This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/

[anti-abuse-wg] Discussion on 2011-06

Previous message (by thread): [anti-abuse-wg] Discussion on 2011-06
Next message (by thread): [anti-abuse-wg] Changing Whois server behaviour, was Discussion on 2011-06

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Frank Gadegast ripe-anti-spam-wg at powerweb.de
Fri Jun 22 09:14:49 CEST 2012

"Michele Neylon :: Blacknight" wrote:

Hi,


> On 21 Jun 2012, at 22:49, lists at help.org wrote:
>
>>> "Phase one: Implementing the policy" will include a new whois switch being introduced
>>
>> This will break existing software that makes whois queries for IP's.
 >> When you run an IP for possible abuse you don't want one command for 
ARIN and a different command for RIPE.  That is why this issue must be 
coordinated between different RIR's.  Inconstant whois policies is cited 
as a problem in the latest ICANN whois report and comments:
>>
>> http://www.icann.org/en/news/public-comment/whois-rt-final-report-11may12-en.htm
>
> The WHOIS RT report is about domain names and whois.
>
> It is NOT about IP addresses

A new switch will not break anything, because:

- IP whois switches are already different between the RIRs,
   some RIRs support some switches, others dont
   (why should there be special RIPE version of the
    whois program itself, developed by the NCC, when
    they are all the same ? and why should there be
    and open source whois, like jwhois that tries
    to follow all different whois service implementations ?)
- some RIRs return objects wich dont belong to them,
   that might be good or not, but its different
- all RIRs have really different objects they
   store abuse contact information in

some examples:
doing a whois for an korean IP
at APNIC returns objects copies from KRNIC
in a really different format compared to what
KRNIC supplies, same (and even worse with JPNIC)

APNIC uses IRT objects to store abuse contact information,
but IRT isnt used much there, most objects arent updated
and still use remarks and abuse-mailbox

AFRINIC and LACNIC have no IRT

AFRINIC is not supporting -B (or I simply did
never find an object where it makes a difference)

ARIN has about 5 different places ot look, like OrgAbuseHandle
and RAbuseEmail, OrgTechEmail or RTechEmail and more

LACNIC is proxying all RIRs, but is sometimes
simply wrong (simply because they dont supply
all whois switches, that RIPE supports)

ARIN should be able to at least tell wich RIR is
responsible for with network, but this fails.
I know a lot of networks (and not only legacy/ERX),
where ARIN cannot tell and you have to look
at ALL RIRs, to find the right RIR.

(btw: somebody pointed out here once, that IANA
is not an operational organization, they are at
least in one case, because they are supplying
whois.iana.org with could be used to find the
right RIR for an IP object, but this also fails,
because sometimes they dont even know)

So, things ARE already broken, our whois parser
(and the parsers of all blacklists) knows already
about 50 different cases.

- inserting a new switch will not turn old switches off
- my idea was to really have ONE switch to find the
   abuse contact email address, simply because we
   on this list know, where to look, but no normal
   user knows about all these differences, maybe
   this switch will then also be implemented at
   other RIRs
- RIPE NCC is having the abuse finder tool, but is
   not supllying it via whois or any non interactive
   way, what is sad

But again: I simply wanted to have comments,
if something likes this should be in the implementation
section of the draft or if that should be done later.

I think it should be in, because one big reason
FOR the proposal is to HAVE one place where to store
the abuse contact information and this should be
also expressed in the implementation.

Having this implemented will also cover the period,
where some objects arent touched yet and still store
the abuse contact information in old places.
This will stop us from having the current situation
at APNIC, where the new IRT object is making the
situation worse (this was also critizised here).


So: implementing a new whois switch including the
fallback to the abuse finder tool result will
technically lead to the result intended by the draft.


Kind regards, Frank

>
> Regards
>
> Michele
>
> --
> Mr Michele Neylon
> Blacknight Solutions
> Hosting&  Colocation, Brand Protection
> http://www.blacknight.com/
> http://blog.blacknight.com/
> http://mneylon.tel/
> Intl. +353 (0) 59  9183072
> Locall: 1850 929 929
> Fax. +353 (0) 1 4811 763
> Twitter: http://twitter.com/mneylon
> -------------------------------
> Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty
> Road,Graiguecullen,Carlow,Ireland  Company No.: 370845
>
>
>
>


-- 

Mit freundlichen Gruessen,
--
PHADE Software - PowerWeb                       http://www.powerweb.de
Inh. Dipl.-Inform. Frank Gadegast             mailto:frank at powerweb.de
Schinkelstrasse 17                                fon: +49 33200 52920
14558 Nuthetal OT Rehbruecke, Germany             fax: +49 33200 52921
======================================================================

Previous message (by thread): [anti-abuse-wg] Discussion on 2011-06
Next message (by thread): [anti-abuse-wg] Changing Whois server behaviour, was Discussion on 2011-06

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

[ anti-abuse-wg Archives ]