-The establishment of core rules, that apply irrespective of the laws of the ISP's country. For example, Russian ISP's are quick to show that spam isn't illegal in Russia. These rules must be enforced by AS, and an enforcement action be reviewable by RIPE.

-These are rules applicable to end users, but enforced by the AS.

eg:

Rule 1: No port scanning: description of port scanning.
Rule 2: No spamming: description of spamming.

-RIPE does not enforce the rules, but ensures that they are enforced by the AS.

- all members should be required to maintain a ticket based, web-browser based complaint system (similar to ZENDESK or CUSTHELP), so that the complainer can view their ticket in the database.

- The complaint system should be maintained by the AS.

- The ability to escalate a complaint to RIPE/AFRINIC/APNIC, including the ability to complain about the complaint system not working properly.

- RIPE/AFRINIC/APNIC to issue final ruling.

- Direction to upstream to providers to block traffic until compliance occurs - enforcement action similar to ICANN.

Anything would be better than the nothing that currently exists.


-------- Original Message --------
Subject: Straw-man abuse reporting system (was: New on RIPE Labs:
Botnets: As We See Them in 2017)
From: Shane Kerr <shane@time-travellers.org>
Date: Fri, August 04, 2017 5:49 pm
To: phishing@storey.xxx
Cc: anti-abuse-wg@ripe.net

Hello Phishing,

The RIPE NCC cannot "suspend" anyone. There is no "ISP License", at
least not from the RIPE NCC. They could, however, revoke resources
(address space and ASN) or increase fees.

In order for such a system to be effective, you would need to define
what "respond appropriately" means. Also, one would need a way to
verify that the complaints were valid, to prevent evil or ignorant
people from using the complaint system against responsible ISP's.

These things are tricky to get correct. They are expensive, and make
both the RIPE NCC and the abuse reporter potentially legally liable for
damages. They also tend to be hard to change once in place (notice that
phone number is still required on RIPE person objects in the RIPE
Whois database, while e-mail address is optional).

In the past that this has come up, nobody who wants a system of
accountability has produced workable, concrete proposals. As my first
boss told me long, long ago: "It's easy to criticize, but hard to
create."

I can imagine a relatively simple system though. Here's a straw-man
proposal:

* RIPE NCC members can report abuse by other RIPE NCC members via a web
portal. The abuse report identifies both members, and is visible to
both of them. RIPE NCC staff may access reports if either member
requests it, but reports are otherwise confidential. Abuse reports are
kept for 12 months and then deleted.

* Abuse reports must be responded to within 72 hours using the web
portal. Every late response results in a warning.

* After 3 calendar months where warnings are received each month, the
member is put on notice. No new resources can be allocated or
transferred to or from the member until a month has passed without
late responses. The member is given a list of abuse reports for the 3
month period.

* After a year where warnings are received each month, the membership
is revoked, and their resources returned to the RIPE NCC for
allocation. The former member is given a list of abuse reports for
the 12 month period.

* The RIPE NCC Arbiters Panel resolves any disputes.

Note that this does nothing to prevent ISP's from just clicking "abuse
report handled", but it does require ISP's take some action. It also
requires that non-members convince a member to make a complaint on
their behalf.

It is somewhat resistant against people making false claims, since both
parties know who made the complaint. It preserves privacy since claims
are not published. It gives some time for ISP's to sort things out, but
has hard limits. It also has the drawback (or benefit) of not defining
abuse.

This proposal is flawed and thrown out here when I'm cutting back on
caffeine. But I think it shows that maybe a system can be put in place.

Cheers,

--
Shane

At 2017-08-03 20:51:15 -0700
" " <phishing@storey.xxx> wrote:

> Well it would help if RIPE introduced a policy of accountability, that saw ISP's suspended if they don't respond appropriately to abuse complaints regarding said botnet infections............
>
>
> -------- Original Message --------
> > Subject: [anti-abuse-wg] New on RIPE Labs: Botnets: As We See Them in
> > 2017
> > From: Vesna Manojlovic <BECHA@ripe.net>
> > Date: Thu, August 03, 2017 3:54 am
> > To: RIPE Anti-Abuse WG <anti-abuse-wg@ripe.net>
> >
> > Dear colleagues,
> >
> > As a part of his research into detecting malicious network activities,
> > Alireza Vaziri is sharing his network/system engineer experiences on
> > defend network's infrastructure from outages.
> >
> > Please read about it in this new article on RIPE Labs:
> > https://labs.ripe.net/Members/alireza_vaziri/botnet
> >
> > Regards,
> > Vesna Manojlovic
> > Community Builder
> > RIPE NCC
> >
> >
> >