[ppml] Proposal: make Abuse Handle *REQUIRED* for AS Registration

Michael.Dillon at radianz.com Michael.Dillon at radianz.com
Thu Jul 24 12:18:42 EDT 2003 

>You seem to be implying that if a registrant elects NOT to specify an 
abuse
>handle, then the Internet community should consider the Tech handle to be
>the abuse contact?

>I have NOT been operating under this assumption.  I assume the tech 
handle
>for an AS registration is NOT the abuse contact, but rather a router
>engineer.  I'm trying to be very, very careful about what contact I start
>sending notices to as maintaing my reputation in the security community 
is
>my primary concern.

You're doing the right thing. If you want to send a stream of abuse to a 
network operator then you should use the abuse contact and not the 
technical contact. Technical contacts should only be used when there are 
technical issues that require skilled technical intervention.

Abuse contacts are used for mail which can be safely ignored (abuse) or 
which can be handled administratively such as cancelling an account.

>If I can't identify a specific abuse contact, I do NOT send a notice...or 
I
>just default to postmaster@ ... which ultimately goes no where, or isn't
>monitored by a human.

May I suggest that if you cannot identify an abuse contact to receive your 
messages, you should store all the info in a database-backed web server 
and send a single weekly message to the technical contact stating:

      In the week from July 14th 2003 to July 20th 2003 inclusive, your ip 
address range
      was the source of 7,893 separate incidents of network abuse. In 
order to assist you
      in tracking these incidents and reducing their impact, we have 
detailled reports on
      all incidents available at 
http://www.example.com/incidents/worldcom/20030720/

      If you would like to receive these notices when the incidents are 
still fresh, please
      create an Abuse using the ARIN template at 
http://www.arin.net/library/templates/asnmod.txt

Oh, and while you're at it, why not put all of this stuff into an LDAP 
server as well so that nobody gets the idea of using BGP peering sessions 
to distribute up to date abuse contact info.

--Michael Dillon

More information about the ARIN-PPML mailing list