actionable
coming up.
--srs
From: Nick Hilliard
Sent: Tuesday, May 14, 2024 2:26:35 PM
To: Serge Droz
Cc: Michele Neylon - Blacknight ; Suresh
Ramasubramanian ; anti-abuse-wg@ripe.net
Subject: Re: [anti-abuse-wg] Seeking Input on the Future of the Anti-Abuse
Working
RIPE NCC doesn’t really need member input or consensus to change a lot of this.
Certainly not in tightening or enforcing due diligence procedures rather than
charging 50 euro an ASN
—srs
From: anti-abuse-wg on behalf of Serge Droz
via anti-abuse-wg
Sent:
Of course. Without serge’s point 5 though, I doubt whether the rechartering
will have very much use or effect.
--srs
From: anti-abuse-wg on behalf of Nick Hilliard
Sent: Friday, May 10, 2024 5:27:44 PM
To: Serge Droz
Cc: anti-abuse-wg@ripe.net
Subject: Re:
And includes much more due diligence in IP allocation and membership
procedures, hopefully
--srs
From: anti-abuse-wg on behalf of Serge Droz
via anti-abuse-wg
Sent: Friday, May 10, 2024 11:51:13 AM
To: anti-abuse-wg@ripe.net
Subject: Re: [anti-abuse-wg]
I still wonder what those /14s were assigned for back in the day
Checks out tax etc wise is a very easy thing to do with a shell company
registered in a business friendly jurisdiction.
From: anti-abuse-wg on behalf of Natale Maria
Bianchi
Date: Friday, 12 April 2024 at 8:39 PM
To:
organisation: ORG-NL608-RIPE
org-name: Next Limited
country:HK
address:Rm 1405, 135 Bonham Strand Trade Centre, 135 Bonham Strand
address:HK
address:Sheung Wan
address:HONG KONG
phone: +44 20 8159 8328
admin-c:NEX7-RIPE
I was expecting something like this for a long, long time, to be honest. What
you now have is something created for want of that mythical beast, the internet
police, which nobody ever seems to be.
--srs
From: anti-abuse-wg on behalf of Alex de Joode
Sent:
LEA especially the computer crime part of LEA has been dealing with RIRs for
some decades now?
The specifics of this case would be interesting.
--srs
From: anti-abuse-wg on behalf of Michele
Neylon - Blacknight via anti-abuse-wg
Sent: Wednesday, April 10,
There really isn’t much possible regardless of the rechartering.
There is one section of wg members opposed to taking action of almost any sort
that is proposed by members of another section of the wg members.
Tinkering with who the chairs are or what the charter is will not have any
effect on
; Suresh Ramasubramanian
; Anti-abuse Wg
Subject: Re: [anti-abuse-wg] Bulletproof servers causing mischief on the
internet
Hi,
On Fri, Jan 19, 2024 at 08:38:27AM +, Carlos Friaças wrote:
> Please check this WG's minutes at RIPE77 (October 2018):
> https://www.ripe.net/community/wg/active-w
Over a decade ago, a friend (then working at a large national telecom
regulator) told me that industry self regulation works best, and that if the
government was forced to step in and regulate, neither industry nor government
would be happy with the results. Looks like that saying seems to be
So we repeat the entire exercise with v6 or Jim fleming’s ipv9 if and when that
comes out? Right
--srs
From: anti-abuse-wg on behalf of Tomás Leite
de Castro via anti-abuse-wg
Sent: Thursday, January 18, 2024 8:51:29 PM
To: anti-abuse-wg@ripe.net
Subject: Re:
If the database is filled with nonsensical information that anyone can hand in
and get themselves a large netblock there isn’t much point to the entire
exercise.
Much as if a bank manager were to accept any random paperwork and hand over
loans – which is what RIPE is doing with IP space that
Reminds me of this past situation from 2008
https://circleid.com/posts/hk_the_most_unsafe_domains
From: anti-abuse-wg on behalf of Serge Droz
via anti-abuse-wg
Date: Sunday, 3 December 2023 at 4:26 PM
To: anti-abuse-wg@ripe.net
Subject: Re: [anti-abuse-wg] Abuse Report ignored. What to do as
I seem to remember an OPTA.nl proposal from 2011 or so which was remarkably
cogent. I can’t find it right now.
