[173853] in North American Network Operators' Group
RE: Dealing with abuse complaints to non-existent contacts
daemon@ATHENA.MIT.EDU (Tony Hain)
Sun Aug 10 23:36:29 2014
X-Original-To: nanog@nanog.org
From: "Tony Hain" <alh-ietf@tndh.net>
To: "'Suresh Ramasubramanian'" <ops.lists@gmail.com>,
"'Mark Andrews'" <marka@isc.org>
In-Reply-To: <CAArzuot2wVbudMt51kRy+Lp-=ARnUF+nUS6mTs1udjmOA3CX=w@mail.gmail.com>
Date: Mon, 11 Aug 2014 11:36:36 +0800
X-SA-Exim-Mail-From: alh-ietf@tndh.net
Cc: goemon@anime.net, nanog@nanog.org
Errors-To: nanog-bounces@nanog.org
I have found the scaling is better if you make it the abusing providers =
problem to contact you. Whenever a range gets blocked, the bounce =
message tells the mail originator to take their money and find a new =
hosting provider that does not support/tolerate spam. When legitimate =
originators have contacted their provider about that message, the =
sources that were inadvertently hosting the abuse are happy to find out =
more so they can resolve the problem, and they provide a working contact =
in the process, even if the registered one fails.=20
The down side is that it requires the legitimate originator to pay =
attention to the bounce and decide they want to take action. The hope is =
that eventually more money will flow toward those hosting providers that =
are diligent about resolving issues.=20
Tony
> -----Original Message-----
> From: NANOG [mailto:nanog-bounces@nanog.org] On Behalf Of Suresh
> Ramasubramanian
> Sent: Monday, August 11, 2014 11:04 AM
> To: Mark Andrews
> Cc: goemon@anime.net; nanog@nanog.org
> Subject: Re: Dealing with abuse complaints to non-existent contacts
>=20
> Good luck getting action from foreign LE through the mlat system
>=20
> You might get a response, oh, in the next two years or so. IF you can =
find
> local LE willing to push the case forward.
>=20
> Beyond that while RIRs are not the internet police they do owe it to =
the
> community to be more vigilant on dud contact addresses, and also do a
> lot^W bit more due diligence when allocating IP space, and when =
appointing
> LIRs.
> On 11-Aug-2014 6:37 am, "Mark Andrews" <marka@isc.org> wrote:
>=20
> >
> > In message <CB3CA09E-B16F-4101-AEC2-AEE12C982400@delong.com>,
> Owen
> > DeLong
> > writes:
> > >
> > > On Aug 10, 2014, at 1:28 PM, goemon@anime.net wrote:
> > >
> > > > On Mon, 11 Aug 2014, Paul S. wrote:
> > > >> It would appear you've done your part in trying to reach out =
(and
> > > >> subsequently failed), so the next step to go is dropping all
> > > >> traffic
> > from
> > > >> it.
> > > >>
> > > >> Nothing wrong with trying to protect your own customer from
> > > >> people who cannot be bothered to do their own due diligence.
> > > >
> > > > It would be nice if allocations would be revoked due to
> > > > invalid/fake contact info.
> > > >
> > > > -Dan
> > >
> > > I kind of agree, but past efforts in this regard have not met with
> > > consensus from the ARIN community.
> > >
> > > If you believe this to be the case, I suggest putting it into
> > > template format and submitting to policy@arin.net.
> > >
> > > I'm happy to help if you would like. Subscribing to arin-ppml will
> > > allow you to participate in the community discussion of the policy
> proposal.
> > >
> > > Owen
> >
> > It really isn't the RIR's job to withdraw allocations due to bad
> > behaviour as much as many of us would like it to be. Failure to
> > maintain valid contact details however is within the purview of the
> > RIRs.
> >
> > If you are being attacked, report the attack to your LEA. Let the
> > LEA's maintain intellegence on which networks are permitting attacks
> > to be launched from their address space. They can work with LEA in
> > the network's juristiction to get the attacks stops and offenders
> > prosecuted. LEA's can in theory also get courts to issue orders to
> > filter offending address blocks by all ISP's in their juristiction.
> >
> > Mark
> > --
> > Mark Andrews, ISC
> > 1 Seymour St., Dundas Valley, NSW 2117, Australia
> > PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
> >
