How can I obtain the abuse e-mail address for IPs from Japan?
Hello, I'm having a hard time to figure out the abuse e-mail address for IPs from Japan. Any query I perform at the WHOIS, for any IP, from any autonomoyus system I get the same e-mail addresses: abuse@apnic.net hm-changed@apnic.net ip-apnic@nic.ad.jp hostmaster@nic.ad.jp These e-mail addresses belong to JPNIC, not the autonomous system itself. So any messages sent to these e-mail addresses will not reach the offending NOC/SOC so I can report vulnerabilities and DDoS attacks. What am I missing and how should I report security issues to autonomous systems from this region? Has anyone here any experience on this? Thanks in advance, Kurt Kraut
whois -h whois.nic.ad.jp IP /e --srs
On 23-Aug-2017, at 7:38 PM, Kurt Kraut <listas@kurtkraut.net> wrote:
Hello,
I'm having a hard time to figure out the abuse e-mail address for IPs from Japan. Any query I perform at the WHOIS, for any IP, from any autonomoyus system I get the same e-mail addresses:
abuse@apnic.net hm-changed@apnic.net ip-apnic@nic.ad.jp hostmaster@nic.ad.jp
These e-mail addresses belong to JPNIC, not the autonomous system itself. So any messages sent to these e-mail addresses will not reach the offending NOC/SOC so I can report vulnerabilities and DDoS attacks.
What am I missing and how should I report security issues to autonomous systems from this region? Has anyone here any experience on this?
Thanks in advance,
Kurt Kraut
Hello Suresh, It doesn't seem to help a lot: ktk@ktk:~$ whois -h whois.nic.ad.jp 59.106.13.181 [ JPNIC database provides information regarding IP address and ASN. Its use ] [ is restricted to network administration purposes. For further information, ] [ use 'whois -h whois.nic.ad.jp help'. To only display English output, ] [ add '/e' at the end of command, e.g. 'whois -h whois.nic.ad.jp xxx/e'. ] Network Information: a. [Network Number] 59.106.12.0-59.106.27.255 b. [Network Name] SAKURA-NET g. [Organization] SAKURA Internet Inc. m. [Administrative Contact] KT749JP n. [Technical Contact] KW419JP p. [Nameserver] ns1.dns.ne.jp p. [Nameserver] ns2.dns.ne.jp [Assigned Date] 2004/11/24 [Return Date] [Last Update] 2004/11/24 18:41:02(JST) Less Specific Info. ---------- SAKURA Internet Inc. [Allocation] 59.106.0.0/16 More Specific Info. No e-mail addresses of the abuse team or NOC or SOC. Best regards, Kurt Kraut 2017-08-23 11:55 GMT-03:00 Suresh Ramasubramanian <ops.lists@gmail.com>:
whois -h whois.nic.ad.jp IP /e
--srs
On 23-Aug-2017, at 7:38 PM, Kurt Kraut <listas@kurtkraut.net> wrote:
Hello,
I'm having a hard time to figure out the abuse e-mail address for IPs from Japan. Any query I perform at the WHOIS, for any IP, from any autonomoyus system I get the same e-mail addresses:
abuse@apnic.net hm-changed@apnic.net ip-apnic@nic.ad.jp hostmaster@nic.ad.jp
These e-mail addresses belong to JPNIC, not the autonomous system itself. So any messages sent to these e-mail addresses will not reach the offending NOC/SOC so I can report vulnerabilities and DDoS attacks.
What am I missing and how should I report security issues to autonomous systems from this region? Has anyone here any experience on this?
