Re: [anti-abuse-wg] DRAFT: RIPE proposal - implementation of an
On 9 Apr 2010, at 10:02, Frank Gadegast , Dipl-Inform. Frank Gadegast wrote:
Thats up for discussion. Preferably every incident will generate one mail to be qick as possible. Surely its also possible to summarizereal outbreaks.
OK
You can then look up the report (or even automate it), reset his radius password and kick him out, waiting for him to phone your support :o)
Not everyone has the same business model
Right, some members seem to make money with abuse ...
Again - if you expect there to be ANY dialogue you need to drop that attitude It's offensive and totally unhelpful
Or you could redirect him to a webpage describing that there are too many reports coming in for his IP in a whatever time. Its all up you.
My dream system looks like this: - abuse reports will get standarized
that would be helpful
Indeed.
- monitoring systems will be developed at all RIRs
Monitoring for what exactly???
abuse reports
I'm having difficulty understanding this. If a RIPE member has an abuse contact and sets up abuse contact objects for every allocation, why do you need anything else?
And again you are working under the false assumption that ALL RIPE members offer the same services as you do and in the same way.
So we are even not clear that abuse is kind of "evil" and should be acceptable because its the business of the member ?
We should close this list, if we could not even have the same oppinion here.
But feel free to explain these "business models" to me ...
Again - drop the attitude You have to understand that not every RIPE member offers the same services or has the same resources at their disposal etc.,
"Bad providers" could be even published by RIPE :o)
Are you insane? RIPE cannot open itself up for that kind of liability
Why not, blacklists are doing the same, whats the difference ?
Ask a lawyer.
Well, thats only work at RIPE NCC, its not that complicated to automated bounces ...
So you say ..
Yes, its quite easy.
No it isn't. Either: - learn how to discuss this with other RIPE members or keep on with your stupid attitude and see how far it gets you
You cannot speak for all providers / RIPE members.
Thats one of the reasons for a centralized system located at RIPE. The system only needs to be implemented once, there will be nearly no costs on the members side (except that they have to deal with report, but they can still ignore them and except the costs that might be added to RIPEs fees, but that should not be that much.
You do not know that. You have no way of knowing how much of a load would be placed on RIPE's systems
You are also suggesting putting a very heavy load on RIPE's systems which someone will have to pay for. Who?
The member. Simply add the costs to RIPE general costs and shared the along the members with the current mechanism, small member pay less, big one more.
confirmation would be enough, although you'd need some way to deal with automated reports.
Well, the monitoring system could send always the same backlink for the same IP, so that the ISP could still count the amount of incoming reports for one IP automatically and then "answers" it as being closed with just clicking ONE link.
Good idea ?
So you expect RIPE members to completely rework their abuse desks to fit into your view of the world?
Not MY VIEW, a standarized view.
You're not a very good listener, are you?
Thats the goal.
Lets see it this way: providers have to change their infrastructure regulary for a couple or reasons and always have done. Serverhousing changed pretty much during the last years. There was the change from ISDN to DSL dialin, there are new technologies for HTML, Flash and Mail every day.
And do not forget IPv6, EVERY member has to change that in the new future.
I can't see that happening, because not all RIPE members are the same or work in the same way.
Well they work on the same basics, what are allocations and other resources. Resources cause traffic, and every members uses resources like nameservices, webpages and email. And spam problem comes into play with the later.
The difference isnt that big. Business models have nothing to do with how to deal with resources the got from RIPE.
