from:"Fi Shing"

Re: [anti-abuse-wg] AS24961 myLoc managed IT AG, uadns.com, ledl.net, and non-disclosing registries

2020-02-22 Thread Fi Shing

Upon determining the upstream peers of AS24961, complain to those upstream 
peers:
 
https://bgp.he.net/AS24961#_graph4
 
and ask them to provide the contract between themselves and AS24961 so you can 
find which section of the contract is violated, then complaint to the upstream 
peer head office.
 
 
- Original Message - Subject: [anti-abuse-wg] AS24961 myLoc 
managed IT AG, uadns.com, ledl.net, and non-disclosing registries
From: "Hans-Martin Mosner" 
Date: 2/19/20 6:18 pm
To: "anti-abuse-wg@ripe.net" 

AS24961 (RIPE NCC member myLoc managed IT AG) continues to host one persistent 
spam sender years after years. I have
 complained to them a number of times, with no noticeable effect.
 
 The sender is recognizable by characteristics of their domain names and local 
parts, and most importantly by their DNS
 service, which is always uadns.com. Would be easy to deny them service if 
myLoc wanted to.
 
 Domain registrations are most often done via Ledl.net GmbH (RIPE NCC member).
 
 Registries DENIC eG (RIPE NCC member), EURid vzw (RIPE NCC member), nic.at 
GmbH (RIPE NCC member) willingly accept
 registrations that have most likely fake data (which I can't check because 
these data are conveniently not disclosed,
 although they very likely describe a commercial entity and not existing 
private persons and are therefore not subject to
 GDPR protections.)
 
 Excuse me while I vomit a little.
 
 I know that this working group is not responsible for handling individual 
cases of abuse, so my intention is not to get
 a solution (which I already did via nullrouting that AS) but to understand how 
persistent abuse-enabling entities can
 act unhindered without any clear escalation path. Effectively extracting the 
last rotten tooth "ICANN Whois Inaccuracy
 Complaint" by hiding all registration data so that an inaccuracy check is made 
impossible didn't help much...
 
 Cheers,
 Hans-Martin

Re: [anti-abuse-wg] Reporting abuse to OVH -- don't bother

2020-02-12 Thread Fi Shing

All OVH and DigitalOcean abuse reports must be submitted via the abuse 
reporting forms on the website, or they won't be actioned:
 
https://www.ovh.com/world/abuse/
 
https://www.digitalocean.com/company/contact/abuse/
 
 
- Original Message - Subject: Re: [anti-abuse-wg] Reporting 
abuse to OVH -- don't bother
From: "Alessandro Vesely" 
Date: 2/12/20 11:16 pm
To: "anti-abuse-wg@ripe.net" 

On Wed 12/Feb/2020 09:51:22 +0100 Ronald F. Guilmette wrote:
 > The RIPE WHOIS data base says that the abose contact for AS16276 is
 > ab...@ovh.net.
 > 
 > It would appear thet the folks at OVH haven't yet quite figured how
 > this whole email thing works.
 > 
 > Give them time. Another decade or two and they should have it down pat.
 
 
 +1, X-VR-SPAMCAUSE looks particularly appealing...
 
 Best
 Ale
 
 
 
  Forwarded Message 
 Subject: failure notice
 Date: 12 Feb 2020 06:18:04 +0200
 From: mailer-dae...@mx1.ovh.net
 To: ab...@tana.it
 
 Hi. This is the qmail-send program at mx1.ovh.net.
 I'm afraid I wasn't able to deliver your message to the following addresses.
 This is a permanent error; I've given up. Sorry it didn't work out.
 
 :
 user does not exist, but will deliver to 
/homez.12/vpopmail/domains/ovh.net/abuse/
 can not open new email file errno=2 
file=/homez.12/vpopmail/domains/ovh.net/abuse/Maildir/tmp/1581481084.9867.mail660.ha.ovh.net,S=4191
 system error
 
 --- Below this line is a copy of the message.
 
 Return-Path: 
 Received: from localhost (HELO queue) (127.0.0.1)
 by localhost with SMTP; 12 Feb 2020 06:18:04 +0200
 Received: from unknown (HELO output25.mail.ovh.net) (10.108.117.188)
 by mail660.ha.ovh.net with AES256-GCM-SHA384 encrypted SMTP; 12 Feb 2020 
06:18:04 +0200
 Received: from vr26.mail.ovh.net (unknown [10.101.8.26])
 by out25.mail.ovh.net (Postfix) with ESMTP id 48HRFm0K5Sz7P6Fd8
 for ; Wed, 12 Feb 2020 04:18:04 + (UTC)
 Received: from in14.mail.ovh.net (unknown [10.101.4.14])
 by vr26.mail.ovh.net (Postfix) with ESMTP id 48HRFf6fgNzrQV85
 for ; Wed, 12 Feb 2020 04:17:58 + (UTC)
 Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=62.94.243.226; 
helo=wmail.tana.it; envelope-from=ab...@tana.it; receiver=ab...@ovh.net 
Authentication-Results: in14.mail.ovh.net;
 dkim=pass (1152-bit key; unprotected) header.d=tana.it header.i=@tana.it 
header.b="DSzDkiE5";
 dkim-atps=neutral
 Received: from wmail.tana.it (wmail.tana.it [62.94.243.226])
 by in14.mail.ovh.net (Postfix) with ESMTPS id 48HRFf5rYcz1qqm5
 for ; Wed, 12 Feb 2020 04:17:58 + (UTC)
 Received: from localhost (localhost [127.0.0.1])
 (uid 1000)
 by wmail.tana.it with local
 id 005DC0BE.5E437C70.6938; Wed, 12 Feb 2020 05:17:51 +0100
 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tana.it; s=delta;
 t=1581481072; bh=hqA0axQ0F0EZuKcuD4BJM7lec22phleodccLJFRo7js=;
 l=1187; h=From:To:Date;
 b=DSzDkiE5M2E2RHdufCjt/pvL8szxXfCQCiPcYrJMYxbHDSM6/qNrHDy0JZwW3HfQG
 jvGk5T7PlE7c6dBvfNjmQl2Z0yTpvjOVufBM6xGVi3WEzkPUb2Wpr0b6oW/Ptan3/d
 d81pOjTCPaAxOXfx0G1t5PpotLEo0P48qxyNPtkGYVZoMp7kdUev7jtac9Jcq
 Authentication-Results: tana.it; auth=pass (details omitted)
 X-mmdbcountrylookup: FR
 From: "tana.it" 
 To: ab...@ovh.net
 Date: Wed, 12 Feb 2020 05:17:51 +0100
 Subject: Mail server abuse by 188.165.221.36 on 11 February 2020
 Mime-Version: 1.0
 Content-Type: text/plain; charset=utf-8
 Content-Transfer-Encoding: 7bit
 X-Auto-Response-Suppress: DR, OOF, AutoReply
 Message-ID: 
 X-Ovh-Remote: 62.94.243.226 (wmail.tana.it)
 X-Ovh-Tracer-Id: 8968355709213900626
 X-VR-SPAMSTATE: OK
 X-VR-SPAMSCORE: 50
 X-VR-SPAMCAUSE: 
gggruggvucftvghtrhhoucdtuddrgedugedrieeggdeifecutefuodetggdotefrodftvfcurfhrohhfihhlvgemucfqggfjpdevjffgvefmvefgnecuuegrihhlohhuthemucehtddtnecuogfvvgigthfqnhhlhidqqdetfeejfedqtdegucdlhedtmdenucfjughrpefhvfffufggtgfgsehtjedttddttdejnecuhfhrohhmpedfthgrnhgrrdhithdfuceorggsuhhsvgesthgrnhgrrdhitheqnecuffhomhgrihhnpehtrghnrgdrihhtpdhrihhpvgdrnhgvthenucfkphepiedvrdelgedrvdegfedrvddvieenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhhouggvpehsmhhtphdphhgvlhhopehinhdugedrmhgrihhlrdhovhhhrdhnvghtpdhinhgvthepiedvrdelgedrvdegfedrvddviedpmhgrihhlfhhrohhmpegrsghushgvsehtrghnrgdrihhtpdhrtghpthhtoheprggsuhhsvgesohhvhhdrnhgvth
 X-Ovh-Spam-Status: OK
 X-Ovh-Spam-Reason: vr: OK; dkim: disabled; spf: disabled
 X-Ovh-Message-Type: OK
 
 Dear Abuse Team
 
 The following abusive behavior from IP address under your constituency
 188.165.221.36 has been detected:
 
 2020-02-11 11:39:25 CET, 188.165.221.36, old decay: 86400, prob: 34.72%, SMTP 
auth dictionary attack
 
 188.165.221.36 was caught 102 times since Fri May 18 01:42:13 2018
 
 original data from the mail log:
 2020-02-11 11:39:05 CET courieresmtpd: started,ip=[188.165.221.36],port=[58534]
 2020-02-11 11:39:05 CET courieresmtpd: started,ip=[188.165.221.36],port=[62026]
 2020-02-11 11:39:05 CET courieresmtpd: started,ip=[188.165.221.36],port=[63198]
 2020-02-11 11:39:25 CET courieresmtpd:

[anti-abuse-wg] AS48666 MAROSNET

2020-02-06 Thread Fi Shing

Regarding AS48666 MAROSNET Telecommunication Company LLC,
 Phishing URL: http://barrierfenceco[.]xyz/upd/
 IP: 178.159.36.182 
 Phishing URL: https://abbahaircareproducts[.]xyz/gsodjif/index.php 
 IP: 91.234.99.117 
  
 route: 91.234.99.0/24
descr: Client's network
descr: Russia, Moscow
origin: AS48666
mnt-by: MNT-MAROSNET
created: 2020-01-12T18:42:46Z
last-modified: 2020-01-12T18:42:46Z
source: RIPE
  
 route: 178.159.36.0/24
 descr: Client's network
 origin: AS48666
mnt-by: MAROSNET-MNT
created: 2016-10-26T15:40:48Z
last-modified: 2016-10-26T15:40:48Z
source: RIPE
  
  
 This provider has no publicly accessible website and is unreachable. The email 
address listed on RIPE as info at marosnet2.ru bounces.
 It is the provider of autonomous ranges, including that including IP 
178.159.36.182 and 91.234.99.117 which is being used to host a plethora of 
phishing websites. 
 https://ipinfo.io/AS48666 reveals AS48666 sub-lets to "Private Internet 
Hosting LTD" who has sub-let to the phisher themself.
 
 --

Re: [anti-abuse-wg] Periodic Reminder: List Conduct

2020-01-20 Thread Fi Shing

>> The point remains that there is a code of conduct and I am reminding 
>> everyone of it.
 
Great. Now if we can take this ^ ^ ^ and apply it to RIPE as a whole, then this 
group might be 50% of the way towards actually being an anti-abuse working 
group.
 
Otherwise, someone should move a motion on this group that the group be renamed 
to :
 
"Anti-Anti-abuse Working Group"
 
 
 
- Original Message - Subject: RE: [anti-abuse-wg] Periodic 
Reminder: List Conduct
From: "Brian Nisbet" 
Date: 1/20/20 8:19 pm
To: "Fi Shing" , "anti-abuse-wg@ripe.net" 


  Because they are two completely different things. 
  
 This is the RIPE Community, of which the RIPE NCC are the secretariat, amongst 
other things. The rules of conduct for this list and the wider community have 
nothing to do with the database, nor abuse verification nor any notion of 
Internet Police. 
  
 And honestly, you can attempt to find loopholes or argue nonsensical points of 
logic on this as much as you want. The point remains that there is a code of 
conduct and I am reminding everyone of it.
  
