Need Contact at RoadRunner

Chris Lewis clewis at nortelnetworks.com
Fri Dec 5 22:18:43 UTC 2003


james wrote:


> : When you're introducing thousands of IP blocks per day, it's pretty hard 
> : to notify them all.

> I may be reaching here but I think perl scripting can do this.

I wish.  I've been experimenting with doing exactly that for years.

Problems:
	- WHOIS data is often incomplete, wrong, or deliberately
	  misleading.  Heck, I see legitimate IP space which simply
	  isn't registered _anywhere_.
	- there is no standard way to indicate notification addresses -
	  some use comments, many different potential field names. Why
	  couldn't this have been standardized?
	- Inadequate delegation
	- Notifying too far down the chain

The experiments I've done got to about 10% accuracy.  But it's the 90% 
that are completely erroneous and potentially cause mailing entirely the 
wrong person.  There's no way you can let one of these things run 
unattended.

I have something running doing this - but the IP -> email address 
database is compiled by hand.  Coverage is abysmal - maybe 20% on good 
days for spam reports.  Probably be 0% on reasonably clean IP ranges.

abuse.net maintains a domain -> abuse address database. It's the best 
data, _if_ the domain owner has registered.  There is nothing analogous 
for IP addresses.  Or even AS's.

Man it would be nice if there was an IP or AS -> notification address 
service out there (ie: by DNS, ala DNSBL TXT records).




More information about the NANOG mailing list