Re: Reporting DDOS reflection attacks

[srn.nanog () prgmr com]

On 11/08/2014 03:30 AM, Ruairi Carroll wrote:

> Whois data *seems* to be a little more reliable, and there's an abuseEmail script out there that
> helps automate the abuse contact lookup ( http://abuseemail.sourceforge.net/ ).  

I believe this script is out of date and I would not use this script without doing a thorough
review/update. For example, 100.43.102.0/24 is reported to be reserved but whois clearly shows that
it is allocated to Xplornet Communications Inc. Then when I remove the reserved allocation from the
script, the abuse email returned is arin.net rather than xplornet.com.

Using

dig +short 102.43.100.origin.asn.cymru.com TXT
and then
whois as22995

would have gotten me the same abuse email address as what I originally found.