"Dirty" recycled network assigned
Hello All, I just got an assignment for my client (large PI block). But this block is listed in all DNS RBLs and DUN lists, as it was in use till Oct'07 as dynamic DHCP pool of other big ISP. So my client says they can't use this network, because mail service is blocked. RIPE rejected my request to change this network to another one: "As we do understand how unfortunate this is for **********, there is nothing we can do about prefixes that appear on so called black lists." How can I solve this? -- WBR, Max Tulyev (MT6561-RIPE, 2:463/253@FIDO)
An "interesting" (in sort of the way the Ebola virus is "interesting") problem that is going to become much more common as we start reallocating previously allocated or otherwise flagged blocks. Leo Vegoda has done a couple of presentations on this. Just imagine the fun folks who are going to get prefixes out of 1.0.0.0/8 are going to have. Options I can think of: 1) Get everybody to transition to IPv6 (um, yeah). 2) Get all the folks who are running RBLs/DUNs to update their lists when address status changes (slightly more realistic than (1)). 3) Get everybody to use reputation services like http://www.karmasphere.com/, et al. (no, I'm not affiliated with them) 4) Get RPKI deployed to reduce the need for black list services (um, yeah.) 5) Get the folks who win the draw on prefixes to go around to every black list service themselves (as they discover them) and convince the operator of that list (somehow) to remove them (the default). No good answers I'm aware of... Regards, -drc On 1/16/08 9:28 AM, "Max Tulyev" <president@ukraine.su> wrote:
Hello All,
I just got an assignment for my client (large PI block). But this block is listed in all DNS RBLs and DUN lists, as it was in use till Oct'07 as dynamic DHCP pool of other big ISP.
So my client says they can't use this network, because mail service is blocked.
RIPE rejected my request to change this network to another one: "As we do understand how unfortunate this is for **********, there is nothing we can do about prefixes that appear on so called black lists."
How can I solve this?
From the POV of providers, it is our job to deliver the packets from point a to point b. When we give you IP space (or you provide your own) we allow you to source traffic from those IP's, and we deliver packets back to you destined for those IP's. If the folks you want to reach, have decided to implement a 3rd parties blacklist (or even make their own) and deny traffic,
In most cases, a note from the new holder of the address space, to the Blacklist - pointing out that the SWIP record has been updated and requesting the entry to be removed is sufficient. Where it isn't sufficient, the holder of the space should contact the organization that they are trying to send mail to and ask to be whitelisted. This is not an RIR problem. The RIR's make no guarantee that the address space will be globally routable. They can't force ISP's to accept routes, and they can't force ISP's or their customers to accept traffic from those addresses. It's not an ISP problem, because it is not a problem of the route being rejected by ISP's. It's a problem of people substituting their own judgment about who to accept mail from, for someone else's opinion. that's their own business. It's not up to the RIR's or ISP's to tell other organizations what routes or traffic to accept. --Heather On Jan 16, 2008 12:57 PM, David Conrad <david.conrad@icann.org> wrote:
An "interesting" (in sort of the way the Ebola virus is "interesting") problem that is going to become much more common as we start reallocating previously allocated or otherwise flagged blocks. Leo Vegoda has done a couple of presentations on this.
Just imagine the fun folks who are going to get prefixes out of 1.0.0.0/8 are going to have.
Options I can think of:
1) Get everybody to transition to IPv6 (um, yeah). 2) Get all the folks who are running RBLs/DUNs to update their lists when address status changes (slightly more realistic than (1)). 3) Get everybody to use reputation services like http://www.karmasphere.com/, et al. (no, I'm not affiliated with them) 4) Get RPKI deployed to reduce the need for black list services (um, yeah.) 5) Get the folks who win the draw on prefixes to go around to every black list service themselves (as they discover them) and convince the operator of that list (somehow) to remove them (the default).
No good answers I'm aware of...
Regards, -drc
On 1/16/08 9:28 AM, "Max Tulyev" <president@ukraine.su> wrote:
Hello All,
I just got an assignment for my client (large PI block). But this block is listed in all DNS RBLs and DUN lists, as it was in use till Oct'07 as dynamic DHCP pool of other big ISP.
So my client says they can't use this network, because mail service is blocked.
RIPE rejected my request to change this network to another one: "As we do understand how unfortunate this is for **********, there is nothing we can do about prefixes that appear on so called black lists."
