A lot of what is being requested in this thread seems outside of RIPEs remit and raises endless questions about responsibility / overreach. RIPEs job is to manage the distribution and registration of resources across members as efficiently and fairly as possible - I've only been a member for a few years but it seems to be doing a pretty good job at that. The stated goal of the organisation is not to police and rule on the activities of those using the resources and take unilateral action against them if they break a law. I also reject the notion that this is what they should be doing - having a central authority to police internet activity seems to run contrary to the idea of an open internet and raises numerous questions. Who makes the rules? What level of evidence is needed? How do you accurately validate evidence? What is the process? What if there is some miscarriage of justice? Furthermore, the practicality of basing security on relying on a RIR correctly policing resource usage and preventing things like hacking attempts is ineffective and will lead to issues. There are multiple RIRs that would all need to work effectively to do this and even then, most hacking attempts are made through botnets anyways. In my experience, blacklists are effective and simple to set up so I don't understand how this isn't the easy solution here. All that being said, if RIPE wants to begin sending email notifications and checking whether abuse contact information is up to date / being replied to and publish that list then I think that is reasonable but it should be purely educational and made available for stakeholders to act independently with no central authority recommending any kind of action using the list. Again, practically speaking here.. I think all you'd find there would be a huge number of non-respondents and having to make a decision whether or not to block millions of european internet resources from your network just because the owner didn't click a email button. Timur Gok Managing Director [image: Logo] <https://www.pingproxies.com/> admin@pinglabs.co.uk - www.pinglabs.co.uk International House, 12 Constance Street, London, United Kingdom, E16 2DQ [image: LinkedIn icon] <https://www.linkedin.com/in/timur-gok-6a7074159/> [image: Twitter icon] <https://twitter.com/pingproxies> On Fri, Dec 1, 2023 at 1:23 PM U.Mutlu <security@mutluit.com> wrote:
Laura Atkins wrote on 12/01/23 13:22:
None of this will make a company who doesn’t want to deal with abuse complaints deal with abuse complaints. It’s a total waste of resources.
Then RIPE has to sanction that member.
Example of ignored Abuse Reports regarding email hacking attempts:
You get countless hacking attempts to your email server (ie. brute-force attacks trying to login as a mail client by using either a valid email login name or some random names; they usually fail b/c of wrong password). It all gets logged in the emailserver logs together with exact timings, so there is enough evidence available for verification.
You send an Abuse Report to the owner of the IP from where these hacking attempts occur.But there is no reaction, the hacking attemps day and night continue. So, it's not just a one-time thing. Even if you block that IP, it still generates traffic and eats-up resources on the server.
We need an effective solution to stop such abuses. RIPE NCC should ask the client to fix the problem and formally inform the RIPE NCC about the fix within 7 days.
If the Abuse Reports still get ignored, then RIPE NCC should issue a 2nd warning and thereafter then terminate or suspend the membership until the issue gets fixed.
Laura Atkins wrote on 12/01/23 13:22:
None of this will make a company who doesn’t want to deal with abuse complaints deal with abuse complaints. It’s a total waste of resources.
laura
On 1 Dec 2023, at 10:53, U.Mutlu <security@mutluit.com> wrote:
For each complaint to RIPE NCC then such an (automated) email should be sent by the RIPE NCC to the abuse-c of that member. This should be the absolute minimum that should be done by the RIPE NCC.
Matthias Merkel wrote on 11/30/23 11:47:
The proposal is to send verification emails to abuse mailboxes and have a link in them clicked, right? I would have no objection to that.
Is there more that is being proposed in this proposal specifically?
— Maria Merkel
--
To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/anti-abuse-wg
-- The Delivery Expert
Laura Atkins Word to the Wise laura@wordtothewise.com
Delivery hints and commentary: http://wordtothewise.com/blog
--
To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/anti-abuse-wg