Thanks in advance,
Kurt Kraut
Maybe simple whois from debian machine. Then he looks to related Regional Internet address Registry, in this case, APNIC. I mark it in *bold*. hois 59.106.13.181 % [whois.apnic.net] % Whois data copyright terms http://www.apnic.net/db/dbcopyright.html % Information related to '59.106.0.0 - 59.106.255.255' % Abuse contact for '59.106.0.0 - 59.106.255.255' is 'hostmaster@nic.ad.jp' inetnum: 59.106.0.0 - 59.106.255.255 netname: SAKURA descr: SAKURA Internet Inc. descr: Grandfront Osaka Bldg. Tower-A 35F, 4-20, Ofukacho, Kita-ku, Osaka 530-0011 Japan country: JP admin-c: JNIC1-AP tech-c: JNIC1-AP status: ALLOCATED PORTABLE *remarks: Email address for spam or abuse complaints : support@sakura.ad.jp <support@sakura.ad.jp>* mnt-by: MAINT-JPNIC mnt-irt: IRT-JPNIC-JP mnt-lower: MAINT-JPNIC changed: hm-changed@apnic.net 20041013 changed: ip-apnic@nic.ad.jp 20070523 changed: hm-changed@apnic.net 20151202 changed: ip-apnic@nic.ad.jp 20170703 source: APNIC irt: IRT-JPNIC-JP address: Urbannet-Kanda Bldg 4F, 3-6-2 Uchi-Kanda address: Chiyoda-ku, Tokyo 101-0047, Japan e-mail: hostmaster@nic.ad.jp abuse-mailbox: hostmaster@nic.ad.jp admin-c: JNIC1-AP tech-c: JNIC1-AP auth: # Filtered mnt-by: MAINT-JPNIC changed: abuse@apnic.net 20101108 changed: hm-changed@apnic.net 20101111 changed: ip-apnic@nic.ad.jp 20140702 source: APNIC *_____________________________* *Marc Gimeno* *NOC* *_____________________________* Adamo Telecom Iberia S.A.U. www.adamo.es On Wed, Aug 23, 2017 at 5:16 PM, Kurt Kraut <listas@kurtkraut.net> wrote:
Hello Suresh,
It doesn't seem to help a lot:
ktk@ktk:~$ whois -h whois.nic.ad.jp 59.106.13.181 [ JPNIC database provides information regarding IP address and ASN. Its use ] [ is restricted to network administration purposes. For further information, ] [ use 'whois -h whois.nic.ad.jp help'. To only display English output, ] [ add '/e' at the end of command, e.g. 'whois -h whois.nic.ad.jp xxx/e'. ]
Network Information: a. [Network Number] 59.106.12.0-59.106.27.255 b. [Network Name] SAKURA-NET g. [Organization] SAKURA Internet Inc. m. [Administrative Contact] KT749JP n. [Technical Contact] KW419JP p. [Nameserver] ns1.dns.ne.jp p. [Nameserver] ns2.dns.ne.jp [Assigned Date] 2004/11/24 [Return Date] [Last Update] 2004/11/24 18:41:02(JST)
Less Specific Info. ---------- SAKURA Internet Inc. [Allocation] 59.106.0.0/16
More Specific Info.
No e-mail addresses of the abuse team or NOC or SOC.
Best regards,
Kurt Kraut
2017-08-23 11:55 GMT-03:00 Suresh Ramasubramanian <ops.lists@gmail.com>:
whois -h whois.nic.ad.jp IP /e
--srs
On 23-Aug-2017, at 7:38 PM, Kurt Kraut <listas@kurtkraut.net> wrote:
Hello,
I'm having a hard time to figure out the abuse e-mail address for IPs from Japan. Any query I perform at the WHOIS, for any IP, from any autonomoyus system I get the same e-mail addresses:
abuse@apnic.net hm-changed@apnic.net ip-apnic@nic.ad.jp hostmaster@nic.ad.jp
These e-mail addresses belong to JPNIC, not the autonomous system itself. So any messages sent to these e-mail addresses will not reach the offending NOC/SOC so I can report vulnerabilities and DDoS attacks.
What am I missing and how should I report security issues to autonomous systems from this region? Has anyone here any experience on this?
Thanks in advance,
Kurt Kraut
On Wed, 23 Aug 2017, Kurt Kraut wrote:
Network Information: a. [Network Number] 59.106.12.0-59.106.27.255 b. [Network Name] SAKURA-NET g. [Organization] SAKURA Internet Inc. m. [Administrative Contact] KT749JP n. [Technical Contact] KW419JP
No e-mail addresses of the abuse team or NOC or SOC.
