About RIPE | Contact  | Search | Sitemap    
Homepage RIPE  
RIPE Community Mail Archives
search  
     
Next Sectionyou are here: RIPE -> RIPE Maillists > Archives
RIPE Navigation Ends
About RIPE Maillists
Maillists Archive
Global Lists
Non Active Lists
RIPE NCC Navigation Ends
Next Section
<<< Chronological >>> Author Index    Subject Index <<< Threads >>>

Re: [db-wg] abuse-c

  • From: Ulrich Kiermayr < >
  • Date: Mon, 12 Jan 2004 15:52:59 +0100
  • Organization: Vienna University Computer Center
MarcoH wrote:

On Mon, Jan 12, 2004 at 09:55:06AM +0100, Shane Kerr wrote:
On of the problems that was identified when the irt object type was defined is that there are a lot of meanings of "incident" that the "irt" could be responding to. The same applies to an "abuse-c:" attribute. Does abuse mean spam? DoS? Illegally trading movies? E-mailed viruses? Pornography? Gambling? Hijacking address space?

Do you have different desks for these different types of abuses? If so, does it make sense to have different contacts for them? (History shows this doesn't matter too much - as users tend to send to every e-mail they can find. But in the future, it would make modifying output of tools to only display relevant information easier.)

That's why I proposed a simple attribute only containing 1 single
email address where people can send their complaints. It will mostly
end-up being abuse@localhost for every single inetnum.
Apart from that and in general, the I think relying on RFC 2142 (which is a standard) is at least an equally good approximation as introducing any new email-containing attributes:

RFC2142, Sect. 2:

For example, if an Internet service provider's domain name is
COMPANY.COM, then the ABUSE@localhost address must be valid and
supported, even though the customers whose activity generates
complaints use hosts with more specific domain names like
SHELL1.COMPANY.COM. Note, however, that it is valid and encouraged
to support mailbox names for sub-domains, as appropriate.

and Sect4: states there should be

ABUSE Customer Relations Inappropriate public behaviour
NOC Network Operations Network infrastructure
SECURITY Network Security Security bulletins or queries

Ok, it is not always trivial to fiure out a domain to an ip-range, but for the well behaved ones that would use the abuse-c it is usually easy to make out the right abuse@....

and the bad-guys would either not use it at all, or put something like abuse_box_for_me@localhost in (or an approbriate role holding that data. so it would be worthless anyway.

Am I missing something here?

lG uk
--
Ulrich Kiermayr Zentraler Informatikdienst der Universitaet Wien
Network - Security - ACOnet-CERT Universitaetsstrasse 7, 1010 Wien, AT

eMail: ulrich.kiermayr@localhost Tel: (+43 1) 4277 / 14104
PGP Key-ID: 0xA8D764D8 Fax: (+43 1) 4277 / 9140



  • Post To The List:
<<< Chronological >>> Author    Subject <<< Threads >>>
 

Next Section
     About RIPE | Site Map | LIR Portal | About the RIPE NCC | Contact | © RIPE Community. All rights reserved.
RIPE.NET Homepage LIR Portal RIPE Community