Search RPD Archives
Limit search to: Subject & Body Subject Author
Sort by:

[AfriNIC-rpd] abuse contact information in whois database (AFPUB-2010-GEN-002)

SM sm at resistor.net
Wed Jun 16 15:56:01 UTC 2010


Hi Tobias,
At 02:32 16-06-10, Tobias Knecht wrote:
>May: AfriNIC stats.
>
>     1.363 unique AS Numbers
>   340.583 unique IP Addresses
>2.564.952 all over hits on our reference system
>
>I can not exactly tell you how many whois requests that would have been,
>because we are caching and at the moment just using the direct allocated
>ranges for exactly these query issues.

If you are caching, it shouldn't be a problem.  The numbers would 
still be on the low side in terms of query rate.

>If there will be consensus on the object part there would even be a
>possibility of setting up some kind of RBLDNSD Service where you put in
>ip and get back abuse@ contact. Something like this
>http://abusix.org/service/abuse-contact-db-beta

As an end-user, I would probably re-purpose rbldnsd to do the job if 
the data was available through bulk whois.  The data could also be 
"mined" on the fly but that requires more work.

>I fully agree on that. It really depends on how this would work.
>
>Think about it this way:
>Mandatory IRT Object for inet(6)num and asnum.
>Mandatory abuse-mailbox attribute in that IRT Object.
>
>whois -B 193.174.0.0/15 (all data - restricted queries)
>whois  193.174.0.0/15 (less data - restricted queries)
>whois  -b 193.174.0.0/15 (only abuse mailbox attribute - unrestricted)

If you put unrestricted, people will read that literally.  By the 
way, FBLs are more effective as abuse mailboxes can be flooded by 
messages from individual users reporting ping "attacks". :-)  If I 
recall correctly, there is a end-user application that can 
automatically generate such reports.

Regards,
-sm 




More information about the RPD mailing list