[db-wg] abuse-c
- Previous message (by thread): [db-wg] abuse-c
- Next message (by thread): [db-wg] abuse-c
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Menno Pieters (Stelvio)
menno.pieters at stelvio.nl
Sun Jan 11 01:31:27 CET 2004
MarcoH wrote: > On Fri, Jan 09, 2004 at 01:32:39PM +0100, Jan Meijer wrote: > > >>>It seems there is a pretty clear need for an extra field in inetnum and >>>inet6num records, specifically something like an abuse-c field >>>referencing a person record. >> >>It's already there :). >> >>Please check >>http://www.ripe.net/ripe/docs/irt-object.html >> >>and the TF-CSIRT effort to make it easier to use this: >>http://www.dfn-cert.de/team/matho/irt-object/ >> >>It's not perfect but it's there. > > > That's exactly the point, IRT is there but far for perfect for the purpose > the original poster is refering to. > > The problem is that there are a lot of 'tools' out there who have a > mechansim to query ripe or another db for the inetnum and all person and role > objects asociated with it to find line which contains an '@' to be a valid > address to complain to. Well, except that the word 'abuse' may be a bit easier to understand than 'irt' for many non-RIPE-database-gurus, I do not see much difference between a reference to an IRT object or a reference to a person/role object. The big difference is that an IRT is usually better protected (see below) and provides more information. The protection that the IRT gives over a person/role object includes: - It MUST be maintained, while a person or role object does not have to be; it can be completely unprotected. - Authorization from the IRT is required, before the IRT can be linked to the inet[6]num object. This is important so not all mail for a malicious company can go to another (or non-existent) address. Moreover, if the IRT object is maintained by TRUSTED-INTRODUCER-MNT (or possibly other organisations of Incident Response Teams), it means the object's information has been verified and is verified on a regular basis. > Refering to an abuse address in remarks is possible, but then even you > have to be carefull to not enclose the address in <> as some webbased > tools strip them out. > > Not to judge on all, but I get the feeling that there are a lot of people > who don't know what the fields mean, let alone they will know on how to > use the irt object. The encryption information in the IRT object is just for communication that needs encryption. For normal abuse reports just the e-mail/phone/fax/address fields will suffice. > So we can start advertising the irt mechanism to both the LIR's and the > people who migth come searching for an address to send a complaint to. I > don't think it is very likely to hit a large public in a reasonable time. Neither would another extra attribute, because people will still be sending their mail to ALL adresses found... > Introducing an extra (mandatory) field in inetnum objects to hold the > abuse address for that specific netblock and nothing more makes it much > more easier for all those people who write automated process to get the > information requested and not have to fallback to listing addresses in > changed: fields as a possible way to complain. If they can find the information in a person/role object, so can they in an IRT object. If the tool finds an mnt-irt attribute, just let it look for the contact information (address, phone, fax-no and e-mail) in the IRT object and display that to the user. > Introducing it and making some noise about it on certain mailinglists and > fora, will probably be picked much faster. I agree on that point... > As such can this subject be put an the wg-agenda for ripe-47 ? > > To formalize it a little bit I wan't to put forward the proposal to add an > 'abuse' field to inetnum and inet6num objects. > > This field will be limited to one line containing a syntactically correct > email address which can be used to send abuse complaints on ip-addresses > in that block. > > Reasons to do so are to give people an easy way to automate finding a > place to complain and giving LIR's an easy and generic way to publish the > abuse address, without having to resort to the unknown and for the average > database user complex method of the irt-object. I agree that making an IRT object is a bit more difficult than making an extra attribute, but reading an IRT object is not so difficult and could be easily automated. > As a side effect this might result in more spammers hitting the abuse box > directly as they harvest the database :) As if the abuse boxes aren't full enough already... ;-) Personally, I would suggest promoting the current advanced mechanism instead of inventing something new. Regards, Menno Pieters -- Menno Pieters - Stelvio Postbus 215, 3740 AE Baarn phone: +31-35-5.429.324 / fax: +31-35-5.429.327 XOIP: +31-84-8.720.349 / Web: http://www.stelvio.nl/
- Previous message (by thread): [db-wg] abuse-c
- Next message (by thread): [db-wg] abuse-c
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ db-wg Archives ]