This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/anti-abuse-wg@ripe.net/
[anti-abuse-wg] central whois
- Previous message (by thread): [anti-abuse-wg] Automatic IP -> abuse email address mapping
- Next message (by thread): [anti-abuse-wg] central whois
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Frank Gadegast
ripe-anti-spam-wg at powerweb.de
Thu Jun 20 14:00:32 CEST 2013
Denis Walker wrote: > Dear Frank, BTW: there is still no simple form under www.ripe.net (maybe upper right corner, directly under the search field), that says: enter an abusive IP address here, and we tell you, where to send an abuse report to ___ ___ ___ ___ (get abuse contact email address) This should be technical pretty easy, because whois -b is in place, but an end user would never us a whois service and play with options ... So: we cannot even send end customers to www.ripe.net ... Kind regards, Frank > > The RIPE NCC has a Global Resource Service (GRS) where you can perform > unlimited queries on operational data from all the 5 RIRs and all > responses are returned in RIPE RPSL format. You can script your queries > against the RIPE GRS using our API. > > I am, at this very moment, writing a new RIPE Labs article with all the > latest details and improvements we have made recently to this service. > We expect to publish this article next week. > > Regards > Denis Walker > Business Analyst > RIPE NCC Database Team > > On 20/06/2013 11:17, Frank Gadegast wrote: >> Olaf van der Spek wrote: >>> Hi, >>> >>> I hope this is the right list for such a question. >>> How does one map an IP address to an abuse email address in an automated >>> way? >>> I assume scripts exist, but I haven't found any. Does everyone roll >>> their own? >> >> There are no public script to my knowledge >> >> This kind of automatic mapping is quite complicated and >> mostly internal know-how of f.e. blacklists, that do >> automatic reporting. >> >> The steps to do it are something like this: >> >> - first you need to identify, wich RIR is responsible for the >> IP/netblock, this is tricky, because there more RIRs like >> only RIPE, ARIN, LACNIC, AFRNINIC and APNIC, that actually >> hold the information you need (f.e. KRNIC and BRNIC aso) and because >> there are early registration networks, that usally do not >> belong to the RIR you would expect >> - all whois interfaces at the RIRs are different, parsing is >> difficult, different options too and all have different regulations >> and fields with even dubled content >> - then there are limits, how many whois queries you can do >> >> We have a pearl-script doing all this with over >> 3000 lines of code, and this code has to be adjusted >> nearly every month ... >> >> It would be a dream, if this group could discuss >> a standard whois output format for all RIRs. >> And the final step could be a centralized whois, anybody >> could ask for the abuse contact covering the data >> of all RIRs. >> >> >> Kind regards, Frank >> Network Operation Center - PowerWeb >> -- >> MOTD: "have you enabled SSL on a website or mailbox today ?" >> -- >> PHADE Software - PowerWeb http://www.powerweb.de >> Inh. Dipl.-Inform. Frank Gadegast mailto:frank at powerweb.de >> Schinkelstrasse 17 fon: +49 33200 52920 >> 14558 Nuthetal OT Rehbruecke, Germany fax: +49 33200 52921 >> ====================================================================== >> >> >> >> >> >>> >>> >>> -- >>> Olaf >> >> >> > >
- Previous message (by thread): [anti-abuse-wg] Automatic IP -> abuse email address mapping
- Next message (by thread): [anti-abuse-wg] central whois
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]