[Dshield] APNIC and KRNIC Network attacks

Johannes B. Ullrich jullrich at sans.org
Thu May 9 16:45:24 GMT 2002

> The registries are just that: registries, involved in maintaining IP
> address space, but little beyond that.

agreed (and I removed them from the 'reply to' for this email ;-) ).
For Korea, we are in contact with the Korean CERTCC (Computer
Emergency Response Team Coordination Center). This is an organization
responsible to coordinate security amongst Korean ISPs. I don't know if 
they have an 'real power'. But at least they promiss to follow up with 
ISPs to make sure they got the message. I think I mentioned before that we 
do supply a daily feed to them listing all the Korean IPs we received logs 

There is one thing where registries come in: Valid contact information. 
ARIN for one just put out a proposal to add 'abuse contacts' to the list
of contacts maintained by them.

In my opinion, administering IP space does come with some repsonsibilities 
in respect to preventing abuse. My "dream": ARIN will send a test message 
to the abuse contact once a month and pull the IP range if it is not 
replied to appropriatly within a couple days (ok... I am flexible on the
exact rules).

jullrich at sans.org                    Join http://www.DShield.org
                          Distributed Intrusion Detection System

More information about the list mailing list