This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/anti-abuse-wg@ripe.net/
[anti-abuse-wg] Discussion on 2011-06
- Previous message (by thread): [anti-abuse-wg] Discussion on 2011-06
- Next message (by thread): [anti-abuse-wg] Changing Whois server behaviour, was Discussion on 2011-06
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Frank Gadegast
ripe-anti-spam-wg at powerweb.de
Fri Jun 22 09:14:49 CEST 2012
"Michele Neylon :: Blacknight" wrote: Hi, > On 21 Jun 2012, at 22:49, lists at help.org wrote: > >>> "Phase one: Implementing the policy" will include a new whois switch being introduced >> >> This will break existing software that makes whois queries for IP's. >> When you run an IP for possible abuse you don't want one command for ARIN and a different command for RIPE. That is why this issue must be coordinated between different RIR's. Inconstant whois policies is cited as a problem in the latest ICANN whois report and comments: >> >> http://www.icann.org/en/news/public-comment/whois-rt-final-report-11may12-en.htm > > The WHOIS RT report is about domain names and whois. > > It is NOT about IP addresses A new switch will not break anything, because: - IP whois switches are already different between the RIRs, some RIRs support some switches, others dont (why should there be special RIPE version of the whois program itself, developed by the NCC, when they are all the same ? and why should there be and open source whois, like jwhois that tries to follow all different whois service implementations ?) - some RIRs return objects wich dont belong to them, that might be good or not, but its different - all RIRs have really different objects they store abuse contact information in some examples: doing a whois for an korean IP at APNIC returns objects copies from KRNIC in a really different format compared to what KRNIC supplies, same (and even worse with JPNIC) APNIC uses IRT objects to store abuse contact information, but IRT isnt used much there, most objects arent updated and still use remarks and abuse-mailbox AFRINIC and LACNIC have no IRT AFRINIC is not supporting -B (or I simply did never find an object where it makes a difference) ARIN has about 5 different places ot look, like OrgAbuseHandle and RAbuseEmail, OrgTechEmail or RTechEmail and more LACNIC is proxying all RIRs, but is sometimes simply wrong (simply because they dont supply all whois switches, that RIPE supports) ARIN should be able to at least tell wich RIR is responsible for with network, but this fails. I know a lot of networks (and not only legacy/ERX), where ARIN cannot tell and you have to look at ALL RIRs, to find the right RIR. (btw: somebody pointed out here once, that IANA is not an operational organization, they are at least in one case, because they are supplying whois.iana.org with could be used to find the right RIR for an IP object, but this also fails, because sometimes they dont even know) So, things ARE already broken, our whois parser (and the parsers of all blacklists) knows already about 50 different cases. - inserting a new switch will not turn old switches off - my idea was to really have ONE switch to find the abuse contact email address, simply because we on this list know, where to look, but no normal user knows about all these differences, maybe this switch will then also be implemented at other RIRs - RIPE NCC is having the abuse finder tool, but is not supllying it via whois or any non interactive way, what is sad But again: I simply wanted to have comments, if something likes this should be in the implementation section of the draft or if that should be done later. I think it should be in, because one big reason FOR the proposal is to HAVE one place where to store the abuse contact information and this should be also expressed in the implementation. Having this implemented will also cover the period, where some objects arent touched yet and still store the abuse contact information in old places. This will stop us from having the current situation at APNIC, where the new IRT object is making the situation worse (this was also critizised here). So: implementing a new whois switch including the fallback to the abuse finder tool result will technically lead to the result intended by the draft. Kind regards, Frank > > Regards > > Michele > > -- > Mr Michele Neylon > Blacknight Solutions > Hosting& Colocation, Brand Protection > http://www.blacknight.com/ > http://blog.blacknight.com/ > http://mneylon.tel/ > Intl. +353 (0) 59 9183072 > Locall: 1850 929 929 > Fax. +353 (0) 1 4811 763 > Twitter: http://twitter.com/mneylon > ------------------------------- > Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty > Road,Graiguecullen,Carlow,Ireland Company No.: 370845 > > > > -- Mit freundlichen Gruessen, -- PHADE Software - PowerWeb http://www.powerweb.de Inh. Dipl.-Inform. Frank Gadegast mailto:frank at powerweb.de Schinkelstrasse 17 fon: +49 33200 52920 14558 Nuthetal OT Rehbruecke, Germany fax: +49 33200 52921 ======================================================================
- Previous message (by thread): [anti-abuse-wg] Discussion on 2011-06
- Next message (by thread): [anti-abuse-wg] Changing Whois server behaviour, was Discussion on 2011-06
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]