Anti‑Abuse Working Group

At 12 p.m.:

BRIAN NISBET: Hello. Good afternoon to you. Welcome to the RIPE 86 edition of the Anti‑Abuse Working Group, this is very lovely to see you all. There's more lights now so I am not sure if that's improved or disimproved, there are people, it's the right time, we will start this Working Group session. Along with the other two co‑chairs, we will be taking you through this hour of Working Group.

I wish to thank the NCC staff and the venue staff for all of their Ops and scribes and all of the assistance there, and of course our wonderful stenographers without whom we would not in any way remember what happened last. This meeting is being recorded and all of that jazz. For those of you joining us on Meetecho please remember that the things you say in chat are things you said in chat, they are not questions and they will not be read out, there's a night Q&A function there that we can help you with or indeed you can request mic and video access if you wish to ask a question or make a point that way or whatever you wish to do

This meeting, like all of this meeting, is covered under the Code of Conduct, this is rather wonderful, but I am biased but it's awesome, please be aware of that.

You can rate the talks, this is not a Plenary session, this is a Working Group, but you can give us feedback and that feedback is useful, you can use the same system, the RIPE 86 system to give us feedback on any of the work items, talks, presentations, discussions, etc., it is there, and feedback is good but you can also talk to any of us at the meeting as well about these things.

So, we have some minutes from RIPE 85 that we circulated, people seem happy with them, but this is the official question of ‑‑ are people happy with them? Seeing no objections to the minutes, I'm going to declare them accepted and we are all good.

We publish an agenda but again are there any items that anyone would like to add to the agenda at this point in time? Again, seeing nothing, we shall go ahead with the agenda. There is an AOB section at the end if something suddenly strikes you, if you are moved by the divine will to talk about.

On to our updates section. Recent list discussion, there hasn't been a lot of it. There has been some things. I don't think the co‑chairs have any points we need to make about the recent list discussion. But if anybody would like to talk about anything, raise anything, ask any questions, now is your moment. No. In which case we shall move on further and we shall go to our first update which is from Gerardo Viviers of RIPE NCC about the anti‑abuse training webinar which has been running. If I look over to my left, I can see Gerardo, due to the immense travel distance has decided to join us online, so Gerardo, if you want to take it away.

GERARDO VIVIERS: Yes, thank you, Brian, welcome everybody, I am going to try to clear my sides so they don't appear to be available. So I think I will have to share my screen. One second, please.

BRIAN NISBET: If you want to share the screen, that's fine. You did upload them so you did everything you are supposed to.

GERARDO VIVIERS: I did everything right, I feel like I am being abused. Can you see my slides?


GERARDO VIVIERS: I am going to be presenting an update on the anti‑abuse training that RIPE NCC developed in collaboration with the Anti‑Abuse Working Group. Now, first of all, for those of you that don't know what this training is about, we were approached by the Working Group to provide this type of information for any LIR that was signing up or opening an LIR with the RIPE NCC. This is because, this works because everybody coordinates the efforts together and newcomers might not know to do with these abuse reports that they might be receiving so by providing training to them, we figured out this was the most effective way of sharing this knowledge and allowing them to participate on the Internet and to play with each other in fair and square way.

Now, we noticed during the development that also maybe some old‑timers might benefit from this knowledge and new skills too so mostly we are targeting the new LIRs but this information might be helpful for the old‑timers, as we call them, the people who have already been there before the training.

Training is actually in two parts, the first past is providing motivation and that is why should I actually deal with these abuse reports and what is it to me, is it relevant for me. We start by trying to define abuse and finding out how challenging it is because of all the different situations where the operators might be located, like the country, regulations and stuff like that.

We go on to explain why dealing with these abuse reports is important for everybody and of course pointing out the benefits of taking action and the consequences of not taking action when you receive an abuse report.

The second part of the webinar is ‑‑ or the training, is providing instructions, so what can you do about these things. We start by defining what is an abuse desk, what's its purpose, the whole abuse handling process, how to set up an abuse process, what should you do to get one running and then providing some information about tools and services that can help in the whole abuse handling process. So, this is the quick look at what the training is about, we do really appreciate feedback and input from people so if you haven't been to the training yet or to the webinar, please do join the next session and let us know how we can improve it.

So since RIPE 85 the last time that I presented on this training we delivered our first webinar in January of this year, we had quite a good turnout and we got quite a lot of good feedback, that was our first version and we worked on it based on this feedback, I updated the material and then the second webinar in April of this year as well. That one was also really well attended and we got some really, really good feedback on the quality and the content and this gives us of course the confidence to continue and know that we are on the right path.

