I recently ran into another case of useless RIPE database information. In this particular case, a phish takedown operator had tried four email addresses that had been published in the RIPE database as contact information for an Italian network. Of these addresses, three failed immediately; mail sent to the fourth was not answered.
The operator contacted the RIPE NCC, asking them to contact the organization responsible for the network. The NCC replied “Please try contact (sic) the Network owners/maintainers. Phone number registered for the maintainer is correct and working”. As the takedown operator did not speak Italian, he did not find this response very useful. He asked the RIPE NCC to clarify their position, which they did:
There may be options we could pursue to check the validity of the contact data in the objects in the RIPE Database. Where we have a direct relationship with the owners of these objects we could request that they update this information. But we do not have a mandate from the RIPE community to allocate any resources to this activity.
Comments
The issue of false or otherwise inadequate RIPE database entries has been discussed many times in various RIPE working groups. It is bizarre that the problems nevertheless continue, year in and year out.
Publishing sufficient and up-to-date contact information in the RIPE database should be an absolute prerequisite for holding any kind of resource allocated by RIPE. Whenever a deficiency is discovered and reported, the RIPE NCC should efficiently and urgently contact the allocee, requiring a full and immediate correction. If one is not made, the resources should be deregistered.
Although IP connectivity is not directly contingent on registration, I believe that network maintainers would still want to avoid having their resources bogonized. Should this pressure nevertheless prove insufficient, further sanctions, such as elevated fees, should be available.
I find it unacceptable that important and urgent security-related communications repeatedly fail due to a lack of adequate contact information. What do you think? Please post your comments!
Post a Comment