- Peter Håkanson There's never money to do it right, but always money to do it again ... and again ... and again ... and again. ( Det är billigare att göra rätt. Det är dyrt att laga fel. )
In message <F9901595-56B1-44A3-95C5-E9CB778A1F00@gmail.com>, Fearghas Mckay <fearghas@gmail.com> wrote:
So will Ron step up to write a Policy ?
To answer your question, yes, when and if I'm persuaded that doing so will do any good and have any effect, I will. Whether I will or won't, in the end, is largely contingent upon me finding out whether any member has, in the past, ever been expelled from the organization (RIPE NCC) for any cause other than non-payment of dues/fees. As I understand it, RIPE NCC has existed for about 25 years now. If in all that long time, no member has ever been meaningfully disiplined, or even meaningfully admonished for anything, ever, other than non-payment of dues and/or fees owed, then I have to ask myself whether or not that is an unspoken implicit or de facto rule of the organization (RIPE NCC), i.e. that such disipline simply never happens. If so, the inference I would draw from that is that I would just be wasting everyone time... including my own... if I were to hope or suggest or propose that it be otherwise. 25 years is a lot of precedent and history to overcome. If the power to expell members has never been used, in all that time, I rather doubt that anything that I might say or propose now, in 2016, is going to change that longstanding tradition. Regards, rfg
In message <08CBCEE4-B5B5-4B1A-8110-3508A025642C@gmail.com>, Suresh wrote:
H. Recovering resources assigned to non-existing entities
http://www.ripe.net/ripe/meetings/ripe-59/presentations/rasmussen-recovering...
That is a *very* interesting document Suresh! Thanks for posting about it. It looks great, but I suspect that where Microsoft went off the rails with this thing, in terms of general acceptance, was when they tried to shoehorn in intellectual property theft, along with all of the other kinds of "abuse" that generally most people can agree about. If they had yanked that out of their slides, they might have actually gotten somewhere with this. Oh well. Water under the bridge. Ancient history now (2009). Regards, rfg
On Thu, Aug 11, 2016 at 06:01:55AM -0700, Ronald F. Guilmette wrote:
In message <08CBCEE4-B5B5-4B1A-8110-3508A025642C@gmail.com>, Suresh wrote:
H. Recovering resources assigned to non-existing entities
http://www.ripe.net/ripe/meetings/ripe-59/presentations/rasmussen-recovering...
That is a *very* interesting document Suresh! Thanks for posting about it.
This presentation is making the same mistake that you are consistently making. RIPE NCC *does NOT assign resources to end-users* (except in the edge case of independent resource-holders who have a direct contract with NCC) PA resources, such as the /29 you're banging on about, are *assigned* to the end user by a LIR from larger space *allocated* to the LIR by the RIR (RIPE NCC in this case) Any fraud, if such it is, is perpetrated on the *LIR*, not on RIPE NCC. The NCC does not know, nor does it have to, know every customer of every LIR. (Nor can the NCC "repossess" a /29 out of a larger allocation - this is not possible for routing reasons alone.) FWIW, if a LIR is consistently and wilfully creates fraudulent records in the ripedb you can make a complaint and the NCC has sanctions available up to and including closure of the offending LIR. I sincerely hope that this requires a better standard of evidence than "It is self evident that they are evil criminals!!111!" It is important to understand the distinction between allocation and assignment and the process that leads to an assignment of resources to an end-user before making wild accusations. rgds, Sascha Luck
In the domain world at least, there are 1. A registrar 2. A tld / ccTLD That have oversight over a domain and an abuse management role related to it. If the registrar is not responsive, it is not unknown for the ccTLD or TLD to action a large number of domains related to a persistent / long running issue when it is brought to their attention. Any further action they, or ICANN, later take related to the offending registrar is much rarer – in the case of, for example, Estdomains several years back, that was a famous example. --srs On 11/08/16, 7:00 PM, "anti-abuse-wg on behalf of Sascha Luck [ml]" <anti-abuse-wg-bounces@ripe.net on behalf of aawg@c4inet.net> wrote: FWIW, if a LIR is consistently and wilfully creates fraudulent records in the ripedb you can make a complaint and the NCC has sanctions available up to and including closure of the offending LIR. I sincerely hope that this requires a better standard of evidence than "It is self evident that they are evil criminals!!111!"
