[Dshield] APNIC and KRNIC Network attacks
Johannes B. Ullrich
jullrich at sans.org
Thu May 9 16:45:24 GMT 2002
> The registries are just that: registries, involved in maintaining IP
> address space, but little beyond that.
agreed (and I removed them from the 'reply to' for this email ;-) ).
For Korea, we are in contact with the Korean CERTCC (Computer
Emergency Response Team Coordination Center). This is an organization
responsible to coordinate security amongst Korean ISPs. I don't know if
they have an 'real power'. But at least they promiss to follow up with
ISPs to make sure they got the message. I think I mentioned before that we
do supply a daily feed to them listing all the Korean IPs we received logs
There is one thing where registries come in: Valid contact information.
ARIN for one just put out a proposal to add 'abuse contacts' to the list
of contacts maintained by them.
In my opinion, administering IP space does come with some repsonsibilities
in respect to preventing abuse. My "dream": ARIN will send a test message
to the abuse contact once a month and pull the IP range if it is not
replied to appropriatly within a couple days (ok... I am flexible on the
jullrich at sans.org Join http://www.DShield.org
Distributed Intrusion Detection System
More information about the list