Re: [sig-policy] Accuracy of Whois Data

To: sig-policy at lists dot apnic dot net
Subject: Re: [sig-policy] Accuracy of Whois Data
From: Sanjaya <sanjaya at apnic dot net>
Date: Tue, 02 Feb 2010 13:27:26 +1000
Delivered-to: sig-policy at mailman dot apnic dot net
In-reply-to: <1fc4dd911002011629s565c2e04h7e81cf08d8b01bcd at mail dot gmail dot com>
List-archive: <http://mailman.apnic.net/mailing-lists/sig-policy>
List-help: <mailto:sig-policy-request@lists.apnic.net?subject=help>
List-id: APNIC SIG on resource management policy <sig-policy.lists.apnic.net>
List-post: <mailto:sig-policy@lists.apnic.net>
List-subscribe: <http://mailman.apnic.net/mailman/listinfo/sig-policy>, <mailto:sig-policy-request@lists.apnic.net?subject=subscribe>
List-unsubscribe: <http://mailman.apnic.net/mailman/listinfo/sig-policy>, <mailto:sig-policy-request@lists.apnic.net?subject=unsubscribe>
References: <1fc4dd911002011629s565c2e04h7e81cf08d8b01bcd@mail.gmail.com>
User-agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.1.7) Gecko/20100111 Lightning/1.0b1 Thunderbird/3.0.1

Hi Mark and all,

What APNIC secretariat can do and has been doing is to maintain the

accuracy of the direct allocation/assignment information through our

account relationship with the resource holder. We also ran a continuous

campaign for correct whois information through our trainings and other

outreach activities.

Any feedback sent to APNIC helpdesk about incorrect contact information

will be relayed to the account contacts and corrected based on their input.

The idea proposed in this forum about sending automated reminders to our

members to confirm/update their whois data is good and should be easily

implementable. This may create some rather bulky emails to members with

numerous delegated prefixes, but should be acceptable if sent only

annually. Should we do this?


Cheers,
________________________________________________________________________
Sanjaya                                     email:     sanjaya at apnic dot net
Services Area Manager, APNIC                sip:  sanjaya at voip dot apnic dot net
http://www.apnic.net                        phone:       +61 7 3858 3100
________________________________________________________________________
 * Sent by email to save paper. Print only if necessary.

On 2/02/2010 10:29 AM, Mark Foster wrote:

Thought provoked as a result of the discussion of abuse-c detail...

I'm not sure i've seen anyone pick up the issue of Database Accuracy in
more than a passing fashion.  I'm not familiar enough with what-goes-on
but i'd much rather seen APNIC efforts validate the accuracy of info
already in place than focus significant resource on a relatively minor
benefit.

My aforementioned scattergun approach didnt work (apparrently the Indian
ISP concerned don't believe in abuse@, postmaster@ or noc@ addresses,
notwithstanding what's in their whois!) and I am left with the
possiblity of simply blocking an entire /15 at my router as the only
recourse I have against abuse originating from a compromised /32.

As the administrator of (in this particular example) a very small
network with limited means, being able to use whois as an accurate and
validated source of 'real person' POC info would at least help us as a
community to deal to the spammers, botnets and 'sploited boxen in our
midst in a more timely fashion.

So how should APNIC go about ensuring whois accuracy and currency? How
to get this issue moving in a productive direction?
If nothing else, it will dovetail nicely with the latest proposal re
abuse-c.

Mark.



*              sig-policy:  APNIC SIG on resource management policy           *
_______________________________________________
sig-policy mailing list
sig-policy at lists dot apnic dot net
http://mailman.apnic.net/mailman/listinfo/sig-policy