In message <20160811133008.GN862@cilantro.c4inet.net>, "Sascha Luck [ml]" <aawg@c4inet.net> wrote:
PA resources, such as the /29 you're banging on about...
Most recently, I believe that I was "banging on about" a /26... not a /29. Not that it really matters much either way. I just want to make sure we're talking about that same thing.
...are *assigned* to the end user by a LIR from larger space *allocated* to the LIR by the RIR (RIPE NCC in this case)
I do (and did) see that the /26 that has irked me most recently is indeed, as you say, just a smallish chunk within a much larger allocated block, where the applicable WHOIS record says that the larger containing block is registered to a different entity.
Any fraud, if such it is, is perpetrated on the *LIR*, not on RIPE NCC.
Well, let me stop you right there and ask you to break this down for me a bit, just so I'm clear. I assume that we are in agreement that there does exist, at the present moment, a WHOIS record within the RIPE database that purports to provide registrant details for the 82.221.130.64/26 block, yes? I admit that I am actually ignorant about most of the mechanical details of how RIPE WHOIS records generally, and that specific WHOIS record in particular, come to reside within the RIPE WHOIS data base. So I think that perhaps you can help me out here, and educate me. I ask in all seriousness. How was the WHOIS record for the 82.221.130.64/26 block entered into the RIPE WHOIS data base? Who entered it? Would that have been this thing calling itself "OrangeWebsite.com - Network" (ORG-IL351-RIPE) or would that have been "Advania hf." (ORG-Sh2-RIPE) acting in its capacity as the registrant of the entire containing /16? I think that this is an important point, technically, or I wouldn't be asking.
FWIW, if a LIR is consistently and wilfully creates fraudulent records in the ripedb you can make a complaint and the NCC has sanctions available up to and including closure of the offending LIR.
This really is going to be educational for me! Seriously. If you could further elaboarte on the two specific points you just made, then that sure would be a help to me as I try to draft some concrete proposal, as a couple of people have requested me to do. To start with, you said that I can "make a complaint". Looking only at the formal RIPE NCC Articles of Association (ripe-602) I don't see anywhere in there where it says anything about the NCC even being obliged to accept, let alone do anything with whatever kind of report you are referring to as a "complaint". So did I just miss that? Or is there some other binding document that I should be looking at which describes these "complaints", how they must be either submitted to or received by NCC, or how they must, may, or will be acted upon? If so, and if you can supply a link, I'd be greatful. (This really is all news to me. I really didn't know that there was already a formalized procedure in place for either submitting or processing what you apparently prefer to call "complaints". I would prefer the word "report", but just as long as we both know what we are talking about, there shouldn't be a problem.) Likewise and similarly, if there is a document which goes into detail regarding this range of sanctions you've talked about, I would dearly love to obtain a link to that also. (Sorry to be such a burden, but there are hundreds of RIPE documents, and it sounds to me like you may perhaps already know which one I should be looking at, and it would be real helpful if you could share that with me.)
It is important to understand the distinction between allocation and assignment and the process that leads to an assignment of resources to an end-user before making wild accusations.
OK, if it is important to understand it, then please proceed to explain it. I am all ears. (I should say also that I _do_ look forward to the day when I'll be fully educated about all this stuff, after which, it seems, I will have then earned the right, in your view to legitimately begin in ernest the task of making wild accusations. I can hardly wait. :-) Regards, rfg
On Thu, Aug 11, 2016 at 03:21:04PM -0700, Ronald F. Guilmette wrote:
...are *assigned* to the end user by a LIR from larger space *allocated* to the LIR by the RIR (RIPE NCC in this case)
I do (and did) see that the /26 that has irked me most recently is indeed, as you say, just a smallish chunk within a much larger allocated block, where the applicable WHOIS record says that the larger containing block is registered to a different entity.
It's not immediately obvious from a simple whois query although it shows the route: object for the larger block, in this case: 82.221.128.0/19AS50613 I would suggest though, you look at https://stat.ripe.net and put the IP or subnet in and that will show you pretty much all information in the ripedb about the assignment, its covering allocation, etc.
I assume that we are in agreement that there does exist, at the present moment, a WHOIS record within the RIPE database that purports to provide registrant details for the 82.221.130.64/26 block, yes?
I admit that I am actually ignorant about most of the mechanical details of how RIPE WHOIS records generally, and that specific WHOIS record in particular, come to reside within the RIPE WHOIS data base. So I think that perhaps you can help me out here, and educate me. I ask in all seriousness.