 Thank you,
  
 Brian
 Co-Chair, RIPE AA-WG
  
 Brian Nisbet
 Service Operations Manager
 HEAnet CLG, Ireland's National Education and Research Network
 1st Floor, 5 George's Dock, IFSC, Dublin D01 X8N7, Ireland
 +35316609040 brian.nis...@heanet.ie www.heanet.ie
 Registered in Ireland, No. 275301. CRA No. 20036270
  
From: anti-abuse-wg  On Behalf Of Fi Shing
 Sent: Saturday 18 January 2020 07:22
 To: anti-abuse-wg@ripe.net
 Subject: Re: [anti-abuse-wg] Periodic Reminder: List Conduct
 


  It appears you missed the point of my email.
 

 
How can you say rules apply to this list, but not RIPE itself?
 

 
Given the logic of many on this list:
 

 
 You are not the internet police, Some people may not agree with a rule, so 
therefore there are no rules at all, you, as an administrator enforcing this 
rule of "no personal attacks" would require you to open your emails, which is 
too much to ask of you as an administrator. 

  
 


 
 - Original Message -
  Subject: RE: [anti-abuse-wg] Periodic Reminder: List Conduct
 From: "Brian Nisbet" 
 Date: 1/17/20 10:42 pm
 To: "Fi Shing" , "anti-abuse-wg@ripe.net" 

  Honestly, you can disagree all you want, but there are rules of conduct in 
the RIPE community and on this list. My email served as a polite reminder of 
those rules. If a member of the list chooses not to follow them, then steps 
will be taken in regards to direct communication, then moderation of postings 
if it is felt necessary and on from there.
  
 The Co-Chairs would greatly prefer not to have to deal with any of this, nor 
impose any restrictions on engagement with the working group, but if we must, 
we must, because such attacks do not help the list discussion nor the policy 
development process.
  
 Thanks,
  
 Brian
 Co-Chair, RIPE AA-WG
  
 Brian Nisbet
 Service Operations Manager
 HEAnet CLG, Ireland's National Education and Research Network
 1st Floor, 5 George's Dock, IFSC, Dublin D01 X8N7, Ireland
 +35316609040 brian.nis...@heanet.ie  www.heanet.ie
 Registered in Ireland, No. 275301. CRA No. 20036270
  
From: anti-abuse-wg  On Behalf Of Fi Shing
 Sent: Friday 17 January 2020 11:33
 To:  anti-abuse-wg@ripe.net
 Subject: Re: [anti-abuse-wg] Periodic Reminder: List Conduct
 


  >> but we can tell you not to do it here, so please don't.
 

 
Well... no, i disagree.
 

 
Brian Nisbet, i would like to remind you, that ... You are not the Internet 
Police.
 

 
In fact, what you consider to be a rule, might not be something that every 
single person on this planet also considers to be a rule, and so therefore, we 
have no rules at all, nor is there any basis for you to impose any rules on 
this list such as that which you have said.
 

 
To enforce this rule of "no personal attacks", would require you to open you 
email and read it once every year. That is too much for RIPE to envisage. It's 
too much resources. It's something that no administrator such as you SHOULD 
HAVE TO DO.
 

 
So therefore, let us discuss, in meaningless circular fashion, similar to what 
you find inside an insane asylum, this idea of yours.
 

 

 

 
SOUND FAMILIAR, ANYONE?
 

 

 

 
 - Original Message -
  Subject: [anti-abuse-wg] Periodic Reminder: List Conduct
 From: "Brian Nisbet" 
 Date: 1/17/20 8:23 pm
 To: "anti-abuse-wg@ripe.net" 
 
 Colleagues,
 
 It seems that at some point in every large list discussion I am compelled to 
send a mail of this type. This is not in response to any single mail, rather it 
is a reminder to all.
 
 Please remember to conduct yourselves well on this list, to discuss the matter 
at hand and not to attack the person writing the email. Most of the list 
discussion takes place in the appropriate manner, but I realise that when we're 
discussin

Re: [anti-abuse-wg] Periodic Reminder: List Conduct

2020-01-17 Thread Fi Shing

It appears you missed the point of my email.
 
How can you say rules apply to this list, but not RIPE itself?
 
Given the logic of many on this list:
 
 
+ You are not the internet police, 
+ Some people may not agree with a rule, so therefore there are no rules at 
all, 
+ you, as an administrator enforcing this rule of "no personal attacks" would 
require you to open your emails, which is too much to ask of you as an 
administrator. 

  

 
- Original Message - Subject: RE: [anti-abuse-wg] Periodic 
Reminder: List Conduct
From: "Brian Nisbet" 
Date: 1/17/20 10:42 pm
To: "Fi Shing" , "anti-abuse-wg@ripe.net" 


  Honestly, you can disagree all you want, but there are rules of conduct in 
the RIPE community and on this list. My email served as a polite reminder of 
those rules. If a member of the list chooses not to follow them, then steps 
will be taken in regards to direct communication, then moderation of postings 
if it is felt necessary and on from there.
  
 The Co-Chairs would greatly prefer not to have to deal with any of this, nor 
impose any restrictions on engagement with the working group, but if we must, 
we must, because such attacks do not help the list discussion nor the policy 
development process.
  
 Thanks,
  
 Brian
 Co-Chair, RIPE AA-WG
  
 Brian Nisbet
 Service Operations Manager
 HEAnet CLG, Ireland's National Education and Research Network
 1st Floor, 5 George's Dock, IFSC, Dublin D01 X8N7, Ireland
 +35316609040 brian.nis...@heanet.ie www.heanet.ie
 Registered in Ireland, No. 275301. CRA No. 20036270
  
    From: anti-abuse-wg  On Behalf Of Fi Shing
 Sent: Friday 17 January 2020 11:33
 To: anti-abuse-wg@ripe.net
 Subject: Re: [anti-abuse-wg] Periodic Reminder: List Conduct
 


  >> but we can tell you not to do it here, so please don't.
 

 
Well... no, i disagree.
 

 
Brian Nisbet, i would like to remind you, that ... You are not the Internet 
Police.
 

 
In fact, what you consider to be a rule, might not be something that every 
single person on this planet also considers to be a rule, and so therefore, we 
have no rules at all, nor is there any basis for you to impose any rules on 
this list such as that which you have said.
 

 
To enforce this rule of "no personal attacks", would require you to open you 
email and read it once every year. That is too much for RIPE to envisage. It's 
too much resources. It's something that no administrator such as you SHOULD 
HAVE TO DO.
 

 
So therefore, let us discuss, in meaningless circular fashion, similar to what 
you find inside an insane asylum, this idea of yours.
 

 

 

 
SOUND FAMILIAR, ANYONE?
 

 

 

 
 - Original Message -
  Subject: [anti-abuse-wg] Periodic Reminder: List Conduct
 From: "Brian Nisbet" 
 Date: 1/17/20 8:23 pm
 To: "anti-abuse-wg@ripe.net" 
 
 Colleagues,
 
 It seems that at some point in every large list discussion I am compelled to 
send a mail of this type. This is not in response to any single mail, rather it 
is a reminder to all.
 
 Please remember to conduct yourselves well on this list, to discuss the matter 
at hand and not to attack the person writing the email. Most of the list 
discussion takes place in the appropriate manner, but I realise that when we're 
discussing matters about which any of us are passionate we can forget this.
 
 Ad hominem attacks, general slights, unfounded accusations, and many other 
things do not contribute to the list discussion. The Co-Chairs can't tell you 
not to send them by private mail (albeit we'd greatly prefer you didn't) nor to 
act in this manner in other for a (albeit we'd prefer if you didn't do that 
either), but we can tell you not to do it here, so please don't.
 
 Thank you all for your interest and passion for this subject.
 
 Brian
 Co-Chair, RIPE AA-WG
 
 Brian Nisbet 
 Service Operations Manager
 HEAnet CLG, Ireland's National Education and Research Network
 1st Floor, 5 George's Dock, IFSC, Dublin D01 X8N7, Ireland
 +35316609040 brian.nis...@heanet.ie  www.heanet.ie
 Registered in Ireland, No. 275301. CRA No. 20036270

Re: [anti-abuse-wg] Periodic Reminder: List Conduct

2020-01-17 Thread Fi Shing

>> but we can tell you not to do it here, so please don't.
 
Well... no, i disagree.
 
Brian Nisbet, i would like to remind you, that ... You are not the Internet 
Police.
 
In fact, what you consider to be a rule, might not be something that every 
single person on this planet also considers to be a rule, and so therefore, we 
have no rules at all, nor is there any basis for you to impose any rules on 
this list such as that which you have said.
 
To enforce this rule of "no personal attacks", would require you to open you 
email and read it once every year. That is too much for RIPE to envisage. It's 
too much resources. It's something that no administrator such as you SHOULD 
HAVE TO DO.
 
So therefore, let us discuss, in meaningless circular fashion, similar to what 
you find inside an insane asylum, this idea of yours.
 
 
 
SOUND FAMILIAR, ANYONE?
 
 
 
- Original Message - Subject: [anti-abuse-wg] Periodic 
Reminder: List Conduct
From: "Brian Nisbet" 
Date: 1/17/20 8:23 pm
To: "anti-abuse-wg@ripe.net" 

Colleagues,
 
 It seems that at some point in every large list discussion I am compelled to 
send a mail of this type. This is not in response to any single mail, rather it 
is a reminder to all.
 
 Please remember to conduct yourselves well on this list, to discuss the matter 
at hand and not to attack the person writing the email. Most of the list 
discussion takes place in the appropriate manner, but I realise that when we're 
discussing matters about which any of us are passionate we can forget this.
 
 Ad hominem attacks, general slights, unfounded accusations, and many other 
things do not contribute to the list discussion. The Co-Chairs can't tell you 
not to send them by private mail (albeit we'd greatly prefer you didn't) nor to 
act in this manner in other for a (albeit we'd prefer if you didn't do that 
either), but we can tell you not to do it here, so please don't.
 
 Thank you all for your interest and passion for this subject.
 
 Brian
 Co-Chair, RIPE AA-WG
 
 Brian Nisbet 
 Service Operations Manager
 HEAnet CLG, Ireland's National Education and Research Network
 1st Floor, 5 George's Dock, IFSC, Dublin D01 X8N7, Ireland
 +35316609040 brian.nis...@heanet.ie www.heanet.ie
 Registered in Ireland, No. 275301. CRA No. 20036270

Re: [anti-abuse-wg] @EXT: RE: working in new version of 2019-04 (Validation of "abuse-mailbox")

2020-01-16 Thread Fi Shing

 
Your email presumes that an "ombudsman" model would resolve an issue.
 
If a person has dedicated themselves to controlling a 200,000 strong botnet and 
sending spam emails through unauthorised access etc. what is sending them a 
fancy piece of paper or an email "asking them to be nice" going to do?
 
For example, there are 3 types of phishing websites:
 
1) Outright false domain name,
2) hacked server, using legitimate domain name,
3) free website sign-up
 
Which of these would it be appropriate to ask the criminal to behave through a 
letter or email?
 
In reality, none of them, because the phisher has hacked the server, dumped the 
phishing website template and left, never to return.
 
The service needs to be suspended, as the server owner cannot expect:
 
1) a customer to know how to fix the security vulnerability,
2) the customer to log in to their email within the next day, week or even 
month, it might take them years to log in.
3) the criminal not to control the customers email also etc.
 
 
Often when reporting phishing websites, the response from ISP is "I have 
notified the customer to investigate."
 
The question then is, in which instance would it be appropriate to ask nicely 
of a customer? I can't think of any examples.
 
