On Thu, 25 Apr 2019 16:45:18 +0200 JORDI PALET MARTINEZ via anti-abuse-wg <anti-abuse-wg@ripe.net> wrote: > I will rather prefer an IETF standard for abuse reporting ... already > thought about starting it several times ... sooner or later I will > write down something, so may be some other people interested to > co-author? > Regards, > Jordi > I have been thinking around the same lines as then I can add the protocols in the initial PS to also include the resolver library use case i mentioned, - unless it gets kicked in the maturity track :) i kinda like the idea of using a dnsl in a two way for reporting as well, I think it is sliced bread good :)
ietf/rfc/ps: you will recall that i already started talking about a definition of abuse a while ago (in this group, i think... - the idea then was the rfc route...) anyhoo, mail me off list when/if we do this :) Kind Regards Andre > El 25/4/19 16:14, "anti-abuse-wg en nombre de ac" > <anti-abuse-wg-boun...@ripe.net en nombre de a...@main.me> escribió: > > On Thu, 25 Apr 2019 14:06:39 +0200 > JORDI PALET MARTINEZ via anti-abuse-wg <anti-abuse-wg@ripe.net> > wrote: > > Reading the article in a minute ! > > However, as an information pointer I've some data ... > > I've an VM with asterisk at home, and every day I've to ban (I > > use fail2ban to do it automatically after 3 failed attempts > > from the same IP), average about 20 IPs attempting to use my > > SIP service to my provider. This turns into 100 per day in the > > office (average). Of course, if they succeed, they can make > > "free" calls that I need to pay from my pocket ... So, I report > > automatically those attempts (once banned), including the logs, > > to the abuse contacts of the IP holder. > > Some of them just don't care, unfortunately, as many abuse > > contacts, just don't work, or the mailboxes aren't being read, > > or they respond that you must fill in a form. > > Regards, > > Jordi > > > this is something very worthy of discussion, listing services has > always existed for dynamic blocks, email abuse, bad neighborhood > etc etc - and these lists are reflected/delivered/offered as rbl, > dnsbl, wrbl, text, sql, etc etc - imho, the latest trends are weird > as the generic lists are becoming too generic and specific or > specialisation is the "next big thingTM" - as in not unicorny big but > tech useful (mostly free) big... As an example of this, an combined > email rbl (which also contains certain dynamic ranges known for not > filtering egress, would be completely (or mostly) useless for > filtering IP on SIP (or even brute) and a comment form rbl would be > well suited for iptables on a web server... > > My latest new and shiny big idea is: > > I have an idea and a plan to dev a dynamic ip use dnsl which will > return a flag on query... > > The idea is that any device would receive a code when query a RR > > The result on query would be multi digit and reflect the known > data for that resource (examples: User Dynamic/Static - Abuse > Reported Y/N - Port of abuse (all(dul)/21/22/25/53/80/443/etc) - > Resource holder responsive Y/N - etc etc etc > > The further idea is to have exchangeable data streams so that the > query (as well as the IPv4/6 of the query) becomes a data > provider and then the reporting can be automated (or not) depending > on the resource holder itself... > > What do you think? > > Kind Regards > > Andre > > > > > > ********************************************** > IPv4 is over > Are you ready for the new Internet ? > http://www.theipv6company.com > The IPv6 Company > > This electronic message contains information which may be privileged > or confidential. The information is intended to be for the exclusive > use of the individual(s) named above and further non-explicilty > authorized disclosure, copying, distribution or use of the contents > of this information, even if partially, including attached files, is > strictly prohibited and will be considered a criminal offense. If you > are not the intended recipient be aware that any disclosure, copying, > distribution or use of the contents of this information, even if > partially, including attached files, is strictly prohibited, will be > considered a criminal offense, so you must reply to the original > sender to inform about this communication and delete it. > > > > >
