3.10.3 Abuse Details

The irt object (Internet Response Team) was introduced to identify a Computer Security Incident Response Team (CSIRT) for handling serious network problems like DOS attacks. It was later modified to make it usable for more general abuse. But all the old ways of documenting abuse were also still available. Now with the introduction of “abuse-c:” this general abuse is moving away from the irt object again. After a data cleanup, the irt object will only be used for CSIRT teams again and should not be used to handle general abuse complaints.

General abuse is now handled by the organisation object. This should reference an abuse handling role object with an “abuse-c:” attribute. This role object must include an "abuse-mailbox:" attribute. All RIPE NCC allocated address space and direct end user assignments, represented by inet(6)num and aut-num objects, should reference an organisation object directly. All more specific address space objects inherit this reference. The abuse handler for this address space and all the more specific address space to that specified by the inet(6)num object is determined by the referenced organisation object.

There is a query flag ("-c") which will return the irt object, if one exists, for any specified inet(6)num object. There is also another query flag ("-b") that will find the indirectly referenced role object, extract the "abuse-mailbox:" attribute and return brief details including the email address from the role object.