What happens if an IP from South America attacks you? Whether you are an individual, a business, or a commercial institution, dealing with network abuse can be a real headache. It can hurt your bottom line by tarnishing your reputation or corrupting your data. However, reporting network abuse is difficult- who should you contact to report this incident? Ideally, you would want to contact the network owners, but that information is not always readily available. To get that information, you must query the local Regional Internet Registry (RIR) WHOIS databases. Yet, doing automated bulk WHOIS lookups is against the rules, and extracting the right information can be complicated.
The global RIR system ensures that Internet number resource are allocated based on genuine need, keeping the Internet functioning smoothly. Each RIR community defines the policies for distributing Internet number resources in its region.
In Latin America, Latin American and Caribbean Internet Addresses Registry (LACNIC) is responsible for assigning and managing Internet number resources (IPv4, IPv6), Autonomous System Numbers (ASNs), and Reverse Resolution.
What Changed in LACNIC?
LACNIC used to hide network abuse contact information from third-party services, citing privacy concerns. However, they've recently updated their rules. They now consider this information a role object, making it possible to access the correct network owner's abuse contact details. They've started granting third-party services access to automatically fetch these redacted abuse contacts' details via RDAP (Registration Data Access Protocol). This information is now included in the contactdb. This change increases the chances that your abuse report will reach the right place instead of landing in a general LACNIC administrative mailbox where it might not get the attention it deserves.
What Should You Include In Your Network Abuse Report?
To increase the likelihood of your data being processed automatically, it's a good idea to use the eXtended Abuse Reporting Format (XARF). XARF uses JavaScript Object Notation (JSON) for generating and parsing abuse reports. Your email format should have an outer Content-Type of multipart/report; report-type=feedback-report, with at least two additional parts:
- A human-readable section describing what led to the report.
- A machine-readable part defined by RFC5965, which requires Feedback-Type, User-Agent, Version.
For more technical documentation, check out these resources:
Why Should You Bother Reporting Network Abuse?
Most network abuse incidents go unreported because the average internet user finds it hard to file a complaint. However, this results in a multitude of problems. Often, the only way people know there is a problem is through reporting. Reporting is often the only way to detect and resolve issues, preventing harmful traffic from spreading unchecked across the network, affecting not only you but also your colleagues and fellow employees within the same organization. Reporting network abuse is crucial to hold internet service providers (ISPs) responsible for malicious traffic originating from their networks. ISPs take abuse complaints seriously and can even be held legally accountable for such activities.
Abusix Makes It Easy To Report Network Abuse
Abusix provides an easy-to-use platform for reporting network abuse with AbuseHQ. When you report abuse through Abusix, the reports are directed to the organization responsible for managing the specific network resource, such as an IP address or data center. Network operators failing to address complaints may find themselves added to Abusix's block list, resulting in throttled or rejected traffic from their networks.
With this new development in LACNIC policies, Abusix has improved its services in being able to reach the proper network owner. Our team is dedicated to keeping networks, the internet, and users safe from malicious actors and can provide guidance and support in these areas. Contact us at [email protected].