nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: How can I obtain the abuse e-mail address for IPs from Japan?

From: Marc Gimeno <marc.gimeno () adamo es>
Date: Wed, 23 Aug 2017 17:26:54 +0200
Maybe simple whois from debian machine. Then he looks to related Regional
Internet address Registry, in this case, APNIC. I mark it in *bold*.

hois 59.106.13.181
% [whois.apnic.net]
% Whois data copyright terms    http://www.apnic.net/db/dbcopyright.html

% Information related to '59.106.0.0 - 59.106.255.255'

% Abuse contact for '59.106.0.0 - 59.106.255.255' is 'hostmaster () nic ad jp'

inetnum:        59.106.0.0 - 59.106.255.255
netname:        SAKURA
descr:          SAKURA Internet Inc.
descr:          Grandfront Osaka Bldg. Tower-A 35F, 4-20, Ofukacho,
Kita-ku, Osaka 530-0011 Japan
country:        JP
admin-c:        JNIC1-AP
tech-c:         JNIC1-AP
status:         ALLOCATED PORTABLE
*remarks:        Email address for spam or abuse complaints :
support () sakura ad jp <support () sakura ad jp>*
mnt-by:         MAINT-JPNIC
mnt-irt:        IRT-JPNIC-JP
mnt-lower:      MAINT-JPNIC
changed:        hm-changed () apnic net 20041013
changed:        ip-apnic () nic ad jp 20070523
changed:        hm-changed () apnic net 20151202
changed:        ip-apnic () nic ad jp 20170703
source:         APNIC

irt:            IRT-JPNIC-JP
address:        Urbannet-Kanda Bldg 4F, 3-6-2 Uchi-Kanda
address:        Chiyoda-ku, Tokyo 101-0047, Japan
e-mail:         hostmaster () nic ad jp
abuse-mailbox:  hostmaster () nic ad jp
admin-c:        JNIC1-AP
tech-c:         JNIC1-AP
auth:           # Filtered
mnt-by:         MAINT-JPNIC
changed:        abuse () apnic net 20101108
changed:        hm-changed () apnic net 20101111
changed:        ip-apnic () nic ad jp 20140702
source:         APNIC

*_____________________________*


*Marc Gimeno*
*NOC*
*_____________________________*


Adamo Telecom Iberia S.A.U.
www.adamo.es


On Wed, Aug 23, 2017 at 5:16 PM, Kurt Kraut <listas () kurtkraut net> wrote:


Hello Suresh,


It doesn't seem to help a lot:

ktk@ktk:~$ whois -h whois.nic.ad.jp 59.106.13.181
[ JPNIC database provides information regarding IP address and ASN. Its use
  ]
[ is restricted to network administration purposes. For further
information,  ]
[ use 'whois -h whois.nic.ad.jp help'. To only display English output,
   ]
[ add '/e' at the end of command, e.g. 'whois -h whois.nic.ad.jp xxx/e'.
   ]

Network Information:
a. [Network Number]             59.106.12.0-59.106.27.255
b. [Network Name]               SAKURA-NET
g. [Organization]               SAKURA Internet Inc.
m. [Administrative Contact]     KT749JP
n. [Technical Contact]          KW419JP
p. [Nameserver]                 ns1.dns.ne.jp
p. [Nameserver]                 ns2.dns.ne.jp
[Assigned Date]                 2004/11/24
[Return Date]
[Last Update]                   2004/11/24 18:41:02(JST)

Less Specific Info.
----------
SAKURA Internet Inc.
                     [Allocation]
59.106.0.0/16

More Specific Info.



No e-mail addresses of the abuse team or NOC or SOC.


Best regards,


Kurt Kraut

2017-08-23 11:55 GMT-03:00 Suresh Ramasubramanian <ops.lists () gmail com>:


whois -h whois.nic.ad.jp IP /e

--srs


On 23-Aug-2017, at 7:38 PM, Kurt Kraut <listas () kurtkraut net> wrote:

Hello,


I'm having a hard time to figure out the abuse e-mail address for IPs

from

Japan. Any query I perform at the WHOIS, for any IP, from any

autonomoyus

system I get the same e-mail addresses:

abuse () apnic net
hm-changed () apnic net
ip-apnic () nic ad jp
hostmaster () nic ad jp

These e-mail addresses belong to JPNIC, not the autonomous system

itself.

So any messages sent to these e-mail addresses will not reach the

offending

NOC/SOC so I can report vulnerabilities and DDoS attacks.

What am I missing and how should I report security issues to autonomous
systems from this region? Has anyone here any experience on this?


Thanks in advance,


Kurt Kraut
Previous By Date Next
Previous By Thread Next

Current thread: