Hi all! From time to time I find probes which has incorrect country in their description. For example #10333 supposed to be in US but from my measurements it looks like it is somewhere nearby Amsterdam. If something has 10ms RTT to target in Amsterdam, has hops with `nl-ams14a-ri1-ae8-0.aorta.net<https://stat.ripe.net/nl-ams14a-ri1-ae8-0.aorta.net>` description and has ASN for LibertyGlobal then this probe is rather in Europe. It takes some time to resolve such issue via RIPE team so maybe we can get a form to send direct and short message to probe owner to let him/her know that something is wrong with his/her probe and we ask for verification. What do you think about that? Regards, Grzegorz
It seems a good idea. I don't think this will be abused and in case it would be easy to point out the spammers. Would this be useful also for other kind of messages? Paolo ----- Messaggio originale -----
Da: "Grzegorz Ponikierski" <gponikie@akamai.com> A: ripe-atlas@ripe.net Inviato: Mercoledì, 17 aprile 2019 19:13:37 Oggetto: [atlas] Communication with probes' owners
Hi all!
From time to time I find probes which has incorrect country in their description. For example #10333 supposed to be in US but from my measurements it looks like it is somewhere nearby Amsterdam. If something has 10ms RTT to target in Amsterdam, has hops with ` nl-ams14a-ri1-ae8-0.aorta.net ` description and has ASN for LibertyGlobal then this probe is rather in Europe. It takes some time to resolve such issue via RIPE team so maybe we can get a form to send direct and short message to probe owner to let him/her know that something is wrong with his/her probe and we ask for verification. What do you think about that?
Regards, Grzegorz
Grzegorz, Paolo, all - On 19.04.2019 12:26, Paolo Pozzan wrote:
It seems a good idea.
+1.
I don't think this will be abused
Quite the opposite IMHO, understanding that the anticipated means of communication will be email and that the email address of a probe's host will be generic, eg. <ripe-atlas-probe-[number]@atlas.ripe.net>, redirecting all incoming emails to a final address. The redirection would be configured via the portal then.
and in case it would be easy to point out the spammers.
Maybe the NCC could and would operate a purpose specific spam catcher for the 3rd level domain 'atlas'. But after all I wouldn't really care as I am already running anti-spam measures anyway. YMMV though...
Would this be useful also for other kind of messages?
Like what? Best, -C.
------------------------------------------------------------------------
*Da: *"Grzegorz Ponikierski" <gponikie@akamai.com> *A: *ripe-atlas@ripe.net *Inviato: *Mercoledì, 17 aprile 2019 19:13:37 *Oggetto: *[atlas] Communication with probes' owners
Hi all!
From time to time I find probes which has incorrect country in their description. For example #10333 supposed to be in US but from my measurements it looks like it is somewhere nearby Amsterdam. If something has 10ms RTT to target in Amsterdam, has hops with `nl-ams14a-ri1-ae8-0.aorta.net <https://stat.ripe.net/nl-ams14a-ri1-ae8-0.aorta.net>` description and has ASN for LibertyGlobal then this probe is rather in Europe. It takes some time to resolve such issue via RIPE team so maybe we can get a form to send direct and short message to probe owner to let him/her know that something is wrong with his/her probe and we ask for verification. What do you think about that?
Regards,
Grzegorz
If this gets implemented, please add a checkbox where one can indicate whether one is a user or also can get things fixed in the AS where your probe is connected. Op vr 19 apr. 2019 om 12:37 schreef Paolo Pozzan <paolo.pozzan@telemar.it>:
It seems a good idea. I don't think this will be abused and in case it would be easy to point out the spammers. Would this be useful also for other kind of messages?
Paolo
------------------------------
*Da: *"Grzegorz Ponikierski" <gponikie@akamai.com> *A: *ripe-atlas@ripe.net *Inviato: *Mercoledì, 17 aprile 2019 19:13:37 *Oggetto: *[atlas] Communication with probes' owners
Hi all!
