On Friday 09 April 2010 10.38, Michele Neylon :: Blacknight wrote:
On 8 Apr 2010, at 19:27, Frank Gadegast , Dipl-Inform. Frank Gadegast wrote:
You dont need to know the real one until you have one for every IP.
As I mentioned, you might simply want to contact the abuse team regarding a more general issue. Quite often if I can't find a published abuse contact for foo.com so I'll dig www.foo.com and then lookup the returned address in the RIPE DB - I'm not at all interested in an address specific to that IP address though.
well, you can still look it up.
But see it this way: - most provider use anti spam tools like SpamAssassin to protect there customer - SA surely lists the IP that was connecting and causing the spam - you can then automatically forward the spam plus a initial text, describing that you do not want this to the general "IP like" address - and the monitoring system will then forward it to the right RIPE member (and to EVERY member)
So if a machine on a network were compromised / abused and a large amount of spam was sent out, how many of these emails would you see being relayed via RIPE to the abuse contact??
proportional to the number of spam. Are you suprised that lot's of spam generates lots of complaints ?
You can then look up the report (or even automate it), reset his radius password and kick him out, waiting for him to phone your support :o)
Not everyone has the same business model
Some does better the others. For those that has no means of blocking a bad behaving customer the would need to rethink their model.
Or you could redirect him to a webpage describing that there are too many reports coming in for his IP in a whatever time. Its all up you.
My dream system looks like this: - abuse reports will get standarized
that would be helpful
- monitoring systems will be developed at all RIRs
Monitoring for what exactly???
Analysing incoming abusereports ( and acting accordingly)
- spam detection will be automated at the providers side and send standarized reports to the RIRs monitoring system
- and the RIRs member automates and scans the incoming reports like he wants (maybe by devining minimum values and limits) and automates the blockage and information of his users
Sounds great ?
Well, thats actually what we are doing already with our own users. If we detect incoming spam with high scores a couple of times in a short time we kick the users offline automatically and redirect him next time he loggs in to a information page, where he finds our support numbers :o)
Wroks simply great, and I would love to get closer to such a system together with ALL ISP
And again you are working under the false assumption that ALL RIPE members offer the same services as you do and in the same way.
Nope, some lazy ISP's will have to adjust their procedures. Allowed to use an ip-range is both a benefit and an obligation. Society at large does not work when rogue individuals mis-behaves and ignores "common rules-of-conduct".
"Bad providers" could be even published by RIPE :o)
Are you insane? RIPE cannot open itself up for that kind of liability
Why ? If ranges are supplied with an explicit rules-of-use, the if the provider does not follow the (agreed rules) it's not RIPE's problem. The key here is to couple assignment of ranges to specific rules for use.
Well, thats only work at RIPE NCC, its not that complicated to automated bounces ...
So you say ..
You cannot speak for all providers / RIPE members.
You are also suggesting putting a very heavy load on RIPE's systems which someone will have to pay for. Who?
Why not take a fee per ip-address / year ? This is something i suggested to IETF ages ago, and it would have made allocations much more fair. Noone would like to pay for resources they don't need, and everyone would have a decent chance of getting addresses when they need.
confirmation would be enough, although you'd need some way to deal with automated reports.
Well, the monitoring system could send always the same backlink for the same IP, so that the ISP could still count the amount of incoming reports for one IP automatically and then "answers" it as being closed with just clicking ONE link.
Good idea ?
So you expect RIPE members to completely rework their abuse desks to fit into your view of the world?
Why not ? The world changes and if some refuses to follow thay will find themselfs outside the loop.
I can't see that happening, because not all RIPE members are the same or work in the same way.
Unfortently.
Mr Michele Neylon Blacknight Solutions Hosting & Colocation, Brand Protection ICANN Accredited Registrar http://www.blacknight.com/ http://blog.blacknight.com/ http://mneylon.tel Intl. +353 (0) 59 9183072 US: 213-233-1612 UK: 0844 484 9361 Locall: 1850 929 929 Twitter: http://twitter.com/mneylon ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,Ireland Company No.: 370845
-- Peter Håkanson There's never money to do it right, but always money to do it again ... and again ... and again ... and again. ( Det är billigare att göra rätt. Det är dyrt att laga fel. )