Hi all,
this is a plain text version of the meeting minutes.
Have a nice holiday,
Markus
- snip -
Anti-Abuse Working Group Minutes RIPE 87
Wednesday, 29 November 11:00 - 12:30
Chairs: Brian Nisbet, Tobias Knecht, Markus de Brün
Scribe: Chafic Chaya
Status: Draft
The recordings and presentations are available at:
https://ripe87.ripe.net/programme/meeting-plan/aa-wg/
The stenography transcript is available at:
https://ripe87.ripe.net/archives/steno/29/
# A. Administrative Matters
Brian opened the session by welcoming everyone, thanking the supporters,
mentioning the CoC and going through some administrative staff. The
Working Group (WG) minutes from RIPE 86 were approved, and the agenda
was finalised.
# B. Updates
## B.2. From Awareness to Action - Empowering Change Through Anti-Abuse
Training
Gerardo Viviers, RIPE NCC
The presentation is available at:
https://ripe87.ripe.net/wp-content/uploads/presentations/5-RIPE-87-AA-WG-presentation-GAViviers.pdf
Gerardo discussed the current solution of using webinars for anti-abuse
and suggested a shift towards e-learning for its benefits of self-paced
learning, scalability, and consistent training. He highlighted the
challenges of delivering live webinars and the benefits of e-learning in
sustaining momentum and complementing live training.
Brian thanked Gerardo, the RIPE NCC, and there was consent on the
direction going forward with e-learning alongside the webinar.
## B.3. Discussion and Work Item Creation
Tobias Knecht, co-chair, started by discussing the need for increased
community engagement in the WG, particularly in addressing issues
related to abuse networks. He noted that recent discussions have
highlighted a lack of response to emails sent to abuse networks and have
opened up further discussions on topics like Abuse email address
verification and ASN Cleanup.
Tobias acknowledged Marco's upcoming presentation, which provided an
overview of the work already done in these areas, helping to establish a
foundation for future discussions and actions.
• Abuse Email Address Verification
• ASN Cleanup
• Abuse Email Ignored
The presentation is available at:
https://ripe87.ripe.net/wp-content/uploads/presentations/72-RIPE87-AAWG-final.key
The presentation details the RIPE NCC's efforts in two areas: Abuse-c
Validation and ASN Cleanup. Abuse-c Validation involved verifying
contact details for abuse handling, with annual checks yielding a small
failure rate, followed by steps to correct invalid contacts.
The ASN Cleanup project targeted unused Autonomous System Numbers,
contacting ASN holders for confirmation, resulting in over half of the
contacted ASNs being returned. This work ensured accurate and active use
of RIPE NCC resources.
Tobias urged the community to share their thoughts on what constitutes
abusive behaviour and how the WG should tackle it. He mentioned that
while some discussions occur on mailing lists, many also happen in
meetings. The goal is to gather all this information, assess the current
status quo, and then engage in conversations to steer various topics in
the right direction. This could lead to policy proposals or other actions.
Brian pointed out that the responsibility of addressing these issues
does not solely lie with the RIPE NCC or any individual but with the
entire community as members of the WG. He stresseed the importance of
community members expressing their concerns and ideas, as this is
crucial for change. Brian encourages everyone to share their thoughts on
whether these issues are problematic and to suggest improvements. He
warned that without community input, there will be no change, and
policies that might not be favourable could emerge. Brian emphasised
this as an opportunity for everyone to contribute, highlighting the
importance of community involvement in shaping policies and addressing
issues within the working group.
Alejandro Fernandez Cernuda from Global Cyber Alliance added a note
about NIS 2 and whether there is an incentive for action.
Tobias commented that this was a good question what the community feels
about it.
Brian and Tobias addressed the implications of the upcoming NIS 2
regulations by the EU and the role of the community in shaping responses
to these regulations. They reminded everyone of the community's ability
to influence and create policies, citing the example of Abuse-c policy
and encouraged the community to focus not only on policy but also on
other aspects like training and guides on abuse.
Looking forward to the next RIPE meeting, Brain mentioned that by then,
NIS 2 would be legislated, and the community would need to understand
its implications and identify areas for potential action.
There were no comments or questions.
# E. Presentations
## E.1. Global Abuse Reporting
Tobias, speaking as a founder of Abuseix, discussesdthe concept of
global reporting in the context of Internet abuse and the importance of
abuse teams in handling such issues. He emphasised that many companies,
including ISPs and hosting providers, encounter a variety of abusive
behaviours, such as spam emails and dictionary attacks, which can reveal
compromised machines and networks. He encouraged companies to share
relevant data with abuse teams, offering Abuseix's services to
facilitate this process. The presentation is a call to action for
greater collaboration and data sharing to combat internet abuse more
effectively.
# X. A.O.B.
Niall O’Reilly, RIPE Chair Team, raised a concern about the collateral
damage caused by the current abuse management ecosystem, particularly to
those at a disadvantage in power imbalances. He questioned whether the
WG could address issues where security measures, justified on the basis
of protection, end up harming innocent parties.
Brain respondeds positively, encouraging Niall to provide more details
for a clearer understanding of the issue.
Michele Nylon from Black Knights in Ireland echoed the need for
specificity, noting that while the issue Niall mentions is of interest,
it was presented vaguely. Michele suggested that articulating the
problem more clearly on the list with specific examples would be
beneficial. He acknowledged that while companies have the right to
protect their networks, there are instances of collateral damage that
are challenging to address.
Niall agreed with the suggestions and considers following up on the
mailing list for more clarity and assistance on the issue, recognising
the complexity and the need for a detailed approach to resolve it
potentially.
# Z. Agenda for RIPE 88
Brian reminded everyone about the upcoming RIPE 88 meeting in Poland and
expressed his gratitude to everyone before concluding the session.
- snap -
On 21.12.23 20:03, Gert Doering wrote:
Hi,
On Thu, Dec 21, 2023 at 12:17:09PM +0000, Brian Nisbet wrote:
Please find attached the draft minutes from the WG Session at RIPE87.
If you have any comments on the minutes, please email aa-wg-ch...@ripe.net
before the end of the first week of January.
I do have a comment... and that is "can we have this in a reasonable and
nonproprietary format, not known as a transport for viruses of all sorts"?
We *do* train people to not klick on random attachments in e-mail.
thanks,
Gert Doering
-- NetMaster
--
To unsubscribe from this mailing list, get a password reminder, or change your
subscription options, please visit:
https://lists.ripe.net/mailman/listinfo/anti-abuse-wg