Since they don't have an abuse contact and there's not much additional useful contact information in their peeringdb entry, your next best bet would be to reach out to the admin and technical contacts listed in their whois record, or try the abuse contacts for one or more of their upstreams. jms
Kurt I see contact info for KW419JP maybe I don't understand what you are looking for. On Wed, Aug 23, 2017 at 10:16 AM, Kurt Kraut <listas@kurtkraut.net> wrote:
Hello Suresh,
It doesn't seem to help a lot:
ktk@ktk:~$ whois -h whois.nic.ad.jp 59.106.13.181 [ JPNIC database provides information regarding IP address and ASN. Its use ] [ is restricted to network administration purposes. For further information, ] [ use 'whois -h whois.nic.ad.jp help'. To only display English output, ] [ add '/e' at the end of command, e.g. 'whois -h whois.nic.ad.jp xxx/e'. ]
Network Information: a. [Network Number] 59.106.12.0-59.106.27.255 b. [Network Name] SAKURA-NET g. [Organization] SAKURA Internet Inc. m. [Administrative Contact] KT749JP n. [Technical Contact] KW419JP p. [Nameserver] ns1.dns.ne.jp p. [Nameserver] ns2.dns.ne.jp [Assigned Date] 2004/11/24 [Return Date] [Last Update] 2004/11/24 18:41:02(JST)
Less Specific Info. ---------- SAKURA Internet Inc. [Allocation] 59.106.0.0/16
More Specific Info.
No e-mail addresses of the abuse team or NOC or SOC.
Best regards,
Kurt Kraut
2017-08-23 11:55 GMT-03:00 Suresh Ramasubramanian <ops.lists@gmail.com>:
whois -h whois.nic.ad.jp IP /e
--srs
On 23-Aug-2017, at 7:38 PM, Kurt Kraut <listas@kurtkraut.net> wrote:
Hello,
I'm having a hard time to figure out the abuse e-mail address for IPs from Japan. Any query I perform at the WHOIS, for any IP, from any autonomoyus system I get the same e-mail addresses:
abuse@apnic.net hm-changed@apnic.net ip-apnic@nic.ad.jp hostmaster@nic.ad.jp
These e-mail addresses belong to JPNIC, not the autonomous system itself. So any messages sent to these e-mail addresses will not reach the offending NOC/SOC so I can report vulnerabilities and DDoS attacks.
What am I missing and how should I report security issues to autonomous systems from this region? Has anyone here any experience on this?
Thanks in advance,
Kurt Kraut
-- - Andrew "lathama" Latham -
Hello folks, Thank you for your assistance. I'm used to query AS entries for LACNIC region and their WHOIS spit out righ away all contacts. I didn't realise I had to make a secondary query for the Technical Contact ID to only then see the e-mail address. Best regards, Kurt Kraut 2017-08-23 12:52 GMT-03:00 Andrew Latham <lathama@gmail.com>:
Kurt
I see contact info for KW419JP maybe I don't understand what you are looking for.
On Wed, Aug 23, 2017 at 10:16 AM, Kurt Kraut <listas@kurtkraut.net> wrote:
Hello Suresh,
It doesn't seem to help a lot:
ktk@ktk:~$ whois -h whois.nic.ad.jp 59.106.13.181 [ JPNIC database provides information regarding IP address and ASN. Its use ] [ is restricted to network administration purposes. For further information, ] [ use 'whois -h whois.nic.ad.jp help'. To only display English output, ] [ add '/e' at the end of command, e.g. 'whois -h whois.nic.ad.jp xxx/e'. ]
Network Information: a. [Network Number] 59.106.12.0-59.106.27.255 b. [Network Name] SAKURA-NET g. [Organization] SAKURA Internet Inc. m. [Administrative Contact] KT749JP n. [Technical Contact] KW419JP p. [Nameserver] ns1.dns.ne.jp p. [Nameserver] ns2.dns.ne.jp [Assigned Date] 2004/11/24 [Return Date] [Last Update] 2004/11/24 18:41:02(JST)
Less Specific Info. ---------- SAKURA Internet Inc. [Allocation] 59.106.0.0/16
More Specific Info.
No e-mail addresses of the abuse team or NOC or SOC.