How can I solve this?
My point is that if ARIN has a listing service and ARIN "certifies" that a block can be listed either we have to have a big disclaimer that the block may be blacklisted and it's their problem or maybe we want to mention that it is black listed. If we do nothing and don't at least tell them that we're not certifying that the block is not blacklisted then they could come back and sue us. This is like we currently tell them that we don't guarantee routability. On Jan 16, 2008 11:33 AM, heather skanks <heather.skanks@gmail.com> wrote:
In most cases, a note from the new holder of the address space, to the Blacklist - pointing out that the SWIP record has been updated and requesting the entry to be removed is sufficient. Where it isn't sufficient, the holder of the space should contact the organization that they are trying to send mail to and ask to be whitelisted.
This is not an RIR problem. The RIR's make no guarantee that the address space will be globally routable. They can't force ISP's to accept routes, and they can't force ISP's or their customers to accept traffic from those addresses.
It's not an ISP problem, because it is not a problem of the route being rejected by ISP's. It's a problem of people substituting their own judgment about who to accept mail from, for someone else's opinion.
From the POV of providers, it is our job to deliver the packets from point a to point b. When we give you IP space (or you provide your own) we allow you to source traffic from those IP's, and we deliver packets back to you destined for those IP's. If the folks you want to reach, have decided to implement a 3rd parties blacklist (or even make their own) and deny traffic, that's their own business. It's not up to the RIR's or ISP's to tell other organizations what routes or traffic to accept.
--Heather
On Jan 16, 2008 12:57 PM, David Conrad <david.conrad@icann.org> wrote:
An "interesting" (in sort of the way the Ebola virus is "interesting") problem that is going to become much more common as we start reallocating previously allocated or otherwise flagged blocks. Leo Vegoda has done a
couple of presentations on this.
Just imagine the fun folks who are going to get prefixes out of 1.0.0.0/8 are going to have.
Options I can think of:
1) Get everybody to transition to IPv6 (um, yeah). 2) Get all the folks who are running RBLs/DUNs to update their lists when address status changes (slightly more realistic than (1)). 3) Get everybody to use reputation services like http://www.karmasphere.com/, et al. (no, I'm not affiliated with them) 4) Get RPKI deployed to reduce the need for black list services (um, yeah.) 5) Get the folks who win the draw on prefixes to go around to every black list service themselves (as they discover them) and convince the operator of that list (somehow) to remove them (the default).
No good answers I'm aware of...
Regards, -drc
On 1/16/08 9:28 AM, "Max Tulyev" <president@ukraine.su> wrote:
Hello All,
I just got an assignment for my client (large PI block). But this block is listed in all DNS RBLs and DUN lists, as it was in use till Oct'07 as dynamic DHCP pool of other big ISP.
So my client says they can't use this network, because mail service is blocked.
RIPE rejected my request to change this network to another one: "As we do understand how unfortunate this is for **********, there is nothing we can do about prefixes that appear on so called black lists."
How can I solve this?
An "interesting" (in sort of the way the Ebola virus is "interesting") problem that is going to become much more common as we start reallocating previously allocated or otherwise flagged blocks. Leo Vegoda has done a couple of presentations on this.
A link or two to those would be useful. TIA.
Just imagine the fun folks who are going to get prefixes out of 1.0.0.0/8 are going to have.
It's not just those /8's that will be fun. As people try to scavenge from legacy, pre-RIR space there will be all sorts of pressure to recycle from blocks that aren't currently routable. For those people who believe that there is an enormous amount of reclaimable (is that a word?) space in the pre-RIR assignments, just imagine how much of that space has been used twice, thrice or more? Who, for instance, is the legitimate holder in those cases? Who convinces transit providers to change filters? I know that the RIRs are in no position to guarantee routability or "cleanliness" of a prefix. My point is simply that the pressure to reclaim "elderly" prefixes is going to be balanced against the practical problems of multiple uses, RBLs/DUNs, and routability. That problem is just as "interesting" as the 1.0.0.0/8 problems. p.s. I'm thinking that the solution to the Ebola virus will come first. Mark McFadden
2) Get all the folks who are running RBLs/DUNs to update their lists when address status changes (slightly more realistic than (1)).
could arin help automate this? randy
On 1/16/08 12:17 PM, "Randy Bush" <randy@psg.com> wrote:
2) Get all the folks who are running RBLs/DUNs to update their lists when address status changes (slightly more realistic than (1)). could arin help automate this?
