Hi all, It seems that outdated CLDAP servers on the internet are being used again for DDoS amplification attacks. I've got about 16k IPs that have participated in several of these over the last several weeks and I'd like to report these to the relevant abuse departments so they can be properly handled. However, I am not finding a simple, or standardized way to look up the abuse contacts for a specific IP. Does someone have a suggestion? thanks! -- micah
Take a look at https://www.abusix.com/contactdb Damian On Wed, Nov 28, 2018 at 12:46 PM micah anderson <micah@riseup.net> wrote:
Hi all,
It seems that outdated CLDAP servers on the internet are being used again for DDoS amplification attacks. I've got about 16k IPs that have participated in several of these over the last several weeks and I'd like to report these to the relevant abuse departments so they can be properly handled.
However, I am not finding a simple, or standardized way to look up the abuse contacts for a specific IP. Does someone have a suggestion?
thanks!
-- micah
In article <87in0horr2.fsf@riseup.net> you write:
However, I am not finding a simple, or standardized way to look up the abuse contacts for a specific IP. Does someone have a suggestion?
The RIRs all have RDAP servers that will in theory give you the abuse contact for any IP address in an easy to parse json. I have a python script that works reasonably well to look them up and cache what it finds in a mysql database. R's, John
participants (3)
-
Damian Menscher
-
John Levine
-
micah anderson