Dear Arnold On 13/03/2013 00:31, Arnold wrote:
Dear Arnold
I am afraid I am a little confused as to what you were trying to find in the database. Hello Denis, What I am typically looking for is an e-mail address to which I can send a SPAM report. First I look up the originating IP address in the source code of the SPAM message,
On 12/03/2013 2:35 AM, Denis Walker wrote: plug it into a WhoIs look up via the IANA ipv4-address-space.xml files. Often enough this gives me the abuse handler address. For RIPE, when no abuse address is given, I try to find one using the admin-c: ?????-RIPE and plugging it into http://apps.db.ripe.net/search/query.html to find the NIC handle, which some times has an e-mail address, sometimes it has a circular reference to itself and other times it may have a gmail or hotmail address which often enough bounce because the mail box is full .
The RIPE Database contains many email addresses. These addresses are there for different reasons. Many attributes may point you to an email address, for example: admin-c: tech-c: zone-c: ping-hdl: notify: ref-nfy: mnt-ref: changed: and abuse-mailbox: Only this last one is specifically intended for abuse complaints. The problem we had in the past is that this attribute was always optional and if used could be put in many different places. With the new abuse-c:, to be deployed very soon, it will be mandatory and fixed in one place. Within the next 6 months all PA address space allocated by the RIPE NCC and all the more specific assignments WILL be covered by this mandatory abuse-mailbox: using the abuse-c: reference.
You looked up a PERSON object by the Nic Hdl. The Nic Hdl is the primary key of a PERSON object in the database. So you found what you were looking for, the person.
Now I see that this Nic Hdl is referenced in an INETNUM object. If you were looking for the abuse contact for that resource, it is possible to find one by doing many queries manually yourself, but it is not the recommended way. This PERSON object, has a MNTNER, which has an admin-c, which references another PERSON that has an abuse-mailbox.
If you used the Abuse Finder tool to look up the resource, it would return you the same abuse-mailbox without the need for you to do all the individual queries. http://apps.db.ripe.net/search/abuse-finder.html
I have tried to use the abuse finder tool a few times, but have never really had enough luck with it to keep using it. Just now I tried both with 217.75.223.120 - abuse-finder.html gave me nothing at all, The query tool gave me - in this case a whole slew of contacts as admin-c, tech-c & NIC-hdl. At least one of these got me a usable e-mail address to which I will send my report.
I think in this context 'usable' may have different interpretations. One of the functions of the RIPE Database is for engineers to be able to contact each other to resolve network and routing problems. Sending an abuse report to a network engineer because he has a 'usable' email address in the database may not achieve the result you were expecting. The Abuse Finder tool returns the email addresses that have been provided for receiving abuse reports. If no such address has been provided the tool will return nothing, even if there are other email addresses in the database that are intended for other purposes. Over the next few months, as the abuse-c: data is entered into the database, the Abuse Finder tool will return more positive results. This will be the quickest and most reliable way to find abuse contacts for any resource. Regards Denis Walker Business Analyst RIPE NCC Database Group
I noticed that this resource is an allocation object. Within the next 6 months this resource WILL have an abuse-c reference. So it will be even easier to find the abuse contact details without needing to lookup any personal data.
When I first learned of the abuse finder, I tried it - with much the same success as this time. Perhaps I am feeding it the wrong questions and data. In that case I need more information about what sort of things I can feed it - but it would have to be things I can glean from the SPAM e-mail. Clicking on the '?' for the Resource field in the abuse finder did not give me enough to make it work as I would expect it to work - i.e. give me a useful contact e-mail address.
Hoping that helps explain how I look for data.
Please let me know if there are better or quicker ways to come by the needed data.
That being said, I do find that these days I do run into a lot more WhoIS records with usable e-mail addresses compared to even a year ago.
Regards, Arnold