Fine tuning filtering

By on 11 Jun 2015

Category: Policy

Tags: , , , , ,

Blog home

In my last post we looked at the success policy has had in the mandatory inclusion of a new abuse contact object in the APNIC Whois Database.

Reference to an IRT (Incident Response Team) object is mandatory whenever MyAPNIC users make a change or update a delegation in the database. Since it was introduced in late 2010, more than 9000 IRT objects have been created covering a significant percentage of the database entries.

The IRT object is a contact point for network operators, law enforcement agencies (LEAs), and others who want to report misuse and abuse to a dedicated abuse contact responsible for those resources.

During the APNIC 39 Policy SIG in Fukuoka two issues were raised that began a discussion about the importance of whois to the community and other stakeholders.

Ruri Hiromi proposed the introduction of more detailed assignment information in the whois with policy proposal prop-115: Registration of detailed assignment information in whois DB.

While this proposal did not reach consensus at the meeting, it was returned to the mailing list for further consideration and perhaps more discussion at APNIC 40 in Jakarta.

The purpose of the proposal was to enable more accurate filtering of harmful traffic by adding more specific assignment data in the APNIC Whois Database. For example, this policy change would require that ‘port range’ be included in IPv4 address entries to reflect their use in large-scale NAT implementations.

During discussion at the SIG meeting, some community members acknowledged the problems this proposal raised, but they seemed reluctant to proceed with the idea of implementing a solution through whois. Some suggested that using operator-maintained whois servers with this information might be a workable solution.

In an informational presentation (one not directly proposing a policy change), NRO NC member, Aftab Siddiqui, spoke about the ongoing problem of whois data accuracy and the frustration and challenge it represents for network operators and LEAs.

He reported the Secretariat received an average of 100 invalid contact reports per month in 2014 and noted that his own organization had a similar number. APNIC’s operational practice for rectifying these reports is explained here.

Aftab pointed to ARIN and the RIPE NCC as two regions where attempts to improve the accuracy of whois data have been in place for some time. ARIN’s Point of Contact (POC) Validation program is required in policy, while the RIPE NCC’s assisted registry checks are an operational program requested by the RIPE community members.

In my next post I will look at these two approaches and what it might mean to APNIC and the Policy SIG.

Rate this article

The views expressed by the authors of this blog are their own and do not necessarily reflect the views of APNIC. Please note a Code of Conduct applies to this blog.

Leave a Reply

Your email address will not be published. Required fields are marked *