Good thing I care, but that's missing the point here - the volume of abuse
requests makes the entire abuse system
unworkable. Not for me so much, I can deal with the volume (a few obnoxious
individuals aside), but AWS/OVH/Hertzner
appear to have decided they cannot, and that means I can't contact
Ah, I'd pasted the following in a response to the mail you responded to:
~$ whois 208.68.4.129
Comment:---
Comment:208.68.4.128/28 and 208.68.7.128/28 provide privacy services
Comment:(incl running tor exit node(s)!)
Comment:Abuse reports will be handled
I don't think anyone in this thread meant to suggest that there is no reason to
be concerned about such scans, as you
point out they are occasionally compromised hosts and the like. The real
question here is what is the cost of sending
all that mail?
The abuse system as it exists today is largel
t.
> You're just contributing to the noise.
>
> On Tue, Apr 28, 2020 at 9:40 AM Matt Corallo via NANOG
> wrote:
>> Please don't use this kind of crap to send automated "we received 3 login
>> attempts on our SSH box..wa" emails.
>> This
I think we all agree with this. The requl question is...how do we build such a
thing? The abuse process we have clearly
doesn't work. Maybe its the fault of the Big Providers (AWS/GCP/OVH/etc) who
don't invest enough to have a robust
abuse-processing system to actually deal with reports, maybe it
s nigh useless, especially given most of
the real crap out there comes from hosting
providers like the above who don't have the bandwidth to respond.
Matt
On 4/29/20 7:55 AM, Rich Kulawiec wrote:
> On Tue, Apr 28, 2020 at 12:40:12PM -0400, Matt Corallo via NANOG wrote:
>> Please d
Sadly dumb kids are plentiful. If you have to nag an abuse desk every time they
sell a server to a kid who’s experimenting with nmap for the first time
then we’ll end up exactly where we are - abuse contacts are not a reliable
way to get in touch with anyone, and definitely not a reliable wa
Hollis wrote:
>>> On Tue, 28 Apr 2020, Matt Corallo via NANOG wrote:
>>> Please don't use this kind of crap to send automated "we received 3 login
>>> attempts on our SSH box..wa" emails.
>>> This is why folks don't have abuse contacts
Please don't use this kind of crap to send automated "we received 3 login
attempts on our SSH box..wa" emails.
This is why folks don't have abuse contacts that are responsive to real issues
anymore.
Matt
On 4/28/20 11:57 AM, Mike Hammett wrote:
> I noticed over the weekend that a Fail2B
ote:
>
>
>
>
>> On Tue, Apr 21, 2020 at 1:10 PM Matt Corallo via NANOG
>> wrote:
>> That’s an interesting idea. I’m not sure that LACNIC would want to issue a
>> ROA for RIPE IP space after RIPE issues an AS0 ROA, though. And you’d at
>> least need some kind o
Not sure how this helps? If RIPE (or a government official/court) decides the
sanctions against Iranian LIRs prevents them from issuing number resources to
said LIRs, they would just remove the delegation. They’d probably then issue an
AS0 ROA to replace out given the “AS0 ROA for bogons” policy
Right until RIPE finishes deploying AS0 ROAs for bogons, which I recall is
moving forward :p.
> On Apr 21, 2020, at 03:01, Mark Tinka wrote:
>
>
>
>> On 21/Apr/20 08:51, Matt Corallo via NANOG wrote:
>>
>> Instead of RIRs coordinating address space use by keep
That’s an interesting idea. I’m not sure that LACNIC would want to issue a ROA
for RIPE IP space after RIPE issues an AS0 ROA, though. And you’d at least need
some kind of time delay to give other RIRs and operators and chance to discuss
the matter before allowing RIPE to issue the AS0 ROA, eg i
I don’t really get the point of bothering, then. AWS takes about ~forever to
respond to SES phishing reports, let alone hosting abuse, and other, cheaper,
hosts/mailers (OVH etc come up all the time) don’t bother at all. Unless you
want to automate “1 report = drop customer”, you’re saying that
If your goal is to force companies the world over to host domestically, where
they follow local licensing regimes (yes, including censorship, as well as data
access), it’s highly effective. Even better, it makes users fail to identify
the difference between “google is down because it is blocked”
15 matches
Mail list logo