What's going to happen further, well we are going to continue delivering the webinar, gathering feedback from the participants as we go and updating and/or evaluating and updating material to see if it fits needs of the Working Group and of the target audience.

We presented just recently at PL NOG 31 a version of this training and we got some interesting reactions, there was a couple of people who have been in the business for quite a while and they didn't have abuse so it was interesting for them to hear about all this stuff that they didn't know about.

So, basically that is it. Are there any questions from the masses that are gathering there in the room?

BRIAN NISBET: Questions, suggestions, ideas in we are all very happy with this?

GERARDO VIVIERS: Is this the direction that the Working Group wants us to take?

BRIAN NISBET: I mean in the absence of disagreement, I think you know, it's great to see this, it's great to see it exist in reality. And I want to thank you and the team and the people in the Working Group who gave input to it and I think this is hopefully going to be an evolving piece that we can ‑‑ that will change over time and improve further over time.

GERARDO VIVIERS: I hope so too. We are open to any suggestions and if the Working Group wants us to go in a different direction we are more than happy to comply.

BRIAN NISBET: Okay. Well, then, in that case, great stuff, Gerardo, thank you very much.



BRIAN NISBET: So, this is my own fault, I moved this around, so, I am going to talk briefly about the RIPE database task force outputs and now we talked about this in Belgrade and there is an output there around relationship with law enforcement and the RIPE database. In Belgrade we didn't come up with anything concrete that the Working Group wanted to do or felt was the right direction or otherwise. Part of this, and part of the response to that, is the next piece around the NCC handling LEA requests and where we are with that, but myself and Markus and Tobias were talking earlier and essentially kind of talking about why is the Working Group might be able to help the NCC with that, might be able to help the LEAs with that and indeed obviously moving towards the recommendations from the task force. I am going to ask again if, and I foolishly left out the slide which has the details of the recommendation, but ask again if anyone in the room has any input they wish to make to that and without that, what we will ‑‑ the three of us will have a chat and I think we will try and come up with something for the mailing list to see if we have any ideas but it's not all on the co‑chairs, this is again a Working Group and if it wants to do things, it's not just the co‑chairs who are doing it so we will be asking for assistance with anything we end up doing in that regard.

So are there any people who wish to make any comments there? Nope. Okay. That's cool. We will come back on that. But as the first part and I think a good segue from that we have Theodoros from the RIPE NCC to talk about it it hands requests. Thank you very much.

THEORODOS FYLLARIDIS: Good afternoon, everyone. Thank you for having me. I am legal counsel in the RIPE NCC. And today I will give you a short presentation on the way RIPE NCC handles requests it receives from law enforcement agencies, in short LEAs.

As you can see the agenda of this presentation is the following: First of all I will give you short background on the role of the RIPE NCC and how and why this is relevant to the AAs, then I will walk you through the different types of requests we see and how we deal with each of them, and finally, I will highlight some interesting facts from LEA transparent report 2022 which the report that includes data regarding requests received during the past year.

So to begin with, the RIPE NCC in its role as RIR has an among others a mandate to administer both publicly available and confidential information relating to Internet number resources on behalf of its members and the community. This could be rather interesting for the LEAs, more specifically they may have an interest in obtaining such information or intervening in the RIPE NCC's services.

The RIPE NCC when this happens strives to protect the interests of its members, and will neither provide any confidential information to LEAs nor will allow them to modify the registration information without a court order or other legal enforceable order or request under Dutch law.

And let's move to the first type of request, this is the request for information and as you will see, it's divided into three different subcategories. The first of these subcategories is requests for information that is publicly available. This information, publicly‑available information can always be accessed by third parties including of course LEAs and is actual information that is accessible through the RIPE NCC website, including information or records that are public on the RIPE database. Therefore, when we see such requests from an LEA we direct them to this information and we also provide additional information on public registry or on how the RIPE NCC operates in general.

Information RIPE NCC in general.

The next type of information, of request, request for information that is not publicly available and it's really important to note here that such information will not be voluntarily provided by the RIPE NCC, our activities are international but as you know we are based in the Netherlands so these activities are exclusively governed by Dutch law. When we see such requests we will only provide information if a court order or other legally binding order is presented to us by Dutch LEA or by a Dutch authority that has the power to request such information, for example the Dutch data protection authority, the police, the public prosecution department.