You are like the United Nations... "North Korea, you are killing 2 million 
people in concentration camps, so we are asking nicely and going to send you a 
piece of paper expressing how bad it is."
 
I'm sure North Korea really cares!
 
 
 
 
 
 
 
- Original Message - Subject: Re: [anti-abuse-wg] @EXT: RE: 
working in new version of 2019-04 (Validation of "abuse-mailbox")
From: "Volker Greimann" 
Date: 1/17/20 2:03 am
To: "anti-abuse-wg@ripe.net" 

 Hi Jordi, 
 your example seems a bit off though. If your contract is with your ISP and you 
need to complain to them, why would you complain to another ISP you have no 
contract with?
 I agree that current GDPR implementations may impact the contactibility of the 
customer, but that can be improved in GDPR-compliant manners that do not 
require playing chinese whispers down the chain. 
 Not objecting to your 3. but you need to consider it may not be the 
contractual partner acting against the contract. They may be a victim as well, 
and therefore enforcing any actions against them may be unproductive. Would you 
shut down Google.com because of one link to a site violating third party rights?
 Best,
 Volker
 Am 16.01.2020 um 15:52 schrieb JORDI PALET MARTINEZ via anti-abuse-wg:
  Hi Volker,
  
 I don't agree with that, because:
  I believe the electricity sample I provided proves otherwise. My contract is 
with the electricity provider (the Internet provider), so I need to complain to 
them and they need to follow the chain. For a victim, to complain directly to 
the customer (not the operator), will need to know the data of the “abuser” 
which may be protected by GDPR. Customers sign a contract with the operator. 
The contract must have clear conditions (AUP) about the appropriate use of the 
network. If you act against that contract, the problem is with the operator, 
not victims. 

  
  By the way, if an operator has a badly designed AUP, either they are doing a 
bad job, or they have *no interest* in acting against abuses.
  
 Regards,
 Jordi
 @jordipalet
  
 
 
  
   El 16/1/20 15:44, "anti-abuse-wg en nombre de Volker Greimann" 
 
escribi:
 


 
Obviously every user should lock their doors / protect themselves against 
fraud. I am just saying that the ability of many service providers to curtail 
abuse of their system (without impacting legitimate uses) is very limited as it 
may not their customers doing the abusing and any targeted action against those 
customers themselvesd would be inappropriate and affect many legitimate users 
of their services.
 At what point should a network service provider remove privileges from a 
customer that is himself being abused but is technically unable to deal with it 
properly? Would the complaint not be better directed at that customer, not the 
provider, since they are the ones that can resolve this issue in a more 
targetted and appropriate manner? How does the service provider differentiate 
between a customer that is abusing vs one that is being abused?  Deputising the 
service providers will not necessarily solve the problems, and possibly create 
many new ones.
 In the domain industry, we were required to provide an abuse contact, however 
the reports we get to that address usually deal with issues we cannot do much 
about other than pulling or deactivating the domain name, which is usually the 
nuclear option. So we spend our time forwarding abuse mails to our customers 
that the complainant should have sent to the customer directly.
 Best,
 volker
 
  Am 16.01.2020 um 15:16 schrieb Serge Droz via anti-abuse-wg:
 
 Hi Volker   On 16/01/2020 15:03, Volker Greimann wrote:  isn't making the 
world (and the internet) first and foremost a job of law enforcement

Re: [anti-abuse-wg] working in new version of 2019-04 (Validation of "abuse-mailbox")

2020-01-15 Thread Fi Shing

>> Best not to judge the race until it has been fully run.

I just do not understand how anyone on this list (other than a criminal or a 
business owner that wants to reduce over heads by abolishing an employee who 
has to sit and monitor an abuse desk) could be talking about making it easier 
for abuse to flourish.

It is idiotic and is not ad hominem.

This list is filled with people who argue for weeks, perhaps months, about the 
catastrophic world ending dangers of making an admin verify an abuse address 
ONCE a year  and then someone says "let's abolish abuse desk all together" 
and these idiots emerge from the wood work like the termites that they are and 
there's no resistance?

The good news is that nothing talked about on this list is ever implemented, so 
.. talk away you criminals.

- Original Message - Subject: Re: [anti-abuse-wg] working in 
new version of 2019-04 (Validation of "abuse-mailbox")
From: "Ronald F. Guilmette" 
Date: 1/16/20 11:47 am
To: "anti-abuse-wg@ripe.net" 

In message <20200115155949.af7f9f79718891d8e76b551cf73e1563.e548b98006.mailapi@
 email19.asia.godaddy.com>, "Fi Shing"  wrote:

 >That is the most stupid thing i've read on this list.

 Well, I think you shouldn't be quite so harsh in your judgement. It is
 not immediately apparent that you have been on the list for all that long.
 So perhaps you should stick around for awhile longer before making such
 comments. If you do, I feel sure that there will be any number of
 stupider things that may come to your attention, including even a few
 from your's truly.

 Best not to judge the race until it has been fully run.

 >Which criminal is paying you to say this nonsense, because no ordinary person
 >that has ever received a spam email would ever say such crap.

 I would also offer the suggestion that such inartful commentary, being as
 it is, ad hominem, is not at all likely to advance your agenda. It may
 have felt good, but I doubt that you have changed a single mind, other
 than perhaps one or two who will now be persuaded to take the opposing
 position, relative to whatever it was that you had hoped to achieve.

 Regards,
 rfg

Re: [anti-abuse-wg] working in new version of 2019-04 (Validation of "abuse-mailbox")

2020-01-15 Thread Fi Shing

correction: year 2020*

- Original Message - Subject: Re: [anti-abuse-wg] working in 
new version of 2019-04 (Validation of "abuse-mailbox")
From: "Fi Shing" 
Date: 1/16/20 10:03 am
To: "anti-abuse-wg@ripe.net" 

 Sergio, that would make too much sense.

This mailing list is not only not even considering what you have said, but they 
are trying to remove the requirement of a network operator to even receive 
emails about complaints at all.

Pathetic.

It's the year 2019, and these "people" on this list (probably cyber criminals 
or are paid by cyber criminals to weaken policy) come here and say this garbage.

- Original Message - Subject: Re: [anti-abuse-wg] working in 
new version of 2019-04 (Validation of "abuse-mailbox")
From: "Srgio Rocha" 
Date: 1/15/20 8:16 pm
To: "anti-abuse-wg" 

Hi,

 Maybe we can change the approach.
 If RIPE website had a platform to post abuse report, that send the email for
 the abuse contact, it will be possible to evaluate the responsiveness of the
 abuse contact.

 This way anyone that report an abuse could assess not only the response but
 also the effectiveness of the actions taken by the network owner. After some
 time with this evaluations we would easy to realize who manages the reports
 and even who does not respond at all.

 Srgio 

 -Original Message-
 From: anti-abuse-wg [mailto:anti-abuse-wg-boun...@ripe.net] On Behalf Of
 Gert Doering
 Sent: 15 de janeiro de 2020 08:06
 To: Carlos Friaas 
 Cc: Gert Doering ; anti-abuse-wg 
 Subject: Re: [anti-abuse-wg] working in new version of 2019-04 (Validation
 of "abuse-mailbox")

 Hi,

 On Wed, Jan 15, 2020 at 07:23:38AM +, Carlos Friaas via 
anti-abuse-wg
 wrote:
 > I obviously don't speak for the incident handling community, but i 
 > think this (making it optional) would be a serious step back. The 
 > current situation is already very bad when in some cases we know from 
 > the start that we are sending (automated) messages/notices to blackholes.

 So why is it preferrable to send mails which are not acted on, as opposed to
 "not send mail because you know beforehand that the other network is not
 interested"?

 I can see that it is frustrating - but I still cannot support a policy
 change which will not help dealing with irresponsible networks in any way,
 but at the same time increases costs and workload for those that do the
 right thing alrady.

 > To an extreme, there should always be a known contact responsible for 
 > any network infrastructure. If this is not the case, what's the 
 > purpose of a registry then?

 "a known contact" and "an *abuse-handling* contact" is not the same thing.

 Gert Doering
 -- NetMaster
 --
 have you enabled IPv6 on something today...?

 SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael
 Emmer
 Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann
 D-80807 Muenchen HRB: 136055 (AG Muenchen)
 Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279

Re: [anti-abuse-wg] working in new version of 2019-04 (Validation of "abuse-mailbox")

2020-01-15 Thread Fi Shing

Sergio, that would make too much sense.

This mailing list is not only not even considering what you have said, but they 
are trying to remove the requirement of a network operator to even receive 
emails about complaints at all.

Pathetic.

It's the year 2019, and these "people" on this list (probably cyber criminals 
or are paid by cyber criminals to weaken policy) come here and say this garbage.

- Original Message - Subject: Re: [anti-abuse-wg] working in 
new version of 2019-04 (Validation of "abuse-mailbox")
From: "Srgio Rocha" 
Date: 1/15/20 8:16 pm
To: "anti-abuse-wg" 

Hi,

 Maybe we can change the approach.
 If RIPE website had a platform to post abuse report, that send the email for
 the abuse contact, it will be possible to evaluate the responsiveness of the
 abuse contact.

 This way anyone that report an abuse could assess not only the response but
 also the effectiveness of the actions taken by the network owner. After some
 time with this evaluations we would easy to realize who manages the reports
 and even who does not respond at all.

 Srgio 

 -Original Message-
 From: anti-abuse-wg [mailto:anti-abuse-wg-boun...@ripe.net] On Behalf Of
 Gert Doering
 Sent: 15 de janeiro de 2020 08:06
 To: Carlos Friaas 
 Cc: Gert Doering ; anti-abuse-wg 
 Subject: Re: [anti-abuse-wg] working in new version of 2019-04 (Validation
 of "abuse-mailbox")

 Hi,

 On Wed, Jan 15, 2020 at 07:23:38AM +, Carlos Friaas via 
anti-abuse-wg
 wrote:
 > I obviously don't speak for the incident handling community, but i 
 > think this (making it optional) would be a serious step back. The 
 > current situation is already very bad when in some cases we know from 
 > the start that we are sending (automated) messages/notices to blackholes.

 So why is it preferrable to send mails which are not acted on, as opposed to
 "not send mail because you know beforehand that the other network is not
 interested"?

 I can see that it is frustrating - but I still cannot support a policy
 change which will not help dealing with irresponsible networks in any way,
 but at the same time increases costs and workload for those that do the
 right thing alrady.

 > To an extreme, there should always be a known contact responsible for 
 > any network infrastructure. If this is not the case, what's the 
 > purpose of a registry then?

 "a known contact" and "an *abuse-handling* contact" is not the same thing.

 Gert Doering
 -- NetMaster
 --
 have you enabled IPv6 on something today...?

 SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael
 Emmer
 Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann
 D-80807 Muenchen HRB: 136055 (AG Muenchen)
 Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279

Re: [anti-abuse-wg] working in new version of 2019-04 (Validation of "abuse-mailbox")

2020-01-15 Thread Fi Shing

That is the most stupid thing i've read on this list.

What little protection the world has from spammers and all manner of criminals, 
and you still think it's too much that they even so much as have to check their 
email account.

Which criminal is paying you to say this nonsense, because no ordinary person 
that has ever received a spam email would ever say such crap.

and if there can be no "internet police", i'm sure RIPE will have no problem if 
someone never pays a fee to it ever again, because it doesn't have the mandate 
to suspend a resource for crime, it cannot do it for non payment.

or is non-payment more serious than a DDoS attack?

