Providing your abuse contact information – Incident Response Team

The APNIC community reached consensus on Prop-079: Abuse contact information, which amends the APNIC Whois Database by directing abuse reports to specialized mandatory IRT contacts.

Previously where there are incidents of network abuse or security events, network operators in the APNIC region use tech-c or admin-c contacts in the APNIC Whois Database to report network abuse activities. With the increase in reports of network abuse, it is important that such reports be directed to specialized teams such as Incident Response Teams (IRTs).

APNIC implemented mandatory IRT references on 8 November 2010. This means an ‘irt‘ object reference is now mandatory when any inetnum, inet6um and aut-num objects are updated or created in the APNIC Whois Database. Together with this policy implementation, the abuse-mailbox attribute was removed from ‘role‘ objects in early 2011.

See the IRT Object template for more information.

 

The importance of providing your Abuse Contact information

  • Dedicated contacts or teams that specifically resolve computer security incidents
  • Stops the tech-c and admin-c from getting reports of abuse
  • Efficient and accurate response
  • Shared response to address abuse

“Ensuring that there is a dedicated contact or department that specifically resolves security issues will limit potential damage and enhance recovery.”

More and more IRTs are also working together to share response strategies, to more quickly allow networks to identify and prevent abuse and other security problems.

 

What you need to do

  • Become familiar with the changes to the following Policies
  • Become familiar with the requirements of the new Policy and theĀ Object template AND
  • Prepare your own Abuse Contacts and processes
    OR
  • Find an upstream ISP willing to be the contact for abuse reports related to your network
  • Create an IRT object in MyAPNIC

Learn how to create your own IRT object with the following manual:

Guide to Manage the Incident Response Team object in MyAPNIC

Incident Response Teams

IRTs or Computer Security Incident Response Teams (CSIRTs) specifically respond to computer security incident reports and activity.

They are dedicated abuse handling teams, (as distinct from network operational departments) which review and respond to abuse reports resulting in efficient and accurate resolution of security incidents and activity.

For more information on IRTs and CSIRTS, see: