SlideShare a Scribd company logo

LEA Workshop dated 09052013

APNIC
APNIC

This document provides an overview of a workshop on assisting law enforcement agencies held by APNIC, the regional internet registry for Asia and the Pacific. The agenda includes introductions to APNIC, internet policy development, current challenges, and tools like the APNIC Whois database and resource public key infrastructure. APNIC explains how it supports internet development through activities like distributing addresses, facilitating policy discussions, and providing training. It also describes how the Whois database can help law enforcement by providing contact information to address network abuse, and emphasizes that APNIC does not have regulatory or investigative powers.

Presentations & Public Speaking
1 of 78
Download to read offline
Law Enforcement Agency Workshop Champika Wijayatunga <champika@apnic.net> 03, October, 2013 In conjunction with Annual National Cyber Security Week.
Agenda •  Introduction to APNIC –  Know about APNIC •  Internet Policy Development –  How the Internet Policies are developed •  Internet Challenges Today –  How APNIC can assist LEAs •  Internet Resource Registration –  APNIC Whois Database •  Resource Public Key Infrastructure (RPKI) –  How to Secure Routing 2
Intro to APNIC 3
The Regional Internet Registry for the Asia Pacific region
What is APNIC? •  Regional Internet Registry (RIR) for the Asia Pacific region –  One of five RIRs currently operating around the world •  Membership based organisation –  Non-profit, Open, Consensus-based and Transparent 6
APNIC’s Vision: A global, open, stable, and secure Internet that serves the entire Asia Pacific community. How we achieve this: •  Serving Members •  Supporting the Asia Pacific Region •  Collaborating with the Internet Community 7
APNIC’s Mission •  Function as the Regional Internet Registry for the Asia Pacific, in the service of the community of Members and others •  Provide Internet registry services to the highest possible standards of trust, neutrality, and accuracy •  Provide information, training, and supporting services to assist the community in building and managing the Internet •  Support critical Internet infrastructure to assist in creating and maintaining a robust Internet environment •  Provide leadership and advocacy in support of its vision and the community •  Facilitate regional Internet development as needed throughout the APNIC community 8
How APNIC support the Internet community •  Distribution and Registration of Internet Resources •  Facilitate the policy development process –  Via mailing lists, conferences etc. •  Training services •  Information dissemination •  Collaboration & Liaison
APNIC Eco System 10
Assisting LEAs •  APNIC has a fundamental role to play in the stability and security of the Internet, ensuring that the services we provide such as the APNIC Whois Database and Reverse DNS zone delegations are accurate, reliable, and up-to-date. •  LEAs are an important segment of the APNIC community. We collaborate, cooperate, and work together with them to ensure the Internet remains an open, secure, and stable platform •  Data from the Whois may be a source of information for the LEAs in our community. •  APNIC encourages the LEAs to participate in the APNIC Policy Development Process, and have your voices heard on issues that are important to you! 11
Internet Policy Development 12
Internet Policies •  Policies are constantly changing the meet the needs of the Internet operation •  There is a system in place called the Policy Development Process –  Anyone can participate –  Anyone can propose a policy –  All decisions & policies documented & freely available to anyone
OPEN TRANSPARENTBOTTOM UP Implement Need Discuss Consensus Evaluate Anyone can participate All decisions & policies are documented & available Internet community proposes and approves policy 14 Policy Development Process
How APNIC can help you? 15
Internet Challenges Today •  Internet Security –  Unauthorized Intrusions –  Denial of Service (DoS) Attacks –  Internal Attacks –  Non-compliance etc. •  Spam –  Unsolicited Commercial Email (UCE) & Unsolicited Bulk Email (UBE) –  Spam volume is exploding •  Network abuse –  RIR’s do not regulate conduct of Internet activity –  Investigation possibilities •  Cooperation of the network administrators •  Law enforcement agencies
APNIC Service offerings •  Whois Database – an important resource! –  Troubleshooting –  Tracking source of abuse –  Protecting address space to prevent hijacking •  Information dissemination –  APNIC Conferences •  Technical talks & tutorials –  Publications & Research •  Education –  Training courses, Workshops and Seminars
