1 / 29

Who cares about abuse?

United Kingdom Education & Research Networking Association. Who cares about abuse?. Rodney Tillotson, JANET-CERT APNIC, August 2001. Three points. UBE is like other abuse Only global consensus will stop it We would like to talk with AP. RIPE. Réseaux IP Européens Anti-spam Working Group

denzel
Download Presentation

Who cares about abuse?

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. UnitedKingdomEducation &ResearchNetworkingAssociation Who cares about abuse? Rodney Tillotson, JANET-CERT APNIC, August 2001

  2. Three points • UBE is like other abuse • Only global consensus will stop it • We would like to talk with AP

  3. RIPE • Réseaux IP Européens • Anti-spam Working Group • WG chair

  4. RIPE view • Originate no spam • Persuade originators to stop • Block and filter

  5. Originate no spam • Contracts with customers • Penalties available • Act on reports of abuse • RIPE-206 http://www.ripe.net/ripe/docs/ripe-206.html

  6. Problems • Free accounts • Cybercafé use • Competitive advantage

  7. Block and filter • Local choice • MAPS • Other blacklists • Outbound blocks

  8. Filtering • Content-based • Subjective, always changing • Can help with other abuse • Viruses, porn

  9. DNS blacklists • Test IP addresses • Hooks in most mailers • (but not Exchange) • Getting on/off the list • Who decides?

  10. Other public blacklists • ORBS not now operating • Several others • A variety of behaviours

  11. MAPS • Paul Vixie, Dave Rand • Highly respected • Thorough, not fast • Will let through some spam • Pressure on originators http://mail-abuse.org/

  12. MAPS update • Subscription only from 1 Aug 2001 • Costs • DNS operation • List management • Legal http://mail-abuse.org/feestructure.html

  13. UBE • What is spam? • Usenet • Unsolicited • Bulk • E-mail

  14. Pressure on originators • RBL • Realtime Blackhole List • Focus for consensus and conflict • Advice on good practice

  15. Other abuse • The issues are the same • Consensus is better • Compliance is about the same

  16. Who said this? “I don’t want to report spam to the spammer’s ISP.” “I want to report it to my own ISP, or if I am an ISP then I want to report it to my own peers. They ought to verify my identity and the complaint format and then pitch it on to their peers or upstreams or customers or whatever and so on …”

  17. Who said this? “… until it finally gets to the owner of the the address space which is being abused. If that owner won’t act, then they ought to lose peering or be dropped as a customer or whatever, because the standard contracts among Internet peers and between customers and their ISPs ought to require proper response.”

  18. Who said this? • Paul Vixie • To a private list, June 2001 • (quoted with permission)

  19. UBE issues with AP • US is the major source • Many relays in AP • Increased early 2000 • Little response from abuse@domain

  20. Code Red • Many sources in AP • Fewer in US (still too many) • Unclear where to report it • Lots in JANET, too!

  21. JANET-CERT • Coordinate security responses http://www.ja.net/CERT/ • Contacts at customer sites • Network blocks if needed • Contacts with other CSIRTs

  22. Other CSIRTs • FIRST http://www.first.org/ • TERENA Trusted Introducer http://www.ti.terena.nl/

  23. AP CSIRTs • Useful responses from AP CSIRTs • AUS-CERT, JP-CERT, KR-CERT etc • Whois data usually available • Not easy to find abuse contact

  24. My guess • Fast-growing networks and user communities • Support lags behind • Many small companies • Expectations are different • Guidance is in (bad) English

  25. Those points again • UBE is like other abuse • Only global consensus will stop it • We would like to talk with AP

  26. My questions • How should we make contact? • What problems do you have with the RIPE region? • Do we need a new forum? • How can we help? • Who cares about abuse?

  27. Your questions?

  28. Thank you! • Rodney Tillotson senior JANET-CERT member • Rodney.Tillotson@ukerna.ac.uk +44 1235 822 255

More Related