Personally, I would imagine a set of services could be offered: A) IANA announces unallocated blocks B) the RIRs announce the blocks they've been allocated by IANA but which are unassigned (either new or returned) RBL/DUN maintainers could then listen for those announcements (note I'm not specifying the form of announcement here, there are a lot of possible mechanisms and some would argue it is already done via the registry databases, but that's pull versus push). The RPKI effort could address part or all of this (maybe). (of course, the last time I suggested IANA could offer a service like this, some people in the ops community yelled at me, so I'm not actually suggesting this). Problem is, we run again into the decentralized nature of the Internet. At least in the past, the folks who maintain RBL/DUN lists were an ornery, individualistic bunch and trying to get them to do something required one-on-one negotiations that sometimes failed for, shall we say, non-technical reasons. I haven't really been following the RBL/DUN world for a while -- maybe things have gotten more professional so getting (at least) the major players to buy into this sort of thing could be possible. However, none of this addresses Max's immediate concerns. In the near term, I figure the choices here are: 1) the RIRs accept "the prefix is on black lists" as a justification to accept a prefix in exchange for another. This will work for a little while longer yet. 2) the RIRs tell folks you get what you get and force the end users who ultimately get the addresses to deal with the situation. I suspect this will tend to result in the ISPs having to deal since they'll probably get tired of their customers whining at them. An icky situation. Regards, -drc
Dave and all, If customers of ISP's don't whine, as you put it to them, how do they have an expectation of getting these situations addressed? As you rightly say, the IANA doesn't want to address it, the RIR's really don't either. So whom? Frankly again IMHO, either ICANN/IANA has to address this directly, or the RIR's do. Regards, Spokesman for INEGroup LLA. - (Over 277k members/stakeholders strong!) "Obedience of the law is the greatest freedom" - Abraham Lincoln "Credit should go with the performance of duty and not with what is very often the accident of glory" - Theodore Roosevelt "If the probability be called P; the injury, L; and the burden, B; liability depends upon whether B is less than L multiplied by P: i.e., whether B is less than PL." United States v. Carroll Towing (159 F.2d 169 [2d Cir. 1947] =============================================================== Updated 1/26/04 CSO/DIR. Internet Network Eng. SR. Eng. Network data security IDNS. div. of Information Network Eng. INEG. INC. ABA member in good standing member ID 01257402 E-Mail jwkckid1@ix.netcom.com My Phone: 214-244-4827 David Conrad wrote:
On 1/16/08 12:17 PM, "Randy Bush" <randy@psg.com> wrote:
2) Get all the folks who are running RBLs/DUNs to update their lists when address status changes (slightly more realistic than (1)). could arin help automate this?
Personally, I would imagine a set of services could be offered:
A) IANA announces unallocated blocks B) the RIRs announce the blocks they've been allocated by IANA but which are unassigned (either new or returned)
RBL/DUN maintainers could then listen for those announcements (note I'm not specifying the form of announcement here, there are a lot of possible mechanisms and some would argue it is already done via the registry databases, but that's pull versus push). The RPKI effort could address part or all of this (maybe).
(of course, the last time I suggested IANA could offer a service like this, some people in the ops community yelled at me, so I'm not actually suggesting this).
Problem is, we run again into the decentralized nature of the Internet. At least in the past, the folks who maintain RBL/DUN lists were an ornery, individualistic bunch and trying to get them to do something required one-on-one negotiations that sometimes failed for, shall we say, non-technical reasons. I haven't really been following the RBL/DUN world for a while -- maybe things have gotten more professional so getting (at least) the major players to buy into this sort of thing could be possible.
However, none of this addresses Max's immediate concerns. In the near term, I figure the choices here are:
1) the RIRs accept "the prefix is on black lists" as a justification to accept a prefix in exchange for another. This will work for a little while longer yet.
2) the RIRs tell folks you get what you get and force the end users who ultimately get the addresses to deal with the situation. I suspect this will tend to result in the ISPs having to deal since they'll probably get tired of their customers whining at them.
An icky situation.
Regards, -drc
2) Get all the folks who are running RBLs/DUNs to update their lists when address status changes (slightly more realistic than (1)).
could arin help automate this?
