well as the misuse of prefixes ?
--
richard Richard Clayton
Those who would give up essential Liberty, to purchase a little temporary
Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755
signature.asc
Description: PGP signature
acked prefixes) is going to become more common.
I can see no reason to separate out this wickedness.
--
richard Richard Clayton
Those who would give up essential Liberty, to purchase a little temporary
Safety, deserve neither Liberty nor Safety.
l be a
trivial process and that is very far from the truth.
--
richard Richard Clayton
Those who would give up essential Liberty, to purchase a little temporary
Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755
signature.asc
Description: PGP signature
osite error tends to create very long (but non-hijacking) AS
paths which occasionally cause operational problems.
--
richard Richard Clayton
Those who would give up essential Liberty, to purchase a little temporary
Safety, deserve neither L
initiative in the IXP space would I think be far more useful; and indeed
we have seen a number of bad actors dealt with by IXPs over the past
years and this has put a significant dent into their operations.
--
richard Richard Clayton
Those who wo
look like a hijack until a lot of
detail has been considered.
--
richard Richard Clayton
Those who would give up essential Liberty, to purchase a little temporary
Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755
signature.asc
Description: PGP signature
cks of blocks of address space) are documented with
route objects
... although perhaps more so in Europe where I believe that some
providers build filtering systems from route objects ?
--
richard Richard Clayton
Those who would give up es
In message <94320.1553230...@segfault.tristatelogic.com>, Ronald F.
Guilmette writes
>
>In message ,
>Richard Clayton wrote:
>
>>Yes hijacks can be simple to understand -- but they can be very complex
>>and perfectly legitimate activity can look like a hijack un
pted by RIPE. I say this as someone with
extensive experience of tracking down and dealing with BGP hijacks by
criminal groups.. my technical points come from experience.
--
richard Richard Clayton
Those who would give up essential Liberty, to purchase a little temporary
Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755
signature.asc
Description: PGP signature
al confidentiality -- you
should elaborate why that shyness would be changed by the proposed
policy (especially given the claims made that hijacking is already easy
to understand with the existing sensor network).
--
richard Richard Clayton
Those who
In message <74227.1553972...@segfault.tristatelogic.com>, Ronald F.
Guilmette writes
>In message ,
>Richard Clayton wrote:
>
>>It is NOT possible (for experts or almost anyone else) to accurately
>>evaluate who is performing BGP hijacks...
>
>I did not intend t
In message <83185.1554061...@segfault.tristatelogic.com>, Ronald F.
Guilmette writes
>
>In message ,
>Richard Clayton wrote:
>
>>However, it is not necessarily clear at all and writing a policy which
>>assumes that it will always be clear is in my view unwise.
&
appointed -- I
hope they chip in after the changes are made and explain in some detail
why they preferred the initial version !
--
richard Richard Clayton
Those who would give up essential Liberty, to purchase a little temporary
Safety, deserve nei
eed to look, but it's a
good start and in this case the number of detectors seeing this origin
and the timeline puts it rather more in perspective)
--
richard Richard Clayton
Those who would give up essential Liberty, to purchase a litt
olerated."
I'm still looking forward to the wording that will deal with the US DoD
--
richard Richard Clayton
Those who would give up essential Liberty, to purchase a little temporary
Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755
signature.asc
Description: PGP signature
In message ,
Carlos Friaças writes
>
>On Thu, 18 Apr 2019, Richard Clayton wrote:
>
>> ... I am aware of peer pressure (literally), action by IXPs, action by
>> organisations providing reputation scores and even action by hosting
>> companies.
>
>Yes, i'm
In message ,
Carlos Friaças writes
>>> On Thu, 18 Apr 2019, Richard Clayton wrote:
>>>> ... I am aware of peer pressure (literally), action by IXPs, action by
>>>> organisations providing reputation scores and even action by hosting
>>>> companies.
enerate it you might as
well update the relevant web pages to add CAPTCHAs, randomise field
names or whatever else you think will prevent automated list bombing.
--
richard Richard Clayton
Those who would give up essential Liberty, to purchase a little temporary
Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755
signature.asc
Description: PGP signature
ly generated lists were used, but seemed
curiously uninterested in anything other than if the answer to that was
yes or no -- a missed opportunity I thought.
--
richard Richard Clayton
Those who would give up essential Liberty, to purchase a little tem
of Network Proxies with Active Geolocation. In Proceedings
of the 2018 ACM Internet Measurement Conference (IMC'18). Boston,
MA. October 2018.
--
richard Richard Clayton
Those who would give up essential Liberty, to purchase a little temporary
Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755
signature.asc
Description: PGP signature
dconion-employees-
hijacked-ip-addresses-for-spamming/
(and there a couple more cases in the pipeline).
--
richard Richard Clayton
Those who would give up essential Liberty, to purchase a little temporary
Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755
signature.asc
Description: PGP signature
>
>This is from ARIN-land.
