Info! Please note that this translation has been provided at best effort, for your convenience. The English page remains the official version.

Publishing Abuse Contact Information

1.0  Introduction

On 02 May 2011, the AFRINIC Board ratified a policy proposal (AFPUB-2010-GEN-006) which specifies a dedicated object to be used by AFRINIC members to publish information about the contacts responsible for addressing abuse inquiries from the number resources which the member is issued. This policy was implemented by AFRINIC on 05 May 2012. Previously, it has not been possible to explicitly declare abuse contacts for AfriNIC Whois resource data.

Although the referral to the IRT object is optional in the resource objects, AFRINIC encourages all members to actively start making use of this policy to publish abuse contact information. This chiefly ensures that complaints from anyone about abuse issues emanating from a given number resource are redirected to the appropriate individual(s).

This document recommends guidelines that concerned organizations could use while making use of this policy to avail contact persons responsible for network abuse-related queries pertaining to their IP addresses and other number of resources.

2.0  Specifying Abuse Contacts

The IRT (Incident Response Team) Whois database object has been introduced for the purposes of availing abuse contact information for any given number resource.

IRT objects provide information about a CSIRT (Computer Security Incident Response Team), which is basically a group of individuals responsible for handling network security incidents and reports for any given organization or entity.

3.0  Adding the IRT to the Whois database

Once a team that will handle abuse and other security incidents has been created/formed by an   organization, the following information about the IRT should be available before attempting to create the IRT whois database object:

  1. Name of the Incident Response Team.
  2. Physical address, telephone and fax contacts.
  3. E-Mail Address: An e-mail address for contacting the IRT. This should be a role email address which delivers e-mail to several individuals in the IRT. It should not be anyone individual’s e-mail address. This is such that if one individual is not available, another can receive and act on the issue.
  4.  Abuse E-Mail Address: A specific e-mail address to which all security incidents should be sent. This should also be a role e-mail address that delivers to several individuals.
  5. Administrative contact: The person(s) handling admin matters for the IRT.
  6. Technical contact: The person(s) handling technical matters for the IRT.

3.1  The IRT Whois database template

Please refer to the steps below for the IRT object database template (and the steps to create it in the whois database):

  1. Browse to https://whois.afrinic.net
  2. Search for:  -t irt
  3. Copy the entire template as returned by the server, complete all fields as appropriate
  4. Send to This email address is being protected from spambots. You need JavaScript enabled to view it.">This email address is being protected from spambots. You need JavaScript enabled to view it.

 

3.2  Associating an IRT with allocated resources

Once an IRT object is created in 3.1 above, the ISP/LIR must contact AFRINIC to associate the IRT object with their number of resources. This manual step can only be done by AFRINIC since AFRINIC is the maintainer of directly allocated/assigned resources. This manual process may require obtaining additional information from the member organization to verify that the entity or individual requesting the IRT association to a resource is indeed authorized to do so on behalf of that organization.

4.0  Using PGP with the IRT object

“Signature” and “encryption” attributes in the IRT object require PGP keys. PGP key can also be used as an authentication scheme in the objects. Although PGP use is optional in the IRT object, we strongly recommend its usage when managing IRT data. PGP is the preferred method of use for secure e-mail communication. In order to send secure communication to the IRT and for the IRT to send out secure communication, it is necessary to use PGP by creating “key-cert” objects in the Whois database, which are basically public keys to be used for this purpose.

The public key in the “signature” attribute is for authenticating all correspondence from the Incident Response Team (IRT), while the key in the “encryption” attribute is for encrypting correspondence to the IRT. Since the process of associating an IRT object to resource objects requires authorization through the authentication scheme of the IRT object, using PGP avoids sharing the IRT clear text password with resource holders/maintainers.

5.0  Finding abuse contacts for resources in AfriNIC whois

Anyone using the AFRINIC WHOIS database to look for abuse contacts for resources allocated by AFRINIC should use contact information from the IRT object associated with the concerned resource objects before proceeding as described here, if needed.

 

6.0  Assistance & Additional Information

Please address any issues or concerns to This email address is being protected from spambots. You need JavaScript enabled to view it.">This email address is being protected from spambots. You need JavaScript enabled to view it.

 

 

on 2018 Oct 30
Was this helpful?

AFRINIC is a Regional Internet Registry (RIR). We allocate/assign Internet number resources (primarily, IP address space) to our members, mostly Internet Service Providers. These organisations are responsible for the activities originating from the address space allocated to them. Therefore any concerns or complaints should be directed to them and not to us.