What about RIPE, on whose list we are posting? In any case, I went to ARIN's suggestion page here: https://app.arin.net/suggestion/ and made that very suggestion. --Michael Dillon
michael.dillon@bt.com wrote:
2) Get all the folks who are running RBLs/DUNs to update their lists when address status changes (slightly more realistic than (1)). could arin help automate this?
What about RIPE, on whose list we are posting? In any case, I went to ARIN's suggestion page here: https://app.arin.net/suggestion/ and made that very suggestion.
For ARIN region it would really help already a lot if they had a populated and used routing registry which was correctly cross referenced to their main whois database. Then, if ISPs are really serious in their work, they could just start using the inetnum/inet6nums to see which prefixes should be in their routing tables, as the ones which are not registered there should clearly not be. This can be done for the RIPE, AFRINIC & APNIC region, but not for ARIN. Not sure about LACNIC there though. The next ultimate step of course is routing PKI, but that definitely will never happen unfortunately. Oh and people afraid of 'loosing their routes to important people', should of course do two things when generating filters from RIR data: - Also have a local repository with important stuff (eg your own and your friends stuff) - Always manually confirm/checkup the changes ;) (Though at some point it should be trustable) Greets, Jeroen
* Randy Bush:
2) Get all the folks who are running RBLs/DUNs to update their lists when address status changes (slightly more realistic than (1)).
could arin help automate this?
I think you can't really automate this, otherwise people will try to use the automated process to purge bad reputation from the record. I also think that RIPE (and probably ARIN, too) publish enough data so that the blacklist operators could detect significant changes in address space ownership automatically.
David and all, I find myself strangly agreeing with you here by in large Dave! >:) But only in the status quo situation overall... Seems to me that either ICANN itself is going to have to address this problem, or the RIR's will have to take the lead in cleaning up recycled IP's that have been black listed by any service whom for whatever reason has blacklisted those IP's. Regards, Spokesman for INEGroup LLA. - (Over 277k members/stakeholders strong!) "Obedience of the law is the greatest freedom" - Abraham Lincoln "Credit should go with the performance of duty and not with what is very often the accident of glory" - Theodore Roosevelt "If the probability be called P; the injury, L; and the burden, B; liability depends upon whether B is less than L multiplied by P: i.e., whether B is less than PL." United States v. Carroll Towing (159 F.2d 169 [2d Cir. 1947] =============================================================== Updated 1/26/04 CSO/DIR. Internet Network Eng. SR. Eng. Network data security IDNS. div. of Information Network Eng. INEG. INC. ABA member in good standing member ID 01257402 E-Mail jwkckid1@ix.netcom.com My Phone: 214-244-4827 David Conrad wrote:
An "interesting" (in sort of the way the Ebola virus is "interesting") problem that is going to become much more common as we start reallocating previously allocated or otherwise flagged blocks. Leo Vegoda has done a couple of presentations on this.
Just imagine the fun folks who are going to get prefixes out of 1.0.0.0/8 are going to have.
Options I can think of:
1) Get everybody to transition to IPv6 (um, yeah). 2) Get all the folks who are running RBLs/DUNs to update their lists when address status changes (slightly more realistic than (1)). 3) Get everybody to use reputation services like http://www.karmasphere.com/, et al. (no, I'm not affiliated with them) 4) Get RPKI deployed to reduce the need for black list services (um, yeah.) 5) Get the folks who win the draw on prefixes to go around to every black list service themselves (as they discover them) and convince the operator of that list (somehow) to remove them (the default).
No good answers I'm aware of...
Regards, -drc
On 1/16/08 9:28 AM, "Max Tulyev" <president@ukraine.su> wrote:
Hello All,
I just got an assignment for my client (large PI block). But this block is listed in all DNS RBLs and DUN lists, as it was in use till Oct'07 as dynamic DHCP pool of other big ISP.
So my client says they can't use this network, because mail service is blocked.
RIPE rejected my request to change this network to another one: "As we do understand how unfortunate this is for **********, there is nothing we can do about prefixes that appear on so called black lists."
How can I solve this?
