[anti-abuse-wg] New on RIPE Labs: Botnets: As We See Them in 2017

[Vesna Manojlovic]

Dear colleagues,

As a part of his research into detecting malicious network activities, 
Alireza Vaziri is sharing his network/system engineer experiences on 
defend network's infrastructure from outages.


Please read about it in this new article on RIPE Labs:
https://labs.ripe.net/Members/alireza_vaziri/botnet

Regards,
Vesna Manojlovic
Community Builder
RIPE NCC

[anti-abuse-wg] Bringing in More Voices Was Re: Bringing Law Enforcement Into the RIPE Community

[Brian Nisbet]

Vittorio,

On 02/08/2017 11:53, Vittorio Bertola wrote:
> 
> I'm not saying that RIPE is doing anything bad or with any bad intent,
> also I didn't really mean to start a thread, but even if this precise
> discussion has been going on for a long time at ICANN and elsewhere
> about 15 years ago, and views on it really vary, it looks like RIPE
> still has to deal with it.
> 
> The point is that having an open door and saying "if you have anything
> to say, just show up" is not enough, if you really want to make balanced
> policies. Some stakeholders, like governments and business, have well
> funded employees and lobbyists that can afford showing up, while other
> stakeholders don't. In fact, the "public interest" is the hardest thing
> to keep into account, because any narrow group with specific interests
> can show up and scream to push your policies in their favour, while the
> general public has a weak interest that only becomes huge if you could
> aggregate several billion Internet users, which you can't practically
> do. So either you make active efforts to include these other points of
> view, e.g. like ICANN has been doing, or you will always risk to produce
> policies biased in favour of those few that actually can afford to show
> up, and against the general public interest.

This is hugely important and has been a recent topic of conversation in
the community.

The RIPE NCC and the Community have been working for some time to lower
barriers to entry and to actively seek out those who either don't know
how to engage or can't engage. Are we done yet? Absolutely not. But
things are always improving.

The External Relations team and the Training team in the NCC do a lot
here, as to the Board and various Community members. This work is
achieved through RIPE meetings, Regional Meetings, training, NOGs,
member lunches etc.

Policies in RIPE are driven by a number of different people and groups,
but quite often the people putting finger to keyboard don't work for big
companies, or sometimes any company at all!

The mailing list model has always been an attempt to make sure barriers
to participation are as low as possible, the RIPE Forum idea is an
attempt to open it up more.

The recently set-up Diversity TF is also looking at a number of these
questions.

So, we aren't there yet, certainly, but the work is ongoing in both a
pro-active and re-active fashion and certainly, while this thread may
not be the place for it, the WG Chairs, the RIPE Meeting PC and the NCC
would all welcome input on these matters.

Thanks,

Brian
Co-Chair RIPE AA-WG


Brian Nisbet
Network Operations Manager
HEAnet CLG, Ireland's National Education and Research Network
1st Floor, 5 George's Dock, IFSC, Dublin D01 X8N7, Ireland
+35316609040 brian.nis...@heanet.ie www.heanet.ie
Registered in Ireland, No. 275301. CRA No. 20036270

Re: [anti-abuse-wg] Bringing Law Enforcement Into the RIPE Community

[Michele Neylon - Blacknight]

Brian

I think this is a very positive move. 

LEA (and others) need to be part of the dialogue and the technical community 
need to learn how to engage with them meaningfully.

Anyone who wants to start making hyperbolic arguments about big government / 
brother / black helicopters is deluded. 

RIPE and other organisations need to work with LEA et al. That does not mean 
that anyone is bowing to their requests and if it did I wouldn’t be supportive 
of it.

Regards

Michele


--
Mr Michele Neylon
Blacknight Solutions
Hosting, Colocation & Domains
https://www.blacknight.com/
http://blacknight.blog/
Intl. +353 (0) 59  9183072
Direct Dial: +353 (0)59 9183090
Personal blog: https://michele.blog/
Some thoughts: https://ceo.hosting/ 
---
Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty
Road,Graiguecullen,Carlow,R93 X265,Ireland  Company No.: 370845 

Re: [anti-abuse-wg] Bringing Law Enforcement Into the RIPE Community

[Michele Neylon - Blacknight]

Vittorio
I think this is going way off topic, but since you started ..