Yes it does If you think that you can live in a world where business models have zero impact on reality then you are deluded
Kind regards, Frank
Mr Michele Neylon Blacknight Solutions Hosting & Colocation, Brand Protection ICANN Accredited Registrar http://www.blacknight.com/ http://blog.blacknight.com/ http://mneylon.tel Intl. +353 (0) 59 9183072 US: 213-233-1612 UK: 0844 484 9361 Locall: 1850 929 929 Twitter: http://twitter.com/mneylon ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,Ireland Company No.: 370845
Mr Michele Neylon Blacknight Solutions Hosting & Colocation, Brand Protection ICANN Accredited Registrar http://www.blacknight.com/ http://blog.blacknight.com/ http://mneylon.tel Intl. +353 (0) 59 9183072 US: 213-233-1612 UK: 0844 484 9361 Locall: 1850 929 929 Direct Dial: +353 (0)59 9183090 Twitter: http://twitter.com/mneylon ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,Ireland Company No.: 370845
First a ... Hello (thats good tone in Germany),
Again - if you expect there to be ANY dialogue you need to drop that attitude
It's offensive and totally unhelpful
Well, like we say in Germany: people are only offended, if somebody gets them, thats they are doing something wrong. This is defny not against you or any other member that takes care about abuse reports. Its only against members, that are ignoring that there attitude or business model causes real harm to others. I will keep THAT attitute.
I'm having difficulty understanding this.
If a RIPE member has an abuse contact and sets up abuse contact objects for every allocation, why do you need anything else?
Like I outline already: - whois is complicated and unusefull for end users - IRT objects makes it even more complicated - nobody is meassuring the members so far - nobody has detailed data about how much abuse is really happening except really well-known blacklists like spamhaus
But feel free to explain these "business models" to me ...
Again - drop the attitude
You have to understand that not every RIPE member offers the same services or has the same resources at their disposal etc.,
Again, please give me an example, why any business model should ignore, that the business model is causing real harm to others. An example please.
"Bad providers" could be even published by RIPE :o)
Are you insane? RIPE cannot open itself up for that kind of liability
Why not, blacklists are doing the same, whats the difference ?
Ask a lawyer.
More details please.
Well, thats only work at RIPE NCC, its not that complicated to automated bounces ...
So you say ..
Yes, its quite easy.
No it isn't.
It is, we developed our own blacklist, and that wasnt that much work. A powerfull organisation with competent workers like RIPE would create that in really short time. Please give me arguments, why its soo complicated. Mailtools are wellknown, open source and available for nearly everything you might want to do with mail. It is easy, I was even already thinking about to use our own blacklist as testbed, we not all available abuse contacts anyway and to setup a general formatted email address is two lines in the mailserver config and to pump that in a script that forwards the mail after looking up the correct address is a ten-liner in perl. Im still thinking about this testbed, the only problem is: - our abuse addresses we have might not be as reliable than RIPE will have them and it would be really bad to accuse the wrong person or even expose details to the wrong person If I would get complete access to all personal objects at RIPE in a live process, a would think about the testbed again ... I could even sign whatever non-disclosure to ensure, that we are not doing anything wrong with this data.
Either:
- learn how to discuss this with other RIPE members or
keep on with your stupid attitude and see how far it gets you
Hm, Im not starting with words like "stupid", so please do not reglement my tone and cool down first. You seem to fight heavily against any idea arriving here. What are you so frightened about ?
You cannot speak for all providers / RIPE members.
Thats one of the reasons for a centralized system located at RIPE. The system only needs to be implemented once, there will be nearly no costs on the members side (except that they have to deal with report, but they can still ignore them and except the costs that might be added to RIPEs fees, but that should not be that much.
You do not know that.
You have no way of knowing how much of a load would be placed on RIPE's systems
Sure, but RIPE is using millions of EUR yearly to get everything going. You are an ISP yourself, make a guess, how much that costs if you do not have to make provit. I quick guess: - a redundant mailserver environment capable of what ? deliver 50 mio mails a day ? - a would say 100GB traffic/day and 25 highend server - thats about 3000 EUR traffic-costs a month - and about 50 thousand one time invest for the servers - plus the development, I would implement something like this with one month work, ok 5.000 - plus hirering one person to take care about hardware and special cases, that 3.000/month All together, lets say 6.000 per month plus the invest. And now devide this to all members with the usual scale (small pay less than big members), how much would that add to the normal yearly membership costs ? Could somebody could quickly compare that to the last yearly costs at RIPE ? You can save that if you only cut 30 peoples journeys to nice holiday locations for "meetings" that could be done via modern comunication techniques anyway per year.