As my (partial) email archives from that period contain threads about ignored
abuse reports and netblocks with entirely bogus contact information (eg the
address is an empty lot and
Might as well wind this WG up. I have been on it for years and don’t see much
progress at all.
As for “I don’t know what is consensus” – if someone can tell me just how
consensus according to your definitions was achieved by having various RIPE
regulars just happen to be in the room during an
I would never say you didn’t handle abuse reports. The question is whether that
applies to each and every member in the ripe region.
Even if a fraction of a percent of members or LIRs are affected by such a
policy .. that is like saying there mustn’t be any speed limit because you are
a
As long as you publish it
--srs
From: anti-abuse-wg on behalf of Leo Vegoda
Sent: Thursday, November 30, 2023 6:08:59 PM
To: Alessandro Vesely
Cc: anti-abuse-wg@ripe.net
Subject: Re: [anti-abuse-wg] Abuse Report ignored. What to do as next?
On Thu, 30 Nov
PM
To: Suresh Ramasubramanian ; Leo Vegoda
Cc: anti-abuse-wg@ripe.net
Subject: Re: [anti-abuse-wg] Abuse Report ignored. What to do as next?
I have already noted that I have no objections to a proposal solely to verify
abuse mailbox functionality, but that we should be careful adding anything
From: anti-abuse-wg on behalf of Matthias
Merkel
Sent: Thursday, November 30, 2023 3:24:02 PM
To: Leo Vegoda ; Suresh Ramasubramanian
Cc: anti-abuse-wg@ripe.net
Subject: Re: [anti-abuse-wg] Abuse Report ignored. What to do as next?
Of course, this is not how consensus works.
I also think you're
A good friend who is a former regulator told me exactly this. I’ll share that
bottle with you, Serge :)
--srs
From: anti-abuse-wg on behalf of Serge Droz
via anti-abuse-wg
Sent: Thursday, November 30, 2023 3:20:29 PM
To: anti-abuse-wg@ripe.net
Subject: Re:
The funny part is that the abuse teams of the very same companies will be out
there in other conferences working earnestly and well on best practices. If
they were to turn up at a ripe meeting and provide consensus ..
And before you accuse me of packing the room to generate artificial
This would be a welcome move. A graded and transparent set of enforcement
mechanisms is a good thing to have.
—srs
From: anti-abuse-wg on behalf of
jordi.palet--- via anti-abuse-wg
Sent: Wednesday, November 29, 2023 3:59:36 PM
To: anti-abuse-wg@ripe.net
Yes this simply adds to paperwork and extra coding. It should be relatively
trivial with an abuse report / IR oriented ticketing system to separate out
genuine DDoS from random desktop firewall complaints about port scans from spam
reports from all the outright spam that directly reaches such
Creative forgery engaged in by fraudulent resource holders is good, it lets
people use that forgery first as an indication of badness and second as a way
to search for more of the same.
Hiding it would be counter productive to the extreme especially as we may not
be able to trust the LIR in at
This is correct but additionally, I don’t see how adding a separate security
contact resolves the problem of outdated or misdirected (as in, not from your
network) compromise incident reports.
You don’t have to break into your customers offices to patch their machines.
You can just as well acl
This tirade about Ronald is if anything, quite overblown
Various csirt reps for example, and Richard Clayton, have raised valid concerns
with your proposal.
It is still quite likely to pass, like many such proposals in the past, because
of the old boy network that passes for rough consensus
Database
On Mon, 6 Jun 2022 at 19:27, Richard Clayton wrote:
>
> In message jgzda...@mail.gmail.com>, denis walker writes
>
> >On Mon, 6 Jun 2022 at 17:57, Suresh Ramasubramanian
> >wrote:
> >>
> >> Always a useful thing to do if you want to block all
Always a useful thing to do if you want to block all resources held by a single
actor or set of actors.
--srs
Denis walker
you attempt some kind of heuristics with the free text search in the database
to match up resources with the same address.