Steps we take to ensure Whois accuracy •  Member account opening –  verification of corporate existence with corporate registries or regulators (where possible) •  Membership renewal –  once a year –  email to corporate contact, with payment record –  Internet resources revoked if account not paid or renewed •  Transfer policies –  encourage registration of resources –  “value” of Internet resources encourage registration
Efforts in Preventing Network Abuse •  As a registry, APNIC adopts and applies policies for it’s community which address network abuse. APNIC does not have the capacity to investigate abuse complaints or the legal powers to regulate Internet activity. •  APNIC seeks to raise awareness of the need for responsible network management in the Asia Pacific, through training and communication.
Why APNIC appear as the source in some abuse search reports? •  Some designed to search the ARIN Whois database and may refer to APNIC as the culprit •  Many websites with Whois lookup functions has the same limitations •  However the IP addresses are registered by five RIRs on a regional basis
•  If a standard search refers you to APNIC – It means only that the network in question is registered in the Asia Pacific region – Does not mean that APNIC is responsible or that the hacker/spammer is using APNIC network Detecting the Abuse
Can APNIC stop Abuse? •  No, because… –  APNIC is not an ISP and does not provide network connectivity to other networks –  APNIC does not control Internet routing –  APNIC is not a law enforcement agency –  APNIC has no industry regulatory power
Investigation of Complaints •  Laws relating to network abuse vary from country to country •  Investigation possibilities –  Cooperation of the network administrators –  Law enforcement agencies •  Local jurisdiction •  Jurisdiction where the problem originates
What can you do? •  Use the APNIC Whois Database to obtain network contact information •  APNIC Whois may or may not show specific customer assignments for the addresses in question –  But will show the ISP holding APNIC space •  Contact the network responsible and also its ISP/upstream •  Contact APNIC for help, advice, training or support •  Community discussions can be raised in the APNIC conferences, mailing lists, etc.
Managing Internet Resources 25
IPv4 Address Space 26
IPv6 Address Space
IPv4 vs IPv6 Internet Source: CAIDA
IPv6 Addressing Structure 0 127 ISP /32 32 128 bits Customer Site /48 16 Subnet /64 16 64 Device /128
How IP Addresses are Delegated APNIC Delegates to APNIC Member Member (ISP) Customer / End User Delegates to customers ISP customer /8 APNIC Allocation /22 Member Allocation Sub- Allocation/24 /26/27 /25 Customer Assignments /26 /27 RegistryRealmOperatorsRealm
IP Address Management •  Portable Allocations –  Allocations made by APNIC •  Non Portable Allocations –  Allocations made by APNIC Members •  Portable Assignments –  Customer addresses independent from ISP –  Keeps addresses when changing ISP –  Bad for size of routing tables –  Bad for QoS: routes may be filtered, flap- dampened •  Non-portable Assignments –  Customer uses ISP’s address space –  Must renumber if changing ISP –  Helps scale the Internet effectively ISP Allocation Customer assignments Customer assignments ISP 31
Address Management Hierarchy Describes “portability” of the address space Non-Portable /12 APNIC Allocation Portable /48Assignment /64 - /48 Assignment APNIC Allocation /64 - /48Assignment Non-Portable Sub-allocation /40 /32Member Allocation Portable Non-Portable /12 32
Transferring IP Addresses •  Transfers, Mergers, Acquisitions are possible •  There are transfer policies exists to transfer IP addresses –  In the APNIC region –  Inter-RIR IPv4 Transfers •  Conditions on the source and recipient RIR will apply •  APNIC will review the status of IP allocations 33
APNIC Resource Quality Assurance •  Community awareness •  Build relationships with reputable organizations that maintain bogon/black list •  Keep the WHOIS Database accurate –  Actively remind resource holders to update their data
APNIC also manages Reverse DNS •  ‘Forward DNS’ maps names to numbers –  svc00.apnic.net è202.12.28.131 •  ‘Reverse DNS’ maps numbers to names –  202.12.28.131 è svc00.apnic.net Person (Host) Address (IPv4/IPv6) 35
Reverse DNS - why bother? •  Service denials –  That only allow access when fully reverse delegated •  Diagnostics –  Assisting in network troubleshooting •  Spam prevention –  Reverse lookup to confirm the mail servers and source of the email –  Failed lookup adds to an email’s spam score •  Registration responsibilities 36
