This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/
[db-wg] abuse-mailbox
- Previous message (by thread): [db-wg] Re: Re: [ncc-services-wg] RIPE 50 Report
- Next message (by thread): [db-wg] abuse-mailbox
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Philippe Bourcier
philippe at cyberabuse.org
Tue May 24 23:32:28 CEST 2005
Hi, I'm the author of the CyberAbuse whois, which is a tool that catches the "most suitable" abuse contact email for a specific IP/host by searching in the RIRs whois result. It's security and network abuse oriented... it's used in many CERTs or IRTs. I understand there's a new (and long waited for) abuse-mailbox field that my program should catch in the RIPE db. I'd like to know what would you recommend as the behavior for catching the "best possible" abuse-contact in the RIPE db. Here is how the cyberabuse whois used to work (for RIPE) : 1 - search for an IRT object (mnt-irt), if one exist, go catch the associated e-mail 2 - search for an email in all the remarks/trouble/descr fields with the abuse/security/cert/csirt string in it 3 - search for the admin-c's email, if any 4 - search for the tech-c's, if any 5 - search for the first email found I think I'm going to add a search for the abuse-mailbox field between (1) and (2). Is this how you would do it ? Any other comments/suggestions ? Sincerely, Philippe Bourcier
- Previous message (by thread): [db-wg] Re: Re: [ncc-services-wg] RIPE 50 Report
- Next message (by thread): [db-wg] abuse-mailbox
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ db-wg Archives ]