This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/anti-abuse-wg@ripe.net/
[anti-abuse-wg] Adding a "Security Information" contact?
- Previous message (by thread): [anti-abuse-wg] Adding a "Security Information" contact?
- Next message (by thread): [anti-abuse-wg] Adding a "Security Information" contact?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Ángel González Berdasco
angel.gonzalez at incibe.es
Tue Jun 7 20:07:13 CEST 2022
Gert Doering writes: > Hi, > > On Tue, Jun 07, 2022 at 12:36:10PM +0000, Ángel González Berdasco via > anti-abuse-wg wrote: > > abuse-c: GROBECKER-ABUSE > > > > and the GROBECKER-ABUSE object: > > abuse-mailbox: general at abuse.grobecker.info > > abuse-mailbox-vulnerable: > > vulnerability-reports at abuse.grobecker.info > > abuse-mailbox-fraud: fraudabuses at abuse.grobecker.info > > > > where 'vulnerable', 'fraud', etc. are the machine readable tags > > defined > > in the RSIT for the values in the classification column. > > [..] > > Does something like this seem sensible to others? > > > I think teaching this to CERTs would also be doable... ;-) It should be. After all, that's based on the Reference Taxonomy used by CERTs, which they should be relatively familiar with (even if they aren't following it strictly). :) > From a LIR perspective, this sounds like an interesting and quite > workable idea (... it would need some easily-findable help texts that > explains what these terms stand for, and which one to use for what :- > ) ). I agree. By using an established taxonomy, this avoids having to create a new categorization of abuse contact subtypes, and (for those of us using RSIT) the need of mapping from RSIT to that one. But I admit the explanations at https://github.com/enisaeu/Reference-Security-Incident-Taxonomy-Task-Force/blob/master/working_copy/humanv1.md are quite weak and should be improved. > "whois" would need some help (as it today only returns one abuse e- > mail), but that's implementation.... > > $ whois 195.30.0.1 > % Abuse contact for '195.30.0.0 - 195.30.0.255' is 'abuse at space.net' That's not done by the whois binary, but by the whois server, see $ echo 195.30.0.1 | nc -C whois.ripe.net 4 Best regards -- INCIBE-CERT - Spanish National CSIRT https://www.incibe-cert.es/ PGP keys: https://www.incibe-cert.es/en/what-is-incibe-cert/pgp-public-keys ==================================================================== INCIBE-CERT is the Spanish National CSIRT designated for citizens, private law entities, other entities not included in the subjective scope of application of the "Ley 40/2015, de 1 de octubre, de Régimen Jurídico del Sector Público", as well as digital service providers, operators of essential services and critical operators under the terms of the "Real Decreto-ley 12/2018, de 7 de septiembre, de seguridad de las redes y sistemas de información" that transposes the Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union. ==================================================================== In compliance with the General Data Protection Regulation of the EU (Regulation EU 2016/679, of 27 April 2016) we inform you that your personal and corporate data (as well as those included in attached documents); and e-mail address, may be included in our records for the purpose derived from legal, contractual or pre-contractual obligations or in order to respond to your queries. You may exercise your rights of access, correction, cancellation, portability, limitationof processing and opposition under the terms established by current legislation and free of charge by sending an e-mail to dpd at incibe.es. The Data Controller is S.M.E. Instituto Nacional de Ciberseguridad de España, M.P., S.A. More information is available on our website: https://www.incibe.es/proteccion-datos-personales and https://www.incibe.es/registro-actividad. ====================================================================
- Previous message (by thread): [anti-abuse-wg] Adding a "Security Information" contact?
- Next message (by thread): [anti-abuse-wg] Adding a "Security Information" contact?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]