--
To
Yes and when private parties asking about whois get told “we are not the
internet police”, that is the ripe community’s very own “not in my backyard”
--srs
From: anti-abuse-wg on behalf of Richard
Clayton
Sent: Monday, June 6, 2022 7:45:03 PM
To:
, 2022 3:43:13 PM
To: Suresh Ramasubramanian
Cc: denis walker ; anti-abuse-wg
Subject: Re: [anti-abuse-wg] personal data in the RIPE Database
On Sun, 5 Jun 2022, Suresh Ramasubramanian wrote:
> Good points here. There are no shortage of bad actors who will be happy to
> register a ne
Good points here. There are no shortage of bad actors who will be happy to
register a netblock as a private individual if this means their data is
obfuscated (and in whois, even forged / fake data is quite useful as part of a
consistent pattern).
There have even been bogus LIRs - it used to be
RIPE has so far firmly been in the “we are not the Internet police” category
and I don’t see that changing.
Not sure what happened here without any further context.
--srs
From: anti-abuse-wg on behalf of Jeremy
Malcolm
Sent: Wednesday, September 29, 2021
Ask them, you’d be surprised.
From: anti-abuse-wg on behalf of Michele
Neylon - Blacknight via anti-abuse-wg
Date: Thursday, 20 May 2021 at 4:29 PM
To: Laura Atkins
Cc: anti-abuse-wg@ripe.net
Subject: Re: [anti-abuse-wg] Input request for system on how to approach abuse
filtering on Route
May I suggest that you add as many more blocklists as you can (RBL is a
specific blocklist founded by MAPS and now acquired by Trend Micro so that term
isn’t used in the industry), as long as they are well maintained and conform to
best practices.
Thanks
--srs
From: anti-abuse-wg on behalf
Since you brought up m3aawg I will note that it does have a best current
practice for block lists which specifically declares that asking for payment
for removal is not acceptable
RIPE should consider only listing block lists that are managed according to
accepted best practices
As far as I can see that is probably an artefact of an overly helpful customer
service person trying to troubleshoot mail delivery for you
--srs
From: Kristijonas Lukas Bukauskas
Sent: Thursday, March 4, 2021 5:47:38 AM
To: Suresh Ramasubramanian
Cc
Do you see email providers of significant size using it?
--srs
From: anti-abuse-wg on behalf of Christian
Teuschel
Sent: Wednesday, March 3, 2021 9:57:50 PM
To: anti-abuse-wg@ripe.net
Subject: Re: [anti-abuse-wg] UCEPROTECT DNSBL possibly abusive practice and
True. If you’re listing only two BLs - one reputable and the other UCEPROTECT..
there are many other public block lists, ok fewer than there were in the 2000s
but still ..
--srs
From: anti-abuse-wg on behalf of Nuno Vieira
via anti-abuse-wg
Sent: Wednesday,
This is a standard problem with even Google
Domain name(s) registered on Google Registrar
Spam from google apps mail
Domains hosted on a google cloud IP
Redirect hosted on google firebase
Report to google safe browsing
Feed URLs to virus total - also owned by Google
Suppose you have a phish
Depends on the provider you work for and what services they provide. Randy is
(I think) still with NTT rather than a cloud service, vps operator type shop,
so a lot of your questions aren’t going to apply to his environment.
--srs
From: anti-abuse-wg on behalf
They shot themselves in the foot.
The email was sent to ab...@vodafone.cz
It apparently forwards on to spa...@vf.dkm.cz and this forwarding breaks SPF,
and domains with strict -all SPF records like RFG's tristatelogic.com will fail
SPF validation.
I guess it is an interesting way to cut down
I know him and trust him enough to have workable proposals. So, thank you very
much for your opinion but I’m afraid I fail to share it.
From: Elad Cohen
Date: Wednesday, 2 December 2020 at 8:38 PM
To: Suresh Ramasubramanian , Michele Neylon - Blacknight
, IP Abuse Research , Serge
Droz
Cc
Please feel free to come up with workable proposals then
At leat that way the conversation stays operational
From: Michele Neylon - Blacknight
Date: Wednesday, 2 December 2020 at 8:14 PM
To: Suresh Ramasubramanian , IP Abuse Research
, Serge Droz
Cc: "anti-abuse-wg@ripe.net"
S
Probably through regulation as you say. If ripe doesn’t want to be the Internet
police they’ll suddenly find that there actually is such a thing created and
with oversight over them, sooner or later. Nobody is going to like the result
if that happens, neither the government nor ripe nor its
a way that
did not make it clear where they stood on the proposal:
Job Snijders, Elad Cohen, Alistair Mackenzie, Suresh Ramasubramanian,
Hans-Martin Mosner, Shane Kerr, Sascha Luck, Arash Naderpur, Richard Clayton,
Alessandro Vesely, Randy Bush
The Review Phase of the proposal lasted from 20 Jul
.
