Paul Palse

Find Abuse Handler Details Using the Abuse Finder

Paul Palse
10

The RIPE Database contains a lot of useful information about who to contact in case of network abuse or spam. But sometimes it can be difficult to find the right abuse handler information for a network resource in the RIPE Database. We developed an Abuse Finder tool that will make it easier.


The RIPE Database contains a lot of useful information about who to contact in case of network abuse or spam. However, this information is scattered over various RPSL objects and is not consistent in coverage or quality.

In addition to that, there are several ways to get to the information and it isn’t at all straightforward. In other words: it’s hard to find the right abuse handler information for a network resource in the RIPE Database. There isn’t a simple database query one can construct that will return such information.

Until now…

While working on the new RIPE Database query API, we came up with the idea of “use case queries”. A “use case query” will return a concise answer to a question that would normally involve doing some manual data mining in the RIPE Database.

The “Abuse Finder” is the first of such data mining tools; the data mining is now done for you in the background.

 

Abuse Finder

 

https://apps.db.ripe.net/search/abuse-finder.html

How does the Abuse Finder tool work?

You only need to supply a network resource ID and press the search button. The tool will apply some business rules to assemble a list of abuse contact details. One of the benefits of this approach is that the tool doesn’t need to present any personal data and is therefore exempt from query blocking rules.

The tool will return the following data:

  • A link to an IRT object if available
  • A list of abuse mailboxes
  • A list of links to objects with abuse related remarks

How does the tool harvest its results?

To adapt a popular saying:  'A good picture speaks a thousand words lines of code':

 

Abuse Finder Flow

 

The tool will remove any duplicate results. It will also return links to objects that have any of the following keywords listed in the remarks field:

  • Abuse
  • Spam
  • Complaint
  • Trouble
  • Problem

Because remark lines are free text, we felt that they required some (human) inspection to assess if the resulting remarks contained valid abuse handler data; therefore the tool just provides pointers to these objects.

Point your script at the Abuse Finder tool!

Anyone who has written scripts to access the RIPE Database knows that there are some rules to consider - especially for scripts that frequently query the database:

  • Excessive query behaviour can cause the tool to time out. This is by design to prevent DDoS attacks.
  • Queries may include personal data. There is a limit to the amount of personal data the service returns to any client. Clients may get blocked if they exceed the limits.
  • Searches are very liberal with the amount of data it returns. Lots of data may need to be filtered out to get to the proper results.
  • RPSL is a tricky format to parse well by code.

The “Abuse Finder” RESTful web service has addressed all of these issues by:

  1. Only returning relevant data in any one response.
  2. Not returning any personal data, so there is no chance of getting blocked.
  3. Responding with an easy to parse XML or JSON formatted response.
  4. In case the database structure were to change, the response by this tool may not have to change.

The API documentation will be updated soon to reflect this.

What’s next?

This time we are not only looking for feedback about this “Abuse Finder” tool. We are also interested to hear if there are other “Use Case” searches that you would find useful.

If the proposal gets enough thumbs up we may implement it as a proper service…

Please see also initial description of the RIPE Database API , the RIPE Database Query Including Search and a short RIPE Database Query API Update .



10

About the author

Comments 10