Hi,
what might add some info to the discussion
is the existence of the "security.txt" file described e.g.
in https://securitytxt.org/ (https://www.rfc-editor.org/info/rfc9116)
This adds security-information to websites - which might
be sufficient for many incidents. (aside from whois)
I would not go into too much detail on the type of
abuse - that is just additional work for the ones who want
to send complains/information. They should have as less work
as possible to address an incident. It is up to the recipient
to fiddle out the type of abuse and take care about it.
Not all complaints are created by automatic scripts :)
Gunther
On 2022-06-07 20:07, Ángel González Berdasco via anti-abuse-wg wrote:
Gert Doering writes:
Hi,
On Tue, Jun 07, 2022 at 12:36:10PM +0000, Ángel González Berdasco via
anti-abuse-wg wrote:
> abuse-c: GROBECKER-ABUSE
>
> and the GROBECKER-ABUSE object:
> abuse-mailbox: gene...@abuse.grobecker.info
> abuse-mailbox-vulnerable:
> vulnerability-repo...@abuse.grobecker.info
> abuse-mailbox-fraud: fraudabu...@abuse.grobecker.info
>
> where 'vulnerable', 'fraud', etc. are the machine readable tags
> defined
> in the RSIT for the values in the classification column.
[..]
> Does something like this seem sensible to others?
I think teaching this to CERTs would also be doable... ;-)
It should be. After all, that's based on the Reference Taxonomy used by
CERTs, which they should be relatively familiar with (even if they
aren't following it strictly). :)
From a LIR perspective, this sounds like an interesting and quite
workable idea (... it would need some easily-findable help texts that
explains what these terms stand for, and which one to use for what :-
) ).
I agree. By using an established taxonomy, this avoids having to create
a new categorization of abuse contact subtypes, and (for those of us
using RSIT) the need of mapping from RSIT to that one.
But I admit the explanations at
https://github.com/enisaeu/Reference-Security-Incident-Taxonomy-Task-Force/blob/master/working_copy/humanv1.md
are quite weak and should be improved.
"whois" would need some help (as it today only returns one abuse e-
mail), but that's implementation....
$ whois 195.30.0.1
% Abuse contact for '195.30.0.0 - 195.30.0.255' is 'ab...@space.net'
That's not done by the whois binary, but by the whois server, see
$ echo 195.30.0.1 | nc -C whois.ripe.net 4
Best regards
--
INCIBE-CERT - Spanish National CSIRT
https://www.incibe-cert.es/
PGP keys:
https://www.incibe-cert.es/en/what-is-incibe-cert/pgp-public-keys
====================================================================
INCIBE-CERT is the Spanish National CSIRT designated for citizens,
private law entities, other entities not included in the subjective
scope of application of the "Ley 40/2015, de 1 de octubre, de Régimen
Jurídico del Sector Público", as well as digital service providers,
operators of essential services and critical operators under the terms
of the "Real Decreto-ley 12/2018, de 7 de septiembre, de seguridad de
las redes y sistemas de información" that transposes the Directive (EU)
2016/1148 of the European Parliament and of the Council of 6 July 2016
concerning measures for a high common level of security of network and
information systems across the Union.
====================================================================
In compliance with the General Data Protection Regulation of the EU
(Regulation EU 2016/679, of 27 April 2016) we inform you that your
personal and corporate data (as well as those included in attached
documents); and e-mail address, may be included in our records
for the purpose derived from legal, contractual or pre-contractual
obligations or in order to respond to your queries. You may exercise
your rights of access, correction, cancellation, portability,
limitationof processing and opposition under the terms established by
current legislation and free of charge by sending an e-mail to
d...@incibe.es. The Data Controller is S.M.E. Instituto Nacional de
Ciberseguridad de España, M.P., S.A. More information is available
on our website: https://www.incibe.es/proteccion-datos-personales
and https://www.incibe.es/registro-actividad.
====================================================================
--
NetCologne Systemadministration
NetCologne Gesellschaft für Telekommunikation mbH
Am Coloneum 9 ; 50829 Köln
Geschäftsführer:
Timo von Lepel,
Claus van der Velden
Vorsitzender des Aufsichtsrats:
Dr. Dieter Steinkamp
HRB 25580, AG Köln
--
To unsubscribe from this mailing list, get a password reminder, or change your
subscription options, please visit:
https://lists.ripe.net/mailman/listinfo/anti-abuse-wg
