[anti-abuse-wg] central whois

Benedikt Stockebrand wrote:
> Frank Gadegast <ripe-anti-spam-wg at powerweb.de> writes:
>
>> Benedikt Stockebrand wrote:
>>> Hi Suresh and list,
>>>
>>>
>>> Please explain to me why providing an excessively easy-to-use abuse
>>> interface won't cause such an increase in workload for the recipients of
>>> that list that it becomes impossible to handle.
>>
>> Thats the wrong starting point.
>>
>> If some resource holder is not willing to reduce abuse coming
>> from his networks, theres nothing we can do.
>> And it will not harm him to pubish his abuse contact in a central space,
>> hes not reding the abuse reports anyway ...
>
> Sorry, this is nonsense.  If somebody has his home PC being part of a
> botnet, and someone uses that botnet to flood a victim with ping or TCP
> syn or <whatever> flood attacks using my IP address, then how will the
> mails I get as my own abuse-c find their way to the bot PC owner or his
> ISP's abuse-c?

Dont get the point here.
If you get attacked with a whatever flood, you see the sender IP.
Enter the sender-ip in the central whois and write a mail
to the abuse-c responsible.
He now can check, wich user used the IP at that time and
get in contact with him to fix the problem, or deny
the end users access or ignore it or whatever policy they run.

> Your entire chain of reasoning relies on the fact that whatever IP
> address from an attacker your end users find in their logs identifies
> the abuse-c to contact.

Sure, end user arent normally able to find the IP, but there
are already tools and plugins to do this.

And I still think that a central whois makes it easy to find
the right contact, for end users, semi-professionals and pros ...


Kind regards, Frank