- Original Message - Subject: Re: [anti-abuse-wg] working in 
new version of 2019-04 (Validation of "abuse-mailbox")
From: "Gert Doering" 
Date: 1/14/20 9:19 pm
To: "JORDI PALET MARTINEZ" 
Cc: "anti-abuse-wg" 

Hi,

 On Tue, Jan 14, 2020 at 10:50:58AM +0100, JORDI PALET MARTINEZ via 
anti-abuse-wg wrote:
 > Looks fine to me.
 > 
 > If we really think that the operators should be free from taking abuse 
 > reports, then let's make it optional.
 > 
 > As said, I personally think that an operator responsibility is to deal with 
 > abuse cases, but happy to follow what we all decide.

 I do think that an operator should handle abuse reports (and we do), 
 but *this* is not a suitable vehicle to *make him*.

 And if it's not going to have the desired effect, do not waste time on it.

 Gert Doering
 -- NetMaster
 -- 
 have you enabled IPv6 on something today...?

 SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer
 Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann
 D-80807 Muenchen HRB: 136055 (AG Muenchen)
 Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279

Re: [anti-abuse-wg] working in new version of 2019-04 (Validation of "abuse-mailbox")

2020-01-14 Thread Fi Shing

Well the operators are already free to decide if and when they respond to abuse 
reports.

But this farcical system should not be legitimised by weak imbeciles such as 
those on this list.

- Original Message - Subject: Re: [anti-abuse-wg] working in 
new version of 2019-04 (Validation of "abuse-mailbox")
From: "JORDI PALET MARTINEZ via anti-abuse-wg" 
Date: 1/14/20 8:50 pm
To: "anti-abuse-wg" 

Looks fine to me.

 If we really think that the operators should be free from taking abuse 
reports, then let's make it optional.

 As said, I personally think that an operator responsibility is to deal with 
abuse cases, but happy to follow what we all decide.

 Regards,
 Jordi
 @jordipalet

 El 14/1/20 10:47, "Gert Doering"  escribi:

 Hi,

 On Tue, Jan 14, 2020 at 10:38:28AM +0100, Gert Doering wrote:
 > On Tue, Jan 14, 2020 at 10:36:10AM +0100, JORDI PALET MARTINEZ via 
 > anti-abuse-wg wrote:
 > > So it is not just easier to ask the abuse-c mailboxes that don't want to 
 > > process to setup an autoresponder with an specific (standard) text about 
 > > that, for example:
 > > 
 > > "This is an automated convirmation that you reached the correct abuse-c 
 > > mailbox, but we don't process abuse cases, so your reports will be 
 > > discarded."
 > 
 > I would support that.

 ... but it's actually way too complicated to implement.

 A much simpler approach would be to make abuse-c: an optional attribute
 (basically, unrolling the "mandatory" part of the policy proposal that 
 introduced it in the first place)

 - If you want to handle abuse reports, put something working in.

 - If you do not want to handle abuse reports, don't.

 The ARC could be extended with a question "are you aware that you are
 signalling 'we do not not care about abuse coming from our network'?"
 and if this is what LIRs *want* to signal, the message is clear.

 The NCC could still verify (as they do today) that an e-mail address,
 *if given*, is not bouncing (or coming back with a human bounce "you have
 reached the wrong person, stop sending me mail" if someone puts in the
 e-mail address of someone else).

 MUCH less effort.

 Gert Doering
 -- NetMaster
 -- 
 have you enabled IPv6 on something today...?

 SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer
 Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann
 D-80807 Muenchen HRB: 136055 (AG Muenchen)
 Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279

 **
 IPv4 is over
 Are you ready for the new Internet ?
 http://www.theipv6company.com
 The IPv6 Company

 This electronic message contains information which may be privileged or 
confidential. The information is intended to be for the exclusive use of the 
individual(s) named above and further non-explicilty authorized disclosure, 
copying, distribution or use of the contents of this information, even if 
partially, including attached files, is strictly prohibited and will be 
considered a criminal offense. If you are not the intended recipient be aware 
that any disclosure, copying, distribution or use of the contents of this 
information, even if partially, including attached files, is strictly 
prohibited, will be considered a criminal offense, so you must reply to the 
original sender to inform about this communication and delete it.

Re: [anti-abuse-wg] working in new version of 2019-04 (Validation of "abuse-mailbox")

2020-01-13 Thread Fi Shing

I agree, perhaps these internet companies would be happy if it took 15 days for 
each credit card payment to take place between that company and the customer 
when a new customer uses their services?
 
 
 
 
- Original Message - Subject: Re: [anti-abuse-wg] working in 
new version of 2019-04 (Validation of "abuse-mailbox")
From: "Ronald F. Guilmette" 
Date: 1/14/20 8:34 am
To: "JORDI PALET MARTINEZ" 
Cc: "anti-abuse-wg" 

In message <6afc7d17-bac4-464c-8af8-2ad852d39...@consulintel.es>, 
 JORDI PALET MARTINEZ  wrote:
 
 >I'm happy to hear other inputs, stats, data, etc.
 
 Having only just read the proposal, my comments are few:
 
 I do not understand parst of this, specifically:
 
 Section 2.0 bullet point #2. What's wrong with web forms?
 
 Section 3.0 part 3. Why on earth should it take 15 days for
 anyone to respond to an email?? Things on the Internet happen
 in millseconds. If a provider is unable to respond to an issue
 within 72 hours then they might as well be dead, because they
 have abandoned all social responsibility.
 
 
 Regards,
 rfg

Re: [anti-abuse-wg] [routing-wg] 2019-08 New Policy Proposal (RPKI ROAs for Unallocated and Unassigned RIPE NCC Address Space) to be discussed on Routing Working Group Mailing List

2019-12-23 Thread Fi Shing

You're suggesting that RIR should have reasonable oversight of internet 
resources?

That would make too much sense!

In the mean time, here's a brick wall for you to hit your head against:

https://www.cdc.gov/nceh/radiation/images/BrickWall.jpg

In reality, the RIR (and ICANN) should be arrested for aiding & abetting 
serious crimes.

Imagine a bank robber runs in to your back yard, and the police want to enter 
to arrest them and you stand there saying "WELL DERRR, UNDER POLICY 18/2019, WE 
HAVE NO CONTROL OVER THIS YARD, SO WE CANNOT AUTHORISE THAT, SO DUU HER 
DERRR YOU NEED TO CONTACT THE JANITOR WHO OWNS THIS RESOURCE AND WHO CARES 
IF THEY DON'T EVEN CHECK THEIR INBOX FOR THE NEXT 2 YEARS, DUHH DE.."

You would be charged with obstruction.

Absolutely the RIR employees and ICANN should be arrested and imprisoned.

- Original Message - Subject: Re: [anti-abuse-wg] [routing-wg] 
2019-08 New Policy Proposal (RPKI ROAs for Unallocated and Unassigned RIPE NCC 
Address Space) to be discussed on Routing Working Group Mailing List
From: "Ronald F. Guilmette" 
Date: 12/24/19 11:57 am
To: "anti-abuse-wg@ripe.net" , "RIPE Routing WG" 

In message 
 Job Snijders  wrote:

 >On Tue, Dec 24, 2019 at 12:09 AM Ronald F. Guilmette
 > wrote:
 >> I feel sure that other IRRs have some or all of the same issues. RADB
 >> stands out however due to its continued widespread use.
 >
 >The above statement is true, and the good news is that there is work
 >under way to reduce the clutter!
 >
 >The largest IRRs (RADB, NTTCOM, ARIN, ALTDB, others) are either
 >actively working on, or have added to their roadmap, a variant of this
 >type of cleanup: https://www.ripe.net/publications/docs/ripe-731

 Long overdue, IMHO. I mean it isn't as if the bogus/fradulent routing
 problem just appeared last month or anything. The games and funny business
 have been going on for years now, aided and abetted, in many cases, by an
 apparent utter lack of attention by IRR oprrators.

 >For most of these IRR operators there is a project dependency on IRRd
 >4's ability to delete or suppress IRR "route:" objects that are in
 >conflict with RPKI data. This is tracked in
 >https://github.com/irrdnet/irrd4/issues/197 and hopefully the code can
 >be made available in Q1 2020 as part of the "IRRd 4.1" release. This
 >release in turn means for most organisations that they can probably
 >deploy in Q2 or Q3 2020 (after internal software testing & customer
 >outreach).
 >
 >Given that there is active work underway in the community - I would
 >like to suggest that the topic of "stale data in IRRs" is brought up
 >again in about 6 months...

 With all due respect to my friend Job, I am, have been, and remain totally
 flummoxed and appalled by the consistant lack of urgency, within the
 Internet community generally, with respect to what could be, quite
 obviously, a swift, effective, and sensible resolution of many of these
 problems, even without the need for any grand policy pronouncements or
 fornalized ratifications thereof. It shouldn't take a genius to note
 that multiple conflicting route objects cannot all be right, or that
 route objects to reserved or unallocated space, or involving reserved
 or unallocated ASNs are, on their faces, utter rubbish which can be and
 which ought to be removed from any IRR that contains them, immediately if
 not sooner.

 If any of these RIR operators are unable to develop scripts, within one
 man-week, which would detect and purge route objects for unallocated
 space or involving unallocated ASNs, then they obviously are reserving
 their available cash for Christmas parties or executive bonuses in lieu
 of adequate salaries for competent professional software engineers, and
 even in those cases, I stand ready to volunteer my time to help each one
 to do its homework, as may be needed... and not six months from now, but
 by early January.

 Clearly, an awful lot of people are not looking at the things I am looking
 at, and this is apparently the root of the problem when it comes to the
 apparent lack of urgency. It is unfortunate that I must coordinate with
 others in order to arrange for properly timed releases of what I know, but
 that is unavoidable. In the meantime, I can only state for the record
 that if people knew about the various kinds of criminality that are
 currently ongoing with and from a lot of these bogus and, for now at
 least, IRR-sanctioned routes, then people wouldn't be taking the relaxed
 attitude that all of this can and should be revisited in six months.
 Innocent victims are being conned, ripped-off, and hacked every single
 day, and as inconvenient as it may be for the rest of us, the scammers,
 hackers, and criminals of the Internet are quite certainly not taking
 Christmas off, nor are they dedicating any of their time to long term
 scheduling, lengthy policy debates, committee meetings, or the development
 of roadmaps.

 I see no

Re: [anti-abuse-wg] Massive prefix theft in AFRINIC - attributed to an insider

2019-12-13 Thread Fi Shing

 
https://krebsonsecurity.com/2019/12/the-great-50m-african-ip-address-heist/
 
 
 
- Original Message - Subject: Re: [anti-abuse-wg] Massive 
prefix theft in AFRINIC - attributed to an insider
From: "Michele Neylon - Blacknight" 
Date: 12/6/19 1:14 am
To: "Suresh Ramasubramanian" , "anti-abuse-wg@ripe.net" 


Great work from Ron
 
 Sad to see this happen, though it was to be expected considering how much IPs 
are now worth
 
 
 
 --
 Mr Michele Neylon
 Blacknight Solutions
 Hosting, Colocation & Domains
 https://www.blacknight.com/
 http://blacknight.blog/
 Intl. +353 (0) 59 9183072
 Direct Dial: +353 (0)59 9183090
 Personal blog: https://michele.blog/
 Some thoughts: https://ceo.hosting/
 ---
 Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty
 Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845
 
 
 On 04/12/2019, 19:43, "anti-abuse-wg on behalf of Suresh Ramasubramanian" 
 wrote:
 
 Congratulations, Ron Guilmette. You've been doing this for years and this is 
your biggest success yet.
 
 
https://mybroadband.co.za/news/internet/330379-how-internet-resources-worth-r800-million-were-stolen-and-sold-on-the-black-market.html
 
 tl;dr - The insider is apparently Ernest Byaruhanga, AFRINIC employee #2, and 
he has now separated from AFRINIC
 
 --srs

Re: [anti-abuse-wg] Orange contact wanted

2019-10-14 Thread Fi Shing

orangegroup.pressoffice at orange.com
soc at orange.com
 
 
- Original Message - Subject: [anti-abuse-wg] Orange contact 
wanted
From: 'Ronald F. Guilmette' 
Date: 10/15/19 5:11 am
To: anti-abuse-wg@ripe.net

Do any of you folks happen to have a contact at Orange that you could
 share with me?

