Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)

well as the misuse of prefixes ? -- richard Richard Clayton Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755 signature.asc Description: PGP signature

Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)

acked prefixes) is going to become more common. I can see no reason to separate out this wickedness. -- richard Richard Clayton Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety.

Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)

l be a trivial process and that is very far from the truth. -- richard Richard Clayton Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755 signature.asc Description: PGP signature

Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)

osite error tends to create very long (but non-hijacking) AS paths which occasionally cause operational problems. -- richard Richard Clayton Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither L

Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)

initiative in the IXP space would I think be far more useful; and indeed we have seen a number of bad actors dealt with by IXPs over the past years and this has put a significant dent into their operations. -- richard Richard Clayton Those who wo

Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)

look like a hijack until a lot of detail has been considered. -- richard Richard Clayton Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755 signature.asc Description: PGP signature

Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)

cks of blocks of address space) are documented with route objects ... although perhaps more so in Europe where I believe that some providers build filtering systems from route objects ? -- richard Richard Clayton Those who would give up es

Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)

In message <94320.1553230...@segfault.tristatelogic.com>, Ronald F. Guilmette writes > >In message , >Richard Clayton wrote: > >>Yes hijacks can be simple to understand -- but they can be very complex >>and perfectly legitimate activity can look like a hijack un

Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)

pted by RIPE. I say this as someone with extensive experience of tracking down and dealing with BGP hijacks by criminal groups.. my technical points come from experience. -- richard Richard Clayton Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755 signature.asc Description: PGP signature

Re: [anti-abuse-wg] 2019-03 and over-reach

al confidentiality -- you should elaborate why that shyness would be changed by the proposed policy (especially given the claims made that hijacking is already easy to understand with the existing sensor network). -- richard Richard Clayton Those who

Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)

In message <74227.1553972...@segfault.tristatelogic.com>, Ronald F. Guilmette writes >In message , >Richard Clayton wrote: > >>It is NOT possible (for experts or almost anyone else) to accurately >>evaluate who is performing BGP hijacks... > >I did not intend t

Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)

In message <83185.1554061...@segfault.tristatelogic.com>, Ronald F. Guilmette writes > >In message , >Richard Clayton wrote: > >>However, it is not necessarily clear at all and writing a policy which >>assumes that it will always be clear is in my view unwise. &

Re: [anti-abuse-wg] Astroturfing?

appointed -- I hope they chip in after the changes are made and explain in some detail why they preferred the initial version ! -- richard Richard Clayton Those who would give up essential Liberty, to purchase a little temporary Safety, deserve nei

Re: [anti-abuse-wg] Mysteries of the Internet: AS65000

eed to look, but it's a good start and in this case the number of detectors seeing this origin and the timeline puts it rather more in perspective) -- richard Richard Clayton Those who would give up essential Liberty, to purchase a litt

Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)

olerated." I'm still looking forward to the wording that will deal with the US DoD -- richard Richard Clayton Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755 signature.asc Description: PGP signature

Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)

In message , Carlos Friaças writes > >On Thu, 18 Apr 2019, Richard Clayton wrote: > >> ... I am aware of peer pressure (literally), action by IXPs, action by >> organisations providing reputation scores and even action by hosting >> companies. > >Yes, i'm

Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)

In message , Carlos Friaças writes >>> On Thu, 18 Apr 2019, Richard Clayton wrote: >>>> ... I am aware of peer pressure (literally), action by IXPs, action by >>>> organisations providing reputation scores and even action by hosting >>>> companies.

Re: [anti-abuse-wg] Email Spam & Spam Abuse Definitions

enerate it you might as well update the relevant web pages to add CAPTCHAs, randomise field names or whatever else you think will prevent automated list bombing. -- richard Richard Clayton Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755 signature.asc Description: PGP signature

Re: [anti-abuse-wg] [Misc] Research project on blacklists

ly generated lists were used, but seemed curiously uninterested in anything other than if the answer to that was yes or no -- a missed opportunity I thought. -- richard Richard Clayton Those who would give up essential Liberty, to purchase a little tem

Re: [anti-abuse-wg] [Misc] Research project on blacklists

of Network Proxies with Active Geolocation. In Proceedings of the 2018 ACM Internet Measurement Conference (IMC'18). Boston, MA. October 2018. -- richard Richard Clayton Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755 signature.asc Description: PGP signature