I keep getting the sense of a long running old closed club where anything above
packet pushing and dns aren’t quite operational and just barely tolerated /
mostly ignored for the most part.
--srs
From: Rob Evans
Date: Tuesday, 12 May 2020 at 12:21 AM
To: Suresh Ramasubramanian
Cc: Sascha
and networking
people face from having resources taken away for originating such traffic.
From: Gert Doering
Date: Monday, 11 May 2020 at 11:12 PM
To: Suresh Ramasubramanian
Cc: Sascha Luck [ml] , anti-abuse-wg@ripe.net
Subject: Re: [anti-abuse-wg] 2019-04 Discussion Phase (Validation of
"
want to go and filter spam for example.
From: anti-abuse-wg
Date: Monday, 11 May 2020 at 10:48 PM
To: anti-abuse-wg@ripe.net
Subject: Re: [anti-abuse-wg] 2019-04 Discussion Phase (Validation of
"abuse-mailbox")
On Sat, May 09, 2020 at 11:56:58AM +0000, Suresh Ramasubramanian wrote:
>In
Weird. Forwarding a (redacted) offlist email that pointed out that the archive
URL I’d posted – which was dug out of my mailbox – is missing from the aawg
archive, along with the rest of the email from Jan 2011.
From: Suresh Ramasubramanian
Date: Monday, 11 May 2020 at 9:04 PM
That was from
://voices.washingtonpost.com/securityfix/2008/10/spam_volumes_plummet_after_atr.html
From: Nick Hilliard
Date: Monday, 11 May 2020 at 8:15 PM
To: Suresh Ramasubramanian
Cc: anti-abuse-wg@ripe.net
Subject: Re: [anti-abuse-wg] About "consensus" and "voting"...
Suresh Ramasubram
What Randy said applies in spades to the original strong community that the
Internet used to be.
Today and over the past several years we have -
1. Organisations evolving into or being taken over by corporations who are more
concerned with profit (keeping a bad customer despite pressure to the
session introduced agenda item to boot Richard Cox from his
co chair role was one such example.
--srs
From: Nick Hilliard
Sent: Sunday, May 10, 2020 12:09:08 AM
To: Suresh Ramasubramanian
Cc: anti-abuse-wg@ripe.net
Subject: Re: [anti-abuse-wg] About "cons
The problem is that many of the people objecting - I won’t say all, I know many
of you over the years - are not from a security, or more properly an abuse and
policy enforcement background.
Almost all of it is layer 9
--srs
From: anti-abuse-wg on behalf of
at 6:10 PM
To: Suresh Ramasubramanian
Cc: Gert Doering , anti-abuse-wg@ripe.net
Subject: About "consensus" and "voting"...
Hi Suresh, Gert, All,
"member organizations represented by" -- this only happens at the RIPE NCC
GM, twice a year.
The PDP doesn't happen at t
Doering
Date: Saturday, 9 May 2020 at 3:57 PM
To: Suresh Ramasubramanian
Cc: Randy Bush , Nick Hilliard ,
anti-abuse-wg@ripe.net
Subject: Re: [anti-abuse-wg] 2019-04 Discussion Phase (Validation of
"abuse-mailbox")
Hi,
On Sat, May 09, 2020 at 01:12:32AM +0000, Suresh Ramasubramanian wr
Has this even been put to a vote or is it the same group of extremely vocal
RIPE regulars against it and the same group of extremely vocal security types
for it? Rough consensus has its limitations in such cases.
From: anti-abuse-wg
Date: Saturday, 9 May 2020 at 4:22 AM
To: Nick Hilliard
As long as the ASNs that are not maintaining an abuse address are published
along with the no complaints list, I personally have no complaints.