whois Root DNS Principles – DNS Tree net edu com nz whois apnic arpa 22 .64 .in-addr.202 .arpa Mapping numbers to names - ‘reverse DNS’ 203 210 211..202RIR 6464ISP 2222 Customer in-addr 37
Reverse DNS Tree – with IPv6 whois Root DNS net edu com whois apnic arpa 203 210202 2222 in-addr 6464 RIR ISP Customer ip6 IPv6 Addresses 38
The APNIC Whois Database 39
The APNIC Whois Database •  Holds IP address records within the AP region •  Can use this database to track down the source of the network abuse –  IP addresses, ASNs, Reverse Domains, Routing policies •  Can find contact details of the relevant network administrators –  not the individual users –  use administrators log files to contact the individual involved
Resource Registration •  As part of the membership agreement with APNIC, all members are required to register their resources in the APNIC Whois database. •  Members must keep records up to date: –  Whenever there is a change in contacts –  When new resources are received –  When resources are sub-allocated or assigned 41
Whois Object Types OBJECT PURPOSE person contact persons role contact groups/roles inetnum IPv4 addresses Inet6num IPv6 addresses aut-num Autonomous System number domain reverse domains route prefixes being announced mntner (maintainer) data protection mnt-irt Incident Response Team http://www.apnic.net/db/ 42
How to use APNIC Whois •  Web browser –  http://www.apnic.net/whois •  Whois client or query tool –  whois.apnic.net •  Identify network contacts from the registration records –  IRT (Incident Response Team) if present –  Contact persons: “tech-c” or “admin-c”
What if Whois info is invalid? •  Members (ISPs) are responsible for reporting changes to APNIC –  Under formal membership agreement •  Report invalid ISP contacts to APNIC –  http://www.apnic.net/invalidcontact –  APNIC will contact member and update registration details
What if Whois info is invalid? •  Customer assignment information is the responsibility of ISPs –  ISPs are responsible for updating their customer network registrations •  Tools such as ‘traceroute’, ‘looking glass’ and RIS may be used to track the upstream provider if needed –  More information available from APNIC
Inetnum / Inet6num Objects •  Contains IP allocation and assignment information •  APNIC creates an inetnum (or inet6num) object for each allocation or assignment they make to the Member •  All members must create inetnum (or inet6num) objects for each sub-allocation or assignment they make to customers 46
APNIC Whois Registration
APNIC Whois Registration
APNIC Whois Registration
APNIC Whois Registration
Maintainer Hierarchy Diagram 51 Allocated to APNIC: Maint-by can only be changed by IANA Allocated to Member: Maint-by can only be changed by APNIC Sub-allocated to Customer: Maint-by can only be changed by Member
inetnum: Allocation (Created by APNIC) 3 Using the Whois – step by step Customer Assignments (Created by Member) person: nic-hdl: KX17-AP Contact info 1 Data Protection mntner: 2 inetnum: ... KX17-AP ... mnt-by: ... 4 inetnum: ... KX17-AP ... mnt-by: ... 5 inetnum: ... KX17-AP ... mnt-by: ... 6
Whois Database Queries –  Flags used for inetnum queries None find exact match - l find one level less specific matches - L find all less specific matches - m find first level more specific matches - M find all More specific matches - x find exact match (if no match, nothing) - d enables use of flags for reverse domains - r turn off recursive lookups
inetnum: 202.64.0.0 – 202.64.15.255 202.64.0.0/20 inetnum: 202.0.0.0 – 202.255.255.255 202.0.0.0/8 Whois Database Query - inetnum 202.64.12.128/25 inetnum: whois -L 202.64.0.0 /20 whois 202.64.0.0 /20 whois –m 202.64.0.0 /20 inetnum: 202.64.15.192/26 inetnum: 202.64.10.0/24More specific à (= smaller blocks) Less specific à (= bigger block)
Recursive Lookups •  whois 202.12.29.0 à –  whois -r 202.12.29.0 à –  whois -T inetnum 202.12.29.0 à –  whois -r -T inetnum 202.12.29.0 à personinetnum route inetnum route person personinetnum inetnum recursion enabled by default recursion turned off ‘type’ of object specified ‘type’ of object specified & recursion turned off , & & &
Inverse Queries •  Inverse queries are performed on inverse keys •  See object template (whois –t) •  Returns all public objects that reference the object with the key specified as a query argument •  Practical when searching for objects in which a particular value is referenced, such as your nic-hdl •  Syntax: whois -i <attribute> <value>
