After some searching, it appears that RIPE has no actual abuse policy but that everything is still hanging in limbo. I was looking for an address to report hacker activity to and it appears that you are a) not in the business b) not equipped to handle it c) barely qualified to assign blocks of IP addresses so that the addressee can self-police, unless they are hacker/spammer organizations. In which case the rest of the worlds choice is to ban RIPE assigned addresses. Hopefully RIPE will mature soon! If in fact you DO have a group assigned for the purpose of investigating hackers, please make it available on you web page.
On Fri, Nov 04, 2005 at 05:18:30PM +0000, jrfoleyjr@comcast.net <jrfoleyjr@comcast.net> wrote a message of 21 lines which said:
I was looking for an address to report hacker activity to and it appears that you are a) not in the business b) not equipped to handle it c) barely qualified to assign blocks of IP addresses so that the addressee can self-police, unless they are hacker/spammer organizations. In which case the rest of the worlds choice is to ban RIPE assigned addresses.
Personnally, I would be interested to know first-hand experiences on how ARIN, LACNIC, Afrinic or APNIC handle cracker activity reports (you know, these reports sent more or less at random towards every email addresse that the alleged victim can find). Do they send a special police squad immediately? Do they sue the cracker in the name of the victim? Do they deliver a free and comprehensive technical analysis of the attack? I could continue the list but, since you blocked RIPE addresses, you will probably miss my message :-)
I could continue the list but, since you blocked RIPE addresses, you will probably miss my message :-)
Well, most of the time comcast addresses occupy a prominent place in my email default-discard list - alongside aol, verizon, yahoo, hotmail, ... :-) Wilfried.
On Fri, Nov 04, 2005 at 05:18:30PM +0000, jrfoleyjr@comcast.net wrote:
After some searching, it appears that RIPE has no actual abuse policy but that everything is still hanging in limbo. I was looking for an address to report hacker activity to and it appears that you are a) not in the business b) not equipped to handle it c) barely qualified to assign blocks of IP addresses so that the addressee can self-police, unless they are hacker/spammer organizations. In which case the rest of the worlds choice is to ban RIPE assigned addresses. Hopefully RIPE will mature soon! If in fact you DO have a group assigned for the purpose of investigating hackers, please make it available on you web page.
And of course, the "hacker report" would be coherent, polite, constructive, correctly targetted and littered with aesthetically pleasing literary allusions, such that the recipient would light up with joy upon receiving it, rather than being badly formatted, rude and confrontational... *shakes head* Idiots like this are the reason that those of us with legitimate security / legal related needs for contact information find it hard to convince people that there is sometimes a legitimate need for it. Cheers, Steve
Sir or Madam, jrfoleyjr@comcast.net wrote:
After some searching, it appears that RIPE has no actual abuse policy but that everything is still hanging in limbo.
I was looking for an address to report hacker activity to and it appears that you are a) not in the business b) not equipped to handle it c) barely qualified to assign blocks of IP addresses so that the addressee can self-police, unless they are hacker/spammer organizations. In which case the rest of the worlds choice is to ban RIPE assigned addresses. Hopefully RIPE will mature soon!
If in fact you DO have a group assigned for the purpose of investigating hackers, please make it available on you web page.