From: anti-abuse-wg
Date: Monday, 4 May 2020 at 3:59 PM
To: anti-abuse-wg@ripe.net
Subject: Re: [anti-abuse-wg] 2019-04 Discussion Phase (Validation
Vernon Schryver’s FUSSP is still relevant since what, 2000 or so?
--srs
From: anti-abuse-wg on behalf of Richard
Clayton
Sent: Friday, May 1, 2020 6:28:42 AM
To: anti-abuse-wg@ripe.net
Subject: Re: [anti-abuse-wg] 2019-04 Discussion Phase (Validation of
: Thursday, April 30, 2020 7:58:14 PM
To: Suresh Ramasubramanian
Cc: Sascha Luck [ml] ; anti-abuse-wg@ripe.net
Subject: Re: [anti-abuse-wg] 2019-04 Discussion Phase (Validation of
"abuse-mailbox")
Suresh Ramasubramanian wrote on 30/04/2020 14:07:
> What would get discussed in an
PM
To: anti-abuse-wg@ripe.net
Subject: Re: [anti-abuse-wg] 2019-04 Discussion Phase (Validation of
"abuse-mailbox")
On Thu, Apr 30, 2020 at 12:42:09PM +0000, Suresh Ramasubramanian wrote:
>RIPE NCC need not decide whether a behaviour is legal or not in order to
>prohibit
To: Suresh Ramasubramanian
Cc: anti-abuse-wg@ripe.net
Subject: Re: [anti-abuse-wg] 2019-04 Discussion Phase (Validation of
"abuse-mailbox")
Suresh Ramasubramanian wrote on 30/04/2020 01:58:
> Why would I ask about something I am posting as an individual in my
> personal capacity?
this are probably voices in the wilderness
at this point.
—srs
--srs
From: Nick Hilliard
Sent: Thursday, April 30, 2020 2:16:34 AM
To: Suresh Ramasubramanian
Cc: Serge Droz ; anti-abuse-wg@ripe.net
Subject: Re: [anti-abuse-wg] 2019-04 Discussion Phase
ility to conduct business, there would need to be sound
> legal justification for doing so.
>
> Nick
>
--
Suresh Ramasubramanian (ops.li...@gmail.com)
The email he sent has been positively presidential in style I must say. For a
specific value of president of course.
--srs
From: anti-abuse-wg on behalf of Töma
Gavrichenkov
Sent: Saturday, April 18, 2020 12:02:58 PM
To: anti-abuse-wg@ripe.net
Subject: Re:
If they were all kids in their mommies basements instead of part of an
organised crime underground as often as not ..
--srs
From: anti-abuse-wg on behalf of Javier Martín
Sent: Friday, April 17, 2020 2:39:05 PM
To: Marcolla, Sara Veronica ; Maxi
; JORDI PALET
The we are not the internet police crowd for instance
And the amazing number of ripe luminiaries, wg chairs etc that just happened to
be in the room for an AOB session during a previous wg with the intention of
voting Richard Cox out of his co chair position.
There just doesn’t seem to be any
Not you either. There are many others vocally arguing for complete inaction.
—srs
From: Gert Doering
Sent: Friday, January 17, 2020 1:34 PM
To: Suresh Ramasubramanian
Cc: Randy Bush; anti-abuse-wg@ripe.net
Subject: Re: [anti-abuse-wg] @EXT: RE: working in new
From: anti-abuse-wg on behalf of Randy Bush
Sent: Friday, January 17, 2020 5:21 AM
To: Suresh Ramasubramanian
Cc: anti-abuse-wg@ripe.net
Subject: Re: [anti-abuse-wg] @EXT: RE: working in new version of 2019-04
(Validation of "abuse-mailbox")
> Itʼd be intere
It’d be interesting to take individual names of the people most vocal in their
objections and feed them through LinkedIn - that assumption you made about
dealing with spam would soon be tested.
--srs
From: anti-abuse-wg on behalf of Randy Bush
Sent:
abused customer and a malicious actor, that is a judgement call that every
large provider abuse team has had to face so far
--srs
From: anti-abuse-wg on behalf of Randy Bush
Sent: Thursday, January 16, 2020 9:38 PM
To: Suresh Ramasubramanian
Cc: anti-abuse-wg
Is Dutch law really the inhibitor here? Or the possibilities that Richard
outlined?