From time to time I find probes which has incorrect country in their description. For example #10333 supposed to be in US but from my measurements it looks like it is somewhere nearby Amsterdam. If something has 10ms RTT to target in Amsterdam, has hops with ` nl-ams14a-ri1-ae8-0.aorta.net <https://stat.ripe.net/nl-ams14a-ri1-ae8-0.aorta.net>` description and has ASN for LibertyGlobal then this probe is rather in Europe. It takes some time to resolve such issue via RIPE team so maybe we can get a form to send direct and short message to probe owner to let him/her know that something is wrong with his/her probe and we ask for verification. What do you think about that?
Regards,
Grzegorz
Am 21.04.2019 um 19:59 schrieb Dave . <gboonie@gmail.com>:
If this gets implemented, please add a checkbox where one can indicate whether one is a user or also can get things fixed in the AS where your probe is connected.
Makes sense to me: +1. Would then a reminder every 1/2/3 month[s] make sense that this is (still) the case aka. this flag to be set? As the probe’s circumstances may change...
Op vr 19 apr. 2019 om 12:37 schreef Paolo Pozzan <paolo.pozzan@telemar.it>:
It seems a good idea. I don't think this will be abused and in case it would be easy to point out the spammers. Would this be useful also for other kind of messages?
Paolo
The best might be for RIPE to contact the owner when the records don't match what is detected from the probe? Some method to trigger a check could be added to the probe's profile, and there would not be ANY chance of email abuse by throwaway accounts? Allowing users to contact probe owners has to be VERY well made to avoid all sorts of attacks and spam! Martin Boissonneault Sent from my iPhone On Apr 21, 2019, at 18:14, Carsten Schiefner <carsten@schiefner.de<mailto:carsten@schiefner.de>> wrote: Am 21.04.2019 um 19:59 schrieb Dave . <gboonie@gmail.com<mailto:gboonie@gmail.com>>: If this gets implemented, please add a checkbox where one can indicate whether one is a user or also can get things fixed in the AS where your probe is connected. Makes sense to me: +1. Would then a reminder every 1/2/3 month[s] make sense that this is (still) the case aka. this flag to be set? As the probe’s circumstances may change... Op vr 19 apr. 2019 om 12:37 schreef Paolo Pozzan <paolo.pozzan@telemar.it<mailto:paolo.pozzan@telemar.it>>: It seems a good idea. I don't think this will be abused and in case it would be easy to point out the spammers. Would this be useful also for other kind of messages? Paolo
I thought about simple web form available only for logged users of RIPE Atlas. In this way all private data are hidden and RIPE can rate limit usage of the form. Message itself can be send to probe's owner via email from RIPE Atlas infra so sender identity also can be hidden. If somebody wants to switch to email communication then form can also be used to exchange email addresses. Regards, Grzegorz From: Martin Boissonneault <ve2mrx@hotmail.com> Date: Monday 2019-04-22 at 02:25 To: Carsten Schiefner <carsten@schiefner.de> Cc: "ripe-atlas@ripe.net" <ripe-atlas@ripe.net> Subject: Re: [atlas] Communication with probes' owners The best might be for RIPE to contact the owner when the records don't match what is detected from the probe? Some method to trigger a check could be added to the probe's profile, and there would not be ANY chance of email abuse by throwaway accounts? Allowing users to contact probe owners has to be VERY well made to avoid all sorts of attacks and spam! Martin Boissonneault Sent from my iPhone On Apr 21, 2019, at 