Inverse Queries - examples •  What objects are referencing my nic-hdl? –  whois –i person KX17-AP (or –ipn KX17-AP) •  In what objects am I registered as tech-c? –  whois –i tech-c KX17-AP •  Return all domain objects where I am registered as admin-c or tech-c –  whois -i admin-c tech-c -T domain KX17-AP •  What objects are protected by my maintainer? –  whois -i mnt-by MAINT-WF-EX
Customer Privacy •  Public data –  Includes portable addresses (inetnum objects), and other objects e.g.route objects –  Public data: must be visible •  Private data –  Can include non-portable addresses (inetnum objects) –  Members have the option to make private data visible •  Customer assignments –  Can be changed to be public data (public data is an optional choice)
What needs to be visible? IANA range Non-APNIC range APNIC range NIR rangeAPNIC allocations & assignments NIR allocations & assignments Customer assignments Infrastructure Sub-allocations must be visible visibility optional LIR/ISP PORTABLE addresses NON-PORTABLE addresses
APNIC Whois Database & the Internet Routing Registry •  APNIC Whois Database –  Two databases in one •  Public Network Management Database –  “Whois” info about networks & contact persons •  IP addresses, AS numbers etc •  Routing Registry –  contains routing information •  routing policy, routes, filters, peers etc. –  APNIC RR is part of the global IRR
Benefits of APNIC RR integrated in Whois Database •  Facilitates network troubleshooting •  Registration of routing policies •  Generation of router configurations •  Provides global view of routing
RPKI 62
What is RPKI? •  Resource Public Key Infrastructure (RPKI) •  A robust security framework for verifying the association between resource holder and their Internet resources •  Created to address the issues in RFC 4593 •  Uses X.509 v3 certificates –  With RFC3779 extensions •  Helps to secure Internet routing by validating routes –  Proof that prefix announcements are coming from the legitimate holder of the resource •  A system to manage the creation and storage of digital certificates and the associated Route Origin Authorization documents
Benefits of RPKI - Routing •  Prevents “Route Hijacking” –  when an entity participating in Internet routing announces a prefix without authorization –  Reason: malicious attack or operational mistake
“Right” to Resources •  ISP gets their resources from the RIR •  ISP notifies its upstream of the prefixes to be announce •  Upstream _must_ check the Whois database if resource has been delegated to customer ISP.
X.509 Certificate •  Resource certificates are based on the X.509 certificate format - RFC 5280 •  Extended by RFC 3779 – this extension binds a list of resources (IP, ASN) to the subject of the certificate
X.509 Certificate with 3779 Extension •  SIA – Subject Information Access; contains a URI that references the directoryX.509 Certificate RFC 3779 Extension SIA Owner's Public Key
Two Components •  Certificate Authority (CA) –  Internet Registries (RIR, NIR, Large LIR) –  Issue certificates for customers –  Allow customers to use the CA’s GUI to issue ROAs for their prefixes •  Relying Party (RP) –  Software which gathers data from CAs
Route Origin Authorisations (ROA) •  Certificate holder uses its private key to sign an ROA •  Verifies that an AS has been given permission by an address block holder to advertise routes to one or more fpxies without a blog. •  RPKI in the RIRs –  APNIC implemented RPKI Resource Certification
APNIC Resource Certification •  A robust security framework for verifying the association between resource holders and their Internet resources. •  Initiative from APNIC aimed at –  improving the security of inter-domain routing, and –  augmenting the information published in the Whois database •  Verifies a holder’s current “right-of-use” over an Internet resource
How it Works
Resource Certification (APNIC) •  Verify signed data using the signer’s public key •  Verify public key through a chain of interlocking certificates that connect a Trust Anchor to the signer’s public key certificate. –  This is what we refer to as RPKI •  Why it’s important: –  Routing advertisements is now verifiable
Creating ROA Records •  Login to MyAPNIC, then Resources -> Certification
Adding ROA Records •  Simple view and add using the form
Deleting ROA Records
Summary •  Introduction to APNIC –  Know about APNIC •  Internet Policy Development –  How the Internet Policies are developed •  Internet Challenges Today –  How APNIC can assist LEAs •  Internet Resource Registration –  APNIC Whois Database •  Resource Public Key Infrastructure (RPKI) –  How to Secure Routing 76
Questions?
Thank you!