I seem to recall previous opta nl proposals that took a sensible view of
network abuse, some years back
--srs
From: anti-abuse-wg on behalf of Brian Nisbet
Sent: Wednesday,
Applause.
--srs
From: anti-abuse-wg on behalf of Richard
Clayton
Sent: Wednesday, January 15, 2020 8:32 PM
To: anti-abuse-wg@ripe.net
Subject: Re: [anti-abuse-wg] working in new version of 2019-04 (Validation of
"abuse-mailbox")
In message
I am not a member. However, the increase in such incidents and the risk of
regulators or lawsuits occurring mean that RIPE NCC does need to perform more
due diligence than would be consistent with a “we are not the internet police”
position.
It is in their own members’ interest that they’re
Ruediger has a nice full list of all the other ways a prefix can be
mis-announced or route leaked. Typos, incompetence in setting up load
balancers, so on and forth. However, the number of these that are malicious
and that’d be of interest to the AAWG, is much smaller, wouldn’t you say?
I can only commend LACNIC for doing the right thing and serving as a clearing
house for such community outreach.
Route hijacks that cause major operational impact are certainly something that
impacts the community as a whole, and while this is resolvable by operators,
quite often finding the
Congratulations, Ron Guilmette. You’ve been doing this for years and this is
your biggest success yet.
https://mybroadband.co.za/news/internet/330379-how-internet-resources-worth-r800-million-were-stolen-and-sold-on-the-black-market.html
tl;dr - The insider is apparently Ernest Byaruhanga,
Vicarious liability / criminal negligence is also a thing in several
jurisdictions so “let us do nothing and we won’t be liable” doesn’t always work.
--srs
From: Nuno Vieira
Sent: Tuesday, September 10, 2019 5:11 PM
To: Suresh Ramasubramanian
Cc: Sérgio Rocha
You are right. I have very little hope of anything concrete coming out of this
process, however.
On 10/09/19, 4:04 PM, "anti-abuse-wg on behalf of Sérgio Rocha"
wrote:
Hi,
I agree with Carlos. It is better to have an imperfect policy than not to
have any policy and watch these
Hijacked route announcements can be carefully targeted to just a victim AS for
any attack.
If that victim AS holder complains to their national CERT the language here
precludes the CERT from reporting into RIPE.
That is a technicality as I can't imagine RIPE would refuse reports from a
oal of attacking 3rd parties (or
"framing" 3rd parties) is still a very evil form of internet abuse
that is not really discussed or talked about much?
Andre
On Sat, 01 Jun 2019 14:27:13 +0530
Suresh Ramasubramanian wrote:
> Without looking at the othe
Without looking at the other received headers there's no way to say that this
is header forgery.
Many mail clients will HELO as whatever IP they're provisioned on, and both IPs
belong to a provider in Belarus.
So unless this header was inserted in a way that there's no continuity with the
by deploying unsuitable anti spam
measures category and have to delay accepting mail.
--srs
From: Suresh Ramasubramanian
Sent: Thursday, May 23, 2019 4:18 AM
To: Sérgio Rocha; anti-abuse-wg@ripe.net
Subject: Re: [anti-abuse-wg] 2019-04 New Policy Proposal (Validation
So I don't know about other regions not having the same needs. APNIC has
adopted this for example.
https://www.apnic.net/community/policy/proposals/prop-125
--srs
From: anti-abuse-wg on behalf of Sérgio Rocha
Sent: Wednesday, May 22, 2019 11:10 PM
To:
To: Suresh Ramasubramanian
Cc: JORDI PALET MARTINEZ; anti-abuse-wg@ripe.net
Subject: Re: [anti-abuse-wg] 2019-04 New Policy Proposal (Validation of
"abuse-mailbox")
Hi,
indeed, and this is why we should just not go there.
Gert Doering
-- NetMaster
--
have you enabled IPv6 on somet
Any abuse / acceptable use policy presupposes that while the vast majority of
your users are legitimate a non trivial percentage of them are bad actors who
need to be dealt with appropriately.