Most businesses cannot afford to engage in policy with ICANN, RIPE or anywhere 
else.
A lot of people make the false assumption that somehow because they’re a 
company that they’re funding their staff to attend events and engage and that 
the said employees are given carte blanche.
That’s definitely not true.
So the arguments around supporting academics is also not really true. An 
academic could get a grant to study something, even if there’s no economic 
benefit. For a business we have to rationalise the spend.

Regards

Michele


--
Mr Michele Neylon
Blacknight Solutions
Hosting, Colocation & Domains
https://www.blacknight.com/
http://blacknight.blog/
Intl. +353 (0) 59  9183072
Direct Dial: +353 (0)59 9183090
Personal blog: https://michele.blog/
Some thoughts: https://ceo.hosting/
---
Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty
Road,Graiguecullen,Carlow,R93 X265,Ireland  Company No.: 370845

, Italy

Re: [anti-abuse-wg] Diverse interest groups (was- Bringing Law Enforcement Into the RIPE Community)

[denis]

HI Vittorio


On 02/08/2017 12:53, Vittorio Bertola wrote:




Il 2 agosto 2017 alle 12.23 denis  ha scritto:

It is not a question of 'getting heard', it is knowing you have a 
voice and where to use it. Literally anyone can join a discussion on 
a Working Group mailing list, make comments, ask questions, agree or 
disagree with other comments, propose a policy. The RIPE NCC's Policy 
Development Officer will help anyone who wants to propose a policy in 
any area of concern. It would be nice to have a wider participation 
and hear more voices in some discussions.


Neither the RIPE NCC nor the RIPE community has a list of 'targets'. 
Over the last 10 years governments and LEAs have taken much more 
interest in the Internet management, operation and governance. This 
is not unexpected as the Internet has become so integral in so many 
people's lives. As they have asked questions the RIPE NCC, under the 
guidance of the RIPE Community and RIPE NCC membership, has reached 
out to answer those questions. If any of the groups you mentioned 
also join discussions and ask questions they will also be heard and 
answered.


I'm not saying that RIPE is doing anything bad or with any bad intent, 
also I didn't really mean to start a thread, but even if this precise 
discussion has been going on for a long time at ICANN and elsewhere 
about 15 years ago, and views on it really vary, it looks like RIPE 
still has to deal with it.


The point is that having an open door and saying "if you have anything 
to say, just show up" is not enough, if you really want to make 
balanced policies. Some stakeholders, like governments and business, 
have well funded employees and lobbyists that can afford showing up, 
while other stakeholders don't. In fact, the "public interest" is the 
hardest thing to keep into account, because any narrow group with 
specific interests can show up and scream to push your policies in 
their favour, while the general public has a weak interest that only 
becomes huge if you could aggregate several billion Internet users, 
which you can't practically do. So either you make active efforts to 
include these other points of view, e.g. like ICANN has been doing, or 
you will always risk to produce policies biased in favour of those few 
that actually can afford to show up, and against the general public 
interest.


(Also, we may be going off topic, so apologies in advance - happy to 
continue elsewhere if you like.)




I think this has moved off the original topic and is more about 
diversity. There is now a separate mailing list for diversity issues:

https://www.ripe.net/ripe/mail/archives/diversity/

From what I have seen (and I am sure someone will correct me if I am 
wrong) they seem more focused on 'diversity of peoples'. A current topic 
is the issue of gender at RIPE Meetings. But to me if you work under the 
general heading of 'diversity' that should cover all aspects of 
diversity. Some people may believe the corporate world is much more 
represented than the individual netizen at these meetings and on these 
mailing lists. Then I would say the diversity group should look at how 
to actively improve the diversity of representation at meetings to 
achieve a better balance and ensure the general public interest is 
served, avoiding the possibility of policies being made just for the 
rich and powerful.