When it comes to non‑Dutch LEAs, they must follow the mutual legal assistance treaties procedures in order to make the order enforceable in the Netherlands and thus binding for us. In practice, if there is a foreign court order, it has to be recognised in the Netherlands via this procedure and once this happens it becomes enforceable for us and we will handle it further.

Each of those requests is examined on its own merits and we will challenge it and will not comply with it if it is found illegal or if it is of non‑obligatory nature and we will challenge it before the authorities or the relevant court and as per policies, we notify our members regarding these requests relating to their information unless this is prohibited by statute or court order.

And the third sub‑category from this type is the information is request ‑‑ request for information that the RIPE NCC does not have, and this is, the vast majority of the requests we receive actually. In practice we receive a request regarding information about users of specific IP addresses. When this happens, we inform the requesting LEA that the RIPE NCC is responsible for allocating IP address blocks to its members and has no further information about jurisdiction over or responsibility for how the allocated IP addresses are used. In this case, the LEA is directed to the public ‑ information and is instructed how to locate in the RIPE database the member responsible for the IP address in question.

And move on to the next type of request received is the request or orders for specific action, what does it mean in practice?

It means that an LEA may request the RIPE NCC to perform specific action; for example modification in registration of specific Internet number resources. Similar to what we discussed before, we will only comply if it's presented by Dutch LEA or Dutch authority that has power to submit such requests.

Non‑Dutch LEAs will again have to follow the mutual legal assistance treaties procedure to make the order enforceable in the Netherlands. We will challenge its order and we will ‑‑ we will examine its order on its own merits and if we find this illegal or non‑obligatory in nature we will not comply with it and of course notify our members unless there is a court order or statute that prohibits us from doing so.

And we move on to the next type of request we may receive and this is a request for seizure of RIPE NCC equipment or property as part of investigation and I said we may receive because until today this procedure hasn't been applied in practice, because we haven't received such request until today but we have it in place in case this happens.

So, we may receive an order for seizure of equipment or property belonging to the RIPE NCC as part of investigation, for example, criminal investigation. If/when this happens the legitimacy of the order, for example examining Judge or investigation officer, will be examined. We will of course ensure that the seizure is conducted in the manner the least detrimental to the RIPE NCC's operations and the operations of our members and we will afterwards lodge a complaint with a court and we will seek to secure an agreement from the relevant authority that it will avoid the outcome of the complaint before carrying out the actual seizure.

And with that, I conclude the first part of my presentation regarding the types of requests and how we deal with them.

Now we will move on to the LEA transparency report for 2022.

During the past year, we received 186 LEA requests which is a significantly higher number compared to the previous years. It is, in fact, the highest number we ever received in a year.

As a matter of comparison, during the period 2016 to 2021, the highest number of requests in a year was 60 so this is more than three times the highest until last year.

Out of these requests, two of them were legally binding from Dutch LEAs for unpublic information to which we complied as we were obliged to do. Two were requests from non‑Dutch LEAs on whether we would comply with foreign court orders or search warrants. Three were sets in how to send a facility request to require information about IP addresses, two of them were requests for information not related to the RIPE NCC, and finally, as I said before the, vast majority of those, 177 requests, for the identification of users of particular IP addresses, is the type of information that the RIPE NCC does not have as I said before.

These big increases can be explained by the high number of requests not for information, not available to the RIPE NCC we received from French LEA. Despite the fact our role and the procedures we apply when handling with LEA requests was explained we repeatedly kept receiving requests for the same type of information from the same party but in general, LEAs seem to acknowledge the RIPE NCC's role and procedures relating to handling LEA requests and also understand when we advise them we either do not have information or we need Dutch court order to provide non‑confidential information.

The following graph you can see the LEA requests received by type of request during the past five years. You can see the big increase, I just talked to you about, and also you can see the vast majority of the requests are actually for information that we do not have. And in this final graph you can see the LEA requests received by country, the greener the colour of the country, the more requests we received from the said country. In total we received requests from 19 jurisdictions and as I said, most of them, in fact ‑‑ to be precise, 121 came from France.

And with this, I conclude my presentation. Are there any questions? I would be happy to answer them.

BRIAN NISBET: Thank you very much.


So, wow, that got people thinking.

AUDIENCE SPEAKER: Alex, I think you are familiar with the e‑evidence package that's going around in the Commission, which will allow European law enforcement agencies to directly request data you will have to supply this.

THEORODOS FYLLARIDIS: Maybe this is something my colleagues will answer more appropriately.

Maria: Hi Maria, legal counsel RIPE NCC indeed we are following this file and the adoption process has been agreed, and we will update our procedures accordingly in order to reflect the required changes.