Re: [anti-abuse-wg] 2019-03 Policy Proposal Withdrawn (Resource Hijacking is a RIPE Policy Violation)

2019-10-02 Thread Fi Shing

Ok, so let me understand:
 
Requiring resource holders to deal with criminals could lead to "unacceptable 
liability risks"
 
But putting up with their crimes using RIPE infrastructure, including the 
millions of dollars worth of damage and financial consequences from spam, 
botnets, etc etc etc... is NOT an "unacceptable liability risk."
 
 
 
 
 
- Original Message - Subject: [anti-abuse-wg] 2019-03 Policy 
Proposal Withdrawn (Resource Hijacking is a RIPE Policy Violation)
From: 'Marco Schmidt' 
Date: 10/2/19 11:09 pm
To: anti-abuse-wg@ripe.net

Dear colleagues,
 
 The policy proposal 2019-03, "Resource Hijacking is a RIPE Policy 
 Violation" has been withdrawn.
 
 This proposal aimed to define that BGP hijacking is not accepted as 
 normal practice within the RIPE NCC service region.
 
 The proposal is archived and can be found at:
 
https://www.ripe.net/participate/policies/archived-policy-proposals/archive-policy-proposals/
 
 Reason for withdrawal:
 The proposers felt they were unable to address concerns that the policy 
 would expose the RIPE NCC to unacceptable liability risks. These 
 concerns were expressed by both the Executive Board and some community 
 members.
 
 Kind regards,
 
 Marco Schmidt
 Policy Officer
 RIPE NCC

Re: [anti-abuse-wg] [Misc] Research project on blacklists

2019-07-18 Thread Fi Shing

The only organisation that is in a prime position to implement any meaningful 
blacklist is a RIR like RIPE itself. Anything less than RIR level blacklisting 
is what is known as "whac a mole"

https://en.wikipedia.org/wiki/Whac-A-Mole

But, as it comes down to time and money, the likes of which even google and 
facebook etc are not motivated to part with in terms of accountability, 
organisations like RIPE, APNIC, ICANN etc. All of them, without exception, 
refuse to engage in responsible practices. They are happy to take money to 
issue resources, but taking them away is equated to sacrilege. 

In an ideal world, the employees of RIPE etc should be arrested in jailed for 
aiding and abetting crime.

- Original Message - Subject: Re: [anti-abuse-wg] [Misc] 
Research project on blacklists
From: "ac" 
Date: 7/18/19 3:20 pm
To: anti-abuse-wg@ripe.net

 Oh. Lets look more at this then.

 "UC Berkeley" - USA
 "International Computer Science Institute"
 "evaluating and improving the accuracy of blacklists." 
 "including a web link, which is tracked and cross tracked"
 "an anonymous survey"

 Dude, let us be frank: On this list we discuss abuse, in the open and
 directly. People on this list has "skills" and can all be anonymous on
 this list, if they wish to, in fact, many are. (I do not and I am not
 private)

 We are talking about email blacklists? right? as the routing blacklists
 do not bother the evil tech monopolies!

 It is a fact that the spam from the top ten USA tech companies are the
 most challenging abuse on the planet - as this type of abuse, is the
 hardest to combat. - Twitter does not even accept abuse complaints.
 Facebook does not care and Google mixes spam with ham all the time to
 defeat email blacklists

 Why not study the reasons for the percentage increase in the use of
 inspection/tracking/non private/invasive anti abuse technologies in use
 by the largest email and dominant players, Google and Microsoft, of
 ipv6 and the reason why these huge tech players HAVE to push for ipv6
 email servers relay to ensure their future dominance of email relay?

 Instead of "My colleagues and I are working on evaluating and improving
 the accuracy of blacklists"

 As, imnsho, that is absolute USA bullshit. and is not even possible.

 I would go sofar as to state that such research is not intended to
 "improve" anything but to cement the monopolies we fight daily and is
 on the EVIL side of the fight.

 Andre

 On Wed, 17 Jul 2019 10:01:16 -0700
 Barry Greene  wrote:

 > Not a joke. 
 > 
 > Just a researcher exploring ways to quantify and measure. Always
 > important to have the academic doing the due diligence on our
 > operational assumptions.
 > 
 > > On Jul 17, 2019, at 07:40, ac  wrote:
 > > 
 > > 
 > > This is a joke email, right?
 > > 
 > > Is it the 1st of April already? :)
 > > 
 > > Andre
 > > 
 > > On Wed, 17 Jul 2019 13:42:21 +0200
 > > Anushah Hossain  wrote:
 > > 
 > >> Hi everyone,
 > >> 
 > >> I'm a researcher at UC Berkeley and the International Computer
 > >> Science Institute. My colleagues and I are working on evaluating
 > >> and improving the accuracy of blacklists. As part of this work,
 > >> we'd like to hear from you about the blacklists you currently use,
 > >> what you perceive as their strengths and weaknesses, and any
 > >> thoughts you have on how they might be improved.
 > >> 
 > >> We've prepared an anonymous survey where you can share your views:
 > >> 
 > >> If you have five to ten minutes free today to fill it out, I would
 > >> greatly appreciate your help! Thank you, and please don't hesitate
 > >> to respond to me with comments or questions.
 > >> 
 > >> (Apologies if you receive this message twice - trying to minimize
 > >> cross-posting while still reaching a broad audience)
 > >> 
 > >> Best,
 > >> Anushah
 > >> 
 > > 
 > >

Re: [anti-abuse-wg] 2019-04 New Policy Proposal (Validation of "abuse-mailbox")

2019-05-31 Thread Fi Shing

It is not for RIPE to abandon a policy proposal simply because a resource 
holder is too cheap to implement it.

- Original Message - Subject: Re: [anti-abuse-wg] 2019-04 New 
Policy Proposal (Validation of "abuse-mailbox")
From: "Neil McRae" 
Date: 5/31/19 12:05 am
To: anti-abuse-wg@ripe.net

I'm subscribing to the list specifically to also position not in favour of this 
policy. This will generate work for the NCC that just wastes their time 
following up on lots of false positives. 

 It will have _zero_ impact on the handling of abuse requests, in-fact I 
predict that perhaps even make response time worse. I urge the community to 
reject this proposal.

 Neil.
 --
 Neil J. McRae
 neil.mc...@bt.com

 Sent via RIPE Forum -- https://www.ripe.net/participate/mail/forum

Re: [anti-abuse-wg] 2019-04 New Policy Proposal (Validation of "abuse-mailbox")

2019-05-23 Thread Fi Shing

> This is fully sufficient to notice technical brokenness.

No it isn't for the reasons previously said by others:

1) if i put your email address as the abuse contact for my resource, the system 
would make it as "valid",

2) sometimes an address can be broken, even in ways that the sender cannot be 
aware of - for example, if an email address relies on a forwarding mechanism 
and 1 or more of the email addresses that it forwards to are shut down or the 
person no longer works at the company, any "bounces" will be sent to the 
original abuse email address, which is not monitored.

3) some email accounts can forward emails to a black hole (deliberately)

4) some email accounts can label an email as "spam" because it contains spam 
characteristics, and automatically delete it,

The emphasis should be on demonstrating a properly functioning abuse email 
address.

Issues relating to proper handling past the point of ensuring that the owner is 
compelled to actually RECEIVE the email is another discussion all together.

- Original Message - Subject: Re: [anti-abuse-wg] 2019-04 New 
Policy Proposal (Validation of "abuse-mailbox")
From: "Gert Doering" 
Date: 5/23/19 7:39 pm
To: "ac" 
Cc: anti-abuse-wg@ripe.net

Hi,

 On Thu, May 23, 2019 at 06:29:32AM +0200, ac wrote:
 > > Folks, the process we have in the RIPE region for abuse contact
 > > validation is the result of a *consensus based process* that happend
 > > *in this working group*.
 > > Before you all argue for "we need to have more paperwork!" please take
 > > a step back and explain a) what is wrong with the current validation
 > > process, and b) why this proposal would improve this.
 > > Gert Doering
 > > -- NetMaster
 > 
 > because, IRL (in real life) things do not remain "static"

 This is why we do (already!) verify abuse-c: reachability today.

 In a lightweight process that came out as consensus out of this
 very WG.

 [..]
 > your very forceful and multiple emails arguing very hard against and
 > all your emails, attacking each and every +1 simply serves to
 > illustrate that you really want to enforce your opinion on the group
 > in this regard.
 > 
 > So, again, I ask: Why not propose to remove the abuse contact resource
 > completely? Is this where you are going with your very strong and
 > continuing and ongoing objections?

 No. Abuse-contacts are useful. We do validate them today for 
 technical reachability.

 This is fully sufficient to notice technical brokenness. It is not
 sufficient to enforce actual abuse *handling*, but neither is the
 proposed policy change.

 Do not put words in my mouth, I'm perfectly able to do that myself.

 Gert Doering
 -- NetMaster
 -- 
 have you enabled IPv6 on something today...?

 SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer
 Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann
 D-80807 Muenchen HRB: 136055 (AG Muenchen)
 Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279

Re: [anti-abuse-wg] Off-List Responses

2019-05-22 Thread Fi Shing

and if someone receives one of these abusive emails, lets hope they don't have 
to refer to the abuse contact information in the RIPE database to complain to 
the ISP.

- Original Message - Subject: [anti-abuse-wg] Off-List Responses
From: "Brian Nisbet" 
Date: 5/23/19 12:35 am
To: "anti-abuse-wg@ripe.net" 

Colleagues,

 This adds to the list of things I never expected to have to send an email 
about, but...

 While obviously neither the Co-Chairs, nor the RIPE Community, has any wish, 
intent or ability to "police" mails between two private individuals; I would 
ask that mails sent off-list *in response* to on-list mails stay within the 
spirit of conduct that is expected of those interacting in the RIPE Community.

 As always, please discuss policies, ideas and approaches, do not attack groups 
or individual people and certainly do not send abusive messages. 

 If you have any questions or comments on this, please don't hesitate to 
contact aa-wg-ch...@ripe.net

 Thanks,

 Brian
 Co-Chair, RIPE AA-WG

 Brian Nisbet
 Service Operations Manager
 HEAnet CLG, Ireland's National Education and Research Network
 1st Floor, 5 George's Dock, IFSC, Dublin D01 X8N7, Ireland
 +35316609040 brian.nis...@heanet.ie www.heanet.ie
 Registered in Ireland, No. 275301. CRA No. 20036270

Re: [anti-abuse-wg] 2019-04 New Policy Proposal (Validation of "abuse-mailbox")

2019-05-16 Thread Fi Shing

This "proportionality" test you speak of,
 
has as much relevance to the regulating of internet resources, as "freedom of 
speech" does to regulating internet forum membership
 
 
(no relevance at all).
 
 
 
 
 
 
 
- Original Message - Subject: Re: [anti-abuse-wg] 2019-04 New 
Policy Proposal (Validation of "abuse-mailbox")
From: "Alex de Joode" 
Date: 5/16/19 4:56 pm
To: "JORDI PALET MARTINEZ" 
Cc: anti-abuse-wg@ripe.net

On Fri, 17-05-2019 1h 45min, JORDI PALET MARTINEZ via anti-abuse-wg 
 wrote:
  Hi Nick,

[..]