You should have already received the information off-list, but I think it is probably worth it to explain to the rest of the Database Working Group subscribers how we (the RIPE NCC) handle such complaints. Generally, we hope that people see the link that says "Spam and Hacking Help" on the www.ripe.net web page: http://www.ripe.net/info/faq/abuse/index.html Despite our best efforts to keep it simple, the front page has a lot of information, and this link can easily get overlooked. Also, a lot of abuse reports come to RIPE NCC by people who find RIPE NCC e-mail addresses in the database or other places that do not have enough information about finding the best e-mail address to contact. Whenever anyone working at the RIPE NCC gets an abuse complaint now, we send the following e-mail: ------------------------------------------------------------------------ Dear Sir/Madam, You have sent a complaint regarding some type of abuse (i.e. hacking, spam). The RIPE NCC allocates address space to ISPs and other organisations. These organisations are responsible for the activities originating from the address space allocated to them. Since the RIPE NCC is NOT the organisation using or responsible for activities originating from the address space, any concerns or responses should be directed to them. We would like to help you find the appropriate party responsible for the address space and therefore have created the following web page: http://www.ripe.net/abuse.html Please also see our FAQ for further information: http://www.ripe.net/info/faq/abuse/index.html If you still believe that the abuse originates from the RIPE NCC's network please send your complaint within seven days to abuse+51574a0be8765eecf9dd5ef5e75bb20005fd1644@ripe.net Kind Regards, RIPE NCC www.ripe.net ------------------------------------------------------------------------ The strange e-mail address there is a temporary address that gets forwarded to a human. The idea here is that if there is actually abuse that we can do something about, then people will bypass the automated responder and get a human. While do try to follow best practices regarding security, it is possible that one of our computers gets compromised and used for bad things! Also sometimes people really, really think that the RIPE NCC should be responsible for abuse originating in the RIPE region, and want to communicate with a human about it. We do /not/ have any plans to set up a group to investigate hackers, and it would probably be something for the RIPE NCC Services Working Group to recommend, rather than the Database Working Group. I do not think it is likely that the RIPE community will support such a service, as there are several organisations in the RIPE region that are already dedicated to this activity. But if you think it is worth doing, please have a look at the RIPE Policy Development pages: http://www.ripe.net/ripe/policies/ The RIPE community is actually very open and willing to discuss good ideas. -- Shane Kerr Software Engineering Department Manager RIPE NCC
The RIPE NCC allocates address space to ISPs and other organisations. These organisations are responsible for the activities originating from the address space allocated to them. Since the RIPE NCC is NOT the organisation using or responsible for activities originating from the address space, any concerns or responses should be directed to them.
Which is a very nice theory, except that RIPE has flat-out refused, to me, to either ensure that address space contacts are correct or pass along complaints. Perhaps the policy behind that has changed. I hope so. But until I see some evidence of it, I still consider RIPE fundamentally rogue - wanting the authority to assign address space, but not accepting the concomitant responsibility, the same responsibility they say everyone they assign address space to has. Responsibility has to be matched with authority the way up the chain, from individual hosts all the way up to ICANN; whenever authority and responsibility are mismatched, you get abuses, growing more and more severe until either the mismatch is corrected or the system collapses - and RIPE is no exception. (Neither is anyone else, of course.) No, I don't think scattershotting individual complaints to every address in sight is sane behaviour. But when there is a long-standing pattern of persistent abuse, or an address space holder that persistently refuses to provide working contact addresses, the RIR in question needs to step in and assume the responsibility their assignee isn't. (And, of course, if a RIR persistently refuses to do so, ICANN needs to step in and take whatever steps are necessary to correct the situation.) These are last-resort steps, of course; except in cases of nonworking netblock contacts (which in routine cases should be quickly corrected), I wouldn't go as far upstream as RIPE until everyone lower had proven comatose or rogue for months. No, I don't expect that to happen anywhere near the RIR level in the foreseeable future. With the US Government at the top of the pyramid, the rot goes clear to the top, and I don't expect it to be fixed until the root cause is fixed: until whatever entity is at the top of the assignment chain (ICANN or its analog) is not beholden to any national government and cares more about the net's running smoothly than about lining their own pockets. (And that's what I see it as; ICANN shouldn't *need* any money from any government, with all the money pouring up the pyramid from every address space assignment and domain registration. What is that money *for*, if not to pay for the infrastructure?) And that, I don't expect to happen soon. Perhaps not even in my lifetime. Possibly not even in the Internet's lifetime. (And people wonder why I wish I knew a trade other than computers....) /~\ The ASCII der Mouse \ / Ribbon Campaign X Against HTML mouse@rodents.montreal.qc.ca / \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
participants (6)
-
der Mouse -
jrfoleyjr@comcast.net -
Shane Kerr -
Stephane Bortzmeyer -
Steve Atkins -
Wilfried Woeber, UniVie/ACOnet