MARKUS: Relaying a question from the Meetecho from Robert, is it possible that the RIPE NCC publishes the LEA requests with sensitive details removed for more transparency on the NCC website, similar like e‑mail providers like post to you, dot D E or are doing?

THEORODOS FYLLARIDIS: We publish the transparency report every year and send to the anti‑abuse mailing list as it was in my presentation, we talk about the numbers of requests, the countries they came from, and if I understood the question correctly is it about more detailed report?

BRIAN NISBET: Seems to be taking the e‑mail and removing the relevant details and actually publishing the redacted e‑mail

THEORODOS FYLLARIDIS: We do not do it yet but we can think about it and follow up on that.

AUDIENCE SPEAKER: From Copenhagen Denmark, representing myself as a small network with ‑‑ the sources of the LEA requests are they come directly from the countries or coming directly from Europol and also the French LEA was that a proper French or is it an international one based in France?

THEORODOS FYLLARIDIS: No, the requests are coming directly from the LEAs and in this case, all of them were coming from the actual French LEA based in France.

AUDIENCE SPEAKER: Can I add a small one? If they are sending 121 that's almost harassment if they don't change their procedures and keep on asking for the same stuff?

THEORODOS FYLLARIDIS: Yes, as I said, we explained many times the procedures that we follow, but we still keep getting those requests so I don't know if it can be regards as harassment and that's the case, it's a recent phenomenon, it started last year.

DENIS WALKER: For those cases that you are actually responding to, without going into details on the specific cases, can you say anything about what type of information they were actually asking you for?

THEORODOS FYLLARIDIS: Well, I said it's not public information so everything that is not on the RIPE database and am I allowed to disclose what this information is ‑‑

DENIS WALKER: Can you say what type of information they were asking for? Was it names, was it addresses, was it personal information or ‑‑

THEORODOS FYLLARIDIS: There was personal information involved. There were also addresses, there were also names, but as I said, this type of information, when we receive this type of request because we are ‑‑ our activities are governed by Dutch law we can challenge it as to a certain extent but if there is no room for us to manoeuvre then we have to comply and then provide this information.

PETER KOCH: Thank you for the presentation and the continued effort to support the transparency here and also for being open for questions.

I have one clarifying question and maybe that was covered by the previous speaker but I didn't really comprehend. You said that your procedure says for all non‑Dutch LEAs, emlets are the one thing that opens the sesame. Did I understand correctly that none actually use the em let procedure or did any foreign request come through an em let and then was either refused afterwards or served?

THEORODOS FYLLARIDIS: At least during the past year we did not receive foreign request, it was recognised in the Netherlands and afterwards enforced here. But it has happened in the past.

PETER KOCH: Okay. Thank you. I have a second question on the ‑‑ on that French LEA, without asking you to disclose but I wonder what is the NCC doing about this?

THEORODOS FYLLARIDIS: Besides the fact ‑‑ besides informing them, continuously, about our procedures, we still respond to every one of those requests. We give our response and explain our procedure, but then it happens again. So ‑‑

PETER KOCH: Thank you.

BRIAN NISBET: Seems like a perfect use of AI.

HARRY CROSS: Talking in my own capacity. I noticed there were a couple where the NCC received a request on how to request something. Did those ever materialise into anything, if you are allowed to say?

THEORODOS FYLLARIDIS: I'm not sure, I can't recall. I don't think there was a follow‑up on those specific ‑‑ at least talking about the past year, there was no follow‑up, we just received what should we do, we responded and there was no follow‑up.

Harry: Where the NCC doesn't have the information is there sort of signposting done if that's kind of within an educational remit or is it just a hands up, we don't have the data, thank you for asking?

THEORODOS FYLLARIDIS: We basically say we do not have the data, we explain our role and we give sort of explanation on why we don't have it and then we instruct them how to use the RIPE database to locate the member responsible for the IP address they are looking for.

AUDIENCE SPEAKER: There is a signposting off to that. Thank you.

BRIAN NISBET: I think, and I don't wish to speak for the NCC here and I can't, but this answer of how to do this has been given to law enforcement agencies for over a decade, I think now, at this point in time.

AUDIENCE SPEAKER: I presume this is what's hammered home during the round table

BRIAN NISBET: In my experience, not speaking for the NCC has to be hammered home again and again and again, for all the reasons that large organisations don't do good knowledge transfer, etc.