18:14, Carsten Schiefner <carsten@schiefner.de<mailto:carsten@schiefner.de>> wrote: Am 21.04.2019 um 19:59 schrieb Dave . <gboonie@gmail.com<mailto:gboonie@gmail.com>>: If this gets implemented, please add a checkbox where one can indicate whether one is a user or also can get things fixed in the AS where your probe is connected. Makes sense to me: +1. Would then a reminder every 1/2/3 month[s] make sense that this is (still) the case aka. this flag to be set? As the probe’s circumstances may change... Op vr 19 apr. 2019 om 12:37 schreef Paolo Pozzan <paolo.pozzan@telemar.it<mailto:paolo.pozzan@telemar.it>>: It seems a good idea. I don't think this will be abused and in case it would be easy to point out the spammers. Would this be useful also for other kind of messages? Paolo
Having individual users contacting other individual users about probe location problems seems like a not very scalable solution to this problem. It both leaves it somewhat random which issues will be caught, and may leave probe owners whose probes look somewhat atypical having to explain their situation over and over again to random people. I have a cron job that goes through the entire probe list every few hours and runs the IP addresses against the MaxMind Geolite databases. MaxMind has its own accuracy issues, but after a bunch of spot checking I decided that trusting the MaxMind answers was better than trusting the owner-reported information for the probes. If somebody wants to take a more systematic approach to getting the Atlas location data cleaned up, I’d be happy to share a diff. But I’d suggest that it be done by somebody with access to the database cleaning up things that look wrong, instead of bugging a bunch of individual probe owners. -Steve Steve Gibbard
On Apr 23, 2019, at 4:10 AM, Ponikierski, Grzegorz <gponikie@akamai.com> wrote:
I thought about simple web form available only for logged users of RIPE Atlas. In this way all private data are hidden and RIPE can rate limit usage of the form. Message itself can be send to probe's owner via email from RIPE Atlas infra so sender identity also can be hidden. If somebody wants to switch to email communication then form can also be used to exchange email addresses.
Regards, Grzegorz
From: Martin Boissonneault <ve2mrx@hotmail.com> Date: Monday 2019-04-22 at 02:25 To: Carsten Schiefner <carsten@schiefner.de> Cc: "ripe-atlas@ripe.net" <ripe-atlas@ripe.net> Subject: Re: [atlas] Communication with probes' owners
The best might be for RIPE to contact the owner when the records don't match what is detected from the probe?
Some method to trigger a check could be added to the probe's profile, and there would not be ANY chance of email abuse by throwaway accounts?
Allowing users to contact probe owners has to be VERY well made to avoid all sorts of attacks and spam!
Martin Boissonneault Sent from my iPhone
On Apr 21, 2019, at 18:14, Carsten Schiefner <carsten@schiefner.de> wrote:
Am 21.04.2019 um 19:59 schrieb Dave . <gboonie@gmail.com>: If this gets implemented, please add a checkbox where one can indicate whether one is a user or also can get things fixed in the AS where your probe is connected. Makes sense to me: +1.
Would then a reminder every 1/2/3 month[s] make sense that this is (still) the case aka. this flag to be set?
As the probe’s circumstances may change...
Op vr 19 apr. 2019 om 12:37 schreef Paolo Pozzan <paolo.pozzan@telemar.it>: It seems a good idea. I don't think this will be abused and in case it would be easy to point out the spammers. Would this be useful also for other kind of messages?
