<<< Chronological >>> Author Index    Subject Index <<< Threads >>>

RE: Abuse address attribute in RIPE whois?

  • To: "'RIPE Anti-Spam WG'" < >
  • From: "Robin cragg" < >
  • Date: Tue, 21 Aug 2001 21:59:06 +0100

Hi,

Perhaps I'm missing something, but I thought that the inetnum objects
had tech-c and admin-c fields so that a contact had to be listed who was
responsible for the IP addresses in question. I know that originally
this was for the internet routing of the IP block, rather than the
actions of one server in the IP range, but surely this is what an on
site administrative contact is there to investigate? I am listed as a
tech-c for our customer's IP blocks and when their servers are used as
open relays, I receive automated emails from Spamcop. I then get the
relays fixed. Surely we don't also need an abuse-c field to make things
work? Wouldn't it be easier just to make people adopt RFC2142, which
specifies the use of email addresses such as abuse@localhost 


Robin


-----Original Message-----
From: owner-anti-spam-wg@localhost [
] On Behalf Of amar Sent: 21 August 2001 16:41 To: RIPE Anti-Spam WG Subject: Abuse address attribute in RIPE whois? All, Maybe a litte OT or wrong WG. But I see that this could maybe be a benefit for all involved. In the wake of Code Red, more broadband deployments and so on I have seen an increasing number of abuse complaints that has been sent to addresses that do not have anything to do with abuse reports/complaints. Sent to the addresses that can be found under "update:" There is a plug-in for Norton Personal Firewall called "The "Who's There?" Firewall Advisor. That automaticly looks up the source of the IP-address that has been logged in the firewall. The user then just clicks "notify" and the program creates a pre-defined mail ready to be sent to the responsible ISP. Here is the problem. They use the address found at the end in the inetnum object. Even that You have a created information under the "descr:" fields saying: inetnum: 192.168.0.0 - 192.168.255.255 netname: EU-ISP descr: Foo Bar ISP Inc. descr: ISP descr: --------------------------- descr: Intrusion and abuse reports descr: should be sent to descr: abuse@localhost descr: --------------------------- They *never* use this information. And the reason why they instead have choosen to send the abuse report to the person that have created/updated the object is this ( taken from their webpage): "Addresses should usually be chosen starting from the bottom of the dialog, since information toward the bottom tends to be more specific than at the top. Alternatively, you can attempt to contact a network administrator using other WHOIS information, such as their phone number or mailing address" http://www2.opendoor.com/whosthere/UG/WTWTDialog.html#likely_email This is not the only program that uses this approach. An the same pattern can be found among many users. This is starting to get really annoying. Not only the fact that you recive a lot of mail that you have to forward to the right address. But also the fact that most of the ISP:s abuse department will not get the complaints direct. And by that delay the whole investigation into the matter. My question is if there is an interest to create an "draft" for an identifier in the inetnum object that could be used for abuse reports. Like the "X-Complaints-To:" in NNTP. That identifier could the be used by programs like the one mentioned in this mail. And could also be easier to find on each assignment. As most LIRs have only created info about this in the object for the whole block. Any interest? Regards -- amar

  • Post To The List:
<<< Chronological >>> Author    Subject <<< Threads >>>