Well, the monitoring system could send always the same backlink for the same IP, so that the ISP could still count the amount of incoming reports for one IP automatically and then "answers" it as being closed with just clicking ONE link.
Good idea ?
So you expect RIPE members to completely rework their abuse desks to fit into your view of the world?
Not MY VIEW, a standarized view.
You're not a very good listener, are you?
Might be because Im not english-speaking ... (like I noted when I was sending the draft). But, like I outlined above, a rework is not really neccessary. Currently members are receiving lots of different formatted reports to their abuse desk (if they have one) and have to read them all manually. It isnt that bad, if you will get reports, that are more standarized.
Thats the goal.
Lets see it this way: providers have to change their infrastructure regulary for a couple or reasons and always have done. Serverhousing changed pretty much during the last years. There was the change from ISDN to DSL dialin, there are new technologies for HTML, Flash and Mail every day.
And do not forget IPv6, EVERY member has to change that in the new future.
I can't see that happening, because not all RIPE members are the same or work in the same way.
Well they work on the same basics, what are allocations and other resources. Resources cause traffic, and every members uses resources like nameservices, webpages and email. And spam problem comes into play with the later.
The difference isnt that big. Business models have nothing to do with how to deal with resources the got from RIPE.
Yes it does
If you think that you can live in a world where business models have zero impact on reality then you are deluded
Example, please give an example .... Kind regards, Frank -- PHADE Software - PowerWeb http://www.powerweb.de Inh. Dipl.-Inform. Frank Gadegast mailto:frank@powerweb.de Schinkelstrasse 17 fon: +49 33200 52920 14558 Nuthetal OT Rehbruecke, Germany fax: +49 33200 52921 ====================================================================== Public PGP Key available for frank@powerweb.de
Kind regards, Frank
Mr Michele Neylon Blacknight Solutions Hosting & Colocation, Brand Protection ICANN Accredited Registrar http://www.blacknight.com/ http://blog.blacknight.com/ http://mneylon.tel Intl. +353 (0) 59 9183072 US: 213-233-1612 UK: 0844 484 9361 Locall: 1850 929 929 Twitter: http://twitter.com/mneylon ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,Ireland Company No.: 370845
Mr Michele Neylon Blacknight Solutions Hosting & Colocation, Brand Protection ICANN Accredited Registrar http://www.blacknight.com/ http://blog.blacknight.com/ http://mneylon.tel Intl. +353 (0) 59 9183072 US: 213-233-1612 UK: 0844 484 9361 Locall: 1850 929 929 Direct Dial: +353 (0)59 9183090 Twitter: http://twitter.com/mneylon ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,Ireland Company No.: 370845
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This thread is getting long so I have only commented on a few of your main points.
Its only against members, that are ignoring that there attitude or business model causes real harm to others.
This proposal still will not help the abuse desks which are uncooperative which is the real problem.
If a RIPE member has an abuse contact and sets up abuse contact objects for every allocation, why do you need anything else?
Like I outline already: - whois is complicated and unusefull for end users
And do you believe that this proposal will be used by end users who couldn't use whois?
- IRT objects makes it even more complicated
I simply disagree, IRT objects simplify the whois and provide a clear contact email.
- nobody is meassuring the members so far - nobody has detailed data about how much abuse is really happening except really well-known blacklists like spamhaus
My network != your network, I don't see any point in measuring the abuse from ISPs in this manner. As James said previously larger networks will generate greater amounts of abuse, and ISPs with different businesses models will generate varying amounts of abuse, a high level of abuse from a network is not indicative that you are running a bad network. Additionally there is nothing that RIPE could do with this data it is simply a meaningless metric.
It isnt that bad, if you will get reports, that are more standarized.
