Search RPD Archives
[rpd] Abuse addrsses
geier at geier.ne.tz
Sun Oct 17 02:54:05 UTC 2021
On 17/10/2021 03:01, Ronald F. Guilmette wrote:
> Was there a proposal in exiatance at one time to require members to add
> abuse reporting email addresses to their ASN and/or IP block WHOIS records?
> I seem to vaguely recall that there may have been one, but I'm not sure
> If there was one, whatever happened to that?
1. under discussion & under appeal
2. last call and under appeal
> P.S. I am a bit annoyed right at the moment, because I just got a spam from
> 22.214.171.124 which belongs to Maroc Telecom, and they don't have any abuse
> reporting address in the WHOIS data base.
resource holders have the ability to add abuse contacts using a "irt object"
[frank at fisi ~]$ whois -h whois.afrinic.net -- -v inetnum | grep ^mnt-irt.
mnt-irt: [optional] [multiple] [inverse key]
[frank at fisi ~]$ whois -h whois.afrinic.net -- -v inetnum | grep -A 10
May appear in an inetnum, inet6num or aut-num object. It points to an
irt object representing a Computer Security Incident Response Team
(CSIRT) that handles security incidents for the address space
specified by the object.
An irt name is made up of letters, digits, the character
underscore "_", and the character hyphen "-"; it must start
with "irt-", and the last character of a name must be a
letter or a digit.
[frank at fisi ~]$ whois -h whois.afrinic.net -- -v irt
these are *optional* currently.
> This company holds 8,404,992 AFRINIC-issued IPv4 addresses, so it is not
> exactly small. The fact that all of that IPv4 space has been allocated
> to the company, by AFRINIC, but with absolutely NO abuse reporting contact
> is, well, crazy.
> P.P.S. Based on the nature of the spam, I can say with nearly 100% certainty
> that the machine at 126.96.36.199 has been security compromised.
More information about the RPD