Anyone failing in repetitive ocassions to comply with policies is subjected to 
further NCC scrutiny, including account closure. This is a different policy 
already in place. If we don't like that, we should change that policy, but then 
we don't need policies anymore. Policies are the rules for the community to be 
respected by all, and not having an administrative enforcement by the NCC is 
the wilde west.
 It is an illusion to think ripe can suspend/withdraw resources if an 
organisation does not reply to a abuse validation request. That simply will not 
pass the proportionality test needed under Dutch law. So you will have no 
recourse. (Only if you can prove the entity has registered with false 
creditials (Due Diligence by new members takes care of this) -and- the entity 
is active in a criminal enterprise, you might have a case) 
 
Cheers,
Alex

Re: [anti-abuse-wg] Email Spam & Spam Abuse Definitions

2019-04-27 Thread Fi Shing

 
The twitter example is not advertising a product or service. It is conveying 
information about a product/service that the person has already hired.
 
If twitter sends unsolicited emails to someone when they have not requested 
that service, or have indicated they no longer want the service, then it is 
spam.
 
 
 
- Original Message - Subject: [anti-abuse-wg] Email Spam & Spam 
Abuse Definitions
From: "ac" 
Date: 4/27/19 4:22 am
To: anti-abuse-wg@ripe.net

Hi,
 
 From a recent rant in the WG, something of interest was posted;
 
 > opinions on the proper definition of spam. Mr. Andre's preferred
 > definition appears to allow for "one time" invitations to be blasted
 > to everyone in the universe. Nonetheless, in Mr. Andre's considered
 > opinion, "Email Spam is not the same as Spam Abuse" and a "... one
 
 In my opinion, the sending of a confirmation email, from say Twitter,
 to confirm that the actual email address does indeed exist and that
 their further communications will be solicited - as well as including
 links to remove/stop further communications:
 
 Would be spam (it is still an unsolicited email) - but that single
 confirmation email is not abuse in itself.
 
 Even though Twitter may send 1000's of these to 1000's of different
 email addresses...
 
 I do not think that there is anyone, that works with actual spam abuse,
 in this WG that disagrees completely with my opinion above. 
 
 Also, I wanted to add another useful resource link for anyone that is
 still learning about email abuse:
 
 https://www.ripe.net/publications/docs/ripe-409
 
 What is frequently missed is that BULK EMAIL itself, is not the issue,
 but that the keyword is "unsolicited" - For example if you were to
 relay 1000 Invoices or 1000 status notifications or 1000 opted in
 mailing list recipients, this would/should not be considered spam or
 abuse.
 
 Then, of course, imnsho UBE itself is outdated as the spammers use
 'drip' systems by spinning out 1's of emails from 1's of ip's
 Which various RBL cater for by speedily listing and de-listing resources
 and then there are all the shiny new tech things, which probably needs
 a new thread:
 
 Automated comment spam or AI based web form spam is a growing issue
 and is something that merits discussion and a watchful eye...
 
 Andre

Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)

2019-04-18 Thread Fi Shing

What absolute crap. Why is that every time something resembling common sense enters this group, there are these people who insist on using slippery slop fallacy?https://en.wikipedia.org/wiki/Slippery_slopeIt wouldn't half surprise me if people like this "randy bush" are motivated by criminal groups. I cannot think of any reason, other than a criminal one, why someone would object to common sense policy that leads to a reduction in abuse.(Usually, there is one other motivation (financial) but not in this proposal).

 Original Message 
Subject: Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking
is a RIPE Policy Violation)
From: Randy Bush 
Date: Fri, April 19, 2019 1:55 am
To: anti-abuse-wg@ripe.net

< rant >

this is insane.  neither ripe nor the ncc should be the net police,
courts, and prison rolled into one kangaroo court.

it is droll that the erstwhile anti-abuse working group becomes a
self-righteous abuser.  so it is with so many abused children.

put your energy into routing security not converting ripe and the ncc
into an authoritarian state.  we have enough of those.

randy

Re: [anti-abuse-wg] telia.lt: Ignoring abuse complaints (?)

2019-04-07 Thread Fi Shing

Select "cyber crimes"

 Original Message 
Subject: [anti-abuse-wg] telia.lt: Ignoring abuse complaints (?)
From: "Ronald F. Guilmette" 
Date: Sun, April 07, 2019 6:05 am
To: anti-abuse-wg@ripe.net

It will be wonderful when the RIPE NCC people are able to verify that
all abuse reporting addresses listed in the RIPE data base are at least
able to receive incoming mail.

The alone, of course, will not do anything to insure that any human
ever reads any message or message sent to any such e-mail address.
That separate and additional issue is a whole separate can of worms.

Here is an example.

I just received a spam from 195.12.186.6 which is quite clearly on the
network of AS47205, aka telia.lt.  so I sent a polite abuse report,
inclduing the full spam headers, to the  address, just
as I am instructed to do by the RIPE WHOIS record for AS47205.

I received back, almost immediately, the automated response appended below.

This response appears to me to be saying that the managers of AS47205
are intending to 100% ignore my spam report, unless and until I ALSO
take up my time to fill out their stupid web form... a web form that
has a checkbox for every other kind of network abuse EXCEPT for spamming.

I do not have time in my day to figure out how to fill out the eighteen
million different kinds of web forms that each separate ASN has concocted
in order to try to thwart and deter people from reporting simple kinds
of abuse like spamming, and I will not do so.  The offense in this case
was committed over email, and I do not see why the REPORT of that offense
should not likewise be accepted over email.

For this reason, it is my hope that whoever in NCC is doing the abuse email
address verification will take some steps to find out not just that the
email addresses accept incoming email, but also that some actual human
sits behind each one of those email addresses.  Anybody can easily program
what is sometimes called an "ignorebot" to send out meaningless replies to
incoming mail, just s telia.lt appears to have done, but that is not a
productive way to actually resolve spamming issues.

Of course, it is my hope that telia.lt will rid itself of this particular
troublesome customer, but in lieu of that I would be willing to accept
that their abuse handler(s) have at least been made aware of the issue.

But it seems that even that minimal aspiration is too much to hope for,
at least for some networks.

Regards,
rfg

===
Return-Path: 
X-Original-To: r...@tristatelogic.com
Delivered-To: r...@tristatelogic.com
Received: from EUR03-DB5-obe.outbound.protection.outlook.com (mail-eopbgr40089.outbound.protection.outlook.com [40.107.4.89])
	by segfault.tristatelogic.com (Postfix) with ESMTP id 8670F3AFF4
	for ; Sat,  6 Apr 2019 12:39:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=TelcloudLT.onmicrosoft.com; s=selector1-telia-lt;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=BUSHfNh3Hp1HFJ94NFi7MR324ExTC8M6wccKAcKo8N4=;
 b=GQKY/rqL0A7n4AXR3t2IsqduWIhW6ki5RCosC0lBT7UnmrbHGuhOfzUAKEcyMcys3VbG2gGtYX0VzOe3gtiouJiRB6Eql1lOEsjOi8VQlt6hqD5jGj8W7v+uS0QSIpVhm/+xLarqgPfF3G3f54jc7xc41drAf3mrlnWyWkLwyQw=
Received: from AM6PR10CA0088.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:209:8c::29)
 by DB8PR10MB3017.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:ea::29) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1771.16; Sat, 6 Apr
 2019 19:39:01 +
Received: from AM5EUR02FT027.eop-EUR02.prod.protection.outlook.com
 (2a01:111:f400:7e1e::205) by AM6PR10CA0088.outlook.office365.com
 (2603:10a6:209:8c::29) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.1771.16 via Frontend
 Transport; Sat, 6 Apr 2019 19:39:01 +
Authentication-Results: spf=fail (sender IP is 88.118.134.180)
 smtp.mailfrom=telia.lt; tristatelogic.com; dkim=none (message not signed)
 header.d=none;tristatelogic.com; dmarc=none action="" header.from=telia.lt;
Received-SPF: Fail (protection.outlook.com: domain of telia.lt does not
 designate 88.118.134.180 as permitted sender)
 receiver=protection.outlook.com; client-ip=88.118.134.180;
 helo=mail.telia.lt;
Received: from mail.telia.lt (88.118.134.180) by
 AM5EUR02FT027.mail.protection.outlook.com (10.152.8.127) with Microsoft SMTP
 Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id
 15.20.1771.16 via Frontend Transport; Sat, 6 Apr 2019 19:39:01 +
Received: from SREHCZ2.in.telecom.lt (10.75.8.219) by mail.telia.lt
 (10.75.128.5) with Microsoft SMTP Server (version=TLS1_0,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA) id 15.1.1531.3; Sat, 6 Apr 2019
 22:39:00 +0300
Received: from SREMBP2.in.telecom.lt ([fe80::3d26:8437:9e0d:59e8]) by
 srehcz2.in.telecom.lt ([::1]) with mapi id

Re: [anti-abuse-wg] I support 2019-03

2019-04-02 Thread Fi Shing

See at the bottom of the website:https://lists.ripe.net/mailman/listinfo/anti-abuse-wg

 Original Message 
Subject: Re: [anti-abuse-wg] I support 2019-03
From: Isabel Strijland 
Date: Wed, April 03, 2019 5:13 am
To: "TRAILL Neville (RIC-US)" 
Cc: "anti-abuse-wg@ripe.net" 

 How can I unsibscribe to this??? The e-mails are driving me crazy.  Von meinem iPhone gesendet  Am 02.04.2019 um 20:07 schrieb TRAILL Neville (RIC-US) :Dear RIPE NCC   I support 2019-03.   Neville Traill Cyber Specialist | Richemont North America, Inc.3 Enterprise Drive | Shelton CT 06484 | United States (tel) +12039256400 | (direct) +18177852548 (email) neville.tra...@richemont.com     © 2019 Richemont North America, Inc.. All Rights Reserved  The information contained in this e-mail message is confidential - please do not cross-post. This communication is intended for the use of the addressee(s) only. If you are not the intended recipient, you are hereby notified that any review, reliance, disclosure, distribution or copying of this communication may be prohibited by law and might constitute a breach of confidence. If you have received this communication in error, please notify us immediately and delete it and all copies (including attachments) from your system.

Re: [anti-abuse-wg] Webzilla

2019-03-16 Thread Fi Shing

There is no incentive for a corporation to remove an abuser if the abuser is a paying customer.There is also no incentive for RIR to create any sort of oversight, if that oversight requires investment.Hence, the shit fight known as "the internet" that we have today.

 Original Message 
Subject: [anti-abuse-wg] Webzilla
From: "Ronald F. Guilmette" 
Date: Sun, March 17, 2019 7:15 am
To: anti-abuse-wg@ripe.net

Perhaps some folks here might be interested to read these two report,
the first of which is a fresh news report published just a couple of
days ago, and the other one is a far more detailed investigative report
that was completed some time ago now.

https://www.buzzfeednews.com/article/kenbensinger/dossier-gubarev-russian-hackers-dnc

https://www.documentcloud.org/documents/5770258-Fti.html

Please share these links widely.

The detailed technical report makes it quite abundantly clear that
Webzilla, and all of its various tentacles... many of which even I didn't
know about until seeing this report... most probably qualifies as, and
has qualified as a "bullet proof hosting" operation for some considerable
time now.  As the report notes, the company has received over 400,000
complaints or reports of bad behavior, and it is not clear to me, from
reading the report, if anyone at the company even bothered to read any
more than a small handful of those.

I have two comments about this.

First, I am inclined to wonder aloud why anyone is even still peering
with any of the several ASNs mentioned in the report.  To me, the mere
fact that any of these ASNs still have connectivity represents a clear
and self-evident failure of "self policing" in and among the networks
that comprise the Internet.