David, is there real things I can do? Semi-real is 5. But the problem is much more deep. Some people make blacklisting by firewall rules based on data years old. Some blacklists (my client said about yahoo and aol) just have no policy to delist a network, and ignore requests. David Conrad wrote:
An "interesting" (in sort of the way the Ebola virus is "interesting") problem that is going to become much more common as we start reallocating previously allocated or otherwise flagged blocks. Leo Vegoda has done a couple of presentations on this.
Just imagine the fun folks who are going to get prefixes out of 1.0.0.0/8 are going to have.
Options I can think of:
1) Get everybody to transition to IPv6 (um, yeah). 2) Get all the folks who are running RBLs/DUNs to update their lists when address status changes (slightly more realistic than (1)). 3) Get everybody to use reputation services like http://www.karmasphere.com/, et al. (no, I'm not affiliated with them) 4) Get RPKI deployed to reduce the need for black list services (um, yeah.) 5) Get the folks who win the draw on prefixes to go around to every black list service themselves (as they discover them) and convince the operator of that list (somehow) to remove them (the default).
No good answers I'm aware of...
Regards, -drc
On 1/16/08 9:28 AM, "Max Tulyev" <president@ukraine.su> wrote:
Hello All,
I just got an assignment for my client (large PI block). But this block is listed in all DNS RBLs and DUN lists, as it was in use till Oct'07 as dynamic DHCP pool of other big ISP.
So my client says they can't use this network, because mail service is blocked.
RIPE rejected my request to change this network to another one: "As we do understand how unfortunate this is for **********, there is nothing we can do about prefixes that appear on so called black lists."
How can I solve this?
-- WBR, Max Tulyev (MT6561-RIPE, 2:463/253@FIDO)
Max and all, Maybe sue AOL and Yahoo? Why not, everyone else is? Regards, Spokesman for INEGroup LLA. - (Over 277k members/stakeholders strong!) "Obedience of the law is the greatest freedom" - Abraham Lincoln "Credit should go with the performance of duty and not with what is very often the accident of glory" - Theodore Roosevelt "If the probability be called P; the injury, L; and the burden, B; liability depends upon whether B is less than L multiplied by P: i.e., whether B is less than PL." United States v. Carroll Towing (159 F.2d 169 [2d Cir. 1947] =============================================================== Updated 1/26/04 CSO/DIR. Internet Network Eng. SR. Eng. Network data security IDNS. div. of Information Network Eng. INEG. INC. ABA member in good standing member ID 01257402 E-Mail jwkckid1@ix.netcom.com My Phone: 214-244-4827 Max Tulyev wrote:
David,
is there real things I can do?
Semi-real is 5. But the problem is much more deep. Some people make blacklisting by firewall rules based on data years old. Some blacklists (my client said about yahoo and aol) just have no policy to delist a network, and ignore requests.
David Conrad wrote:
An "interesting" (in sort of the way the Ebola virus is "interesting") problem that is going to become much more common as we start reallocating previously allocated or otherwise flagged blocks. Leo Vegoda has done a couple of presentations on this.
Just imagine the fun folks who are going to get prefixes out of 1.0.0.0/8 are going to have.
Options I can think of:
1) Get everybody to transition to IPv6 (um, yeah). 2) Get all the folks who are running RBLs/DUNs to update their lists when address status changes (slightly more realistic than (1)). 3) Get everybody to use reputation services like http://www.karmasphere.com/, et al. (no, I'm not affiliated with them) 4) Get RPKI deployed to reduce the need for black list services (um, yeah.) 5) Get the folks who win the draw on prefixes to go around to every black list service themselves (as they discover them) and convince the operator of that list (somehow) to remove them (the default).
No good answers I'm aware of...
Regards, -drc
On 1/16/08 9:28 AM, "Max Tulyev" <president@ukraine.su> wrote:
Hello All,
I just got an assignment for my client (large PI block). But this block is listed in all DNS RBLs and DUN lists, as it was in use till Oct'07 as dynamic DHCP pool of other big ISP.
So my client says they can't use this network, because mail service is blocked.
RIPE rejected my request to change this network to another one: "As we do understand how unfortunate this is for **********, there is nothing we can do about prefixes that appear on so called black lists."
How can I solve this?
-- WBR, Max Tulyev (MT6561-RIPE, 2:463/253@FIDO)
is there real things I can do?