Best regards,
Kurt Kraut
2017-08-23 11:55 GMT-03:00 Suresh Ramasubramanian <ops.lists@gmail.com>:
whois -h whois.nic.ad.jp IP /e
--srs
On 23-Aug-2017, at 7:38 PM, Kurt Kraut <listas@kurtkraut.net> wrote:
Hello,
I'm having a hard time to figure out the abuse e-mail address for IPs from Japan. Any query I perform at the WHOIS, for any IP, from any autonomoyus system I get the same e-mail addresses:
abuse@apnic.net hm-changed@apnic.net ip-apnic@nic.ad.jp hostmaster@nic.ad.jp
These e-mail addresses belong to JPNIC, not the autonomous system itself. So any messages sent to these e-mail addresses will not reach the offending NOC/SOC so I can report vulnerabilities and DDoS attacks.
What am I missing and how should I report security issues to autonomous systems from this region? Has anyone here any experience on this?
Thanks in advance,
Kurt Kraut
-- - Andrew "lathama" Latham -
In article <CAPbn28=jm02=uVQh341SjvO4_frZo0Lj-5KTNp+eP6RYN9jmUQ@mail.gmail.com> you write:
Thank you for your assistance. I'm used to query AS entries for LACNIC region and their WHOIS spit out righ away all contacts. I didn't realise I had to make a secondary query for the Technical Contact ID to only then see the e-mail address.
If you do write to Japanese network contacts, expect a very polite response saying that they can't deal with your report because they're too scared to open attachments. R's, John
* listas@kurtkraut.net (Kurt Kraut) [Wed 23 Aug 2017, 17:16 CEST]:
No e-mail addresses of the abuse team or NOC or SOC.
| % whois 59.106.13.181 | grep support | remarks: Email address for spam or abuse complaints : support@sakura.ad.jp That's not a special whois client but is in the text returned by APNIC. note that whois.nic.ad.jp does not, unlike RIPE whois, automatically also include person objects referenced in an inetnum object, so you will have to query for those separately, as another poster pointed out. -- Niels.
one more command. whois -h whois.nic.ad.jp KW419JP -- Kazunori ANDO / ando@kk.iij4u.or.jp On 2017/08/24 0:16, Kurt Kraut wrote:
Hello Suresh,
It doesn't seem to help a lot:
ktk@ktk:~$ whois -h whois.nic.ad.jp 59.106.13.181 [ JPNIC database provides information regarding IP address and ASN. Its use ] [ is restricted to network administration purposes. For further information, ] [ use 'whois -h whois.nic.ad.jp help'. To only display English output, ] [ add '/e' at the end of command, e.g. 'whois -h whois.nic.ad.jp xxx/e'. ]
Network Information: a. [Network Number] 59.106.12.0-59.106.27.255 b. [Network Name] SAKURA-NET g. [Organization] SAKURA Internet Inc. m. [Administrative Contact] KT749JP n. [Technical Contact] KW419JP p. [Nameserver] ns1.dns.ne.jp p. [Nameserver] ns2.dns.ne.jp [Assigned Date] 2004/11/24 [Return Date] [Last Update] 2004/11/24 18:41:02(JST)
Less Specific Info. ---------- SAKURA Internet Inc. [Allocation] 59.106.0.0/16
More Specific Info.
No e-mail addresses of the abuse team or NOC or SOC.
Best regards,
Kurt Kraut
2017-08-23 11:55 GMT-03:00 Suresh Ramasubramanian <ops.lists@gmail.com>:
whois -h whois.nic.ad.jp IP /e
--srs
On 23-Aug-2017, at 7:38 PM, Kurt Kraut <listas@kurtkraut.net> wrote:
Hello,
I'm having a hard time to figure out the abuse e-mail address for IPs from Japan. Any query I perform at the WHOIS, for any IP, from any autonomoyus system I get the same e-mail addresses:
abuse@apnic.net hm-changed@apnic.net ip-apnic@nic.ad.jp hostmaster@nic.ad.jp
These e-mail addresses belong to JPNIC, not the autonomous system itself. So any messages sent to these e-mail addresses will not reach the offending NOC/SOC so I can report vulnerabilities and DDoS attacks.
What am I missing and how should I report security issues to autonomous systems from this region? Has anyone here any experience on this?
Thanks in advance,
Kurt Kraut
participants (8)
-
Andrew Latham
-
John Levine
-
Justin M. Streiner
-
Kazunori ANDO
-
Kurt Kraut
-
Marc Gimeno
-
Niels Bakker
-
Suresh Ramasubramanian