[anti-abuse-wg] How to find abandoned networks (was Spam FAQs need revision)

Suresh Ramasubramanian wrote:

> security by obscurity you mean?

this may be seen as one end of a stick -
offering the info on a silver platter may be seen as the other end :-)

wilfried

> --srs (iPad)
> 
> On 13-Dec-2011, at 16:22, Shane Kerr <shane at time-travellers.org> wrote:
> 
> 
>>Joe,
>>
>>It's a bit of a tangent, but...
>>
>>On Mon, 2011-12-12 at 11:22 -0800, Joe St Sauver wrote:
>>
>>>  If nothing else, that FAQ answer should *at least* be updated to correct 
>>>  factual inaccuracies because at least *some* other RIRs *DO* check and/or
>>>  correct inaccuracies in their databases, e.g., see, in the case of ARIN, 
>>>  APNIC and LACNIC, see:
>>>
>>>  -- https://www.arin.net/policy/nrpm.html#three6
>>>
>>>     "3.6 Annual Whois POC Validation
>>>
>>>     "3.6.1 Method of Annual Verification
>>>
>>>     "During ARINs annual Whois POC validation, an email will be sent to 
>>>     every POC in the Whois database. Each POC will have a maximum of 60 
>>>     days to respond with an affirmative that their Whois contact 
>>>     information is correct and complete. Unresponsive POC email addresses 
>>>     shall be marked as such in the database. If ARIN staff deems a POC to 
>>>     be completely and permanently abandoned or otherwise illegitimate, 
>>>     the POC record shall be marked invalid. ARIN will maintain, and make 
>>>     readily available to the community, a current list of number resources 
>>>     with no valid POC; this data will be subject to the current bulk Whois 
>>>     policy."
>>
>>What a great method for finding networks that are poorly monitored and
>>maintained! Simply check ARIN's Whois database until you find networks
>>with POC that are marked as invalid!
>>
>>I hope that RIPE does not adopt this address-hijacking-friendly
>>technique. :(
>>
>>--
>>Shane