David, Sorry for the flood of email. I attempted to write a script to parse cisco syslogs of a smurf attack and automatically mail contacts listed in rwhois--looks like it doesn't work so well, particularly in the case of APNIC and RIPE blocks. I will stop using it. If anyone has something that works better, I'd love to get a copy. David R. Conrad writes:
Due to the unfortunate inability for some ISPs to read statements like:
*** please refer to whois.apnic.net for more information *** *** before contacting APNIC ***
I have been receiving quite a few demands to fix "my" smurf amplifying networks (in particular, one Jon Lusky <lusky@earth.voyageronline.net> has been daily sending me a note containing the entirety of Craig's document for each of the APNIC delegated networks that shows up in your list. There are (sadly, far too many) others, but usually when I send back the canned "APNIC is a registry, check here for more information" message, they get the hint. Mr. Lusky is apparently "special").
Would it be possible to hit APNIC's whois server for addresses in the APNIC blocks (202/7, 210/7, 61/8) before installing them in your web page?
Thanks, -drc
-- Jonathan R. Lusky | Voyager Online, LLC Director of Network Operations | (423) 209-2929 lusky@voyageronline.net | Unlimited PPP $19.95/mo http://www.hotrod.com | http://www.voyageronline.net