RE: Abuse address attribute in RIPE whois?
- Date: Tue, 21 Aug 2001 21:59:06 +0100
Hi,
Perhaps I'm missing something, but I thought that the inetnum objects
had tech-c and admin-c fields so that a contact had to be listed who was
responsible for the IP addresses in question. I know that originally
this was for the internet routing of the IP block, rather than the
actions of one server in the IP range, but surely this is what an on
site administrative contact is there to investigate? I am listed as a
tech-c for our customer's IP blocks and when their servers are used as
open relays, I receive automated emails from Spamcop. I then get the
relays fixed. Surely we don't also need an abuse-c field to make things
work? Wouldn't it be easier just to make people adopt RFC2142, which
specifies the use of email addresses such as abuse@localhost
Robin
-----Original Message-----
From: owner-anti-spam-wg@localhost [
]
On Behalf Of amar
Sent: 21 August 2001 16:41
To: RIPE Anti-Spam WG
Subject: Abuse address attribute in RIPE whois?
All,
Maybe a litte OT or wrong WG. But I see that this could maybe
be a benefit for all involved.
In the wake of Code Red, more broadband deployments and so on I
have seen an increasing number of abuse complaints that has been
sent to addresses that do not have anything to do with abuse
reports/complaints. Sent to the addresses that can be found under
"update:"
There is a plug-in for Norton Personal Firewall called "The "Who's
There?" Firewall Advisor. That automaticly looks up the source of
the IP-address that has been logged in the firewall. The user then
just clicks "notify" and the program creates a pre-defined mail
ready to be sent to the responsible ISP.
Here is the problem. They use the address found at the end in the
inetnum object. Even that You have a created information under the
"descr:" fields saying:
inetnum: 192.168.0.0 - 192.168.255.255
netname: EU-ISP
descr: Foo Bar ISP Inc.
descr: ISP
descr: ---------------------------
descr: Intrusion and abuse reports
descr: should be sent to
descr: abuse@localhost
descr: ---------------------------
They *never* use this information.
And the reason why they instead have choosen to send the abuse
report to the person that have created/updated the object is
this ( taken from their webpage):
"Addresses should usually be chosen starting from the bottom of the
dialog, since information toward the bottom tends to be more specific
than at the top. Alternatively, you can attempt to contact a network
administrator using other WHOIS information, such as their phone
number or mailing address"
http://www2.opendoor.com/whosthere/UG/WTWTDialog.html#likely_email
This is not the only program that uses this approach. An the same
pattern can be found among many users.
This is starting to get really annoying. Not only the fact that you
recive a lot of mail that you have to forward to the right address.
But also the fact that most of the ISP:s abuse department will not
get the complaints direct. And by that delay the whole investigation
into the matter.
My question is if there is an interest to create an "draft" for an
identifier in the inetnum object that could be used for abuse reports.
Like the "X-Complaints-To:" in NNTP. That identifier could the be used
by programs like the one mentioned in this mail. And could also be
easier to find on each assignment. As most LIRs have only created info
about this in the object for the whole block.
Any interest?
Regards
-- amar