Assign the customer a /32 from one of your address blocks so that they can use it on their mail server. This means the mail server will not be multihomed but at least it will work. Maybe they can also get another /32 from their other upstream provider. In fact, you could also offer to host their mail server in your network which would accomplish the same thing. --Michael Dillon
1. It is not multihomed. 2. There is MORE than 1 IP address using for mail service. michael.dillon@bt.com wrote:
is there real things I can do?
Assign the customer a /32 from one of your address blocks so that they can use it on their mail server. This means the mail server will not be multihomed but at least it will work. Maybe they can also get another /32 from their other upstream provider.
In fact, you could also offer to host their mail server in your network which would accomplish the same thing.
--Michael Dillon
-- WBR, Max Tulyev (MT6561-RIPE, 2:463/253@FIDO)
Dear Max,
2. There is MORE than 1 IP address using for mail service.
You can offer mail relay service through your mail server(s). The customer(s) should then configure their mail servers to forward mail to the "smart" host (your relay), rather than deliver it directly. I hope this helps. Best regards, Janos Zsako
michael.dillon@bt.com wrote:
is there real things I can do? Assign the customer a /32 from one of your address blocks so that they can use it on their mail server. This means the mail server will not be multihomed but at least it will work. Maybe they can also get another /32 from their other upstream provider.
In fact, you could also offer to host their mail server in your network which would accomplish the same thing.
--Michael Dillon
* Janos Zsako:
2. There is MORE than 1 IP address using for mail service.
You can offer mail relay service through your mail server(s).
The customer(s) should then configure their mail servers to forward mail to the "smart" host (your relay), rather than deliver it directly.
You also need to rewrite Received: lines, to remove records of the supposedly infected address space. And you should do this on a separate server on a dedicated prefix, so that misguided blacklist operators do not retaliate against your main mail service for doing that. 8-(
Florian Weimer wrote:
* Janos Zsako:
2. There is MORE than 1 IP address using for mail service.
You can offer mail relay service through your mail server(s).
The customer(s) should then configure their mail servers to forward mail to the "smart" host (your relay), rather than deliver it directly.
You also need to rewrite Received: lines, to remove records of the supposedly infected address space. And you should do this on a separate server on a dedicated prefix, so that misguided blacklist operators do not retaliate against your main mail service for doing that. 8-(
I really don't get that one :-) I suppose the NCC manufactures a completely fresh and shiny address space object when giving out "previously used" address space? Otherwise, messing around with changed lines *after* an allocation or assignment transaction is a BAD IDEA [TM] (as I found out ;-) ) Wilfried.
* Wilfried Woeber:
You also need to rewrite Received: lines, to remove records of the supposedly infected address space. And you should do this on a separate server on a dedicated prefix, so that misguided blacklist operators do not retaliate against your main mail service for doing that. 8-(
I really don't get that one :-)
Which part? For certain mail relays, filter rules are applied to hosts behind it, not to the relay itself.
I suppose the NCC manufactures a completely fresh and shiny address space object when giving out "previously used" address space?
They do. But blacklist operators do not seem to care. (Same for some routing database operators, BTW.) Apparently, it's also possible to wipe clean the record on your inetnum: objects, so it's understandable that the blacklist operators do not automatically wipe all the records from their databases just because the object appears to be new.
Florian Weimer wrote:
* Wilfried Woeber:
You also need to rewrite Received: lines, to remove records of the supposedly infected address space. And you should do this on a separate server on a dedicated prefix, so that misguided blacklist operators do not retaliate against your main mail service for doing that. 8-(
I really don't get that one :-)
Which part?
Sorry Florian, I got somewhat mixed up between "received:" and "changed:" :-/ My apologies... -W
For certain mail relays, filter rules are applied to hosts behind it, not to the relay itself.
I suppose the NCC manufactures a completely fresh and shiny address space object when giving out "previously used" address space?
They do. But blacklist operators do not seem to care. (Same for some routing database operators, BTW.)
Apparently, it's also possible to wipe clean the record on your inetnum: objects, so it's understandable that the blacklist operators do not automatically wipe all the records from their databases just because the object appears to be new.
participants (12)
-
cja@daydream.com
-
David Conrad
-
Florian Weimer
-
heather skanks
-
Janos Zsako
-
Jeffrey A. Williams
-
Jeroen Massar
-
Mark McFadden
-
Max Tulyev
-
michael.dillon@bt.com
-
Randy Bush
-
Wilfried Woeber, UniVie/ACOnet