Hi,
the whole problem arises from the fact that you replace the term IP
address with end user site. These are two different terms with different
meanings.
Yes, notification for each IP(v4,v6) address will generated unwanted
noise. You can hit whois AUP limits just by programming error and end
user will see this and can take corresponding action.
I was talking about "escallations" - situations where someone
deliberately tries to break through the AUP limits with the aim of
scraping the database. A situation where the blocking of not individual
addresses is attempted, but the entire subnet (end user site) is
blocked. In this case I think infrastructure administrator should also
be aware. In this case, the problem is unlikely to correct itself.
- Daniel
On 8/5/24 11:53 AM, Edward Shryane wrote:
Hi Gert, Daniel,
On 4 Aug 2024, at 15:00, Gert Doering <[email protected]> wrote:
Hi,
On Sun, Aug 04, 2024 at 01:46:07PM +0200, Daniel Suchy wrote:
In my case, I also missed any notification about "malicious" activity to
registered abuse contact. I think this should be part of process in case at
least when subnet (more than single host) is blocked. Automatically
generated notification is sufficient here. I think is good to know about
such issues from network-operator perspective. Even if it will be an opt-in
(but I think good operator takes care about similar events in its network).
Indeed, that sounds like an idea to spend some thoughts on - if the RIPE DB
blocks "something" for AUP violation, send "suitable" notifications.
Is there any action for the abuse contact to take in this situation? I think it
is more about educating the end user about why they have been blocked.
We already inform the user in the query response why their request has been
blocked, and explain in our documentation:
https://apps.db.ripe.net/docs/FAQ/#why-did-i-receive-an-error-201-access-denied
Very few end users will repeatedly exceed the query limit (i.e. we temporarily
block 100's of IPs daily, but permanently block 10-20 IPs, out of millions of
source IPs daily).
If users can resolve the situation themselves, is there a need to also notify
the abuse contact?
Regards
Ed Shryane
RIPE NCC
-----
To unsubscribe from this mailing list or change your subscription options,
please visit: https://mailman.ripe.net/mailman3/lists/db-wg.ripe.net/
As we have migrated to Mailman 3, you will need to create an account with the email matching your subscription before you can change your settings.
More details at: https://www.ripe.net/membership/mail/mailman-3-migration/
