[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[sig-db]Protecting Historical Records in APNIC Whois Database

To: <sig-db@apnic.net>
Subject: [sig-db]Protecting Historical Records in APNIC Whois Database
From: "Sanjaya" <sanjaya@apnic.net>
Date: Tue, 27 Jan 2004 19:42:50 +1000
Importance: Normal
List-archive: <http://www.apnic.net/mailing-lists/sig-db/>
List-help: <mailto:sig-db-request@lists.apnic.net?subject=help>
List-id: APNIC SIG on whois database issues <sig-db.lists.apnic.net>
List-post: <mailto:sig-db@lists.apnic.net>
List-subscribe: <http://mailman.apnic.net/mailman/listinfo/sig-db>,<mailto:sig-db-request@lists.apnic.net?subject=subscribe>
List-unsubscribe: <http://mailman.apnic.net/mailman/listinfo/sig-db>,<mailto:sig-db-request@lists.apnic.net?subject=unsubscribe>
Organization: APNIC
Reply-to: <sanjaya@apnic.net>
Sender: sig-db-admin@lists.apnic.net

Dear all,
Please find below proposal from APNIC secretariat, to be discussed
in this mailing list and the forthcoming APNIC 17 DB-SIG.
Appreciate any feedback/comment.

Cheers,
Sanjaya
APNIC Project Manager


Protecting Historical Records in APNIC Whois Database
-----------------------------------------------------

Proposed by: Sanjaya, APNIC Secretariat
Version: 1.0
Date: 15 January 2004

Summary
-------

This is a proposal to protect historical resource objects (inetnum and
aut-num) in the APNIC Whois database, in order to prevent unverified
transfer of resources. This will not prevent the current custodians from
using the resource, but it will not allow them to change the whois
information without verification of the update by the APNIC Secretariat
under an appropriate services agreement.  
	
Definition:
A historical resource object is defined as an object in the whois
database for which APNIC does not have a formal membership/service
agreement.  The majority of such objects were created before the
membership structure of APNIC was established.

Background
----------

Historical ASN and IPv4 address ranges are increasingly becoming a
source of abusive activities in the Internet. A good summary of how this
is done can be found at:
http://www.completewhois.com/hijacked/hijacked_qa.htm

One common way for an abuser to take over an unused old resource is to
change the whois record in such a way that the upstream provider
believes that the resource is delegated to the abuser's organisation.
This method becomes easier if the whois record has not been maintained
properly, as no suspicious activities can be detected due to inactive
maintainer contacts.

APNIC secretariat is continuously looking for ways to increase the
information quality of the Whois Database. Protection of data is one of
the high priority areas due to the high amount of reports/complaints
received that are related to this issue. This is demonstrated by the
following list of action items that have received consensus in the
member's meeting and approved by APNIC Executive Council:

db-14-001 Proposal to deprecate MAIL-FROM
db-14-003 Mandatory maintainers for inetnum objects
db-16-003 Secretariat to implement proposal "Protecting resource records
in APNIC Whois Database". This will involve changing the maintainer of
objects protected by MAINT-NULL to the maintainer of the parent object
as well as deprecating NONE in the maintainer's auth attribute.


This proposal is a natural follow-up to these projects. It will further
improve the data quality and security of APNIC Whois Database.

Statistics
----------

APNIC secretariat has surveyed the historical ASN and IPv4 address
ranges and the following results were obtained for 27 January 2004:

Total size of historical IPv4 address:	15,873 x /24
Total number of historical ASN:  56

Whois statistics are being collected, and will be presented in APNIC 17
meeting.
 
 
Proposal
--------

To improve the protection of internet resource records in APNIC Whois
Database, it is proposed that ALL historical inetnums and aut-nums be
protected with APNIC-HM maintainer. Based on experience from previous
projects, impact to APNIC members would be minimal, and any subsequent
request to change the maintainer will be dealt with within 2 business
days (as long as there is enough evidence and authority to support the
request).

Existing custodians who wish to modify and maintain their record will
need to contact APNIC secretariat, and enter a service agreement to
ensure a clear responsibility and accountability will be undertaken by
the custodian.

The current non-member service agreement and fee structure involves a
maintenance fee of $0.10 per address per year.  It is proposed that
these fees be capped at a level of USD$100.00 per year per maintainer
object, for historical resource records only.


IMPACT TO NIRs
--------------

None

IMPACT TO other RIRs
--------------------

None

Implementation
--------------

Implementation will be started within 30 days after approval by APNIC
Executive Council.

The following schedule is proposed:

-	Develop automated script to change the maintainer to APNIC-HM
(30 days)
-	Public announcement (web, mailing list) to be sent 30 days
before executing the change
-	Compile the latest list of historical whois objects (1 day)
-	All historical objects maintainer changed to APNIC-HM (1 day)
-	Perform data correction as needed, and announce the final result
to public (web, mailing list, newsletter) (28 days)

Estimated completion time for all of the above activities: 90 days.

APNIC secretariat will present the implementation project report in
APNIC 18.

Prev by Date: [sig-db][Proposal] a proposal of policy for mirroring on IRR
Next by Date: [sig-db]PERL Interface to Whois
Previous by thread: [sig-db][Proposal] a proposal of policy for mirroring on IRR
Next by thread: [sig-db]PERL Interface to Whois
Index(es):
- Date
- Thread