|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Abuse procedures... Reality Checks
> >> Neither I nor J. Oquendo nor anyone else are required to spend our > >> time, our money, and our resources figuring out which parts of X's > >> network can be trusted and which can't. you should only spend resources on activities which will benefit you, of course. research into a /N to find out which /(M>N)'s are good and which are evil can pay back in a lower false-positive rate, which will matter to some blockers more than others. > > It's not that hard, the ARIN records are easy to look up. Figuring out > > that network operator has a /8 that you want to block based on 3 or 4 > > IPs in their range requires just as much work. as several others have pointed out, detailed records are often unavailable and are sometimes wrong. my theory is that folks don't want to put abuse contact info into WHOIS that will just cause them to be reportbombed with low quality automated trash having no particular format, lacking useful detail, and often complaining to the wrong place. (for example, as one of the WHOIS contacts for AS112, i am reportbombed frequently by folks whose reportbot's best guess at who-spammed-them is an RFC 1918 address.) > It's *very* hard to do it with an automated system, as such automated > look-ups are against the Terms of Service for every single RIR out there. perhaps appropos of this, http://www.arin.net/announcements/article_352.html says that there's a movement afoot to remove one of the WHOIS query limits at ARIN. if someone here thinks that a TOS change that permitted automated lookups for the purpose of abuse reporting would be good, then in the ARIN region, http://www.arin.net/policy/irpep.html says how you can suggest such. -- Paul Vixie
|