I think such a discussion would be better moved to the diversity mailing 
list.


cheers
denis


Regards,

--

Vittorio Bertola | Research & Innovation Engineer
vittorio.bert...@open-xchange.com 
  
Open-Xchange Srl - Office @ Via Treviso 12, 10144 Torino, Italy

Re: [anti-abuse-wg] Bringing Law Enforcement Into the RIPE Community

[Vittorio Bertola]

> Il 2 agosto 2017 alle 12.23 denis  ha scritto:
> 
> It is not a question of 'getting heard', it is knowing you have a voice 
> and where to use it. Literally anyone can join a discussion on a Working 
> Group mailing list, make comments, ask questions, agree or disagree with 
> other comments, propose a policy. The RIPE NCC's Policy Development Officer 
> will help anyone who wants to propose a policy in any area of concern. It 
> would be nice to have a wider participation and hear more voices in some 
> discussions.
> 
> Neither the RIPE NCC nor the RIPE community has a list of 'targets'. Over 
> the last 10 years governments and LEAs have taken much more interest in the 
> Internet management, operation and governance. This is not unexpected as the 
> Internet has become so integral in so many people's lives. As they have asked 
> questions the RIPE NCC, under the guidance of the RIPE Community and RIPE NCC 
> membership, has reached out to answer those questions. If any of the groups 
> you mentioned also join discussions and ask questions they will also be heard 
> and answered.
> 

I'm not saying that RIPE is doing anything bad or with any bad intent, also I 
didn't really mean to start a thread, but even if this precise discussion has 
been going on for a long time at ICANN and elsewhere about 15 years ago, and 
views on it really vary, it looks like RIPE still has to deal with it.

The point is that having an open door and saying "if you have anything to say, 
just show up" is not enough, if you really want to make balanced policies. Some 
stakeholders, like governments and business, have well funded employees and 
lobbyists that can afford showing up, while other stakeholders don't. In fact, 
the "public interest" is the hardest thing to keep into account, because any 
narrow group with specific interests can show up and scream to push your 
policies in their favour, while the general public has a weak interest that 
only becomes huge if you could aggregate several billion Internet users, which 
you can't practically do. So either you make active efforts to include these 
other points of view, e.g. like ICANN has been doing, or you will always risk 
to produce policies biased in favour of those few that actually can afford to 
show up, and against the general public interest.

(Also, we may be going off topic, so apologies in advance - happy to continue 
elsewhere if you like.)

Regards,

--

Vittorio Bertola | Research & Innovation Engineer
vittorio.bert...@open-xchange.com mailto:vittorio.bert...@open-xchange.com 
Open-Xchange Srl - Office @ Via Treviso 12, 10144 Torino, Italy

Re: [anti-abuse-wg] Bringing Law Enforcement Into the RIPE Community

[denis]

Hi Vittorio


On 02/08/2017 12:03, Vittorio Bertola wrote:




Il 1 agosto 2017 alle 23.47 denis  ha scritto:



"Part of my job is to help LEAs understand this process and how 
their suggestions on changing policy would impact the broader RIPE 
community, such as making changes to the RIPE Database, for example, 
that would make it easier for them to find the closest service 
provider to an end user engaged in criminal
activity. This isn't special treatment, though �the RIPE NCC also 
helps governments, network operators, banks, business owners or 
anyone else interested in submitting a policy proposal do these 
things as well. It's part of our job as

the RIPE secretariat."

I was under the impression that this is the function of the NCC
Impact Statement within the PDP. Neither does ripe-642 mention
any discussions with or "help" from the NCC  prior to the working
group process. Perhaps someone can amplify on this?


It has always been part of the RIPE NCC's work to help with 
understanding and following process. That is why they write 
documentation, run training courses and have Customer Support. 
Whether it is written or not, it has been said many times that the 
PDO will assist anyone who wishes to write a policy proposal.


Just as a suggestion, though, I will point out that stating "we don't 
treat governmental LEAs better, because we also help governments, us, 
people with money, people with money or anyone else" is not a great 
way to present this working plan. The list of targets for help should 
also include NGOs, academics, developers, free software projects, 
civil society groups and individual Internet users at large, i.e. 
constituencies that have a much harder time than governments and 
businesses to get heard into any bottom-up Internet policy-making process.




