MarcoH wrote:
On Mon, Jan 12, 2004 at 09:55:06AM +0100, Shane Kerr wrote:
On of the problems that was identified when the irt object type was defined is that there are a lot of meanings of "incident" that the "irt" could be responding to. The same applies to an "abuse-c:" attribute. Does abuse mean spam? DoS? Illegally trading movies? E-mailed viruses? Pornography? Gambling? Hijacking address space?
Do you have different desks for these different types of abuses? If so, does it make sense to have different contacts for them? (History shows this doesn't matter too much - as users tend to send to every e-mail they can find. But in the future, it would make modifying output of tools to only display relevant information easier.)
That's why I proposed a simple attribute only containing 1 single email address where people can send their complaints. It will mostly end-up being abuse@isp for every single inetnum.
Apart from that and in general, the I think relying on RFC 2142 (which is a standard) is at least an equally good approximation as introducing any new email-containing attributes: RFC2142, Sect. 2: For example, if an Internet service provider's domain name is COMPANY.COM, then the <ABUSE@COMPANY.COM> address must be valid and supported, even though the customers whose activity generates complaints use hosts with more specific domain names like SHELL1.COMPANY.COM. Note, however, that it is valid and encouraged to support mailbox names for sub-domains, as appropriate. and Sect4: states there should be ABUSE Customer Relations Inappropriate public behaviour NOC Network Operations Network infrastructure SECURITY Network Security Security bulletins or queries Ok, it is not always trivial to fiure out a domain to an ip-range, but for the well behaved ones that would use the abuse-c it is usually easy to make out the right abuse@.... and the bad-guys would either not use it at all, or put something like abuse_box_for_me@hotmail.com in (or an approbriate role holding that data. so it would be worthless anyway. Am I missing something here? lG uk -- Ulrich Kiermayr Zentraler Informatikdienst der Universitaet Wien Network - Security - ACOnet-CERT Universitaetsstrasse 7, 1010 Wien, AT eMail: ulrich.kiermayr@univie.ac.at Tel: (+43 1) 4277 / 14104 PGP Key-ID: 0xA8D764D8 Fax: (+43 1) 4277 / 9140