Paolo
@Steve Gibbard I totally agree. I think it's best for RIPE to analyze the data and ask probe owners to update the probe profiles if it's believed wrong. Maybe tag the probe if the information is suspicious or the owner does not respond? Martin Boissonneault Sent from my iPhone On Apr 23, 2019, at 12:36, "scg@gibbard.org<mailto:scg@gibbard.org>" <scg@gibbard.org<mailto:scg@gibbard.org>> wrote: Having individual users contacting other individual users about probe location problems seems like a not very scalable solution to this problem. It both leaves it somewhat random which issues will be caught, and may leave probe owners whose probes look somewhat atypical having to explain their situation over and over again to random people. I have a cron job that goes through the entire probe list every few hours and runs the IP addresses against the MaxMind Geolite databases. MaxMind has its own accuracy issues, but after a bunch of spot checking I decided that trusting the MaxMind answers was better than trusting the owner-reported information for the probes. If somebody wants to take a more systematic approach to getting the Atlas location data cleaned up, I’d be happy to share a diff. But I’d suggest that it be done by somebody with access to the database cleaning up things that look wrong, instead of bugging a bunch of individual probe owners. -Steve Steve Gibbard On Apr 23, 2019, at 4:10 AM, Ponikierski, Grzegorz <gponikie@akamai.com<mailto:gponikie@akamai.com>> wrote: I thought about simple web form available only for logged users of RIPE Atlas. In this way all private data are hidden and RIPE can rate limit usage of the form. Message itself can be send to probe's owner via email from RIPE Atlas infra so sender identity also can be hidden. If somebody wants to switch to email communication then form can also be used to exchange email addresses. Regards, Grzegorz From: Martin Boissonneault <ve2mrx@hotmail.com<mailto:ve2mrx@hotmail.com>> Date: Monday 2019-04-22 at 02:25 To: Carsten Schiefner <carsten@schiefner.de<mailto:carsten@schiefner.de>> Cc: "ripe-atlas@ripe.net<mailto:ripe-atlas@ripe.net>" <ripe-atlas@ripe.net<mailto:ripe-atlas@ripe.net>> Subject: Re: [atlas] Communication with probes' owners The best might be for RIPE to contact the owner when the records don't match what is detected from the probe? Some method to trigger a check could be added to the probe's profile, and there would not be ANY chance of email abuse by throwaway accounts? Allowing users to contact probe owners has to be VERY well made to avoid all sorts of attacks and spam! Martin Boissonneault Sent from my iPhone On Apr 21, 2019, at 18:14, Carsten Schiefner <carsten@schiefner.de<mailto:carsten@schiefner.de>> wrote: Am 21.04.2019 um 19:59 schrieb Dave . <gboonie@gmail.com<mailto:gboonie@gmail.com>>: If this gets implemented, please add a checkbox where one can indicate whether one is a user or also can get things fixed in the AS where your probe is connected. Makes sense to me: +1. Would then a reminder every 1/2/3 month[s] make sense that this is (still) the case aka. this flag to be set? As the probe’s circumstances may change... Op vr 19 apr. 2019 om 12:37 schreef Paolo Pozzan <paolo.pozzan@telemar.it<mailto:paolo.pozzan@telemar.it>>: It seems a good idea. I don't think this will be abused and in case it would be easy to point out the spammers. Would this be useful also for other kind of messages? Paolo
Hi Grzegorz, I'm sorry if I sound paranoid, computer security does that to some ;-) My registering for my Atlas account was a few years ago, so I don't remember all the details. But usually, new account creation can be scripted and fake accounts can rapidly created by a willing party. For that reason, account creation should not be the only measure against spam. Limiting the speed of account creation based on network address can help, but can be circumvented. One big step would be physical address or ID validation. Linking the virtual and physical worlds is harder to abuse. Another way to limit spam is to control the message. The form could give a few checkboxes or pre-defined messages but no place to write a message. If you cannot advertise stuff on the form, it's useless for most spammers. Some forms can be used to DoS email by not using rate-limiting. So, that form could limit the rate per _destination and sender_ like the Digest mode of mailing lists. One or two digests per day, and replies would be like a mailing list. I mean that RIPE would always be the sender or the receiver, ensuring privacy of email address of one party to the other. Now that I think of it, it's pretty much the messaging system of most forums with a front-end. Except that your username is the probe's ID? I think RIPE could do it, if it there is enough demand? Martin Boissonneault Sent from my iPhone On Apr 23, 2019, at 07:10, Ponikierski, Grzegorz <gponikie@akamai.com<mailto:gponikie@akamai.com>> wrote: I thought about simple web form available only for logged users of RIPE Atlas. In this way all private data are hidden and RIPE can rate limit usage of the form. Message itself can be send to probe's owner via email from RIPE Atlas infra so sender identity also can be hidden. If somebody wants to switch to email communication then form can also be used to exchange email addresses. Regards, Grzegorz From: Martin Boissonneault <ve2mrx@hotmail.com<mailto:ve2mrx@hotmail.com>> Date: Monday 2019-04-22 at 02:25 To: Carsten Schiefner <carsten@schiefner.de<mailto:carsten@schiefner.de>> Cc: "ripe-atlas@ripe.net<mailto:ripe-atlas@ripe.net>" <ripe-atlas@ripe.net<mailto:ripe-atlas@ripe.net>> Subject: Re: [atlas] Communication with probes' owners The best might be for RIPE to contact the owner when the records don't match what is detected from the probe? Some method to trigger a check could be added to the probe's profile, and there would not be ANY chance of email abuse by throwaway accounts? Allowing users to contact probe owners has to be VERY well made to avoid all sorts of attacks and spam! Martin Boissonneault Sent from my iPhone On Apr 21, 2019, at 18:14, Carsten Schiefner <carsten@schiefner.de<mailto:carsten@schiefner.de>> wrote: Am 21.04.2019 um 19:59 schrieb Dave . <gboonie@gmail.com<mailto:gboonie@gmail.com>>: If this gets implemented, please add a checkbox where one can indicate whether one is a user or also can get things fixed in the AS where your probe is connected. Makes sense to me: +1. Would then a reminder every 1/2/3 month[s] make sense that this is (still) the case aka. this flag to be set? As the probe’s circumstances may change... Op vr 19 apr. 2019 om 12:37 schreef Paolo Pozzan <paolo.pozzan@telemar.it<mailto:paolo.pozzan@telemar.it>>: It seems a good idea. I don't think this will be abused and in case it would be easy to point out the spammers. Would this be useful also for other kind of messages? Paolo
On 2019-04-23 13:10, Ponikierski, Grzegorz wrote:
I thought about simple web form available only for logged users of RIPE Atlas. In this way all private data are hidden and RIPE can rate limit usage of the form. Message itself can be send to probe's owner via email from RIPE Atlas infra so sender identity also can be hidden. If somebody wants to switch to email communication then form can also be used to exchange email addresses.
Regards,
Grzegorz
Hi, I agree that allowing RIPE Atlas users to send messages to probe hosts would be a useful feature. I also think that requiring someone to log in first before sending a message to the probe hosts is a sufficiently high bar against systematic abuse (to begin with -- we can be stricter later if needed). I can imagine the form also having a feature to let the original sender expose her email to the recipient to facilitate further communication. Regards, Robert
Thanks everybody for comments and interest :) When it comes to security and spammers I think that you can approach to it like to any PM feature available on any message board. I think it's natural for any community to be able to communicate with each other. After all RIPE Atlas is a community of networking geeks/nerds/engineers who like to measure the Internet and share resources with others. Sometimes we just need to exchange some info to get help and mailing lists is not always the best way to do it. I don't think it's a serious security threat but I also find comments from Martin Boissonneault quite helpful to build something as much secure as possible without excessive complexity. When it comes to location of probes, Steve Gibbard probably described the real problem more precisely than me. The goal is to get reliable data about probes location and this is for sure important for all RIPE Atlas users. One way is to poke people manually and it's OK if you have to do it once per few months but it would be better to get more automated detection mechanism for that. Steve uses IP geolocation which has its limitations (I know probes with IPs from country X but they are properly deployed and described in country Y on different continent). I personally visualize distance from probe to target and compare it with RTT and hops but it's still not fully automated and still can be tricky and requires additional checks. So open question is: How to reliably verify location of probes OR How to motivate RIPE Atlas users to provide valid locations and keep it up-to-date? Regards, Grzegorz From: Robert Kisteleki <robert@ripe.net> Organization: RIPE NCC Date: Wednesday 2019-04-24 at 10:43 To: "ripe-atlas@ripe.net" <ripe-atlas@ripe.net> Subject: Re: [atlas] Communication with probes' owners On 2019-04-23 13:10, Ponikierski, Grzegorz wrote: I thought about simple web form available only for logged users of RIPE Atlas. In this way all private data are hidden and RIPE can rate limit usage of the form. Message itself can be send to probe's owner via email from RIPE Atlas infra so sender identity also can be hidden. If somebody wants to switch to email communication then form can also be used to exchange email addresses. Regards, Grzegorz Hi, I agree that allowing RIPE Atlas users to send messages to probe hosts would be a useful feature. I also think that requiring someone to log in first before sending a message to the probe hosts is a sufficiently high bar against systematic abuse (to begin with -- we can be stricter later if needed). I can imagine the form also having a feature to let the original sender expose her email to the recipient to facilitate further communication. Regards, Robert
On 24/04/2019 19:20, Ponikierski, Grzegorz wrote:
Thanks everybody for comments and interest :)
When it comes to security and spammers I think that you can approach to it like to any PM feature available on any message board. I think it's natural for any community to be able to communicate with each other. After all RIPE Atlas is a community of networking geeks/nerds/engineers who like to measure the Internet and share resources with others. Sometimes we just need to exchange some info to get help and mailing lists is not always the best way to do it. I don't think it's a serious security threat but I also find comments from Martin Boissonneault quite helpful to build something as much secure as possible without excessive complexity.
