WHOIS ACCURACY San Jose, Costa Rica September 29, 2016 Not only - - PowerPoint PPT Presentation

whois accuracy
SMART_READER_LITE
LIVE PREVIEW

WHOIS ACCURACY San Jose, Costa Rica September 29, 2016 Not only - - PowerPoint PPT Presentation

Aug 26, 2022 332 likes •431 views

WHOIS ACCURACY San Jose, Costa Rica September 29, 2016 Not only RIR community, but public uses of WHOIS : Ensuring IP address holders worldwide are properly registered so individuals, consumers and the public are empowered to resolve

slide-1
SLIDE 1

WHOIS ACCURACY

San Jose, Costa Rica September 29, 2016

slide-2
SLIDE 2

Not only RIR community, but public uses of WHOIS:

  • Ensuring IP address holders worldwide are properly registered

so individuals, consumers and the public are empowered to resolve abusive pracBces that impact safety and security

  • Assuring the security and reliability of the network
  • AssisBng businesses, consumer groups, healthcare organizaBons and
  • ther organizaBons in combaBng abuse
  • AssisBng organizaBons responsible for the safety of the general

public

slide-3
SLIDE 3
  • WHOIS searches are one of many tools

invesBgators use in addiBon to:

§ RouBng tables/services § Commercially available tools § Internally developed tools and services

  • However, WHOIS is the most common

star-ng point for most invesBgaBons

slide-4
SLIDE 4
  • IP Address Chain of Custody Accuracy Issue

§ Sub-allocaBon informaBon of ISPs many Bmes removed from original delegaBon can be inaccurate and old data § Each RIR tends to have different policies and requirements for what informaBon to retain regarding sub-allocaBons

  • Problem expanding

§ IPv6 § IETF MODERN Protocol § IOT

  • Seeking industry solu-on

§ Work with LACNIC community to for best soluBon

slide-5
SLIDE 5

From a public safety perspecBve, failure to have accurate WHOIS informaBon can present the following challenges:

  • Ability of public safety agencies to quickly idenBfy resources

used in abusive acBviBes

  • Wasted network operator resources dedicated to responding

to potenBally misdirected legal requests

  • Domain and IP address hijacking resulBng in the potenBal use
  • f those domain names and number resources for criminal

acBvity

slide-6
SLIDE 6

Chief Erick Lewis Hernández Judicial Cyber Investigative Section San Jose, Costa Rica

Case Examples

slide-7
SLIDE 7

Goal: Work with all 5 RIRs on WHOIS accuracy to ISP closest to the bad actor Other RIR efforts: ARIN: DEA, FBI and RCMP RIPE NCC: Europol and Spanish Guardia Civil AfriNIC: African Union APNIC: Sri Lanka Police

slide-8
SLIDE 8

THANK YOU

slide-9
SLIDE 9

Supervisory Special Agent Thomas Walden Section Chief Technical Support Section Office of Investigative Technology