[anti-abuse-wg] central whois
- Previous message (by thread): [anti-abuse-wg] Automatic IP -> abuse email address mapping
- Next message (by thread): [anti-abuse-wg] central whois
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Frank Gadegast
ripe-anti-spam-wg at powerweb.de
Thu Jun 20 14:00:32 CEST 2013
Denis Walker wrote: > Dear Frank, BTW: there is still no simple form under www.ripe.net (maybe upper right corner, directly under the search field), that says: enter an abusive IP address here, and we tell you, where to send an abuse report to ___ ___ ___ ___ (get abuse contact email address) This should be technical pretty easy, because whois -b is in place, but an end user would never us a whois service and play with options ... So: we cannot even send end customers to www.ripe.net ... Kind regards, Frank > > The RIPE NCC has a Global Resource Service (GRS) where you can perform > unlimited queries on operational data from all the 5 RIRs and all > responses are returned in RIPE RPSL format. You can script your queries > against the RIPE GRS using our API. > > I am, at this very moment, writing a new RIPE Labs article with all the > latest details and improvements we have made recently to this service. > We expect to publish this article next week. > > Regards > Denis Walker > Business Analyst > RIPE NCC Database Team > > On 20/06/2013 11:17, Frank Gadegast wrote: >> Olaf van der Spek wrote: >>> Hi, >>> >>> I hope this is the right list for such a question. >>> How does one map an IP address to an abuse email address in an automated >>> way? >>> I assume scripts exist, but I haven't found any. Does everyone roll >>> their own? >> >> There are no public script to my knowledge >> >> This kind of automatic mapping is quite complicated and >> mostly internal know-how of f.e. blacklists, that do >> automatic reporting. >> >> The steps to do it are something like this: >> >> - first you need to identify, wich RIR is responsible for the >> IP/netblock, this is tricky, because there more RIRs like >> only RIPE, ARIN, LACNIC, AFRNINIC and APNIC, that actually >> hold the information you need (f.e. KRNIC and BRNIC aso) and because >> there are early registration networks, that usally do not >> belong to the RIR you would expect >> - all whois interfaces at the RIRs are different, parsing is >> difficult, different options too and all have different regulations >> and fields with even dubled content >> - then there are limits, how many whois queries you can do >> >> We have a pearl-script doing all this with over >> 3000 lines of code, and this code has to be adjusted >> nearly every month ... >> >> It would be a dream, if this group could discuss >> a standard whois output format for all RIRs. >> And the final step could be a centralized whois, anybody >> could ask for the abuse contact covering the data >> of all RIRs. >> >> >> Kind regards, Frank >> Network Operation Center - PowerWeb >> -- >> MOTD: "have you enabled SSL on a website or mailbox today ?" >> -- >> PHADE Software - PowerWeb http://www.powerweb.de >> Inh. Dipl.-Inform. Frank Gadegast mailto:frank at powerweb.de >> Schinkelstrasse 17 fon: +49 33200 52920 >> 14558 Nuthetal OT Rehbruecke, Germany fax: +49 33200 52921 >> ====================================================================== >> >> >> >> >> >>> >>> >>> -- >>> Olaf >> >> >> > >
- Previous message (by thread): [anti-abuse-wg] Automatic IP -> abuse email address mapping
- Next message (by thread): [anti-abuse-wg] central whois
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]