The "FAQs for abuse-c" says:
You can have an "abuse-c:" attribute on both your ORGANISATION object AND your RESOURCE object
(inetnum, inet6num and aut-num). The "abuse-c:" reference on applicable RESOURCE objects will
override the value in the "abuse-c:" of your ORGANISATION object.
[https://www.ripe.net/manage-ips-and-asns/resource-management/faqs-for-abuse…]
However, in the RIPE documentation, the list of all possible attributes allowed in AUT-NUM
and INETNUM objects does *not* include "abuse-c":
[https://www.ripe.net/manage-ips-and-asns/db/support/documentation/ripe-data…
rpsl-object-types/4-2-descriptions-of-primary-objects/4-2-1-description-of-the-aut-num-object]
[https://www.ripe.net/manage-ips-and-asns/db/support/documentation/ripe-data…
rpsl-object-types/4-2-descriptions-of-primary-objects/4-2-4-description-of-the-inetnum-object]
There are currently some RESOURCE objects in the RIPE database having abuse-c attributes
(which should not be allowed according to the documentation). For example:
inetnum: 62.27.57.0 - 62.27.57.255
netname: TIS-D406483-NET
descr: Cheetah Digital Germany GmbH
country: DE
admin-c: NET12312-RIPE
tech-c: NET12312-RIPE
abuse-c: CDAC23-RIPE
status: ASSIGNED PA
mnt-by: AS12312-MNT
So we wonder what is correct?
We would prefer sticking to the documentation allowing abuse-c attributes only in ORGANISATION
objects but not in RESOURCE objects as this makes maintaining a local abuse contact database
(for CERTs sending thousands of abuse reports per day) much easier.
For example, for our local contact database, we import all ORGANISATION objects with "country: DE"
and use "org-name" for the contact's name. Then, we link all RESOURCE objects referencing this ORG
to the respective contact in our database. Also evaluating abuse-c attributes directly included
in RESOURCE objects would make building a local contact database much more complex.
- Thomas
CERT-Bund Incident Response & Malware Analysis Team