Re: [anti-abuse-wg] 2019-03 Review Phase (Resource Hijacking is a RIPE Policy Violation)

dconion-employees- hijacked-ip-addresses-for-spamming/ (and there a couple more cases in the pipeline). -- richard Richard Clayton Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755 signature.asc Description: PGP signature

Re: [anti-abuse-wg] 2019-03 Review Phase (Resource Hijacking is a RIPE Policy Violation)

> >This is from ARIN-land. >Do you see any chance of something similar within the RIPE NCC service >region reaching a court of law? yes ... albeit it is likely to involve extradition -- richard Richard Clayton Those who would give

Re: [anti-abuse-wg] FW: [aa-wg-chair] Draft Anti-Abuse WG Minutes from RIPE 79

on (sometimes very well informed opinion) or on assertions by the beneficial users of address blocks as to the announcements that can be considered valid. -- richard Richard Clayton Those who would give up essential Liberty, to purchase a litt

Re: [anti-abuse-wg] working in new version of 2019-04 (Validation of "abuse-mailbox")

owledge" please note IANAL, but I do follow these issues so the above is mainly correct :) -- richard Richard Clayton Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755 signature.asc Description: PGP signature

Re: [anti-abuse-wg] working in new version of 2019-04 (Validation of "abuse-mailbox")

erent types of reporter into a single system. -- richard Richard Clayton Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755 signature.asc Description: PGP signature

Re: [anti-abuse-wg] working in new version of 2019-04 (Validation of "abuse-mailbox")

hey may be making my point after all bottom line is that if you want to run a reputation site and not be under an obligation to remove libellous material (not fair comment) you would be unwise to do it outside the USA -- richard Richard Clayton Th

Re: [anti-abuse-wg] @EXT: RE: working in new version of 2019-04 (Validation of "abuse-mailbox")

cessarily the issue when considering spam (which is certainly some of what is being considered under the generic "abuse" label) -- richard Richard Clayton Those who would give up essential Liberty, to purchase a little temporary Safety,

Re: [anti-abuse-wg] @EXT: RE: working in new version of 2019-04 (Validation of "abuse-mailbox")

In message <1609071e-bf44-4e1d-9c81-98616f11b...@consulintel.es>, JORDI PALET MARTINEZ via anti-abuse-wg writes >
El 16/1/20 21:37, "anti-abuse-wg en nombre de Richard Clayton" boun...@ripe.net en nombre de rich...@highwayman.com> escribió: > >In message , JORDI

Re: [anti-abuse-wg] 2019-04 Discussion Phase (Validation of "abuse-mailbox")

t or incomplete information and making forms robust against this issue is extremely complex. viz: this type of system really does not work as well as you suggest. About the only plus to your idea is that it would generate a reliable source of stats -- otherwise, IMO, it has nothing to recommend it. -

Re: [anti-abuse-wg] 2019-04 Discussion Phase (Validation of "abuse-mailbox")

ast and easy and I'll be very happy >to manage the implementation in case I will be elected to the Ripe >Board) >* Spoofed ip traffic >* Spoofed amplification ddos attacks >* BGP&RIR hijacking >* IoT botnet infections >

Re: [anti-abuse-wg] Fwd: Re: botnet controllers

two occasions that their activity has been the subject of a valid abuse complaint will be terminated). I can understand the attractions to you of that business model. -- richard Richard Clayton Those who would give up essential Liberty, to pur

Re: [anti-abuse-wg] Fwd: Re: botnet controllers

>In message <20b290b5003cafb91745b7db6d31c...@fos-vpn.org>, info@fos- >vpn.org writes [various message about abuse issues around VPNs without logging] In message , Richard Clayton writes >I can understand the attractions to you of that business model. List readers may b

Re: [anti-abuse-wg] IPv4 squatting -- Courtesy of AS44050, AS58552

indeed to pick any prefixes from that list at all. -- Dr Richard Clayton Director, Cambridge Cybercrime Centremobile: +44 (0)7887 794090 Computer Laboratory, University of Cambridge, CB3 0FD tel: +44 (0)1223 763570 signature.asc Description: PGP signature

Re: [anti-abuse-wg] BREAKING: AFRINIC IPv4 address skulduggery FINAL REPORT - Just released

-- richard Richard Clayton Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755 signature.asc Description: PGP signature

Re: [anti-abuse-wg] What is YAHOONET?

