Re: [nanog] abuse of abuse notices

[nanog () immibis com]

There was also the attack on the Tor network a few months ago.

In that case I spoke to the "security" company that was sending the abuse notices to my provider - and they confirmed 
that they know the notices are bullshit, they acknowledge that if they cause financial losses I might be able to win 
damages in a lawsuit, and they will continue sending them anyway because they don't care to update their policies.

Has this sort of thing always been a problem on the internet or is it a new attack vector?


On 18 December 2024 6:40:54 pm GMT+01:00, "Dan Mahoney (Gushi)" <danm () prime gushi org> wrote:
> On Wed, 18 Dec 2024, Dan Mahoney wrote:
>
> > Hey there,
> >
> > Dayjob recently got a report from compliance () tucows com alleging that an old, historic bind9.tar.gz.asc (a 
> > plain-text checksum file) on ftp.isc.org is malware.  It’s not.  It’s a false positive.
> >
> > Additionally, the URL they sent to vew the reporting material is http-only, and does not work, but it’s not hosted 
> > by tucows/hover, it’s hosted at http://url4091.abuse-report.pir.org, is http-only (what year is it?) and doesn’t 
> > work!  Nor does that report actually come out and say what the file in question is, it’s only shown in an attached 
> > screenshot.
> >
> > Given what recently happened to another important internet domain (one of our IP providers) being put on 
> > administrative hold due to basically one complaint of fraud, I am incredibly concerned.
> >
> > I’ve been in touch with the registrar that holds our domain name about this (Hover/Tucows), and I’ve got a direct 
> > line with the CTO, but I need assurances that this will not lead to obnoxious actions, a week before Christmas.
> >
> > -Dan
> > (From personal address, but with very much DayJob hat on)
>
> Whoops, helps to add:
>
> email dmahoney at isc org (but cc ray@)
> phone 703-DEV-24x7 (txt/imessage, but identify yourself in the first volley)
>
> -Dan
>
> --