About RIPE | Contact  | Search | Sitemap    
Homepage RIPE  
RIPE Community Mail Archives
search  
     
Next Sectionyou are here: RIPE -> RIPE Maillists > Archives
RIPE Navigation Ends
About RIPE Maillists
Maillists Archive
Global Lists
Non Active Lists
RIPE NCC Navigation Ends
Next Section
<<< Chronological >>> Author Index    Subject Index <<< Threads >>>

[db-wg] abuse-mailbox

  • From: Philippe Bourcier <
    >
  • Date: Tue, 24 May 2005 23:32:28 +0200

Hi,

I'm the author of the CyberAbuse whois, which is a tool that catches the "most suitable" abuse contact email for a specific IP/host by searching in the RIRs whois result. It's security and network abuse oriented... it's used in many CERTs or IRTs.

I understand there's a new (and long waited for) abuse-mailbox field that my program should catch in the RIPE db.
I'd like to know what would you recommend as the behavior for catching the "best possible" abuse-contact in the RIPE db.

Here is how the cyberabuse whois used to work (for RIPE) :
1 - search for an IRT object (mnt-irt), if one exist, go catch the associated e-mail
2 - search for an email in all the remarks/trouble/descr fields with the abuse/security/cert/csirt string in it
3 - search for the admin-c's email, if any
4 - search for the tech-c's, if any
5 - search for the first email found

I think I'm going to add a search for the abuse-mailbox field between (1) and (2).
Is this how you would do it ?
Any other comments/suggestions ?


Sincerely,
Philippe Bourcier



Post To The List:

Replies

<<< Chronological >>> Author    Subject <<< Threads >>>
 

Next Section
     About RIPE | Site Map | LIR Portal | About the RIPE NCC | Contact | Copyright Statement
RIPE.NET Homepage LIR Portal RIPE Community