In message <8dfb9cd5-8088-02af-2245-0eaf3f96f...@tana.it>, Alessandro Vesely writes >However, IP addresses for mail seem to use ARIN networks, such as: >A-YAHOO-US2 66.163.160.0-66.163.191.255, >A-YAHOO-US3 209.191.64.0-209.191.127.255, >... >A-YAHOO-US8 67.195.0.0-67.195.255.255, >A-YAHOO-US9 98

Re: [anti-abuse-wg] False positive CSAM blocking attributed to RIPE

ring this arena without attempting to do your homework is counterproductive. -- Dr Richard Clayton Cambridge Cybercrime Centre mobile: +44 (0)7887 794090 Computer Laboratory, University of Cambridge, CB3 0FD tel: +44 (0)1223 763570 signature.asc Description: PGP signature

Re: [anti-abuse-wg] personal data in the RIPE Database

ty and stability of the Internet. -- richard Richard Clayton Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755 signature.asc Description: PGP s

Re: [anti-abuse-wg] personal data in the RIPE Database

In message , denis walker writes >On Mon, 6 Jun 2022 at 16:15, Richard Clayton wrote: >> You appear to be under the impression that Internet security and safety >> arises out of the activities of Law Enforcement Agencies whereas in >> practice private individuals and

Re: [anti-abuse-wg] personal data in the RIPE Database

es held by exactly the same person/organistion. -- richard Richard Clayton Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755 signature.asc Descriptio

Re: [anti-abuse-wg] Is the LoA DoA for Routing? - article at FIRST blog

matter for prosecutors to identify suitable caselaw that makes the current case somewhat more open and shut). [[ Also, I have been told that some forgeries are laughably inept, whereas laughably weak passwords are a little harder to spot ]] -- richard

[anti-abuse-wg] AS's with route objects for undelegated space

IPv4 space and that absent some sort of special circumstances appeal, I think it is entirely appropriate to treat the published records by the RIRs of the space that they have delegated as being authoritative. - -- Dr Richard Clayton Director, Cambridge Cloud Cy

Re: [anti-abuse-wg] Sources of Abuse Contact Info For Abuse Handlers

Given the domain www.example.com, what is the best contact for sending IT security incident notifications to? and nothing in the rest of the document tackles the notion of "best" So I'd commend removing sections 4 and 5 altogether. - -- Dr Richard Clayton

Re: [anti-abuse-wg] Sources of Abuse Contact Info For Abuse Handlers

ry it is assumes entire blocks are in a single country. For ASs it reports the BGP data that Team Cymru is aware of. Quagga -- data can require careful interpretation because of the lack of security in BGP generally - -- Dr Richard Clayton Director, Cambridge C

Re: [anti-abuse-wg] Abusive behavior by Google Inc

hoo I cannot see "failed_precondition" anywhere on that page at all :-( - -- richard Richard Clayton Those who would give up essential Liberty, to purchase aBenjamin little temporary Safety, deserve neither Liberty nor Safety.

Re: [anti-abuse-wg] Abusive behavior by Google Inc

about PII/data-protection because mangling/redacting messages can often cause misdiagnosis - -- richard Richard Clayton Those who would give up essential Liberty, to purchase aBenjamin little temporary Safety, deserve neither Liberty nor Safety.Franklin -BEGIN PGP SIG

Re: [anti-abuse-wg] Abusive behavior by Google Inc

viders). If these customers are keen to receive email sent to them by their friends at Google then I cannot see that your service is suitable for their needs. Do you think this RIPE WG has a role in assisting them in seeking a refund ? That might be an interesting topic to explore. - -- richard

Re: [anti-abuse-wg] What if provider not answering abuse reports?

a >RIPE document exists now. M3AAWG has just what you want <https://www.m3aawg.org/sites/default/files/document/MAAWG_Abuse_Desk_Co mmon_Practices.pdf> - -- richard Richard Clayton Those who would give up essential Liberty, to purchase

Re: [anti-abuse-wg] simple routing question

ou actually ask ? - -- richard Richard Clayton Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755 -BEGIN PGP SIGNATURE- Version: PGPsdk version 1.7.1 iQA/AwUBV1tsQTu8z1Kouez7EQIOuwCg