It is not a question of 'getting heard', it is knowing you have a voice 
and where to use it. Literally anyone can join a discussion on a Working 
Group mailing list, make comments, ask questions, agree or disagree with 
other comments, propose a policy. The RIPE NCC's Policy Development 
Officer will help anyone who wants to propose a policy in any area of 
concern. It would be nice to have a wider participation and hear more 
voices in some discussions.


Neither the RIPE NCC nor the RIPE community has a list of 'targets'. 
Over the last 10 years governments and LEAs have taken much more 
interest in the Internet management, operation and governance. This is 
not unexpected as the Internet has become so integral in so many 
people's lives. As they have asked questions the RIPE NCC, under the 
guidance of the RIPE Community and RIPE NCC membership, has reached out 
to answer those questions. If any of the groups you mentioned also join 
discussions and ask questions they will also be heard and answered.


cheers
denis


Regards,

--

Vittorio Bertola | Research & Innovation Engineer
vittorio.bert...@open-xchange.com 
  
Open-Xchange Srl - Office @ Via Treviso 12, 10144 Torino, Italy

Re: [anti-abuse-wg] Bringing Law Enforcement Into the RIPE Community

[Vittorio Bertola]

> Il 1 agosto 2017 alle 23.47 denis  ha scritto:
> 
> 
> > > "Part of my job is to help LEAs understand this process 
> and how their suggestions on changing policy would impact the broader RIPE 
> community, such as making changes to the RIPE Database, for example, that 
> would make it easier for them to find the closest service provider to an end 
> user engaged in criminal
> > activity. This isn't special treatment, though �the RIPE NCC also 
> > helps governments, network operators, banks, business owners or anyone else 
> > interested in submitting a policy proposal do these things as well. It's 
> > part of our job as
> > the RIPE secretariat."
> > 
> > I was under the impression that this is the function of the NCC
> > Impact Statement within the PDP. Neither does ripe-642 mention
> > any discussions with or "help" from the NCC  prior to the working
> > group process. Perhaps someone can amplify on this?
> > 
> > > It has always been part of the RIPE NCC's work to help with 
> > understanding and following process. That is why they write documentation, 
> > run training courses and have Customer Support. Whether it is written or 
> > not, it has been said many times that the PDO will assist anyone who wishes 
> > to write a policy proposal.
> 

Just as a suggestion, though, I will point out that stating "we don't treat 
governmental LEAs better, because we also help governments, us, people with 
money, people with money or anyone else" is not a great way to present this 
working plan. The list of targets for help should also include NGOs, academics, 
developers, free software projects, civil society groups and individual 
Internet users at large, i.e. constituencies that have a much harder time than 
governments and businesses to get heard into any bottom-up Internet 
policy-making process.

Regards,

--

Vittorio Bertola | Research & Innovation Engineer
vittorio.bert...@open-xchange.com mailto:vittorio.bert...@open-xchange.com 
Open-Xchange Srl - Office @ Via Treviso 12, 10144 Torino, Italy

Re: [anti-abuse-wg] Bringing Law Enforcement Into the RIPE Community

[Brian Nisbet]

On 01/08/2017 17:22, Sascha Luck [ml] wrote:
> On Tue, Aug 01, 2017 at 05:19:50PM +0100, Sascha Luck [ml] wrote:
>> This is the first I've even heard of this. Surely the membership
>> should at least be asked whether they want an organisation they
>> are *mandatory* members of to become a close ally of a political
>> LEA like Europol.
> 
> Oh, and can we expect to be made mandatory collaborators with the
> FSB and the KDGM as well, given that they are in our service
> region?

You know what an MOU is, right? I mean, I'm a big fan of hyperbole as a
literary device, but less so on what are meant to be factual mailing lists.

Neither RIPE NCC members nor the RIPE Community are mandatory
collaborators with anyone.

Your views on working with LEAs are well known and you are more than
welcome to continue to share them in an appropriate way, but I don't
believe this kind of thing is helpful to anyone.