Second, its has already been a well know fact, both to me and to many
others, for some years now, that Webzilla is by no means alone in the
category commonly refered to as "bullet proof hosters".  This fact
itself raises some obvious questions.

It is clear and apparent, not only from the report linked to above, but
from the continuous and years-long existance of -many- "bullet proof
hosters" on the Internet that there is no shortage of a market for the
services of such hosting companies.  The demand for "bullet proof"
services is clearly there, and it is not likely to go away any time
soon.  In addition to the criminal element, there are also various
mischevious governments, or their agents, that will always be more
that happy to pay premium prices for no-questions-asked connectivity.

So the question naturally arises:  Other than de-peering by other networks,
are there any other steps that can be taken to disincentivize networks
from participating in this "bullet proof" market and/or to incentivize
them to give a damn about their received network abuse complaints?

I have no answers for this question myself, but I felt that it was about
time that someone at least posed the question.

The industry generally, and especially in the RIPE region, has a clear
and evident problem that traditional "self policing" is not solving.
Worse yet, it is not even discussed much, and that is allowing it to
fester and worsen, over time.

It would be Good if there was some actual leadership on this issue, at
least from -some- quarter.  So far I have not noticed any such worth
commenting about, and even looking out towards the future horizon, I
don't see any arriving any time soon.

Regards,
rfg

Re: [anti-abuse-wg] Google Privacy Abuse

2019-03-15 Thread Fi Shing

Please provide your source of information that chrome browsers rely on a local blacklist.


 Original Message 
Subject: Re: [anti-abuse-wg] Google Privacy Abuse
From: Serge Droz via anti-abuse-wg <anti-abuse-wg@ripe.net>
Date: Sat, March 16, 2019 6:37 am
To: anti-abuse-wg@ripe.net

Your assertion is wrong:

Google safebrowsing works by comparing the URL to a local list, which
the browser downloads from Google's Servers. Browser do not send the URL
to Google for checking.

See for example
> https://superuser.com/questions/832608/what-is-being-send-to-received-from-safebrowsing-google-com-when-i-open-firefo


Some ISPs in the US collect URLs from http traffic, but not https
traffic, the later does not work. THat is indeed concerneing, but has
nothing to do with Google.

What Google or other see, however is URLs going through URL shortners,,
or the urls you click on a Google page.

Also trackers, embedded in many websites deliver info back to Google (or
whatever tracker site). This again something that should be made a bit
more transparent.

I do feel it is very important to base any discussions surrounding the
important topics discussed on this list on verifiable facts and not on
claims or fear.


Best
Serge




On 15/03/2019 13:41, Fi Shing wrote:
> /"And no, You are also wrong: Opera does not upload your visited URL's
> to a third party server."/
> 
> If opera (like chrome, edge or firefox) check the URL to see if it is
> "dangerous" (a phishing URL etc) then that is logged on their end, when
> it checks the database to see if the link has been flagged.
> 
> This is the price that people pay for "free" browsers.
> 
> Google protects you from "phishing websites", whilst archiving your
> website access, and then sells that as marketing data to who ever will
> buy it.
> 
> 
> 
> 
> 
> 
> 
>  Original Message 
> Subject: Re: [anti-abuse-wg] Google Privacy Abuse
> From: ac <a...@main.me ><mailto:a...@main.me>>
> Date: Thu, March 14, 2019 8:16 pm
> To: anti-abuse-wg@ripe.net <mailto:anti-abuse-wg@ripe.net>
> 
> Hi Esa,
> 
> No, you are wrong... the URL's are not available to anyone.
> 
> What is available to the ISP is the domain name lookup. (this is also
> available to the DNS servers, etc - just the domain name)
> 
> And no, You are also wrong: Opera does not upload your visited URL's to
> a third party server.
> 
> Up to now, nobody has even tried this as it is abuse / abusive
> 
> HTTPS URL's, themselves frequently contain personal data and other
> sensitive info, as the URL itself is supposes to be part of the
> encrypted session.
> 
> And, this is the whole point of all of this.
> 
> If Google starts saving all URL's and link that with the local cache
> (because they control the local software), the effect will be an
> increase
> in speed (as the media does not have to come over the encrypted
> session)
> 
> This will probably eventually FORCE Opera/Firefox/insert name here - to
> also operate in this fashion, as users will want the speed - and they
> will not know that it is less secure / less private, etc.
> 
> This is a major issue and not a small issue, it will eventually affect
> all of us.
> 
> for example, one of my bank URL at login is:
> 
> https://nameofbank.com/login
> 
> then, later in the session:
> https://nameofbank.com/?id=x=1
> etc etc
> 
> This, right now, is not an issue as the URL itself is encrypted
> 
> it is a major invasion of privacy that a third party vendor, supplying
> "free" software is also now recording url's which gives them two
> advantages over the ethical software providers. Not only that but that
> their "innovation" of breaking the HTTPS protocol, may force other
> vendors to go down the same path as the "consumers" are too lazy or
> uninformed to understand what it happening.
> 
> If society does nothing about this case of a multinational
> leveraging people
> against people's bad behavior (or poor choices - as Ronald said: use a
> different browser) this will eventually affect us all.
> 
> On Thu, 14 Mar 2019 09:53:47 +0100
> Esa Laitinen <e...@laitinen.org ><mailto:e...@laitinen.org>> wrote:
> 
> > On Thu, Mar 14, 2019 at 6:05 AM ac <a...@main.me ><mailto:a...@main.me>> wrote:
> > 
> > > HTTPS protocol, by design, is secure and private.
> > >
> > > The average consumer expects this to be true.
> > >
> > &g

Re: [anti-abuse-wg] Google Privacy Abuse

2019-03-15 Thread Fi Shing

"And no, You are also wrong: Opera does not upload your visited URL's to a third party server."If opera (like chrome, edge or firefox) check the URL to see if it is "dangerous" (a phishing URL etc) then that is logged on their end, when it checks the database to see if the link has been flagged.This is the price that people pay for "free" browsers.Google protects you from "phishing websites", whilst archiving your website access, and then sells that as marketing data to who ever will buy it.

 Original Message 
Subject: Re: [anti-abuse-wg] Google Privacy Abuse
From: ac 
Date: Thu, March 14, 2019 8:16 pm
To: anti-abuse-wg@ripe.net

Hi Esa,

No, you are wrong... the URL's are not available to anyone.

What is available to the ISP is the domain name lookup. (this is also
available to the DNS servers, etc - just the domain name)

And no, You are also wrong: Opera does not upload your visited URL's to
a third party server.

Up to now, nobody has even tried this as it is abuse / abusive

HTTPS URL's, themselves frequently contain personal data and other
sensitive info, as the URL itself is supposes to be part of the
encrypted session.

And, this is the whole point of all of this.

If Google starts saving all URL's and link that with the local cache
(because they control the local software), the effect will be an increase 
in speed (as the media does not have to come over the encrypted session) 

This will probably eventually FORCE Opera/Firefox/insert name here - to
also operate in this fashion, as users will want the speed - and they
will not know that it is less secure / less private, etc.

This is a major issue and not a small issue, it will eventually affect
all of us.

for example, one of my bank URL at login is:

https://nameofbank.com/login

then, later in the session:
https://nameofbank.com/?id=x=1
etc etc 

This, right now, is not an issue as the URL itself is encrypted

it is a major invasion of privacy that a third party vendor, supplying
"free" software is also now recording url's which gives them two
advantages over the ethical software providers. Not only that but that
their "innovation" of breaking the HTTPS protocol, may force other
vendors to go down the same path as the "consumers" are too lazy or
uninformed to understand what it happening.

If society does nothing about this case of a multinational leveraging people 
against people's bad behavior (or poor choices - as Ronald said: use a
different browser) this will eventually affect us all. 

On Thu, 14 Mar 2019 09:53:47 +0100
Esa Laitinen  wrote:

> On Thu, Mar 14, 2019 at 6:05 AM ac  wrote:
> 
> > HTTPS protocol, by design, is secure and private.
> >
> > The average consumer expects this to be true.
> >
> > Google had to actually go and change, in an "under cover" way, the
> > entire way and method that HTTPS works. This "change" is being sold
> > as a "good thing" to poor people and/or people with low bandwidth
> > and that Google is doing a "good thing" by making this change.
> >  
> 
> Dear Andre
> 
> The URLs you're accessing are also available for
> 
> - your ISP
> - your VPN provider (unless you've rolled your own)
> and some information is also potentially stored by
> - your DNS provider
> 
> And Opera browser has been doing similar things when you've enabled
> the bandwidth savings.
> 
> or am I missing something?
> 
> OK. I'm ignoring here that this particular thingi is using MITM
> methods to do the optimization, which is for me a bit more worrying
> than google having access to the URLs I browse. They have them mostly
> anyway.
> 
> But, it is a choice a user makes, it is not forced upon them.
> 
> 
> Yours,
> 
> esa
> 
> 
>

Re: [anti-abuse-wg] Google Privacy Abuse

2019-03-15 Thread Fi Shing

"it is not forced upon them."If the user doesn't ask for it, it is forced upon them.How many users ask for it, by the way?

 Original Message 
Subject: Re: [anti-abuse-wg] Google Privacy Abuse
From: Esa Laitinen 
Date: Thu, March 14, 2019 7:53 pm
To: ac 
Cc: anti-abuse-wg@ripe.net

On Thu, Mar 14, 2019 at 6:05 AM ac  wrote:HTTPS protocol, by design, is secure and private.   The average consumer expects this to be true.  Google had to actually go and change, in an "under cover" way, the entire way and method that HTTPS works. This "change" is being sold as a "good thing" to poor people and/or people with low bandwidth and that Google is doing a "good thing" by making this change.Dear AndreThe URLs you're accessing are also available for - your ISP- your VPN provider (unless you've rolled your own)and some information is also potentially stored by- your DNS providerAnd Opera browser has been doing similar things when you've enabled the bandwidth savings.or am I missing something?OK. I'm ignoring here that this particular thingi is using MITM methods to do the optimization, which is for me a bit more worrying than google having access to the URLs I browse. They have them mostly anyway.But, it is a choice a user makes, it is not forced upon them.Yours,esa -- Skype: reunaesaYahoo: reunaesaMobile: +4178 838 57 77

Re: [anti-abuse-wg] Verification of abuse contact addresses ?

2019-03-11 Thread Fi Shing

Why can't it be both?12.5% annual fee incurred daily, to a maximum of 7 days, with resources being decommissioned if the abuse contact is not updated within that time.

 Original Message 
Subject: Re: [anti-abuse-wg] Verification of abuse contact addresses ?
From: "Ronald F. Guilmette" 
Date: Mon, March 11, 2019 12:26 pm
To: anti-abuse-wg@ripe.net

In message <9793c47c-2c44-47e3-033a-1d60ca4d3...@time-travellers.org>, 
Shane Kerr  wrote:

>As far as I know there is nothing in any policy about decommissioning 
>resources. (I'm not even sure what that would mean in practice...)
>
>I don't think that such a proposal would get consensus in the RIPE 
>community, but I am often wrong so if you want this then please submit a 
>policy proposal. The RIPE NCC staff, the working group chairs, or some 
>friendly community member can help you with this.

It might be interesting to float a proposal to tack on a small extra
annual registration fee... say, another 12.5% or something... applicable
to all respouces for which corrections to the contact info have not been
made.

I agree that it would be politically problematic to outright kill someone's
allocations, but making it just a little painful (if they are screwing up)
might be helpful and productive.

