[65728] in North American Network Operators' Group
Re: Need Contact at RoadRunner
daemon@ATHENA.MIT.EDU (Chris Lewis)
Fri Dec 5 17:23:39 2003
Date: Fri, 05 Dec 2003 17:18:43 -0500
From: "Chris Lewis" <clewis@nortelnetworks.com>
Cc: nanog@merit.edu
In-Reply-To: <012a01c3bb77$1215b260$0200000a@jamesnew>
Errors-To: owner-nanog-outgoing@merit.edu
james wrote:
> : When you're introducing thousands of IP blocks per day, it's pretty hard
> : to notify them all.
> I may be reaching here but I think perl scripting can do this.
I wish. I've been experimenting with doing exactly that for years.
Problems:
- WHOIS data is often incomplete, wrong, or deliberately
misleading. Heck, I see legitimate IP space which simply
isn't registered _anywhere_.
- there is no standard way to indicate notification addresses -
some use comments, many different potential field names. Why
couldn't this have been standardized?
- Inadequate delegation
- Notifying too far down the chain
The experiments I've done got to about 10% accuracy. But it's the 90%
that are completely erroneous and potentially cause mailing entirely the
wrong person. There's no way you can let one of these things run
unattended.
I have something running doing this - but the IP -> email address
database is compiled by hand. Coverage is abysmal - maybe 20% on good
days for spam reports. Probably be 0% on reasonably clean IP ranges.
abuse.net maintains a domain -> abuse address database. It's the best
data, _if_ the domain owner has registered. There is nothing analogous
for IP addresses. Or even AS's.
Man it would be nice if there was an IP or AS -> notification address
service out there (ie: by DNS, ala DNSBL TXT records).
