Reporting DDOS reflection attacks
srn.nanog at prgmr.com
srn.nanog at prgmr.com
Sat Nov 8 18:04:21 UTC 2014
On 11/08/2014 03:30 AM, Ruairi Carroll wrote:
> Whois data *seems* to be a little more reliable, and there's an abuseEmail script out there that
> helps automate the abuse contact lookup ( http://abuseemail.sourceforge.net/ ).
I believe this script is out of date and I would not use this script without doing a thorough
review/update. For example, 100.43.102.0/24 is reported to be reserved but whois clearly shows that
it is allocated to Xplornet Communications Inc. Then when I remove the reserved allocation from the
script, the abuse email returned is arin.net rather than xplornet.com.
Using
dig +short 102.43.100.origin.asn.cymru.com TXT
and then
whois as22995
would have gotten me the same abuse email address as what I originally found.
More information about the NANOG
mailing list