Making that call on which customer to apply which policy on is something any
abuse desk does
More a question of locus standi - how many court cases have we seen so far
where an RIR has filed a brief or an affidavit making such a point?
--srs
From: anti-abuse-wg on behalf of Töma
Gavrichenkov
Sent: Sunday, May 19, 2019 2:37 PM
To: Ronald F. Guilmette
7:33 PM
To: Suresh Ramasubramanian
Cc: Ronald F. Guilmette; anti-abuse-wg@ripe.net
Subject: Re: [anti-abuse-wg] 2019-04 New Policy Proposal (Validation of
"abuse-mailbox")
On Sat, May 18, 2019, 3:44 AM Suresh Ramasubramanian
mailto:ops.li...@gmail.com>> wrote:
If it weren't effe
A case can be made that lax "not the internet police" policies that earlier
allowed a single shady LIR to get multiple /14s and now, as per Furio, allows
serial registration of bogus LIRs to gather up IP space is actually making
abuse and security teams worldwide expend rather more man hours
If it weren't effectively property there wouldn't be firms listing large blocks
of v4 space as an asset while going out of business, and there wouldn't be
brokers specializing in acquiring and reselling this space. And yet in the RIR
paperwork this is a simple reassignment of a netblocks
From: Bengt Gördén
Sent: Friday, May 17, 2019 6:50 PM
To: Suresh Ramasubramanian
Subject: Re: [anti-abuse-wg] 2019-04 New Policy Proposal (Validation of
"abuse-mailbox")
no
--
Bengt Gördén
Resilans AB
nt: Friday, May 17, 2019 5:51 PM
To: Suresh Ramasubramanian
Subject: Re: [anti-abuse-wg] 2019-04 New Policy Proposal (Validation of
"abuse-mailbox")
top post
--
Bengt Gördén
Resilans AB
I would instead suggest that RIPE wind itself up and transfer it's operations
to ARIN or APNIC, if we are about to make broad and sweeping thought experiment
proposals
--srs
From: Gert Doering
Sent: Friday, May 17, 2019 4:37 PM
To: Suresh Ramasubramanian
Cc
I am sorry but where did I say close down all LIRs?
--srs
From: Gert Doering
Sent: Friday, May 17, 2019 4:09 PM
To: Suresh Ramasubramanian
Cc: Gert Doering; JORDI PALET MARTINEZ; Brian Nisbet; anti-abuse-wg@ripe.net
Subject: Re: [anti-abuse-wg] 2019-04 New
, May 17, 2019 3:59 PM
To: Suresh Ramasubramanian
Cc: Gert Doering; JORDI PALET MARTINEZ; Brian Nisbet; anti-abuse-wg@ripe.net
Subject: Re: [anti-abuse-wg] 2019-04 New Policy Proposal (Validation of
"abuse-mailbox")
Hi,
On Fri, May 17, 2019 at 10:24:51AM +0000, Suresh Ramasubrama
As I read the proposal cutting off bogus LIRs seems to be the goal rather than
cutting off a legitimate but careless player. There seem to be quite a few
such given the coming wg meeting has a preso on just this topic.
--srs
From: anti-abuse-wg on behalf of
But if a policy asking ripe ncc to investigate fraud and withdraw resources
were to be proposed we would again hear the "we are not the internet police"
trope :(
--srs
From: Alex de Joode
Sent: Friday, May 17, 2019 11:32 AM
To: Suresh Ramasubramania
How was ARIN able to reclaim 750k IPs showing fraud including shell company
setup then? The USA is if anything even more litigious than Europe is.
You also go to court with "clean hands", so if the invalid abuse contact is
also accompanied by a proliferation of malware etc a judge may not react
Are they is the question
For example - ARIN just reclaimed a large number of IPs from an actor that
created a large number of shell companies. http://m.slashdot.org/story/355802
--srs
From: anti-abuse-wg on behalf of Nick Hilliard
Sent: Friday, May 17,
They had a fiduciary duty not to hand out whole /14s of v4 space to snowshoe
spammers set up as eastern european LIRs not too long back
They would now as well if such duty wasn't abdicated each time
The duty doesn't magically go away of course even if it is abdicated and denied
--srs
1 - 100 of 193 matches
Mail list logo