Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Reporting Network Abuse and
APNIC Whois Database
Accuracy
Aftab A. Siddiqui
Introduction
• The APNIC Whois Database is a publicly
searchable database detailing address usage
within the Asia Pacific ...
Reporting Network Abuse
Use the APNIC Whois Database to obtain
network contacts
• You can use the APNIC Whois Database to
...
Reporting Network Abuse
Contact The Network
• The admin-c, tech-c, and mnt-irt fields contain
details for the objects asso...
Reporting Network Abuse
• Currently many Operators, Investigator/Law
Enforcement Agencies, End-User and other
institutions...
Reporting Network Abuse
• Whois database data accuracy has been a big issue for
years now. There have been several approac...
Reporting Network Abuse
• Currently the only mechanism available is to
report the invalid contact to APNIC.
• APNIC notify...
Solution
• As per the ARIN Number Resource Policy Manual section
3.6.1:
– Annual Whois POC Validation:
During ARIN's annua...
Solution
• 4342 IRT Object exist out of 4714 members.
• 4164 members created IRT object via
MyAPNIC.
• During 2014 on aver...
Solution
• In July 2010 similar to ARIN policy a proposal
(prop-084) “Frequent whois information
update request” was propo...
Solution?
• Is there any problem?
• Are we comfortable with Invalid object
Reporting only?
• What to do with contact repor...
Thank You
Links
1. http://www.apnic.net/apnic-info/whois_search/using-whois
2. http://www.apnic.net/apnic-info/whois_search/using-
w...
Upcoming SlideShare
Loading in …5
×

Reporting Network Abuse and APNIC Whois Database Accuracy by Aftab Siddiqui [APRICOT 2015]

1,109 views

Published on

A presentation given at the first Policy SIG session of APRICOT 2015 on Thursday, 5th March 2015.

Published in: Internet
  • Be the first to comment

  • Be the first to like this

Reporting Network Abuse and APNIC Whois Database Accuracy by Aftab Siddiqui [APRICOT 2015]

  1. 1. Reporting Network Abuse and APNIC Whois Database Accuracy Aftab A. Siddiqui
  2. 2. Introduction • The APNIC Whois Database is a publicly searchable database detailing address usage within the Asia Pacific region. The results of any search are provided purely for operational purposes (such as finding the authoritative contact for a troublesome machine) Source: www.apnic.net[1]
  3. 3. Reporting Network Abuse Use the APNIC Whois Database to obtain network contacts • You can use the APNIC Whois Database to obtain the registration details of the IP addresses APNIC has delegated. If the those IP addresses have been further assigned to other networks, you may also see the registration details of these assignments. Source: www.apnic.net[2]
  4. 4. Reporting Network Abuse Contact The Network • The admin-c, tech-c, and mnt-irt fields contain details for the objects associated with the contact details for the network administrators responsible. • You will find the person, role, and/or irt objects listed in the results generated. Source: www.apnic.net[2]
  5. 5. Reporting Network Abuse • Currently many Operators, Investigator/Law Enforcement Agencies, End-User and other institutions are using whois database to fetch contact details to identify and share abuse cases and other security problems. • Currently the growing amount of abuse reports are sent to tech-c, admin-c or mnt-irt contacts, as encouraged on the APNIC website.[2]
  6. 6. Reporting Network Abuse • Whois database data accuracy has been a big issue for years now. There have been several approaches to get better data accuracy within whois information all over the world. • There are two main reasons for data inaccuracy in whois: a) Wrong data is published to camouflage illegal actions. b) b) Wrong data is published because object owners forget to update the whois information as changes occur within their organization (staff changes, etc.) Source: prop-084 [3]
  7. 7. Reporting Network Abuse • Currently the only mechanism available is to report the invalid contact to APNIC. • APNIC notify the member to update the record.
  8. 8. Solution • As per the ARIN Number Resource Policy Manual section 3.6.1: – Annual Whois POC Validation: During ARIN's annual Whois POC validation, an email will be sent to every POC in the Whois database. Each POC will have a maximum of 60 days to respond with an affirmative that their Whois contact information is correct and complete. Unresponsive POC email addresses shall be marked as such in the database. If ARIN staff deems a POC to be completely and permanently abandoned or otherwise illegitimate, the POC record shall be marked invalid. ARIN will maintain, and make readily available to the community, a current list of number resources with no valid POC; this data will be subject to the current bulk Whois policy.
  9. 9. Solution • 4342 IRT Object exist out of 4714 members. • 4164 members created IRT object via MyAPNIC. • During 2014 on average APNIC received around 100 invalid contact reports. Source: APNIC Secretariat
  10. 10. Solution • In July 2010 similar to ARIN policy a proposal (prop-084) “Frequent whois information update request” was proposed by Tobias Knecht (author of IRT-Object prop). • In August 2011 the proposal was withdrawn by the author as it did not reach consensus in the policy-sig.
  11. 11. Solution? • Is there any problem? • Are we comfortable with Invalid object Reporting only? • What to do with contact reported as invalid? • Is annual contact validation a solution? • How the process will work? • What will be the repercussion if I don’t validate my contact on time?
  12. 12. Thank You
  13. 13. Links 1. http://www.apnic.net/apnic-info/whois_search/using-whois 2. http://www.apnic.net/apnic-info/whois_search/using- whois/abuse-and-spamming/reporting-abuse-and-spam 3. http://www.apnic.net/__data/assets/file/0006/22857/prop- 084-v002.txt

×