Re: [anti-abuse-wg] Is the LoA DoA for Routing? - article at FIRST blog

r prosecutors to identify suitable caselaw that makes the current case somewhat more open and shut). [[ Also, I have been told that some forgeries are laughably inept, whereas laughably weak passwords are a little harder to spot ]] -- richard Richard

Re: [anti-abuse-wg] personal data in the RIPE Database

exactly the same person/organistion. -- richard Richard Clayton Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755 signature.asc Description: PG

Re: [anti-abuse-wg] personal data in the RIPE Database

In message , denis walker writes >On Mon, 6 Jun 2022 at 16:15, Richard Clayton wrote: >> You appear to be under the impression that Internet security and safety >> arises out of the activities of Law Enforcement Agencies whereas in >> practice private individuals and

Re: [anti-abuse-wg] personal data in the RIPE Database

o the vast majority of this work -- generating referrals to LEAs when it is appropriate for action to be taken that only they can perform Moving to a situation where only LEAs can see what is currently available in RIPE whois data would be a very retrograde step and would seriously impact the securi

Re: [anti-abuse-wg] False positive CSAM blocking attributed to RIPE

out attempting to do your homework is counterproductive. -- Dr Richard Clayton Cambridge Cybercrime Centre mobile: +44 (0)7887 794090 Computer Laboratory, University of Cambridge, CB3 0FD tel: +44 (0)1223 763570 signature.asc Description: PGP signature

Re: [anti-abuse-wg] What is YAHOONET?

38.177.0-77.238.177.255, seems to be an abandoned object. it's maintained by YAHOO-MNT so hardly "abandoned" Also you will note that the email address in NA4112-RIPE is now updated -- richard writing to inform and not as company policy "Assembly of Japanes

Re: [anti-abuse-wg] BREAKING: AFRINIC IPv4 address skulduggery FINAL REPORT - Just released

In message , Ostap Efremov writes >However, in the report and it's PDF, it does not say that it was >revoked, which happened 4 days ago. the report text was finalised just before Christmas (see the Disclaimer in Section 2) so events from 2021 are not discussed -- r

Re: [anti-abuse-wg] IPv4 squatting -- Courtesy of AS44050, AS58552

ndeed to pick any prefixes from that list at all. -- Dr Richard Clayton Director, Cambridge Cybercrime Centremobile: +44 (0)7887 794090 Computer Laboratory, University of Cambridge, CB3 0FD tel: +44 (0)1223 763570 signature.asc Description: PGP signature

Re: [anti-abuse-wg] Fwd: Re: botnet controllers

>In message <20b290b5003cafb91745b7db6d31c...@fos-vpn.org>, info@fos- >vpn.org writes [various message about abuse issues around VPNs without logging] In message , Richard Clayton writes >I can understand the attractions to you of that business model. List readers ma

Re: [anti-abuse-wg] Fwd: Re: botnet controllers

on two occasions that their activity has been the subject of a valid abuse complaint will be terminated). I can understand the attractions to you of that business model. -- richard Richard Clayton Those who would give up essential Liberty, to pur

Re: [anti-abuse-wg] 2019-04 Discussion Phase (Validation of "abuse-mailbox")

l be very happy >to manage the implementation in case I will be elected to the Ripe >Board) >* Spoofed ip traffic >* Spoofed amplification ddos attacks >* BGP hijacking >* IoT botnet infections >* Botnet C I'm disa

Re: [anti-abuse-wg] 2019-04 Discussion Phase (Validation of "abuse-mailbox")

rmation and making forms robust against this issue is extremely complex. viz: this type of system really does not work as well as you suggest. About the only plus to your idea is that it would generate a reliable source of stats -- otherwise, IMO, it has nothing to recommend it. -- richard

Re: [anti-abuse-wg] @EXT: RE: working in new version of 2019-04 (Validation of "abuse-mailbox")

In message <1609071e-bf44-4e1d-9c81-98616f11b...@consulintel.es>, JORDI PALET MARTINEZ via anti-abuse-wg writes >
El 16/1/20 21:37, "anti-abuse-wg en nombre de Richard Clayton" boun...@ripe.net en nombre de rich...@highwayman.com> escribió: > >In message , JORDI

Re: [anti-abuse-wg] @EXT: RE: working in new version of 2019-04 (Validation of "abuse-mailbox")

considering spam (which is certainly some of what is being considered under the generic "abuse" label) -- richard Richard Clayton Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty n

Re: [anti-abuse-wg] working in new version of 2019-04 (Validation of "abuse-mailbox")

o they may be making my point after all bottom line is that if you want to run a reputation site and not be under an obligation to remove libellous material (not fair comment) you would be unwise to do it outside the USA -- richard Richard Clayton Th