There is an IETF working group on Messaging Abuse Reporting Format, I am not involved in it and not aware of its status, this proposal would not achieve standardisation. Cheers Bradley -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 10.0.0 Charset: us-ascii wsBVAwUBS78FHjR8IIjdC+5SAQLc3Qf/cDL8MIlnVIUXJpWFb/M21TGYloZpp8DJ IlXMs4ITrhW3RMkSb1jS81h2uEtw3SY8DkA7qsQt8Pp5mbEOZcJaKoM4taIyc1iY 27Iuc/TOVPgTs6D6vYgnjDkCn5mZE8yccGcDDZ2++WDLssVsD4zhSqFa2d3SdeWm 3/i9bTLd5rWTRfDOiAkw2heJbIaP1w4tQOW8yBqEAqGLP7zba3Mekog+VvweXv9B kDXL9I7GkjgSXgaxRWYLBjOyoR4G4Xni5qU13bjizhQjj2rvQpgMnvylJ37xJftH EMR9FVays48orPYtlwb7L8A0Z58aqi8iVuwo+99pFq+U90IDEAVnzw== =2ypS -----END PGP SIGNATURE-----
On 9 Apr 2010, at 11:08, Frank Gadegast , Dipl-Inform. Frank Gadegast wrote:
First a ...
Hello (thats good tone in Germany),
Again - if you expect there to be ANY dialogue you need to drop that attitude
It's offensive and totally unhelpful
Well, like we say in Germany: people are only offended, if somebody gets them, thats they are doing something wrong.
This is defny not against you or any other member that takes care about abuse reports.
Its only against members, that are ignoring that there attitude or business model causes real harm to others. I will keep THAT attitute.
As someone who has spent a lot of money and time combatting network abuse I find your attitude completely unhelpful If you want to get "buy in" from as many RIPE members as possible you really need to learn to tone it down
I'm having difficulty understanding this.
If a RIPE member has an abuse contact and sets up abuse contact objects for every allocation, why do you need anything else?
Like I outline already: - whois is complicated and unusefull for end users - IRT objects makes it even more complicated - nobody is meassuring the members so far
Why is measuring the data of any use to any one? What data are you trying to measure?
- nobody has detailed data about how much abuse is really happening except really well-known blacklists like spamhaus
Again - I fail to see how this is of any real use to anyone. The only people who seem to benefit from lots of data are vendors trying to sell "solutions"
But feel free to explain these "business models" to me ...
Again - drop the attitude
You have to understand that not every RIPE member offers the same services or has the same resources at their disposal etc.,
Again, please give me an example, why any business model should ignore, that the business model is causing real harm to others.
You're not listening Not all RIPE members offer connectivity in the same way nor do they have the same types of services. You assume that my comment about business models infers that people would ignore an issue. This is not in the least bit helpful What you need to understand is that not every single RIPE member is going to be doing the same thing and may not be aware of or need to be aware of certain things. Lack of awareness does not equate with anything more than lack of awareness, however you seem to think that a bit of ignorance equates with culpability.
An example please.
"Bad providers" could be even published by RIPE :o)
Are you insane? RIPE cannot open itself up for that kind of liability
Why not, blacklists are doing the same, whats the difference ?
Ask a lawyer.
More details please.
Seriously - if you cannot understand why RIPE (or anyone else) publishing a list of companies that are described as "bad" does not open it up to liability then you really need to talk to your legal team (if you have one) Spamhaus et al get hit with legal threats on a regular basis. As a sponsor of Spamhaus we've had people try to get us involved in the past ..
Well, thats only work at RIPE NCC, its not that complicated to automated bounces ...
So you say ..
Yes, its quite easy.
No it isn't.
It is, we developed our own blacklist, and that wasnt that much work.
You obviously have a lot of technical staff. Not every RIPE member does nor needs to. You need to understand that just because something is "easy" for you due to your particular setup does not mean that it is going to be as "easy" for everyone else
A powerfull organisation with competent workers like RIPE would create that in really short time.
Please give me arguments, why its soo complicated.
Mailtools are wellknown, open source and available for nearly everything you might want to do with mail. It is easy, I was even already thinking about to use our own blacklist as testbed, we not all available abuse contacts anyway and to setup a general formatted email address is two lines in the mailserver config and to pump that in a script that forwards the mail after looking up the correct address is a ten-liner in perl.