How was the WHOIS record for the 82.221.130.64/26 block entered into the RIPE WHOIS data base? Who entered it? Would that have been this thing calling itself "OrangeWebsite.com - Network" (ORG-IL351-RIPE) or would that have been "Advania hf." (ORG-Sh2-RIPE) acting in its capacity as the registrant of the entire containing /16?
since the object is protected by MNT-ADVANIA, one can assume that it was created by ORG-Sh2-RIPE. (In realiter, it could be anyone who knows the maintainer password) again, https://stat.ripe.net will give you all the information in a linked form.
FWIW, if a LIR is consistently and wilfully creates fraudulent records in the ripedb you can make a complaint and the NCC has sanctions available up to and including closure of the offending LIR.
This really is going to be educational for me! Seriously.
If you could further elaboarte on the two specific points you just made, then that sure would be a help to me as I try to draft some concrete proposal, as a couple of people have requested me to do.
To start with, you said that I can "make a complaint". Looking only at the formal RIPE NCC Articles of Association (ripe-602) I don't see anywhere in there where it says anything about the NCC even being obliged to accept, let alone do anything with whatever kind of report you are referring to as a "complaint". So did I just miss that? Or is there some other binding document that I should be looking at which describes these "complaints", how they must be either submitted to or received by NCC, or how they must, may, or will be acted upon? If so, and if you can supply a link, I'd be greatful. (This really is all news to me. I really didn't know that there was already a formalized procedure in place for either submitting or processing what you apparently prefer to call "complaints". I would prefer the word "report", but just as long as we both know what we are talking about, there shouldn't be a problem.)
http://lmgtfy.com/?q=ripe+ncc+complaint the top result...
Likewise and similarly, if there is a document which goes into detail regarding this range of sanctions you've talked about, I would dearly love to obtain a link to that also. (Sorry to be such a burden, but there are hundreds of RIPE documents, and it sounds to me like you may perhaps already know which one I should be looking at, and it would be real helpful if you could share that with me.)
https://www.ripe.net/publications/docs/ripe-640
It is important to understand the distinction between allocation and assignment and the process that leads to an assignment of resources to an end-user before making wild accusations.
OK, if it is important to understand it, then please proceed to explain it. I am all ears.
I already did and you even quoted it in this post. RIR (eg RIPE NCC) allocates resource blocks to LIRs. LIRs assign parts of those blocks to their customers (end users). Broadly, it works like this in every RIR service region. End-user contacts whoever provides them bandwidth (LIR), requests IP addresses. LIR evaluates the request, assigns them a subnet (if they still have one...) and creates a ripedb object for that block. Sometimes the creation and management of that object is delegated to the end user but, IME, that's not too common. rgds, Sascha Luck
In message <20160812114642.GO862@cilantro.c4inet.net>, "Sascha Luck [ml]" <aawg@c4inet.net> wrote: rfg>How was the WHOIS record for the 82.221.130.64/26 block entered into rfg>the RIPE WHOIS data base? Who entered it?...
since the object is protected by MNT-ADVANIA, one can assume that it was created by ORG-Sh2-RIPE. (In realiter, it could be anyone who knows the maintainer password)
Ok, so if we make the generous assumption that Advania has not been stupid enough to have been phished out of their maintainer password, then we can say that Advania is the specific entity that has placed the fradulent WHOIS record for the 82.221.130.64/26 block into the RIPE data base, thereby effectively committing fraud against RIPE NCC and indeed against the entire RIPE community. (Note: That was not a question.) So, Sasha, which of the many possible sanctions you've claimed that RIPE has in its arsenal will now be deployed against Advania and when will that application of sanctions occur?
http://lmgtfy.com/?q=ripe+ncc+complaint
the top result...
Thank you Sasha. That "top result" of that google search is certainly interesting reading too, but I find the number 4 search result in this case to be even rather more interesting and relevant: [members-discuss] Complaints against LIRs ignored by NCC https://www.ripe.net/ripe/mail/archives/members-discuss/2013-November/001382... It's certainly wonderful that NCC provides an official-looking form, and an official-seeming process for registering what you continue to insist on calling "complaints", but is that all just a charade? Is that all just clever window dressing, intended to persuade the rable, the hoy paloy, and the ordinary community members from rasing too much of a public stink, even when NCC does the politically most expedient thing and just files these incoming complaints into the trash bin? If the process is real, and not just a convenient Potemkin village sort of charade, then please do tell me, what was the outcome of Mr. Weber's November 2013 "complaint"? What actions were taken by NCC as a result of that? What sanctions were imposed? Any? Any at all? And how many months ground past before action was taken? Justice delayed is justice denied.
