Reporting network abuse: spamming and hacking

Network abuse FAQ series

Spammers & hackers : Using the APNIC Whois Database to find their network | Spam | Hacking

Contents

• How can APNIC help?
• Can APNIC tell me the name of the person hacking/spamming me?
• So why does my software say APNIC is responsible?
• Why does the web site I've consulted tell me APNIC is responsible?
• Can APNIC investigate my complaint?
• Does APNIC have a role in preventing network abuse?
• What if the registered contact details are wrong?
• More information

---

How can APNIC help?

APNIC is the Regional Internet Registry (RIR) for the Asia Pacific region. The APNIC Whois Database holds details of IP address registrations within this region. You are welcome to use this database to track down the source of the network abuse and find contact details of the relevant network administrators.

See: Using the APNIC Whois Database to find the spammer/hacker's network

Can APNIC tell me the name of the person hacking/spamming me?

No. In general, our database contains details of the networks that are using address space, not the individual users. In most cases, individuals will have a different IP number each time they log on to the Internet. You will need to report the IP number and time of the abuse to the network administrators, who should be able to use their log files to contact the individual involved.

APNIC registers the address space that larger networks use, but does not provide Internet connection to any networks. Therefore, APNIC does not have knowledge of the individual end-users, nor do we have access to the log files of external networks.

So why does my software say APNIC is responsible?

Your software may not be giving you the full picture. Many software products used to detect network abuse are designed to only search the ARIN Whois Database. But IP addresses are registered by five RIRs on a regional basis and the ARIN database is not definitive for the whole world. It only covers the IP ranges not held by the other four RIRs (RIPE NCC, LACNIC, AfriNIC and APNIC).

So, if a standard search refers you to APNIC, it means only that the network in question is registered in the Asia Pacific region. It does not mean that APNIC is responsible or that the hacker/spammer is using our network. To get information on the actual network involved, you need to use the APNIC Whois Database.

Also, please be aware that there are two major types of whois databases. One type contains records on domain names and the other contains IP address records. The APNIC Whois Database contains IP address records.

Why does the web site I've consulted tell me APNIC is responsible?

There are many websites with whois lookup functions that are subject to the same limitations as lookup software described above.

Can APNIC investigate my complaint?

No. You are welcome to use the APNIC Whois Database to find out where to take your complaint, but APNIC is not able to investigate it for you. As a registry, APNIC adopts and applies policies relating to the way in which networks are addressed. But APNIC does not have any powers (legally or practically) to regulate the conduct of Internet activity.

Laws relating to network abuse vary around the world. If you are not able to get the cooperation of the network administrators, then you may need to contact law enforcement agencies either in your jurisdiction or the jurisdiction where the problem originates.

Does APNIC have a role in preventing network abuse?

APNIC's main role is to provide publicly accessible registration information. But APNIC also has a role in the education of network operators in the Asia Pacific community. We conduct training courses relating to addressing policy around the Asia Pacific region. As a component of those courses, we do seek to raise awareness of the need for responsible network management. Discussions on these issues are also raised in the course of APNIC's Open Policy meetings.

What if the registered contact details are wrong?

APNIC requires that organizations register valid contact details, but we are not automatically notified if those details later cease to be valid. So, if you do find invalid contact details in the APNIC Whois Database, you can submit details of the invalid contact using the invalid contact report form or by sending an email to helpdesk@apnic.net clearly stating the IP address and the incorrect contacts.