On Tue, May 24, 2005 at 11:32:28PM +0200, Philippe Bourcier wrote:
I'd like to know what would you recommend as the behavior for catching the "best possible" abuse-contact in the RIPE db.
Here is how the cyberabuse whois used to work (for RIPE) : 1 - search for an IRT object (mnt-irt), if one exist, go catch the associated e-mail 2 - search for an email in all the remarks/trouble/descr fields with the abuse/security/cert/csirt string in it 3 - search for the admin-c's email, if any 4 - search for the tech-c's, if any 5 - search for the first email found [...] Any other comments/suggestions ?
I think steps 3 and 4 should be swapped, and 5 removed completely. Best regards, Daniel -- CLUE-RIPE -- Jabber: dr@cluenet.de -- dr@IRCnet -- PGP: 0xA85C8AA0