>Do you see any chance of something similar within the RIPE NCC service
>region reaching a court of law?
yes ... albeit it is likely to involve extradition
--
richard Richard Clayton
Those who would give
on (sometimes very well informed opinion) or on
assertions by the beneficial users of address blocks as to the
announcements that can be considered valid.
--
richard Richard Clayton
Those who would give up essential Liberty, to purchase a litt
owledge"
please note IANAL, but I do follow these issues so the above is mainly
correct :)
--
richard Richard Clayton
Those who would give up essential Liberty, to purchase a little temporary
Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755
signature.asc
Description: PGP signature
erent types of reporter into a
single system.
--
richard Richard Clayton
Those who would give up essential Liberty, to purchase a little temporary
Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755
signature.asc
Description: PGP signature
hey may be making my point after all
bottom line is that if you want to run a reputation site and not be
under an obligation to remove libellous material (not fair comment) you
would be unwise to do it outside the USA
--
richard Richard Clayton
Th
cessarily the
issue when considering spam (which is certainly some of what is being
considered under the generic "abuse" label)
--
richard Richard Clayton
Those who would give up essential Liberty, to purchase a little temporary
Safety,
In message <1609071e-bf44-4e1d-9c81-98616f11b...@consulintel.es>, JORDI
PALET MARTINEZ via anti-abuse-wg writes
>El 16/1/20 21:37, "anti-abuse-wg en nombre de Richard Clayton" boun...@ripe.net en nombre de rich...@highwayman.com> escribió:
>
>In message , JORDI
t
or incomplete information and making forms robust against this issue is
extremely complex.
viz: this type of system really does not work as well as you suggest.
About the only plus to your idea is that it would generate a reliable
source of stats -- otherwise, IMO, it has nothing to recommend it.
-
ast and easy and I'll be very happy
>to manage the implementation in case I will be elected to the Ripe
>Board)
>* Spoofed ip traffic
>* Spoofed amplification ddos attacks
>* BGP&RIR hijacking
>* IoT botnet infections
>
two occasions that
their activity has been the subject of a valid abuse complaint will be
terminated).
I can understand the attractions to you of that business model.
--
richard Richard Clayton
Those who would give up essential Liberty, to pur
>In message <20b290b5003cafb91745b7db6d31c...@fos-vpn.org>, info@fos-
>vpn.org writes
[various message about abuse issues around VPNs without logging]
In message , Richard Clayton
writes
>I can understand the attractions to you of that business model.
List readers may b
indeed to pick any prefixes from that list at all.
--
Dr Richard Clayton
Director, Cambridge Cybercrime Centremobile: +44 (0)7887 794090
Computer Laboratory, University of Cambridge, CB3 0FD tel: +44 (0)1223 763570
signature.asc
Description: PGP signature
--
richard Richard Clayton
Those who would give up essential Liberty, to purchase a little temporary
Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755
signature.asc
Description: PGP signature
In message <8dfb9cd5-8088-02af-2245-0eaf3f96f...@tana.it>, Alessandro
Vesely writes
>However, IP addresses for mail seem to use ARIN networks, such as:
>A-YAHOO-US2 66.163.160.0-66.163.191.255,
>A-YAHOO-US3 209.191.64.0-209.191.127.255,
>...
>A-YAHOO-US8 67.195.0.0-67.195.255.255,
>A-YAHOO-US9 98
ring
this arena without attempting to do your homework is counterproductive.
--
Dr Richard Clayton
Cambridge Cybercrime Centre mobile: +44 (0)7887 794090
Computer Laboratory, University of Cambridge, CB3 0FD tel: +44 (0)1223 763570
signature.asc
Description: PGP signature
ty and stability of the Internet.
--
richard Richard Clayton
Those who would give up essential Liberty, to purchase a little temporary
Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755
signature.asc
Description: PGP s
In message , denis walker writes
>On Mon, 6 Jun 2022 at 16:15, Richard Clayton wrote:
>> You appear to be under the impression that Internet security and safety
>> arises out of the activities of Law Enforcement Agencies whereas in
>> practice private individuals and
es held by exactly the same person/organistion.
--
richard Richard Clayton
Those who would give up essential Liberty, to purchase a little temporary
Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755
signature.asc
Descriptio
matter
for prosecutors to identify suitable caselaw that makes the current case
somewhat more open and shut).
[[ Also, I have been told that some forgeries are laughably inept,
whereas laughably weak passwords are a little harder to spot ]]
--
richard
IPv4 space and
that absent some sort of special circumstances appeal, I think it is
entirely appropriate to treat the published records by the RIRs of the
space that they have delegated as being authoritative.
- --
Dr Richard Clayton
Director, Cambridge Cloud Cy
Given the domain www.example.com, what is the best contact for
sending IT security incident notifications to?
and nothing in the rest of the document tackles the notion of "best"
So I'd commend removing sections 4 and 5 altogether.
- --
Dr Richard Clayton
ry it is assumes
entire blocks are in a single country. For ASs it reports the BGP data
that Team Cymru is aware of.