To find out who to send your complaint to if network abuse is suspected, you are welcome to use the AFRINIC Whois Database. You will be able to locate details of IP address registrations within our service region. Please note that the Whois-Database does not contain information on all IP addresses in the world. There are five RIRs that allocate IP addresses to organisations in their service regions and store information about those addresses in their region's Whois Database.

 

Finding the correct whois database

To find the correct database containing information on an IP address, the first thing to do is to find the appropriate allocation block. A list of allocation blocks with the corresponding RIR can be found at https://www.iana.org/assignments/ipv4-address-space

For example, if your IP address begins with "41" you should locate this range within the list:

041/8 Apr 05 AFRINIC (whois.AFRINIC.net)

In this example, you can see that address space beginning with "41" has been allocated to AFRINIC. You should therefore use the AFRINIC Whois Database (whois.AFRINIC.net) to search for the responsible allocatee/assignee.

If the allocated block states: "Various Registries", you will have to search all five RIR databases to find the correct contact information (unfortunately). In future, there will be a whois client in development by the five RIRs (called "joint whois", or 'jwhois' that will solve this latter issue).

The five RIRs are:

  1. AFRINIC, for Africa - (Whois database at https://www.AFRINIC.net )
  2. ARIN, for North America - (Whois database on 'www.arin.net')
  3. LACNIC, for South America and the Caribbean.
  4. RIPE NCC, for Europe, Central Asia and the Middle East
  5. APNIC, for Asia and the Pacific region.

 

Abuse/Spam from AFRINIC?

After starting RIR operations, AFRINIC took over most of the address space from the 196 block that had previously been allocated by IANA to ARIN. This block actually contains allocations to service regions of all the 5 RIRs. All African registrations were transferred from the respective RIR to the AFRINIC whois database.

'Placeholders' were left in place of these records at the respective RIR, showing information that this range of IP address space was transferred to AFRINIC. Usually, the place holder contains AFRINIC organisation information and a directive to query whois.AFRINIC.net for additional information.

At the moment, most personal firewalls are set up to extract a few lines from a whois query result (like the org-name, address and contacts). These clients will also default to whois.arin.net for queries on 196/8 address space, and will usually report that AFRINIC is the 'victim'. If you fall in such a scenario, please query the

AFRINIC WHOIS DB before writing to us. (More information below).

 

Finding contacts for an IP address

To find the contacts responsible for address space that originates within the AFRINIC Service region, please query the AFRINIC Whois Database for the target IP address:

Enter the IP address into the Whois search box (in case of the web-based query). The output will list a number of objects. Firstly an inetnum object:

inetnum: 196.216.2.0 - 196.216.3.255

netname: AFRINIC

...

The last objects listed will be organisation, person and/or role objects that detail the organisations and corresponding persons responsible for the administration of the IP addresses. Please check these objects for remarks on who to send e-mails on spamming, hacking or connectivity issues. If you are unable to find any remarks please use the e-mail address included within the object. For example:

organisation: ORG-TIS100-TEST
org-name: Test Internet Services S.A.R.L
org-type: LIR
country: RW
address: Example Street
De Cock Street 12
Kigali, Rwanda
e-mail: This email address is being protected from spambots. You need JavaScript enabled to view it.
mnt-ref: JQ-MNT
mnt-by: AFRINIC-HM-TEST
changed: This email address is being protected from spambots. You need JavaScript enabled to view it.
source: TEST

person: John Queue
address: Example Street
De Cock Street 12
Kigali, Rwanda
phone: +246 788 987676
e-mail: This email address is being protected from spambots. You need JavaScript enabled to view it.
nic-hdl: JQ9-AFRINIC
mnt-by: JQ-MNT
remarks: *******************************
remarks: This object is only an example!
remarks: *******************************
changed: This email address is being protected from spambots. You need JavaScript enabled to view it. 20020827
changed: This email address is being protected from spambots. You need JavaScript enabled to view it.
source: AFRINIC

 

Please only use the e-mail address specified in the "e-mail" attribute. Do not send mails to the other e-mail addresses within the objects because these e-mail addresses are used for specific purposes in the Whois Database. Therefore messages may not be forwarded to the correct party.

Be also aware that the person(s) listed in the object is most likely only an administrator of the organisation responsible for the address range and may not be the individual using the specific IP address. It might be necessary to lookup the returned organisation on the Internet (Google, etc) and find the correct contact details from their website (if any) The AFRINIC Whois Database is a public database. It contains registration details for allocated and assigned Internet resources in the AFRINIC service region. IP network operators in our service region enter and maintain the data. We aid the operation of the database but are not responsible for its contents.

It is not within the scope of activities set by our membership to check data in the Whois database for accuracy. Only the maintainers of objects in the database may make changes to data.

 

on 2020 Sep 30
Was this helpful?
Date and time in Mauritius -