[ppml] Policy Proposal 2003-11: Purpose and Scope of WHOIS Di rectory
william at elan.net
william at elan.net
Wed Aug 27 13:17:00 EDT 2003
On Wed, 27 Aug 2003 jlewis at lewis.org wrote:
> > WHOIS without naming the end user is not much use.
Its not always about end-user its about seeing who is responsible for this
ip block and will respond in case of problems. But naming the end-user is
also important, for example in situations when you're trying to find
correlation between different ip blocks.
> > End user information without contact information, as currently allowed
> > as reassign-simple, is not much use.
>
> Without a clear name or contact info, whois could still tell you how large
> an assignment covering a particular IP is. For abuse tracking, if you
> receive spam from a few IPs in the same range, it's handy to be able to
> see how large that range is, and apply policy to the entire range rather
> than wait to be spammed from each IP in it.
I completely agree with above statement. Plus would like to add that seeing
name and if possible address in the ip block (at the very least city) can
also tell a lot both for abuse as well as how the ips has devided network
(which can be usefull for example for routing).
> > Except for spammer address-harvesting and showing utilization to ARIN,
> > WHOIS is not much use.
This statement is just plain WRONG WRONG WRONG. Whois is very usefull tool
for identifying ownership of the resources (past, present, claimed),
identifying when and how resource was allocated (date are very important
as well) and tying one resource to another. And on many occasions I was
able to show that domains or ips below to the same company (or used by
them) even when addresses or names were different, just by similarities
of how records were created and by multiple references from one resource
to another.
That whois is used for harvesting emails is unfortunete and that is why
we need WHOIS AUP (see my proposal 2003-9) however ARIN whois is in fact
primarily used for various types of reports about abuse from and other
uses include trying to locate proper person in the NOC (sometimes its
urgent - for example hacking incident), trying to verify ownership of ip
block by upstream ISPS, etc. For majority of when ARIN whois data is
used, having it accurate and having POCs present is very important, so we
should definetly have a policy that defines in more detail ARIN procedures
in cases of reports of incorrect data as well as info for those listed to
make sure they understand that they MUST have valid information for
others to be able to contact them.
Having said the above, I can not really support 2003-11 as it is written
right now. I actually liked ideas presented by Andrew Dul (as part of what
AC has been working on, see http://www.arin.net/mailing_lists/ppml/1807.html)
I think it would be in the best interest of everybody if AC instead of
again trying to do it in private, actually presented their proposal right
now and we could all work out best combination of 2003-11 and that proposal
and come up with something acceptable to the majority of those interested
in policy about validation of data in whois database.
--
William Leibzon (a really big fan of whois :)
william at elan.net
More information about the ARIN-PPML
mailing list