[Dshield] Domain Name Front Running
Paul Ferguson
fergdawg at netzero.net
Sat Dec 29 02:10:13 GMT 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- -- "Darren Spruell" <phatbuckett at gmail.com> wrote:
>A lot of folks rely on the CYMRU Whois service. Their server provides
>ASN lookup information and mapping information to IP
>registrants/organization, although no abuse contact.
>
>http://www.cymru.com/BGP/asnlookup.html
>
>They can handle lookups over raw TCP socket, DNS, Whois, and HTTP(S).
>If you do anything formal and on any larger scale, contact the project
>first so they can accommodate you.
While I know a lot of the folks over at Team Cymru, and very much
appreciate all of their efforts, this particular "service" -- while
useful -- doesn't really provide much here insofar as abuse reporting
information.
The key wording in the Cymru description is that the service provides
a "...mapping IP numbers to BGP prefixes and ASNs" which is helpful,
but it is up to you, the user of the service, to them discern how
to contact the parties responsible -- and that is sometimes impossible
to do.
First, the domain registrars are NOT doing adequate oversight to
ensure that WHOIS registry information is accurate, and in many
cases (e.g. Domains By Proxy) the information is sheilded. So relying
on technical contacts, abuse contacts, etc. on domains which are
deemed problematic or just downright abusive is zero gain -- it is
virtually always incorrect, just plain wrong, or fudged altogether.
In other words, the domain registrars/registries have allowed
abusers to abuse the system -- legitimate users don't do that.
Having said that, you can pretty much forget trying to use WHOIS
for domain registry information.
On the other hand, the RIRs (the various IP registries, or
Regional Internet Registries) have very good and mostly accrate
allocation information which is useful in this case.
Start there.
- - ferg
-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.6.3 (Build 3017)
wj8DBQFHdayEq1pz9mNUZTMRAhweAKDGHr1fFPgtLMp6cmRt19BdpaRmMACfV8fq
Jg6c3TQbxL4qcx44AuIa30E=
=DXld
-----END PGP SIGNATURE-----
--
"Fergie", a.k.a. Paul Ferguson
Engineering Architecture for the Internet
fergdawg(at)netzero.net
ferg's tech blog: http://fergdawg.blogspot.com/
More information about the list
mailing list