This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/db-wg@ripe.net/
[db-wg] abuse-c
- Previous message (by thread): [db-wg] abuse-c
- Next message (by thread): [db-wg] abuse-c
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Ulrich Kiermayr
ulrich.kiermayr at univie.ac.at
Mon Jan 12 15:52:59 CET 2004
MarcoH wrote: > On Mon, Jan 12, 2004 at 09:55:06AM +0100, Shane Kerr wrote: > > >>On of the problems that was identified when the irt object type was >>defined is that there are a lot of meanings of "incident" that the "irt" >>could be responding to. The same applies to an "abuse-c:" attribute. >>Does abuse mean spam? DoS? Illegally trading movies? E-mailed viruses? >> Pornography? Gambling? Hijacking address space? >> >>Do you have different desks for these different types of abuses? If so, >>does it make sense to have different contacts for them? (History shows >>this doesn't matter too much - as users tend to send to every e-mail they >>can find. But in the future, it would make modifying output of tools to >>only display relevant information easier.) > > > That's why I proposed a simple attribute only containing 1 single > email address where people can send their complaints. It will mostly > end-up being abuse at isp for every single inetnum. Apart from that and in general, the I think relying on RFC 2142 (which is a standard) is at least an equally good approximation as introducing any new email-containing attributes: RFC2142, Sect. 2: For example, if an Internet service provider's domain name is COMPANY.COM, then the <ABUSE at COMPANY.COM> address must be valid and supported, even though the customers whose activity generates complaints use hosts with more specific domain names like SHELL1.COMPANY.COM. Note, however, that it is valid and encouraged to support mailbox names for sub-domains, as appropriate. and Sect4: states there should be ABUSE Customer Relations Inappropriate public behaviour NOC Network Operations Network infrastructure SECURITY Network Security Security bulletins or queries Ok, it is not always trivial to fiure out a domain to an ip-range, but for the well behaved ones that would use the abuse-c it is usually easy to make out the right abuse at .... and the bad-guys would either not use it at all, or put something like abuse_box_for_me at hotmail.com in (or an approbriate role holding that data. so it would be worthless anyway. Am I missing something here? lG uk -- Ulrich Kiermayr Zentraler Informatikdienst der Universitaet Wien Network - Security - ACOnet-CERT Universitaetsstrasse 7, 1010 Wien, AT eMail: ulrich.kiermayr at univie.ac.at Tel: (+43 1) 4277 / 14104 PGP Key-ID: 0xA8D764D8 Fax: (+43 1) 4277 / 9140
- Previous message (by thread): [db-wg] abuse-c
- Next message (by thread): [db-wg] abuse-c
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ db-wg Archives ]