Brian
Co-Chair, RIPE AA-WG

Re: [anti-abuse-wg] Bringing Law Enforcement Into the RIPE Community

[Brian Nisbet]

I realise Denis has already answered some of this, but...

On 01/08/2017 20:58, Sascha Luck [ml] wrote:
> On Tue, Aug 01, 2017 at 06:31:07PM +0200, Sander Steffann wrote:
>> If you dislike the engagement that RIPE NCC has with external
>> organisations (see
>> https://www.ripe.net/about-us/what-we-do/engagement-external-organisations)
>> then the RIPE NCC General Meeting and/or exec-bo...@ripe.net seem the
>> appropriate places to provide feedback. I don't think the RIPE
>> anti-abuse working group is the right place for that.
> 
> 
> As far as the actions of the NCC board go ,you're right, that
> should go to members-discuss (Not to the board, I want to see
> some debate on this, not some boilerplate from the board).
> 
> The article originally linked by Brian does mix the RIPE
> community and the RIPE NCC though, even more so as the author
> seems confused about who he speaks for:
> 
> "Nine years later, I'm working for the RIPE NCC's External
> Relations team to bring the RIPE community and the LEA community
> closer together."

Yes, that's part of the role of the RIPE NCC's role, especially for the
External Relations team, community building and expanding. This is
embodied in a number of activities, including RIPE Meetings.

> On the RIPE community side, I find these statements problematic:
> 
> "[LEAs] also have a right to help shape RIPE Policy using the
> Policy Development Process."
> 
> They do? My understanding of the PDP is that *individuals* make
> policy proposals and *individuals* discuss them. Is this no
> longer the case? Is RIPE policy now made by lobby groups and other
> "interested" organisations? And, yes, I am aware that individuals
> may be fronting for an organisation, this does not, in my
> understanding, mean their voice carries any more weight.

They absolutely do. Of course, as you rightly point out, it's all
individuals, but it would be crazy to think that every individual who is
involved in the PDP is doing so as a private citizen. Part of what
influences me in any discussion is what the impact of that proposal
might be on my organisation, as well as the Internet as a whole.

The point here is that LEAs and their staff are members of the RIPE
Community and a number of people have worked hard for quite some time to
persuade them of that and to persuade them to use the PDP. Just like any
other community member. This is progress.

> "Part of my job is to help LEAs understand this process and how their
> suggestions on changing policy would impact the broader RIPE community,
> such as making changes to the RIPE Database, for example, that would
> make it easier for them to find the closest service provider to an end
> user engaged in criminal
> activity. This isn't special treatment, though �the RIPE NCC also helps
> governments, network operators, banks, business owners or anyone else
> interested in submitting a policy proposal do these things as well. It's
> part of our job as
> the RIPE secretariat."
> 
> I was under the impression that this is the function of the NCC
> Impact Statement within the PDP. Neither does ripe-642 mention
> any discussions with or "help" from the NCC  prior to the working
> group process. Perhaps someone can amplify on this?

As Denis points out, the NCC have worked with community for years to
help with proposals in the same way that WG Chairs work with them. The
aim is to bring proposals to a WG in the best initial form they can have.

And this is help, it isn't mandatory, of course. It's there because we
know that not everyone is as familiar with the PDP or how the NCC
worksas everyone else. Equally it can be useful where English is not a
proposer's first language. It isn't a full impact statement and it
doesn't change the PDP.

A proposer can talk to or work with *anyone* before submitting their
proposal, why shouldn't the NCC be included in this?

Brian
Co-Chair, AA-WG

Re: [anti-abuse-wg] Bringing Law Enforcement Into the RIPE Community

[Ronald F. Guilmette]

In message , 
Malte von dem Hagen  wrote:

>We can of course start calling each other's statements idiotic...

I'm sorry.  I confess that I haven't really been paying attention to
to this thread because I've been busy working on other things (e.g.
Telia and its connection to the bogosity that is AS202746).

Was the above comment intended to be the start of a formal RIPE
proposal ratification process?

If so, I would just like to express my sincere support for the proposal,
but with certain limited exemptions.

