This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/
[db-wg] abuse-c
- Previous message (by thread): [db-wg] abuse-c
- Next message (by thread): [db-wg] abuse-c
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Menno Pieters (Stelvio)
menno.pieters at stelvio.nl
Sun Jan 11 01:31:27 CET 2004
MarcoH wrote: > On Fri, Jan 09, 2004 at 01:32:39PM +0100, Jan Meijer wrote: > > >>>It seems there is a pretty clear need for an extra field in inetnum and >>>inet6num records, specifically something like an abuse-c field >>>referencing a person record. >> >>It's already there :). >> >>Please check >>http://www.ripe.net/ripe/docs/irt-object.html >> >>and the TF-CSIRT effort to make it easier to use this: >>http://www.dfn-cert.de/team/matho/irt-object/ >> >>It's not perfect but it's there. > > > That's exactly the point, IRT is there but far for perfect for the purpose > the original poster is refering to. > > The problem is that there are a lot of 'tools' out there who have a > mechansim to query ripe or another db for the inetnum and all person and role > objects asociated with it to find line which contains an '@' to be a valid > address to complain to. Well, except that the word 'abuse' may be a bit easier to understand than 'irt' for many non-RIPE-database-gurus, I do not see much difference between a reference to an IRT object or a reference to a person/role object. The big difference is that an IRT is usually better protected (see below) and provides more information. The protection that the IRT gives over a person/role object includes: - It MUST be maintained, while a person or role object does not have to be; it can be completely unprotected. - Authorization from the IRT is required, before the IRT can be linked to the inet[6]num object. This is important so not all mail for a malicious company can go to another (or non-existent) address. Moreover, if the IRT object is maintained by TRUSTED-INTRODUCER-MNT (or possibly other organisations of Incident Response Teams), it means the object's information has been verified and is verified on a regular basis. > Refering to an abuse address in remarks is possible, but then even you > have to be carefull to not enclose the address in <> as some webbased > tools strip them out. > > Not to judge on all, but I get the feeling that there are a lot of people > who don't know what the fields mean, let alone they will know on how to > use the irt object. The encryption information in the IRT object is just for communication that needs encryption. For normal abuse reports just the e-mail/phone/fax/address fields will suffice. > So we can start advertising the irt mechanism to both the LIR's and the > people who migth come searching for an address to send a complaint to. I > don't think it is very likely to hit a large public in a reasonable time. Neither would another extra attribute, because people will still be sending their mail to ALL adresses found... > Introducing an extra (mandatory) field in inetnum objects to hold the > abuse address for that specific netblock and nothing more makes it much > more easier for all those people who write automated process to get the > information requested and not have to fallback to listing addresses in > changed: fields as a possible way to complain. If they can find the information in a person/role object, so can they in an IRT object. If the tool finds an mnt-irt attribute, just let it look for the contact information (address, phone, fax-no and e-mail) in the IRT object and display that to the user. > Introducing it and making some noise about it on certain mailinglists and > fora, will probably be picked much faster. I agree on that point... > As such can this subject be put an the wg-agenda for ripe-47 ? > > To formalize it a little bit I wan't to put forward the proposal to add an > 'abuse' field to inetnum and inet6num objects. > > This field will be limited to one line containing a syntactically correct > email address which can be used to send abuse complaints on ip-addresses > in that block. > > Reasons to do so are to give people an easy way to automate finding a > place to complain and giving LIR's an easy and generic way to publish the > abuse address, without having to resort to the unknown and for the average > database user complex method of the irt-object. I agree that making an IRT object is a bit more difficult than making an extra attribute, but reading an IRT object is not so difficult and could be easily automated. > As a side effect this might result in more spammers hitting the abuse box > directly as they harvest the database :) As if the abuse boxes aren't full enough already... ;-) Personally, I would suggest promoting the current advanced mechanism instead of inventing something new. Regards, Menno Pieters -- Menno Pieters - Stelvio Postbus 215, 3740 AE Baarn phone: +31-35-5.429.324 / fax: +31-35-5.429.327 XOIP: +31-84-8.720.349 / Web: http://www.stelvio.nl/
- Previous message (by thread): [db-wg] abuse-c
- Next message (by thread): [db-wg] abuse-c
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ db-wg Archives ]