MALCOLM HUTTY: Concerned citizen. First of all, thank you for that presentation, actually I thought it was a great model of transparency, I would love to see more of this thing from other organisations on which we all depend, shall I say.

Building on the question of a previous speaker about the nature of the information, I would have imagined that the NCC holds very limited information at all that is of a non‑public nature, that would be available to ‑‑ to such ‑‑ potentially responsive to such a request. I can imagine maybe the payment information might potentially be at a category that would fall into that. Presumably the NCC has done a review of what information it holds and whether it needs to hold various type of information as parts of its own ordinary GDPR compliance things. Is there anything that you think, without going into the details of these requests, categories of information that the NCC holds that is non‑public that might be illuminating to this Working Group that we might not have realised that you hold, that might be relevant to the discussion or is it actually no, there's really very little there?

THEORODOS FYLLARIDIS: Again, we can provide only what we have and ‑‑

MALCOLM HUTTY: My question is about what you have which is more GDPR‑type inquiry, I suppose. Do you, for example, collect and record usage information for the online surfaces? Maybe I should follow this up afterwards but possibly if you want to expand the transparency area perhaps some clarity on ‑‑ Athina to the rescue.

ATHINA FRAGKOULI: Thank you very much for this question, Malcolm, actually, yes, it's a very good question. So far ‑‑

BRIAN NISBET: Say who you are.

ATHINA FRAGKOULI: Athina Fragkouli, chief legal officer RIPE NCC. So far, a LEA requests we received are interested in resource holder information that are related to the ‑‑ to this activity of them being resource holders, pretty much. And they are not publicly available. So, anyone that has resources with the NCC and their members, they know what kind of information they have shared themselves for the purposes of the contract and for the purposes of the execution of all the requirements of the contract, so not user data have been shared

MALCOLM HUTTY: So this is information that is collected in the course of submitting forms and so forth and not other information that the NCC's generated itself?

ATHINA FRAGKOULI: So far, that's correct, yes.

BRIAN NISBET: Thank you very much. Any other questions, discussion, nothing in chat. So thank you very much.



BRIAN NISBET: Yeah for transparency is a good and happy thing. Although I was missing the opportunity for you to tell us everything you know about Malcolm, that could have been a great Working Group moment. So our next speaker is Dan Owen from the global cyber alliance who will be telling us about domain trust and the work that they are doing. Thank you.

DAN OWEN: I do work for the global cyber alliance, I am the product manager for domain trust. This is my first RIPE meeting, hopefully not my last. I know that may not be front and centre for most of you but please, as we go through the presentation, think about people in your organisation that may be interested in to ensure this information, please.

So, global cyber alliance is nonprofit dedicated to make Internet a safer place. We do that through building programmes, products, tools, partnerships and communities and today what I'd like to announce is we are building a new community to combat domain abuse. I just like RIPE started in 1989. We are starting in the hopes that we can build community of like‑minded folks that come from disparate organisations that come from multiple sectors globally to help us address this problem. We are nonprofit, again in the US, UK and Belgium and we focus our efforts on two particular ways, one for end users where we provide tool kits and for the infrastructure operators we like to try to solve, help solve big problems that nobody can really solve on their own.

So, our Internet integrity programme is focused again on operators and operations to identify these priorities that cannot be solved by any single actor. You need a village sometimes, you need people together to work on these things. Two particular projects within our Internet integrity problem are AIDE programme which is focused on IoT and domain trust which is what we are talking about today.

The community has actually already been established, we have about 45 participants in that community over the last couple of years, it's a very globally diverse and everyone has a shared concern about domain abuse. What we are ‑‑ when we say domain abuse what we are talking about is phishing malware, command and control activities like BOTs, we do have some information about fraud and IP infringement and things like that in our purview but that's not our primary focus. Probably most importantly is this is a neutrally convened community, GC I acts as that neutral convener, we don't take a side, we want to bring together the people that have an interest in domain abuse, fighting that, reducing it and creating, a safe, secure, trustworthy space for them to have these discussions. At the end of the day the goal is simply to increase the integrity of the Internet by decreasing the number and impact of the domains that are registered for cybercrime and other purposes that are malicious. We need to get out in front of this at the beginning, and I will show you a little bit more about that, why that is in a minute.

We started collecting data in 2020, and since then our community members have contributed more than 10 million malicious domains in our database. Those are unique malicious domains, we have got about 27, 28 million instances so there's reporting from a lot of different people on the same domains, as you can imagine.