Regards,
rfg

Re: [anti-abuse-wg] Verification of abuse contact addresses ?

2019-03-08 Thread Fi Shing

But Marco's response mentions to *correcting* the contact addresses, not just verifying them. That involves working with human beings, so it makes sense that it will take a while.No it doesn't - that was the whole point of the "change" in the first place, that it was to reduce the amount of verification needed to be done by RIPE. There is a simple automated way to verify the entries - click a link, enter a CAPTCHA, or your resources are decommissioned within 24 hours.How much crime can be committed in the months it has taken (and continues to take)?

 Original Message 
Subject: Re: [anti-abuse-wg] Verification of abuse contact addresses ?
From: Shane Kerr <sh...@time-travellers.org>
Date: Fri, March 08, 2019 9:40 pm
To: anti-abuse-wg@ripe.net

Fi Shing,

I'm sure verifying the delivery of 70k e-mails (or however many is in 
the database) can be done in a few hours.

But Marco's response mentions to *correcting* the contact addresses, not 
just verifying them. That involves working with human beings, so it 
makes sense that it will take a while.

Cheers,

--
Shane

On 08/03/2019 11.07, Fi Shing wrote:
> If it takes more than a week to verify your entire database, there is 
> the first sign that something is wrong with your system.
> 
> 
>  Original Message 
> Subject: Re: [anti-abuse-wg] Verification of abuse contact addresses ?
> From: Marco Schmidt <mschm...@ripe.net ><mailto:mschm...@ripe.net>>
> Date: Thu, March 07, 2019 10:03 pm
> To: "Ronald F. Guilmette" <r...@tristatelogic.com
> <mailto:r...@tristatelogic.com>>,
> anti-abuse-wg@ripe.net <mailto:anti-abuse-wg@ripe.net>
> 
> Hello Ronald,
> 
> We are planning to publish an updated timeline soon.
> 
> Ultimately, our implementation will depend of the level of cooperation
> we get from LIRs and the nature of issues that need to be fixed before
> an abuse contact can be updated (for example, some organisations may
> need to reset their maintainer password).
> 
> Over the next few weeks we will be analysing our progress, to make a
> realistic estimation. From observations so far, we think we might be
> able to finish our initial validation of all abuse contacts within six
> months - but it is still too early to make any strong predictions.
> 
> Kind regards,
> Marco Schmidt
> RIPE NCC
> 
> 
> On 05/03/2019 21:51, Ronald F. Guilmette wrote:
> > In message <9c95c110-d5a3-e94a-6b3c-b02030736...@ripe.net
> <mailto:9c95c110-d5a3-e94a-6b3c-b02030736...@ripe.net>>,
> > Marco Schmidt <mschm...@ripe.net ><mailto:mschm...@ripe.net>> wrote:
> >
> >> It is correct that the implementation phase is still ongoing. Currently
> >> we are validating all the abuse contact information referenced in LIR
> >> organisation objects. Then we will proceed with the validation of abuse
> >> contacts referenced in LIR resource objects - the example that you
> >> mentioned belongs to this group. And finally all abuse contacts
> >> referenced in End User (sponsored) objects will be validated.
> > Thanks for the info Marco.
> >
> > I guess the only question I would ask is this:  Is there a published
> > timeline for how this whole process is planned to play out, and for
> > when it is planned to be completed?
> >
> >
> > Regards,
> > rfg
> >
> 
>

Re: [anti-abuse-wg] Verification of abuse contact addresses ?

2019-03-08 Thread Fi Shing

If it takes more than a week to verify your entire database, there is the first sign that something is wrong with your system.

 Original Message 
Subject: Re: [anti-abuse-wg] Verification of abuse contact addresses ?
From: Marco Schmidt 
Date: Thu, March 07, 2019 10:03 pm
To: "Ronald F. Guilmette" ,
anti-abuse-wg@ripe.net

Hello Ronald,

We are planning to publish an updated timeline soon.

Ultimately, our implementation will depend of the level of cooperation 
we get from LIRs and the nature of issues that need to be fixed before 
an abuse contact can be updated (for example, some organisations may 
need to reset their maintainer password).

Over the next few weeks we will be analysing our progress, to make a 
realistic estimation. From observations so far, we think we might be 
able to finish our initial validation of all abuse contacts within six 
months - but it is still too early to make any strong predictions.

Kind regards,
Marco Schmidt
RIPE NCC

On 05/03/2019 21:51, Ronald F. Guilmette wrote:
> In message <9c95c110-d5a3-e94a-6b3c-b02030736...@ripe.net>,
> Marco Schmidt  wrote:
>
>> It is correct that the implementation phase is still ongoing. Currently
>> we are validating all the abuse contact information referenced in LIR
>> organisation objects. Then we will proceed with the validation of abuse
>> contacts referenced in LIR resource objects - the example that you
>> mentioned belongs to this group. And finally all abuse contacts
>> referenced in End User (sponsored) objects will be validated.
> Thanks for the info Marco.
>
> I guess the only question I would ask is this:  Is there a published
> timeline for how this whole process is planned to play out, and for
> when it is planned to be completed?
>
>
> Regards,
> rfg
>

Re: [anti-abuse-wg] Verification_of_abuse_contact_addresse s ?

2019-03-05 Thread Fi Shing

from what I was reading on here, all they do is check if a mail server exists. So if i list my abuse contact email as your email address, their system would regard that as being correct, simply because the email address exists.

 Original Message 
Subject: Re: [anti-abuse-wg]  Verification_of_abuse_contact_addresse s ?
From: "Ronald F. Guilmette" <r...@tristatelogic.com>
Date: Wed, March 06, 2019 7:47 am
To: anti-abuse-wg@ripe.net

In message <20190305042821.af7f9f79718891d8e76b551cf73e1563.4d026bdf0f@email19.godaddy.com>, 
"Fi Shing" <phish...@storey.xxx> wrote:

>  Yes, the verification mechanism they chose to implement was a flop,
>   with no input required from address owners.

So, um, nobody even checked for undeliverable bounces??

Facinating.

Re: [anti-abuse-wg] Verification of abuse contact addresses ?

2019-03-05 Thread Fi Shing

Yes, the verification mechanism they chose to implement was a flop, with no input required from address owners.In reality, it should be "verify your email address by clicking this link once a week or your resources are decommissioned within 24 hours" but alas, that would make too much sense.abuse.net lists these contacts for mesh digital:ab...@meshdigital.com (for meshdigital.com)n...@meshdigital.com (for meshdigital.com)r...@netsumo.com (for meshdigital.com)

 Original Message 
Subject: [anti-abuse-wg] Verification of abuse contact addresses ?
From: "Ronald F. Guilmette" 
Date: Tue, March 05, 2019 8:55 am
To: anti-abuse-wg@ripe.net

Sorry folks, when this topic was discussed, I confess that I wasn't
really paying much attention.  So now I am forced to ask:  Was someone
going to verify the abuse contact addresses listed in the RIPE WHOIS
data base?

If so, how is that project coming along?

I'll tell you why I ask.  It's quite simple really.  Some jerk, probably
Mexican, just sent me a spam wherein he was advertising for sale his
list of 18 million "business" email addreses.  (I can't quite tell if
those are all supposed to be specifically Mexican email addrses or what...
because the spam was written in Spanish, and I don't speak Spanish.)

https://pastebin.com/raw/dT11krpN

Note that the specific email address of mine that was spammed was one that
I only used in ancient times, and only in conjunction with my activities
on one specific web site.  (It obviously leaked somehow.)

The envelope sender address was forged to be my own.

The source IP was 109.68.33.19 as you can see.  So naturally, I performed
a RIPE WHOIS query on that IP address and the results I got back indicated
that the contact email address for spam reports was .
So I emailed off a report to that address.

Of course, it bounced back to me immediately as undeliverable.

This causes me to suspect that either (a) that stuff that I thought that
I has seen previously about a project to verify abuse addresses was all
just a bunch of malarkey, or else (b) that project is still unfinished
and perhaps not going all that well.

Could someone please enlighten me and tell me which possibility actually
applies?

Regards,
rfg

P.s.   It is annoying enough to have to lookup who the bleep should
receive a report about spamming from their network _and_ to have to
even write such reports, when 9 time sout of ten, the sending network
could have easly prevented the spam from even going out.  It is just
adding insult to injury when the bloody "official" abuse reporting
address doesn't even actually exist.

And of course, neither meshdigital.com nor meshdigital.net even have
functioning web sites.

Apparently this is all the work of some dolts at a company called heg.com,
in Germany.  Do any of you happen to know any of the clueless nitwits
who work there?  If so, maybe you could put me in direct touch so that
I could personally apply a much needed clue-by-four.

Re: [anti-abuse-wg] AS24961 myLoc managed IT AG, uadns.com, ledl.net, and non-disclosing registries

Re: [anti-abuse-wg] Reporting abuse to OVH -- don't bother

[anti-abuse-wg] AS48666 MAROSNET

Re: [anti-abuse-wg] Periodic Reminder: List Conduct

Re: [anti-abuse-wg] Periodic Reminder: List Conduct

Re: [anti-abuse-wg] Periodic Reminder: List Conduct

Re: [anti-abuse-wg] @EXT: RE: working in new version of 2019-04 (Validation of "abuse-mailbox")

Re: [anti-abuse-wg] working in new version of 2019-04 (Validation of "abuse-mailbox")

Re: [anti-abuse-wg] working in new version of 2019-04 (Validation of "abuse-mailbox")

Re: [anti-abuse-wg] working in new version of 2019-04 (Validation of "abuse-mailbox")

Re: [anti-abuse-wg] working in new version of 2019-04 (Validation of "abuse-mailbox")

Re: [anti-abuse-wg] working in new version of 2019-04 (Validation of "abuse-mailbox")

Re: [anti-abuse-wg] working in new version of 2019-04 (Validation of "abuse-mailbox")

Re: [anti-abuse-wg] [routing-wg] 2019-08 New Policy Proposal (RPKI ROAs for Unallocated and Unassigned RIPE NCC Address Space) to be discussed on Routing Working Group Mailing List

Re: [anti-abuse-wg] Massive prefix theft in AFRINIC - attributed to an insider

Re: [anti-abuse-wg] Orange contact wanted

Re: [anti-abuse-wg] 2019-03 Policy Proposal Withdrawn (Resource Hijacking is a RIPE Policy Violation)

Re: [anti-abuse-wg] [Misc] Research project on blacklists

Re: [anti-abuse-wg] 2019-04 New Policy Proposal (Validation of "abuse-mailbox")

Re: [anti-abuse-wg] 2019-04 New Policy Proposal (Validation of "abuse-mailbox")

Re: [anti-abuse-wg] Off-List Responses

Re: [anti-abuse-wg] 2019-04 New Policy Proposal (Validation of "abuse-mailbox")

Re: [anti-abuse-wg] Email Spam & Spam Abuse Definitions

Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)

Re: [anti-abuse-wg] telia.lt: Ignoring abuse complaints (?)

Re: [anti-abuse-wg] I support 2019-03

Re: [anti-abuse-wg] Webzilla

Re: [anti-abuse-wg] Google Privacy Abuse

Re: [anti-abuse-wg] Google Privacy Abuse

Re: [anti-abuse-wg] Google Privacy Abuse

Re: [anti-abuse-wg] Verification of abuse contact addresses ?

Re: [anti-abuse-wg] Verification of abuse contact addresses ?

Re: [anti-abuse-wg] Verification of abuse contact addresses ?

Re: [anti-abuse-wg] Verification_of_abuse_contact_addresse s ?

Re: [anti-abuse-wg] Verification of abuse contact addresses ?

35 matches

Site Navigation

Mail list logo

Footer information