Re: [anti-abuse-wg] working in new version of 2019-04 (Validation of "abuse-mailbox")

ny different types of reporter into a single system. -- richard Richard Clayton Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755 signature.asc Description: PGP signature

Re: [anti-abuse-wg] working in new version of 2019-04 (Validation of "abuse-mailbox")

you to be in the USA, you're correct >One would hope that european law might have some counterpart for that, >but I confess that I really have no idea about that, one way or the other. basically not -- at least once there is "actual knowledge&qu

Re: [anti-abuse-wg] FW: [aa-wg-chair] Draft Anti-Abuse WG Minutes from RIPE 79

mes very well informed opinion) or on assertions by the beneficial users of address blocks as to the announcements that can be considered valid. -- richard Richard Clayton Those who would give up essential Liberty, to purchase a little tempora

Re: [anti-abuse-wg] 2019-03 Review Phase (Resource Hijacking is a RIPE Policy Violation)

> >This is from ARIN-land. >Do you see any chance of something similar within the RIPE NCC service >region reaching a court of law? yes ... albeit it is likely to involve extradition -- richard Richard Clayton Those who would give

Re: [anti-abuse-wg] 2019-03 Review Phase (Resource Hijacking is a RIPE Policy Violation)

es- hijacked-ip-addresses-for-spamming/ (and there a couple more cases in the pipeline). -- richard Richard Clayton Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755 signature.asc Description: PGP signature

Re: [anti-abuse-wg] [Misc] Research project on blacklists

with Active Geolocation. In Proceedings of the 2018 ACM Internet Measurement Conference (IMC'18). Boston, MA. October 2018. -- richard Richard Clayton Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755 signature.asc Description: PGP signature

Re: [anti-abuse-wg] [Misc] Research project on blacklists

nerated lists were used, but seemed curiously uninterested in anything other than if the answer to that was yes or no -- a missed opportunity I thought. -- richard Richard Clayton Those who would give up essential Liberty, to purchase a little temporar

Re: [anti-abuse-wg] Email Spam & Spam Abuse Definitions

might as well update the relevant web pages to add CAPTCHAs, randomise field names or whatever else you think will prevent automated list bombing. -- richard Richard Clayton Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755 signature.asc Description: PGP signature

Re: [anti-abuse-wg] AS24940 Hetzner -- non-role contact wanted

e on what Hetzner actually > does? > Gert Doering-- NetMaster -- Richard Benfatto 0434 747 908

Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)

In message , Carlos Friaças writes > >On Thu, 18 Apr 2019, Richard Clayton wrote: > >> ... I am aware of peer pressure (literally), action by IXPs, action by >> organisations providing reputation scores and even action by hosting >> companies. > >Yes, i'm awar

Re: [anti-abuse-wg] Mysteries of the Internet: AS65000

ood start and in this case the number of detectors seeing this origin and the timeline puts it rather more in perspective) -- richard Richard Clayton Those who would give up essential Liberty, to purchase a little temporary Safety, deserve

Re: [anti-abuse-wg] Astroturfing?

ope they chip in after the changes are made and explain in some detail why they preferred the initial version ! -- richard Richard Clayton Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Saf

Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)

In message <83185.1554061...@segfault.tristatelogic.com>, Ronald F. Guilmette writes > >In message , >Richard Clayton wrote: > >>However, it is not necessarily clear at all and writing a policy which >>assumes that it will always be clear is in my view unwi

Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)

In message <74227.1553972...@segfault.tristatelogic.com>, Ronald F. Guilmette writes >In message , >Richard Clayton wrote: > >>It is NOT possible (for experts or almost anyone else) to accurately >>evaluate who is performing BGP hijacks... > >I did not

Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)

In message <94320.1553230...@segfault.tristatelogic.com>, Ronald F. Guilmette writes > >In message , >Richard Clayton wrote: > >>Yes hijacks can be simple to understand -- but they can be very complex >>and perfectly legitimate activity can look like a hijack un

Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)

f address space) are documented with route objects ... although perhaps more so in Europe where I believe that some providers build filtering systems from route objects ? -- richard Richard Clayton Those who would give up essential Liberty

Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)

a hijack until a lot of detail has been considered. -- richard Richard Clayton Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755 signature.asc Description: PGP signature

Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)

space would I think be far more useful; and indeed we have seen a number of bad actors dealt with by IXPs over the past years and this has put a significant dent into their operations. -- richard Richard Clayton Those who would give up essential Lib

Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)

osite error tends to create very long (but non-hijacking) AS paths which occasionally cause operational problems. -- richard Richard Clayton Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither L

Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)

t is very far from the truth. -- richard Richard Clayton Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755 signature.asc Description: PGP signature

Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)

hijacked prefixes) is going to become more common. I can see no reason to separate out this wickedness. -- richard Richard Clayton Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety.

Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)

as the misuse of prefixes ? -- richard Richard Clayton Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755 signature.asc Description: PGP signature

Re: [anti-abuse-wg] [db-wg] [exec-board] The Ongoing Summer of Hijacks: MNT-SERVERSGET / dnsget.top

chpaper.org/2015/10/02/badness-in-the-ripe- database/ https://www.lightbluetouchpaper.org/2015/11/02/ongoing-badness-in-the- ripe-database/ -- richard Richard Clayton Those who would give up essential Liberty, to purchase aBenjamin l

Re: [anti-abuse-wg] When email verification behavior is abusive

In message , ac writes >On Wed, 18 Jul 2018 12:45:35 +0100 >Richard Clayton wrote: >> In message <3c775da1-20ae-441e-b30e-38243f420...@blacknight.com>, >> Michele Neylon - Blacknight writes >> >> >What's any of this got to do with RIPE and this WG? >

Re: [anti-abuse-wg] When email verification behavior is abusive

h a document (or whether there is somewhere which is far more focused on hosting providers) I could not say. -- richard Richard Clayton Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safe

Re: [anti-abuse-wg] When email verification behavior is abusive

ctical than trying to set some arbitrary number on emails sent) there is a proposal for assisting with automated filtering https://tools.ietf.org/html/draft-levine-mailbomb-header-01 but it's not currently getting all that much traction. -- richard

[anti-abuse-wg] Europol report on Cyber Crime threats IOCTA

-iocta-2017 <https://www.europol.europa.eu/activities-services/main-reports/internet-organised-crime-threat-assessment-iocta-2017> Please feel free to pass this on to anyone who you think will benefit from it, Cheers Dick Richard Leaning External Relations RIPE NCC smime.p7s Descript

Re: [anti-abuse-wg] 2017-02: what does it achieve?

oesn't seem to be sufficiently often to me. - -- richard Richard Clayton Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755 -BEGIN PGP SIGNATU

[anti-abuse-wg] First RIPE NCC webinar for law enforcement

/ripe-ncc-webinars-for-law-enforcement We’ll also publish a more detailed article on RIPE Labs when the webinar series concludes next month. Kind regards, Richard Leaning External Relations RIPE NCC smime.p7s Description: S/MIME cryptographic signature

Re: [anti-abuse-wg] The well-behaved ISP's role in spamfight

s a M3AAWG Best Practice it has not been widely adopted with the main (but not only) exception being the large consumer ISPs in the US (ISPs in Europe have, for historical reasons, had a significant number of business customers mixed in with pure consumers and that has made

Re: [anti-abuse-wg] Why SPAM exists in 2017

more resources to hand than the good guys and so a system based on proof-of-work could not be effective some of us explained this at the time ... http://www.cl.cam.ac.uk/~rnc1/proofwork2.pdf - -- richard Richard Clayton They that can giv

Re: [anti-abuse-wg] DNS Abuse, Abuse of Privacy & Legitimizing Criminal Activity

move that (admittedly small for some regimes around the world) roadbump at our peril. - -- richard Richard Clayton Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. Benjamin Frank

Re: [anti-abuse-wg] anti-abuse-wg Digest, Vol 59, Issue 7

Sanctioned >An action, event or situation originating from the authoritative holder >of rights to a resource that gives permission, or permission is granted >by direct implication, which authorises that situation, event or >action. excellent, the negation has disappeared - -- richard

Re: [anti-abuse-wg] anti-abuse-wg Digest, Vol 59, Issue 7

thing to do with the complexity of what permission means. - -- richard Richard Clayton Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755 -BEG

Re: [anti-abuse-wg] anti-abuse-wg Digest, Vol 59, Issue 7

ot; resources. The assignor is dead and the argument is made that there can be no administration of them ... - -- richard Richard Clayton Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor S

Re: [anti-abuse-wg] Abusive behavior by Google Inc

hoo I cannot see "failed_precondition" anywhere on that page at all :-( - -- richard Richard Clayton Those who would give up essential Liberty, to purchase aBenjamin little temporary Safety, deserve neither Liberty nor Safety.

Re: [anti-abuse-wg] Sources of Abuse Contact Info For Abuse Handlers

oblem statement says Given the domain www.example.com, what is the best contact for sending IT security incident notifications to? and nothing in the rest of the document tackles the notion of "best" So I'd commend removing sections 4 and 5 altogether. - -- Dr Richard Cla

Re: [anti-abuse-wg] Sources of Abuse Contact Info For Abuse Handlers

For country it is assumes entire blocks are in a single country. For ASs it reports the BGP data that Team Cymru is aware of. Quagga -- data can require careful interpretation because of the lack of security in BGP generally - -- Dr Richard Clayton <richar