Hi Gert, Daniel, > On 4 Aug 2024, at 15:00, Gert Doering <[email protected]> wrote: > > Hi, > > On Sun, Aug 04, 2024 at 01:46:07PM +0200, Daniel Suchy wrote: >> In my case, I also missed any notification about "malicious" activity to >> registered abuse contact. I think this should be part of process in case at >> least when subnet (more than single host) is blocked. Automatically >> generated notification is sufficient here. I think is good to know about >> such issues from network-operator perspective. Even if it will be an opt-in >> (but I think good operator takes care about similar events in its network). > > Indeed, that sounds like an idea to spend some thoughts on - if the RIPE DB > blocks "something" for AUP violation, send "suitable" notifications. >
Is there any action for the abuse contact to take in this situation? I think it is more about educating the end user about why they have been blocked. We already inform the user in the query response why their request has been blocked, and explain in our documentation: https://apps.db.ripe.net/docs/FAQ/#why-did-i-receive-an-error-201-access-denied Very few end users will repeatedly exceed the query limit (i.e. we temporarily block 100's of IPs daily, but permanently block 10-20 IPs, out of millions of source IPs daily). If users can resolve the situation themselves, is there a need to also notify the abuse contact? Regards Ed Shryane RIPE NCC ----- To unsubscribe from this mailing list or change your subscription options, please visit: https://mailman.ripe.net/mailman3/lists/db-wg.ripe.net/ As we have migrated to Mailman 3, you will need to create an account with the email matching your subscription before you can change your settings. More details at: https://www.ripe.net/membership/mail/mailman-3-migration/
