Abuse address attribute in RIPE whois?
- Date: Tue, 21 Aug 2001 16:40:35 +0100
- Organization: Telia Net
Maybe a litte OT or wrong WG. But I see that this could maybe
be a benefit for all involved.
In the wake of Code Red, more broadband deployments and so on I
have seen an increasing number of abuse complaints that has been
sent to addresses that do not have anything to do with abuse
reports/complaints. Sent to the addresses that can be found under
There is a plug-in for Norton Personal Firewall called "The "Who's
There?" Firewall Advisor. That automaticly looks up the source of
the IP-address that has been logged in the firewall. The user then
just clicks "notify" and the program creates a pre-defined mail
ready to be sent to the responsible ISP.
Here is the problem. They use the address found at the end in the
inetnum object. Even that You have a created information under the
"descr:" fields saying:
inetnum: 192.168.0.0 - 192.168.255.255
descr: Foo Bar ISP Inc.
descr: Intrusion and abuse reports
descr: should be sent to
They *never* use this information.
And the reason why they instead have choosen to send the abuse
report to the person that have created/updated the object is
this ( taken from their webpage):
"Addresses should usually be chosen starting from the bottom of the
dialog, since information toward the bottom tends to be more specific
than at the top. Alternatively, you can attempt to contact a network
administrator using other WHOIS information, such as their phone
number or mailing address"
This is not the only program that uses this approach. An the same
pattern can be found among many users.
This is starting to get really annoying. Not only the fact that you
recive a lot of mail that you have to forward to the right address.
But also the fact that most of the ISP:s abuse department will not
get the complaints direct. And by that delay the whole investigation
into the matter.
My question is if there is an interest to create an "draft" for an
identifier in the inetnum object that could be used for abuse reports.
Like the "X-Complaints-To:" in NNTP. That identifier could the be used
by programs like the one mentioned in this mail. And could also be
easier to find on each assignment. As most LIRs have only created info
about this in the object for the whole block.