This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/
[anti-abuse-wg] central whois
- Previous message (by thread): [anti-abuse-wg] central whois
- Next message (by thread): [anti-abuse-wg] central whois
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Benedikt Stockebrand
bs at stepladder-it.com
Sat Jun 29 13:27:10 CEST 2013
Frank Gadegast <ripe-anti-spam-wg at powerweb.de> writes: > Dont get the point here. Obviously you don't. > If you get attacked with a whatever flood, you see the sender IP. You see the IP that the sender has configured. To spell it out just for you: If someone configures a box to use the address 62.67.229.200 and then flood pings some poor soul using that address as source, who will then get all the abuse mails you want people to force to read? Hint: $ dig +noall +answer www.powerweb.de any www.powerweb.de. 500 IN MX 200 mail.berlin3.powerweb.de. www.powerweb.de. 500 IN MX 100 mail.powerweb.de. www.powerweb.de. 500 IN A 62.67.229.200 Now do that with an entire botnet and see what happens. Or do you have any plans you didn't share yet on how to prevent attackers from using this for a new kind of Joe job? >> Your entire chain of reasoning relies on the fact that whatever IP >> address from an attacker your end users find in their logs identifies >> the abuse-c to contact. > > Sure, end user arent normally able to find the IP, but there > are already tools and plugins to do this. So, more mails to abuse at powerweb.de. Which of course, since you want to force other people to read their abuse-c mail address, you will all read yourself. And if that's not enough to keep you busy: Maybe somebody with basic scripting skills takes your approach even a bit further and links his/her packet filter to script that stuffs every such packet in a mail to the "responsible" abuse-c. Happy reading. > And I still think that a central whois makes it easy to find > the right contact, for end users, semi-professionals and pros ... And the "right contact" is whoever holds the IP address used as source for some sort of attack or whatever. This is so immensely clever I'm absolutely speechless. -- Business Grade IPv6 Consulting, Training, Projects Benedikt Stockebrand, Dipl.-Inform. http://www.stepladder-it.com/
- Previous message (by thread): [anti-abuse-wg] central whois
- Next message (by thread): [anti-abuse-wg] central whois
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]