(I think that it would be best if people from California, original
home of the Arpanet, and subsequently, the Internet, were exempt.
And by that I mean that we should be specially exempt from having
our statements called "idotic", *not* that we should be prevented from
calling the statements of others "idotic", when and if warranted.)


Regards,
rfg

Re: [anti-abuse-wg] Bringing Law Enforcement Into the RIPE Community

[Malte von dem Hagen]

Hi,

Am 01.08.2017 um 18:44 schrieb Sascha Luck [ml] >:
> On Tue, Aug 01, 2017 at 05:29:04PM +0200, Malte von dem Hagen wrote:
>> nobody is a mandatory member of RIPE.
> 
> I did contemplate putting text in my email to forestall this
> idiotic argument because I knew someone would not be above
> bringing it.

We can of course start calling each other’s statements idiotic, if you want. 
Not my preferred way of spending time, though.

> Everyone in the RIPE NCC service region who needs their own IP
> space is, mandatorily, a RIPE NCC member. 

Nobody mandatorily needs IP space. Point is, if you „need“ own IP space, that 
is always out of free will, curiosity, business concept or something similar, 
but never by force. You just weaken yourself by enclosing a generally valid 
statement in questionable context.

However, to get back to the topic, I feel it is by far not enough to just blame 
RIPE NCC for signing a MoU without pointing out what exactly is questionable 
from your POV in terms of cotent. Did you even read it?

To me, the content is far from being an „close ally“, and Europol with its 
mission and entitlements is also far from national intelligence agencies.

Cheers,

Malte
-- 

Malte von dem Hagen | Director Networks

ma...@godaddy.com

 Office: Hansestrasse 79, 51149 Cologne



Host Europe Internet GmbH - http://www.hosteurope.de 

Welserstraße 14 - 51149 Köln - Germany

HRB 78934 Amtsgericht Köln

Geschäftsführer: Patrick Pulvermüller, Tobias Mohr, Dr. Christian Koch

Host Europe Internet GmbH is a company of GoDaddy

Re: [anti-abuse-wg] Bringing Law Enforcement Into the RIPE Community

[Amelia Andersdotter]

On 2017-08-01 18:19, Sascha Luck [ml] wrote:
> On Tue, Aug 01, 2017 at 03:00:28PM +0100, Brian Nisbet wrote:
>> https://labs.ripe.net/Members/richard_leaning/bringing-law-enforcement-into-the-ripe-community
>>
>
> It certainly is "interesting". For instance:
>

The MoU is aspirational. RIPE NCC may, in accordance with its mandates,
work to enhance Europol's participation in the RIPE community etc (Art
3.j of the MoU). It's a non-committal MoU.

Leaning's blogpost could be a complete fulfillment of the MoU's
provisions (if the community so desires).

best regards,

Amelia

> "we recently signed a Memorandum of Understanding with Europol to
> foster even better cooperation."
>
> https://www.ripe.net/publications/news/about-ripe-ncc-and-ripe/europol-mou
>
>
> This is the first I've even heard of this. Surely the membership
> should at least be asked whether they want an organisation they
> are *mandatory* members of to become a close ally of a political
> LEA like Europol.
> rgds,
> Sascha Luck
>

Re: [anti-abuse-wg] Bringing Law Enforcement Into the RIPE Community

[Malte von dem Hagen]

Hi,

> Am 01.08.2017 um 18:19 schrieb Sascha Luck [ml]  >:
> Surely the membership should at least be asked whether they want an 
> organisation they
> are *mandatory* members of

nobody is a mandatory member of RIPE.

Best regards,

Malte
-- 

Malte von dem Hagen | Director Networks

ma...@godaddy.com

 Office: Hansestrasse 79, 51149 Cologne



Host Europe Internet GmbH - http://www.hosteurope.de 

Welserstraße 14 - 51149 Köln - Germany

HRB 78934 Amtsgericht Köln

Geschäftsführer: Patrick Pulvermüller, Tobias Mohr, Dr. Christian Koch

Host Europe Internet GmbH is a company of GoDaddy