Hi,
I have been wondering for a while about this same issue. And I guess
there are both pros and cons about RIPE providing registration services
to such IP addresses.
As you've stated, contacting them most of the time is useless. But most
of the cases these IPs are blacklisted or on DROP-lists (spamhaus for
example)
I believe RIPE NCC's job is not to police the internet, but to provide
registration services. However RIPE should guarantee that the
registrant's data is correct and up to date. This includes a proper
abuse contact.
As for bulletproof hosting, it is at the best interest of the Internet
that these IPs remain duly registered. There are many cases where the
original registrant might not even be properly aware, or at fault when
such activities happen with their addressing.
The most effective action is to contact the upstream ISPs and cut their
connectivity.
If such a system would be implemented by RIPE, I think it should be
oriented towards making sure the abuse contacts are up to date and
reachable. Rather than to police about the use of the addresses. As
ultimately the connectivity for such activities is provided by ISPs.
I do see the analogy you made with ICANN but registering a domain on the
internet is much more reachable to everyone when comparing to IP space,
when most of that space is reassigned from upstream ISPs. Also addresses
are assigned in blocks, when domains are assigned individually.
Please understand that I don't condone at all bulletproof hosting or
such activities in way. In fact it should be stopped. But the most
effective action is likely not from RIPE to just deregister such
resources when abuse happens or when an abuse contact is incorrect. It
is worth noting that RIPE does apply restrictions to LIRs that
repeatedly cause issues, and this includes falsifying contact
information.
I think this is worth discussing if more restrictive actions should be
taken towards such LIRs where illegal activities such as bulletproofing
are the main business. But I'm worried about RIPE NCC's ability to
verify on abuse that happens on the internet.
Best regards,
Tomás Leite de Castro
On 2024-01-17 19:52, OSINTGuardian wrote:
hi,
There are more and more bulletproof hosting in the world every month
and they are causing more and more chaos, feeding the dark web by
providing servers to criminals of all kinds who use the servers on
.onion websites in Tor and flooding the clear web with illegal
content.
There is a bulletproof hosting market that is even openly promoted, it
is as easy to find companies that provide bulletproof servers as
searching on Google, hacker forums or simple internet websites that
provide lists of bulletproof hosting companies.
The business model of these companies is to ignore reports of abuse of
illegal content, to look the other way when someone uploads illegal
content. This is openly their business model, what does RIPE NCC do
about this?
RIPE NCC provides IP addresses to many of these companies with
bulletproof servers that are then used by criminals on the Internet,
strengthening organized crime.
ICANN publicly has an abuse reporting form, where users can report if
a company provides bulletproof domains or ignores abuse reports. If
RIPE NCC did this same thing, the internet would become a better
place.
If RIPE NCC did this and also other IP address accreditors, they would
greatly affect criminals on the Internet and therefore the Internet
would become a slightly safer place than it is today. Bulletproof
server companies would be afraid of being caught by RIPE NCC
committing these violations. Unfortunately, these companies currently
feel enough freedom to do this, that they even show themselves
publicly.
Is RIPE NCC planning to do anything against this?
- Claudia Lopez
OSINTGuardian
--
To unsubscribe from this mailing list, get a password reminder, or change your
subscription options, please visit:
https://lists.ripe.net/mailman/listinfo/anti-abuse-wg