When it comes to location of probes, Steve Gibbard probably described the real problem more precisely than me. The goal is to get reliable data about probes location and this is for sure important for all RIPE Atlas users. One way is to poke people manually and it's OK if you have
As someone who uses RIPE Atlas at scale, i fully agree. Probe location accuracy is an important data quality issue in RIPE Atlas. Wrongly located probes are a big source of weirdness in things like ixp-country-jedi ( https://www.ripe.net/analyse/internet-measurements/ixp-country-jedi ).
to do it once per few months but it would be better to get more automated detection mechanism for that. Steve uses IP geolocation which has its limitations (I know probes with IPs from country X but they are properly deployed and described in country Y on different continent). I personally visualize distance from probe to target and compare it with RTT and hops but it's still not fully automated and still can be tricky and requires additional checks.
I've also seen the limitations of (Maxmind) geolocation. and i would say it's very hard to find good guidelines on when Maxmind geolocation is better or worse then what probe hosts provide.
So open question is: How to reliably verify location of probes OR How to motivate RIPE Atlas users to provide valid locations and keep it up-to-date?
What i've seen for many cases of incorrectly geolocated probes is that this was caused by probes being physically moved (because the person hosting the probe moved to a different city, possibly country). One thing i've briefly looked into is if we can use a change of ASN that we see the probe in as an indicator that the probe host should be sent a reminder to check if the probes geolocation is still correct. This turned out messier then i thought (too many probes seem to cycle through two or more ASNs), but we can revisit this idea and see if we can make this work as part of a process to counter wrongly geolocated probes. Another thing i looked into is using similarity between probes as an indicator of wrong geolocation. Intuition is that if 2 probes see the same IP path to a destination, they are probably topologically close to each other, which typically means they are physically close (but not always, eg. tunnels). So if we see 2 probes that are topologically close, but physically very distant, that probably means either a wrong geolocation or an 'interesting' setup of one of the probes. See table 1 (and text below) of https://archive.psg.com/170602.anrw17-paper9.pdf hope this helps, Emile
Please no automatic nag emails. On Sun, Apr 21, 2019, 3:14 PM Carsten Schiefner <carsten@schiefner.de> wrote:
Am 21.04.2019 um 19:59 schrieb Dave . <gboonie@gmail.com>: If this gets implemented, please add a checkbox where one can indicate whether one is a user or also can get things fixed in the AS where your probe is connected. Makes sense to me: +1.
Would then a reminder every 1/2/3 month[s] make sense that this is (still) the case aka. this flag to be set?
As the probe’s circumstances may change...
Op vr 19 apr. 2019 om 12:37 schreef Paolo Pozzan <paolo.pozzan@telemar.it
:
It seems a good idea. I don't think this will be abused and in case it would be easy to point out the spammers. Would this be useful also for other kind of messages?
Paolo
participants (9)
-
Carsten Schiefner -
Christian Kuhtz -
Dave . -
Emile Aben -
Martin Boissonneault -
Paolo Pozzan -
Ponikierski, Grzegorz -
Robert Kisteleki -
scg@gibbard.org