MaineWebworks Posted June 8, 2005 Share Posted June 8, 2005 I reported UCE from IP 200.226.171.210. The reporting tool reports one of the best contacts as mail-abuse[at]nic.br. However, it turns out that the actual Whois on the IP when using whois.registro.br shows a better abuse contact. remarks: Security issues should also be addressed to remarks: cert[at]cert.br, http://www.cert.br/ remarks: Mail abuse issues should also be addressed to remarks: mail-abuse[at]cert.br The IP belongs to lacnic.net who has limited information as they assign the IP's to individual users, so their abuse contact may or may not be the best one to use. remarks: These addresses have been further assigned to Brazilian users. remarks: Contact information can be found at the WHOIS server located remarks: at whois.registro.br or at http://whois.registro.br So, I was wondering is this a good place to post this kind of information or is there another way to send this out to spamcop.net? I've found this before when reporting spam. Thanks. Link to comment Share on other sites More sharing options...
Jeff G. Posted June 8, 2005 Share Posted June 8, 2005 Of course, it would be nice if the system actually worked for me. I get the following: 06/08/05 11:30:27 whois 200.226.171.210[at]whois.registro.br whois -h whois.registro.br 200.226.171.210 ... % Copyright registro.br % The data below is provided for information purposes % and to assist persons in obtaining information about or % related to domain name and IP number registrations % By submitting a whois query, you agree to use this data % only for lawful purposes. % 2005-06-08 12:30:34 (BRT -03:00) % Permission denied. remarks: Security issues should also be addressed to remarks: cert[at]cert.br, [url=http://www.cert.br/]http://www.cert.br/[/url] remarks: Mail abuse issues should also be addressed to remarks: mail-abuse<at>cert.br % whois.registro.br accepts only direct match queries. % Types of queries are: domains (.BR), BR POCs, CIDR blocks, % IP and AS numbers. Link to comment Share on other sites More sharing options...
turetzsr Posted June 8, 2005 Share Posted June 8, 2005 Of course, it would be nice if the system actually worked for me.<snip>29014[/snapback] ...Bummer! Although I note that the relevant information displayed, anyway. GeekTools whois might work for you. <g> Link to comment Share on other sites More sharing options...
Wazoo Posted June 8, 2005 Share Posted June 8, 2005 In general, to keep all this data together, the news://news.spamcop.net/spamcop.routing is the place suggested for this type of data. Normally asked is a bit more justificaiton / documentation on the suggested alternative or addiional report addresses. The nic <at> br address I believe was based on arequest from them to be notified. Looking at your suggested address, it appears to be more or less the same thing, i.e., not a direct contact point for the ISP involved, rather an oversight outfit that may or may not actually do anything, so at best, this address would be an additional, rather than a changed address (again, from what I see .. the Deputies may or may not have access to the old data [a recent thread in the newsgroups dealt with fallout of a crash a while back that hosed some of that historical stuff]) Anyway, from http://www.cert.br/index-en.html CERT.br, formerly known as NBSO/Brazilian CERT, is the Brazilian Computer Emergency Response Team, sponsored by the Brazilian Internet Steering Committee, responsible for receiving, reviewing, and responding to computer security incident reports and activity related to networks connected to the Brazilian Internet. CERT.br participates in the coordination of the Brazilian Honeypots Alliance -- Distributed Honeypots Project. The objective of this project is to increase the capacity of incident detection, event correlation and trend analisys in the Brazilian Internet space. Noting also: NBSO will be called CERT.br -- Computer Emergency Response Team Brazil -- starting May 31st, 2005. And as pointed out in posts made while I was researching this, take a look at a post I'd made in the How to Use ... Research" Forum about the 'standardization' of WHOIS data elsewhere to solve some of this "trying to guess where the real data is" issue .... http://forum.spamcop.net/forums/index.php?showtopic=4082 Link to comment Share on other sites More sharing options...
MaineWebworks Posted June 8, 2005 Author Share Posted June 8, 2005 Thanks Wazoo! I especcially like the part of the proposal suggesting the abuse-mailbox. Very helpful. I was one of those emailing all the addresses in the past because I was unsure how to easily find the abuse addresses and wondered if they were reliable when I found them. ---------------------------------- I use: dnsstuff.com to help with my lookups - whois, A records and URL deobfuscation when needed. There's about 20 dns tools in all - on one web page, I prefer it to SamSpade at times. ---------------------------------- - Link to comment Share on other sites More sharing options...
Jeff G. Posted June 9, 2005 Share Posted June 9, 2005 Of course, it would be nice if the system actually worked for me. I get the following:06/08/05 11:30:27 whois 200.226.171.210[at]whois.registro.br whois -h whois.registro.br 200.226.171.210 ... % Permission denied. 29014[/snapback] A few emails later, they say they have removed the block, I'll check when I get back to that IP Address. Link to comment Share on other sites More sharing options...
Jeff G. Posted June 9, 2005 Share Posted June 9, 2005 A few emails later, they say they have removed the block, I'll check when I get back to that IP Address.29038[/snapback] It works now. Link to comment Share on other sites More sharing options...
MaineWebworks Posted June 9, 2005 Author Share Posted June 9, 2005 It works now. 29047[/snapback] Great, please post what you find out Jeff G. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.