Thank you for this link also Sasha. The above document has the somewhat ominous title of "Closure of Members, Deregistration of Internet Resources and Legacy Internet Resources." So depending on how one counts, that is either two or maybe three different types of sanctions that can be imposed. I've already asked here how many times RIPE NCC members have actually had their memberships terminated, if any. Nobody knows. At least our Chair, Brian, has kindly offered to facilitate the quest for an answer to that rather basic question, for which I am deeply greatful. But now there is an additional and second question: On how many occasions has RIPE NCC deregistered Internet resources? I'm guessing that nobody here knows the answer to that one either. Is the number of such cases perhaps -ZERO-? I don't want to be an undue burden on Brian, but if he can add his weight to help us ferret out the answer to THAT interesting question also, I think that would be Good. It seems to me that the answers to these two questions are central to the work of this Working Group. If -in practice- no dues-paying (or fee-paying) members of RIPE NCC are ever sanctioned in any way, ever, no matter how over-the-top outrageous their behavior becomes, and no matter how complete and compelling the documentation of their misdeeds is, then I think that RIPE NCC should just scrap all of these phony pretenses, remove the ripe-640 document from the web site, and stop attempting to delude an entire planet's worth of Internet users into the false belief that RIPE NCC even has the minimal cajones to restrain its own members from ripping off and/or committing fraud against even RIPE itself. Regards, rfg
In message <20160809153642.47730aa7@envy.e1.y.home>, Tore Anderson <tore@fud.no> wrote:
Question is, what exactly do you expect the members of the RIPE Anti-Abuse WG to actually do about these incidents you keep on reporting? We are not law enforcement, nor are we likely to go to someone's door bearing baseball bats and pitch forks.
I'd like to see RIPE NCC repossess any and all number resources that were allocated on the basis of fraud and/or deliberate deceit.
If on the other hand you want to give the RIPE NCC the mandate to de-register address space assigned to suspected abusers, you'll need to write a policy proposal to that effect. It won't happen by itself.
Not from "suspected abusers" generally. Not even from actual "abusers" generally. It would be utterly silly and pointless to try to get a resolution passed which would create any kind of sanction against "abusers"... let alone mere "suspected" ones... because this very working group has steadfastly refused all invitations and entreaties in the past to even try to do something as simple as defining the word "abuse". Thus, it would only be good for a big laugh all around to say we're gonna take back resources from those nasty lousey "abusers", because around here, nobody even seems to know... or even wants to know... what an "abuser" is, let alone who or what might actually be one. It's like like what some U.S. Supreme Court justice once famously said about pornography "I can't define it, but I know it when I see it." That seems to be the prevailing attitude about "abuse" around here. Obviously everybody who joined this mailing list has at least some vague feeling that such a thing as "abuse" actually "is real" and actually "does exist". It's just that nobody here wants to try to talk about it in any concrete terms... you know... using actual human language. (Based on past discussions, this seems to be due to a sense of fear. Nobody wants to say what they think "abuse" is, for fear that somewhere, someday, somehow, somebody is actually going to try to hold them, contractually, to that definition of "abuse" they agreed with, back 10 or 20 years ago. And you know, a lot of men do have this problem relating to "committment".) People on this list don't talk about "abuse". They talk around it. That's OK. I've gotten over my own personal dismay about this, and have moved on. Even *I* don't want to talk about "abuse" anymore. And at present, I am *not* talking about "abuse". I'm talking about fraud. Different subject entirely. And not just any old fraud. No, no no! I'm *only* talking about fraud perpetrated against RIPE and/or RIPE NCC! If all of you actual RIPE NCC members aren't even willing to entertain a serious and adult discussion about even _that_ very narrow and limited topic, then God help you all. In that case you might as well just publically declare the whole WHOIS data base a complete farce, hang up your keyboards, and go for beer. Regards, rfg
participants (9)
-
andre@ox.co.za -
Fearghas Mckay -
peter h -
Ronald F. Guilmette -
Sascha Luck [ml] -
Sergey -
Suresh Ramasubramanian -
Tore Anderson -
Volker Greimann