Quagga -- data can require careful interpretation because of the lack of
security in BGP generally
- --
Dr Richard Clayton
Director, Cambridge C
hoo
I cannot see "failed_precondition" anywhere on that page at all :-(
- --
richard Richard Clayton
Those who would give up essential Liberty, to purchase aBenjamin
little temporary Safety, deserve neither Liberty nor Safety.
about PII/data-protection
because mangling/redacting messages can often cause misdiagnosis
- --
richard Richard Clayton
Those who would give up essential Liberty, to purchase aBenjamin
little temporary Safety, deserve neither Liberty nor Safety.Franklin
-BEGIN PGP SIG
viders). If these customers are keen to receive email sent to them by
their friends at Google then I cannot see that your service is suitable
for their needs.
Do you think this RIPE WG has a role in assisting them in seeking a
refund ? That might be an interesting topic to explore.
- --
richard
a
>RIPE document exists now.
M3AAWG has just what you want
<https://www.m3aawg.org/sites/default/files/document/MAAWG_Abuse_Desk_Co
mmon_Practices.pdf>
- --
richard Richard Clayton
Those who would give up essential Liberty, to purchase
ou actually ask ?
- --
richard Richard Clayton
Those who would give up essential Liberty, to purchase a little temporary
Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755
-BEGIN PGP SIGNATURE-
Version: PGPsdk version 1.7.1
iQA/AwUBV1tsQTu8z1Kouez7EQIOuwCg
ources. The assignor is dead and the argument is made
that there can be no administration of them ...
- --
richard Richard Clayton
Those who would give up essential Liberty, to purchase a little temporary
Safety, deserve neither Liberty nor Safety. Benjamin F
the complexity
of what permission means.
- --
richard Richard Clayton
Those who would give up essential Liberty, to purchase a little temporary
Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755
-BEGI
ion, event or situation originating from the authoritative holder
>of rights to a resource that gives permission, or permission is granted
>by direct implication, which authorises that situation, event or
>action.
excellent, the negation has disappeared
- --
richard
t (admittedly small for some regimes around the world)
roadbump at our peril.
- --
richard Richard Clayton
Those who would give up essential Liberty, to purchase a little temporary
Safety, deserve neither Liberty nor Safety. Benjamin Franklin 1
table hypothesis -- what evidence do you have for it ?
- --
richard Richard Clayton
Those who would give up essential Liberty, to purchase a little temporary
Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755
-BEGIN PGP SIGNAT
an the good guys and so a
system based on proof-of-work could not be effective
some of us explained this at the time ...
http://www.cl.cam.ac.uk/~rnc1/proofwork2.pdf
- --
richard Richard Clayton
They that can give up essential liberty to
the difference)
- --
richard Richard Clayton
Those who would give up essential Liberty, to purchase a little temporary
Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755
-BEGIN PGP SIGNATURE-
Version: PGPsdk version 1.7.1
iQA/AwUBWKHoZDu8z1Kouez7EQKegACg5d
range of IPv6 addresses makes complete sense). For that
you need to know the "cut point" ... what allocation unit is being used
by the entity that handed out the IPv6 addresses.
constructing a free/open directory of that information would be useful
(before we all have to buy it from a commerci
e confusion.
So linking advice about email or web browsers to Wannacry just invites
laughing and pointing :(
- --
richard Richard Clayton
Those who would give up essential Liberty, to purchase a little temporary
Safety, deserve neither Liberty n
27;t seem to be
sufficiently often to me.
- --
richard Richard Clayton
Those who would give up essential Liberty, to purchase a little temporary
Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755
-BEG
so I'd have thought that you would
understand how useful they can be in a related context at RIPE.
--
richard Richard Clayton
Those who would give up essential Liberty, to purchase a little temporary
Safety, deserve neither Liberty nor Safety
r more practical
than trying to set some arbitrary number on emails sent)
there is a proposal for assisting with automated filtering
https://tools.ietf.org/html/draft-levine-mailbomb-header-01
but it's not currently getting all that much traction.
--
richard
ng
is broken at Google -- making a fault report is far more useful than
deeming Google to be abusive (which will not make anything change)
--
Dr Richard Clayton
Director, Cambridge Cybercrime Centremobile: +44 (0)7887 794090
Computer Labo
ch a document (or whether there is somewhere which is far
more focused on hosting providers) I could not say.
--
richard Richard Clayton
Those who would give up essential Liberty, to purchase a little temporary
Safety, deserve neither Liberty nor
In message , ac writes
>On Wed, 18 Jul 2018 12:45:35 +0100
>Richard Clayton wrote:
>> In message <3c775da1-20ae-441e-b30e-38243f420...@blacknight.com>,
>> Michele Neylon - Blacknight writes
>>
>> >What's any of this got to do with RIPE and this WG?
s://www.lightbluetouchpaper.org/2015/10/02/badness-in-the-ripe-
database/
https://www.lightbluetouchpaper.org/2015/11/02/ongoing-badness-in-the-
ripe-database/
--
richard Richard Clayton
Those who would give up essential Liberty, to purchase
64 matches
Mail list logo