[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Reporting DDOS reflection attacks

Subject: Reporting DDOS reflection attacks
From: srn.nanog at prgmr.com (srn.nanog at prgmr.com)
Date: Sat, 08 Nov 2014 10:04:21 -0800
In-reply-to: <CANdN9jaqabTuVi8n3F1TXFs4y3R=7oBRb4pZcj8+QKfSdDGXeA@mail.gmail.com>
References: <[email protected]> <CANdN9jaqabTuVi8n3F1TXFs4y3R=7oBRb4pZcj8+QKfSdDGXeA@mail.gmail.com>

On 11/08/2014 03:30 AM, Ruairi Carroll wrote:

> Whois data *seems* to be a little more reliable, and there's an abuseEmail script out there that
> helps automate the abuse contact lookup ( http://abuseemail.sourceforge.net/ ).  

I believe this script is out of date and I would not use this script without doing a thorough
review/update. For example, 100.43.102.0/24 is reported to be reserved but whois clearly shows that
it is allocated to Xplornet Communications Inc. Then when I remove the reserved allocation from the
script, the abuse email returned is arin.net rather than xplornet.com.

Using

dig +short 102.43.100.origin.asn.cymru.com TXT
and then
whois as22995

would have gotten me the same abuse email address as what I originally found.

References:
- Reporting DDOS reflection attacks
  - From: srn.nanog at prgmr.com (srn.nanog at prgmr.com)
- Reporting DDOS reflection attacks
  - From: ruairi.carroll at gmail.com (Ruairi Carroll)

Prev by Date: Clueful Jive Communications Contact?
Next by Date: Reporting DDOS reflection attacks
Previous by thread: Reporting DDOS reflection attacks
Next by thread: Reporting DDOS reflection attacks
Index(es):
- Date
- Thread