Re: [anti-abuse-wg] anti-abuse-wg Digest, Vol 59, Issue 7

ources. The assignor is dead and the argument is made that there can be no administration of them ... - -- richard Richard Clayton Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. Benjamin F

Re: [anti-abuse-wg] anti-abuse-wg Digest, Vol 59, Issue 7

the complexity of what permission means. - -- richard Richard Clayton Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755 -BEGI

Re: [anti-abuse-wg] anti-abuse-wg Digest, Vol 59, Issue 7

ion, event or situation originating from the authoritative holder >of rights to a resource that gives permission, or permission is granted >by direct implication, which authorises that situation, event or >action. excellent, the negation has disappeared - -- richard

Re: [anti-abuse-wg] DNS Abuse, Abuse of Privacy & Legitimizing Criminal Activity

t (admittedly small for some regimes around the world) roadbump at our peril. - -- richard Richard Clayton Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. Benjamin Franklin 1

Re: [anti-abuse-wg] DNS Abuse, Abuse of Privacy & Legitimizing Criminal Activity

table hypothesis -- what evidence do you have for it ? - -- richard Richard Clayton Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755 -BEGIN PGP SIGNAT

Re: [anti-abuse-wg] Why SPAM exists in 2017

an the good guys and so a system based on proof-of-work could not be effective some of us explained this at the time ... http://www.cl.cam.ac.uk/~rnc1/proofwork2.pdf - -- richard Richard Clayton They that can give up essential liberty to

Re: [anti-abuse-wg] The well-behaved ISP's role in spamfight

the difference) - -- richard Richard Clayton Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755 -BEGIN PGP SIGNATURE- Version: PGPsdk version 1.7.1 iQA/AwUBWKHoZDu8z1Kouez7EQKegACg5d

Re: [anti-abuse-wg] Abuse: ipv6 and spam

range of IPv6 addresses makes complete sense). For that you need to know the "cut point" ... what allocation unit is being used by the entity that handed out the IPv6 addresses. constructing a free/open directory of that information would be useful (before we all have to buy it from a commerci

Re: [anti-abuse-wg] [cooperation-wg] WannaCry Ransomware

e confusion. So linking advice about email or web browsers to Wannacry just invites laughing and pointing :( - -- richard Richard Clayton Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty n

Re: [anti-abuse-wg] 2017-02: what does it achieve?

27;t seem to be sufficiently often to me. - -- richard Richard Clayton Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755 -BEG

Re: [anti-abuse-wg] 2017-02 Review Phase Reminder

so I'd have thought that you would understand how useful they can be in a related context at RIPE. -- richard Richard Clayton Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety

Re: [anti-abuse-wg] When email verification behavior is abusive

r more practical than trying to set some arbitrary number on emails sent) there is a proposal for assisting with automated filtering https://tools.ietf.org/html/draft-levine-mailbomb-header-01 but it's not currently getting all that much traction. -- richard

Re: [anti-abuse-wg] When email verification behavior is abusive

ng is broken at Google -- making a fault report is far more useful than deeming Google to be abusive (which will not make anything change) -- Dr Richard Clayton Director, Cambridge Cybercrime Centremobile: +44 (0)7887 794090 Computer Labo

Re: [anti-abuse-wg] When email verification behavior is abusive

ch a document (or whether there is somewhere which is far more focused on hosting providers) I could not say. -- richard Richard Clayton Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor

Re: [anti-abuse-wg] When email verification behavior is abusive

In message , ac writes >On Wed, 18 Jul 2018 12:45:35 +0100 >Richard Clayton wrote: >> In message <3c775da1-20ae-441e-b30e-38243f420...@blacknight.com>, >> Michele Neylon - Blacknight writes >> >> >What's any of this got to do with RIPE and this WG?

Re: [anti-abuse-wg] [db-wg] [exec-board] The Ongoing Summer of Hijacks: MNT-SERVERSGET / dnsget.top

s://www.lightbluetouchpaper.org/2015/10/02/badness-in-the-ripe- database/ https://www.lightbluetouchpaper.org/2015/11/02/ongoing-badness-in-the- ripe-database/ -- richard Richard Clayton Those who would give up essential Liberty, to purchase