[175924] in North American Network Operators' Group
Re: Reporting DDOS reflection attacks
daemon@ATHENA.MIT.EDU (srn.nanog@prgmr.com)
Sat Nov 8 13:04:29 2014
X-Original-To: nanog@nanog.org
Date: Sat, 08 Nov 2014 10:04:21 -0800
From: srn.nanog@prgmr.com
To: Ruairi Carroll <ruairi.carroll@gmail.com>
In-Reply-To: <CANdN9jaqabTuVi8n3F1TXFs4y3R=7oBRb4pZcj8+QKfSdDGXeA@mail.gmail.com>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
On 11/08/2014 03:30 AM, Ruairi Carroll wrote:
> Whois data *seems* to be a little more reliable, and there's an abuseEmail script out there that
> helps automate the abuse contact lookup ( http://abuseemail.sourceforge.net/ ).
I believe this script is out of date and I would not use this script without doing a thorough
review/update. For example, 100.43.102.0/24 is reported to be reserved but whois clearly shows that
it is allocated to Xplornet Communications Inc. Then when I remove the reserved allocation from the
script, the abuse email returned is arin.net rather than xplornet.com.
Using
dig +short 102.43.100.origin.asn.cymru.com TXT
and then
whois as22995
would have gotten me the same abuse email address as what I originally found.
