APNIC abuse procedures

Network abuse BOF

Types of abuse reported

• Spam• Hacking• Viruses• Identity/credit card fraud• Threats and stalking

Abuse report statistics

Recorded 30 Jul – 29 Aug 2002• 423 spam reports• 168 abuse reports

– Does not include reports made to automated mailboxes:

spam@apnic.net abuse@apnic.net hm-changed@apnic.nettech-changed@apnic.net

• 1361 pieces of spam to info@apnic.net and webmaster@apnic.net

Responding to abuse reports

• Explain APNIC is not the source• Point the requestor to the APNIC network

abuse FAQhttp://www.apnic.net/info/faq/abuse/

• If contact details are incorrect, forward report to APNIC Hostmasters

• If requestor misunderstands APNIC’s role, explain the role of RIRs

• Continued reports lead to requestor being notified their emails will not be answered in future

Reasons people contact APNIC

• ARIN whois database– Not aware of other whois databases– Automated software points to ARIN

• Reverse DNS lookups– Many AP networks don’t register reverse

domains. • Only high level APNIC reverse domain

appears

Reasons people contact APNIC

• APNIC Whois Database– Misread search results

• Source and changed attributes– No response from tech-c, admin-c– Invalid network contacts

• Legacy AUNIC, ARIN records• Networks no longer APNIC members• Customer assignments not up to date

• Misunderstand the role of the RIRs– Believe RIRs provide connectivity

What can APNIC do?• Educate

– Standard replies – Abuse FAQ– Training– Public discussions

• Maintain the database– Integrity of contact details

• Promote role objects and email accounts– Enhanced Whois interface and help– Input for future Whois development

What can’t APNIC do?

• Police networks– No legal power to do this– No practical way to do this– Inappropriate behaviour for RIR

• RIRs are responsible for how networks manage their addresses

• RIRs are not responsible for behaviour of those networks

Directions for the future

APNIC proposal for streamlined abuse handling to be presented later in this BOF

Questions?