Hi Gert, Daniel,
On 4 Aug 2024, at 15:00, Gert Doering <gert@space.net> wrote:
Hi,
On Sun, Aug 04, 2024 at 01:46:07PM +0200, Daniel Suchy wrote:
In my case, I also missed any notification about "malicious" activity to registered abuse contact. I think this should be part of process in case at least when subnet (more than single host) is blocked. Automatically generated notification is sufficient here. I think is good to know about such issues from network-operator perspective. Even if it will be an opt-in (but I think good operator takes care about similar events in its network).
Indeed, that sounds like an idea to spend some thoughts on - if the RIPE DB blocks "something" for AUP violation, send "suitable" notifications.
Is there any action for the abuse contact to take in this situation? I think it is more about educating the end user about why they have been blocked. We already inform the user in the query response why their request has been blocked, and explain in our documentation: https://apps.db.ripe.net/docs/FAQ/#why-did-i-receive-an-error-201-access-den... Very few end users will repeatedly exceed the query limit (i.e. we temporarily block 100's of IPs daily, but permanently block 10-20 IPs, out of millions of source IPs daily). If users can resolve the situation themselves, is there a need to also notify the abuse contact? Regards Ed Shryane RIPE NCC