Anonymized extracts from a correspondence between a phish takedown operator and the RIPE NCC: PIRT: "There's a phish on 192.0.2.227. The server is rooted. The address a@a.example.net in the IP whois comes back 'host not found'. The ASN address we have, b@b.example.net, comes back 'connect timeout'. c@c.example.net comes back 'Address rejected'. The webform on the allocee's website (such as it is) doesn't actually do anything.--RIPE can you contact the IP owner and get them to update your database please." RIPE NCC: "Please try contact the Network owners/maintainers. Phone number registered for the maintainer is correct and working." PIRT: "I'm a volunteer and don't have the resources to make international phone calls. Plus I don't speak Italian (I don't write Italian either but there are websites for translation, which is why email is preferable). Doesn't RIPE have the resources to do this? And isn't it in your interest to keep the database accurate? Otherwise what's the point? I have already emailed the d@d.example.net address. I have had no reply and the phish is still active." RIPE NCC: "There may be options we could pursue to check the validity of the contact data in the objects in the RIPE Database. Where we have a direct relationship with the owners of these objects we could request that they update this information. But we do not have a mandate from the RIPE community to allocate any resources to this activity." (End of correspondence extracts.) The issue of false or otherwise inadequate RIPE database entries has been discussed before in various RIPE working groups. It is bizarre that the problems nevertheless continue, year in and year out. Publishing sufficient and up-to-date contact information in the RIPE database should be an absolute prerequisite for holding any kind of RIR-allocated resource. Whenever a deficiency is discovered and reported, the RIPE NCC should efficiently and urgently contact the allocee, requiring a full and immediate correction. If one is not made, the resources should be deregistered. I realize that IP connectivity is not directly contingent on registration, but I also believe that allocees would still want to avoid having their resources bogonized. Should this pressure nevertheless prove insufficient, further sanctions, such as elevated fees, should be available. It is intolerable that important and urgent security-related communications repeatedly fail due to a lack of adequate contact information. -- Thor Kottelin CISM, CISSP fax +358 102 961 064 thor@anta.net, PGP 0x327B7345 http://www.anta.net/