Im still thinking about this testbed, the only problem is: - our abuse addresses we have might not be as reliable than RIPE will have them and it would be really bad to accuse the wrong person or even expose details to the wrong person
If I would get complete access to all personal objects at RIPE in a live process, a would think about the testbed again ...
I could even sign whatever non-disclosure to ensure, that we are not doing anything wrong with this data.
Either:
- learn how to discuss this with other RIPE members or
keep on with your stupid attitude and see how far it gets you
Hm, Im not starting with words like "stupid", so please do not reglement my tone and cool down first.
You seem to fight heavily against any idea arriving here. What are you so frightened about ?
If you present what could be potentially be a positive thing in this manner it will not be accepted by people for a multitude of reasons, not least your tunneled view of the world.
You cannot speak for all providers / RIPE members.
Thats one of the reasons for a centralized system located at RIPE. The system only needs to be implemented once, there will be nearly no costs on the members side (except that they have to deal with report, but they can still ignore them and except the costs that might be added to RIPEs fees, but that should not be that much.
You do not know that.
You have no way of knowing how much of a load would be placed on RIPE's systems
Sure, but RIPE is using millions of EUR yearly to get everything going. You are an ISP yourself, make a guess, how much that costs if you do not have to make provit.
I quick guess: - a redundant mailserver environment capable of what ? deliver 50 mio mails a day ? - a would say 100GB traffic/day and 25 highend server - thats about 3000 EUR traffic-costs a month - and about 50 thousand one time invest for the servers
- plus the development, I would implement something like this with one month work, ok 5.000 - plus hirering one person to take care about hardware and special cases, that 3.000/month
OK, but centralising anything like this has a lot of negative consequences that other list members have outlined.
All together, lets say 6.000 per month plus the invest. And now devide this to all members with the usual scale (small pay less than big members), how much would that add to the normal yearly membership costs ? Could somebody could quickly compare that to the last yearly costs at RIPE ?
You can save that if you only cut 30 peoples journeys to nice holiday locations for "meetings" that could be done via modern comunication techniques anyway per year.
Face to face meetings work better for a LOT of people.
Well, the monitoring system could send always the same backlink for the same IP, so that the ISP could still count the amount of incoming reports for one IP automatically and then "answers" it as being closed with just clicking ONE link.
Good idea ?
So you expect RIPE members to completely rework their abuse desks to fit into your view of the world?
Not MY VIEW, a standarized view.
You're not a very good listener, are you?
Might be because Im not english-speaking ... (like I noted when I was sending the draft).
But, like I outlined above, a rework is not really neccessary. Currently members are receiving lots of different formatted reports to their abuse desk (if they have one) and have to read them all manually. It isnt that bad, if you will get reports, that are more standarized.
Thats the goal.
Lets see it this way: providers have to change their infrastructure regulary for a couple or reasons and always have done. Serverhousing changed pretty much during the last years. There was the change from ISDN to DSL dialin, there are new technologies for HTML, Flash and Mail every day.
And do not forget IPv6, EVERY member has to change that in the new future.
I can't see that happening, because not all RIPE members are the same or work in the same way.
Well they work on the same basics, what are allocations and other resources. Resources cause traffic, and every members uses resources like nameservices, webpages and email. And spam problem comes into play with the later.
The difference isnt that big. Business models have nothing to do with how to deal with resources the got from RIPE.
Yes it does
If you think that you can live in a world where business models have zero impact on reality then you are deluded
Example, please give an example ....
I don't need to It's a simple fact. The fact that I've raised it (more than once) is enough (we are a RIPE member among other things .. ) Mr Michele Neylon Blacknight Solutions Hosting & Colocation, Brand Protection ICANN Accredited Registrar http://www.blacknight.com/ http://blog.blacknight.com/ http://mneylon.tel Intl. +353 (0) 59 9183072 US: 213-233-1612 UK: 0844 484 9361 Locall: 1850 929 929 Direct Dial: +353 (0)59 9183090 Twitter: http://twitter.com/mneylon ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,Ireland Company No.: 370845
participants (3)
-
Bradley Freeman -
Frank Gadegast -
Michele Neylon :: Blacknight