In this data is used for a lot of different purposes, one that you would expect is that, when a bad domain is causing a lot of trouble you want to take that down and block it and do what you can to reduce the impact it's causing but that takes time, it takes energy, it takes coordination, and again, we need to try to find ways to stop that at the earlier stages. But we also use the data to build AI algorithms, one of our partners is doing that and doing it very well, they can predictive and domains that are going to be used for malicious purposes, they have had some really good success stories already and we also work with research institutions, academically to try to further this cause.

I will give you a bit of a sample of our data, the little blue dots represent a very number of domains for each registrar. This was taken from about a week's worth of take‑down data from one of the resolvers. If you let us, the mean is 199 days for the average number of ‑‑ or the ‑‑ for the total number, if you will, of the domains associated with that particular registrar. So from the time it's been reported as malicious, we have got about six months before we see that domain, any action being taken on that domain, on average. Some registrars are much better than others in responding to those kind of activities but again the proof here is it takes too long, there's too much damage that can be done in that six‑month period which is why we want to get to the left of this and start be able looking at ways that we can collectively influence the community to start reducing the number of these domains that are registered initially for and there are indicators for that. It can be easy to identify some of those.

To give you an idea of who our participants are, we have ‑‑ and this is not a full list by any means but just representative examples ‑‑ I met someone here from Switch, Switch is part of our community as well. We encourage all organisations out there that are looking at anti‑abuse in the DNS space to participate with what we are doing so the DNS anti‑abuse, which I know they briefed a couple of years ago, this Working Group, we work with ether protect out of Germany, a lot of others.

If you look at this slide, these are the kinds of categories of organisations we are looking for. If we are missing a category please let me know. If you are part of this category and you want to be included, please let me know. We welcome any and all participants that fit within these categories and are interested in making sure we are not leaving anyone out that should be there.

The community meets quarterly to discuss best practices, to discuss data, to discuss new initiatives in the fight against domain abuse. We have Working Groups that meet monthly, our Working Group chairs are actually here in the room, and we are looking specifically at the data, how to assess and analyse that but also looking at best practices for taking action. What can we do, what can be done to reduce the number and impact of these domains that are being registered?

So again, I want to welcome anyone that wants to participate with us. We hope this will be a sustainable, self sustainable community over time and look forward to any kind of questions you may have and I am happy to hang around during the lunch break afterwards if anyone would like to do that.

BRIAN NISBET: Thank you very much. Apparently we do have questions, gosh.

AUDIENCE SPEAKER: Hi, I'm Trey Darrely, first board of directors, hobby speaking strictly for myself. Two things: You know there's a special‑interest group, a SIG, within first defined DNS abuse taxonomy, are you familiar with this work?

DAN OWEN: Right, we have just recently joined.

AUDIENCE SPEAKER: There is basically a standard way of if you say across border, there's domain abuse happening, to characterise precisely there's a huge international consortium about four or five years have been part of this effort talking through in minute detail how do we categorise all the different spectrum of domain abuse and being translated into a number of other languages so hopefully that will bring your mean take down if you are talking with somebody in the Philippines who English isn't their native language, and you're talking about something really specific, to be able to say, oh, but it's square 423 ‑‑ so we're working to improve that, we should work together on that. First is putting together a coordinated take down system within our community, we should try to find standardised ways to maybe design a standard for takedown requests that can propagate between communities, that might be worth explaining off‑line, that's an offer of help

DAN OWEN: That's the kind of conversations we like to have about the best practice. What are other members of that community doing that are working.

BRIAN NISBET: Thank you. Anything else, folks?

DAN OWEN: Thank you for the opportunity, I appreciate it.

BRIAN NISBET: Thank you very much, Dan.


Right so. That largely concludes the agenda, but does anybody have any other business they would like to raise at the Working Group? I am seeing no flood of people standing up to the microphones. In which case, I will mention, obviously we will be having another Anti‑Abuse Working Group session at RIPE 87 wherever it may be, much later this year, and we will be reminding the mailing list about agenda items but obviously if anybody has anything now or anything they would like to talk about, myself and Markus and Tobias will be around this week, please come talk to us, we are very friendly, and with that, I will say thank you again to all of the folks who actually make this Working Group happen, the AV folks, the NCC staff, both operationally and minutes and our stenographers and of course all of you, the Working Group both here and afar and I will say that, you know, one of the things is that now, because the hybrid meetings are even better than they used to be, you can present just as easily from a city relatively nearby ‑‑ no, from anywhere on the Internet as you can in the room so thank you all very much and on behalf of myself and Tobias and Markus, we will see you next time. Have a good day.