Search RPD Archives
Limit search to: Subject & Body Subject Author
Sort by:

[rpd] Abuse addrsses

Frank Habicht geier at geier.ne.tz
Sun Oct 17 02:54:05 UTC 2021


Hi Ronald,

On 17/10/2021 03:01, Ronald F. Guilmette wrote:
> Was there a proposal in exiatance at one time to require members to add
> abuse reporting email addresses to their ASN and/or IP block WHOIS records?

1. https://afrinic.net/policy/proposals/2018-gen-001-d7
2. https://afrinic.net/policy/proposals/2020-gen-005-d1


> I seem to vaguely recall that there may have been one, but I'm not sure
> anymore.
> 
> If there was one, whatever happened to that?

1. under discussion & under appeal
2. last call and under appeal
[https://afrinic.net/policy/proposals]


> P.S.  I am a bit annoyed right at the moment, because I just got a spam from
> 196.81.68.81 which belongs to Maroc Telecom, and they don't have any abuse
> reporting address in the WHOIS data base.

resource holders have the ability to add abuse contacts using a "irt object"

[frank at fisi ~]$ whois -h whois.afrinic.net -- -v inetnum | grep ^mnt-irt.
mnt-irt:        [optional]   [multiple]   [inverse key]
[frank at fisi ~]$ whois -h whois.afrinic.net -- -v inetnum | grep -A 10
mnt-irt$
mnt-irt

   May appear in an inetnum, inet6num or aut-num object. It points to an
   irt object representing a Computer Security Incident Response Team
   (CSIRT) that handles security incidents for the address space
   specified by the object.

     An irt name is made up of letters, digits, the character
     underscore "_", and the character hyphen "-"; it must start
     with "irt-", and the last character of a name must be a
     letter or a digit.
[frank at fisi ~]$ whois -h whois.afrinic.net -- -v irt
....

these are *optional* currently.

Regards,
Frank

> This company holds 8,404,992 AFRINIC-issued IPv4 addresses, so it is not
> exactly small.  The fact that all of that IPv4 space has been allocated
> to the company, by AFRINIC, but with absolutely NO abuse reporting contact
> is, well, crazy.
> 
> 
> P.P.S.  Based on the nature of the spam, I can say with nearly 100% certainty
> that the machine at 196.81.68.81 has been security compromised.




More information about the RPD mailing list