Recommended

LEA Workshop 11/12/2013
LEA Workshop 11/12/2013LEA Workshop 11/12/2013
LEA Workshop 11/12/2013APNIC
 
APNIC's role in stability and security - 4th APT Cybersecurity Forum
APNIC's role in stability and security - 4th APT Cybersecurity ForumAPNIC's role in stability and security - 4th APT Cybersecurity Forum
APNIC's role in stability and security - 4th APT Cybersecurity ForumAPNIC
 
Internet Resource Management Tutorial at SANOG 24
Internet Resource Management Tutorial at SANOG 24Internet Resource Management Tutorial at SANOG 24
Internet Resource Management Tutorial at SANOG 24APNIC
 
APNIC Update @ ARM, Mongolia
APNIC Update @ ARM, MongoliaAPNIC Update @ ARM, Mongolia
APNIC Update @ ARM, MongoliaAPNIC
 
Universal Acceptance of Internationalized Domain Names (IDN), Email Addresses...
Universal Acceptance of Internationalized Domain Names (IDN), Email Addresses...Universal Acceptance of Internationalized Domain Names (IDN), Email Addresses...
Universal Acceptance of Internationalized Domain Names (IDN), Email Addresses...APNIC
 
Universal Acceptance: APNIC system readiness
Universal Acceptance: APNIC system readinessUniversal Acceptance: APNIC system readiness
Universal Acceptance: APNIC system readinessAPNIC
 
Strengthen DNS Through Infrastructure Design
Strengthen DNS Through Infrastructure DesignStrengthen DNS Through Infrastructure Design
Strengthen DNS Through Infrastructure DesignAPNIC
 
IDNOG 2: AS interconnection in indonesia
IDNOG 2: AS interconnection in indonesiaIDNOG 2: AS interconnection in indonesia
IDNOG 2: AS interconnection in indonesiaAPNIC
 

Recommended

LEA Workshop 11/12/2013
LEA Workshop 11/12/2013LEA Workshop 11/12/2013
LEA Workshop 11/12/2013APNIC
 
APNIC's role in stability and security - 4th APT Cybersecurity Forum
APNIC's role in stability and security - 4th APT Cybersecurity ForumAPNIC's role in stability and security - 4th APT Cybersecurity Forum
APNIC's role in stability and security - 4th APT Cybersecurity ForumAPNIC
 
Internet Resource Management Tutorial at SANOG 24
Internet Resource Management Tutorial at SANOG 24Internet Resource Management Tutorial at SANOG 24
Internet Resource Management Tutorial at SANOG 24APNIC
 
APNIC Update @ ARM, Mongolia
APNIC Update @ ARM, MongoliaAPNIC Update @ ARM, Mongolia
APNIC Update @ ARM, MongoliaAPNIC
 
Universal Acceptance of Internationalized Domain Names (IDN), Email Addresses...
Universal Acceptance of Internationalized Domain Names (IDN), Email Addresses...Universal Acceptance of Internationalized Domain Names (IDN), Email Addresses...
Universal Acceptance of Internationalized Domain Names (IDN), Email Addresses...APNIC
 
Universal Acceptance: APNIC system readiness
Universal Acceptance: APNIC system readinessUniversal Acceptance: APNIC system readiness
Universal Acceptance: APNIC system readinessAPNIC
 
Strengthen DNS Through Infrastructure Design
Strengthen DNS Through Infrastructure DesignStrengthen DNS Through Infrastructure Design
Strengthen DNS Through Infrastructure DesignAPNIC
 
IDNOG 2: AS interconnection in indonesia
IDNOG 2: AS interconnection in indonesiaIDNOG 2: AS interconnection in indonesia
IDNOG 2: AS interconnection in indonesiaAPNIC
 
BdNOG 3: A closer look at IPv4 transfers
BdNOG 3: A closer look at IPv4 transfersBdNOG 3: A closer look at IPv4 transfers
BdNOG 3: A closer look at IPv4 transfersAPNIC
 
Whois - Addressing the Asia Pacifc
Whois - Addressing the Asia PacifcWhois - Addressing the Asia Pacifc
Whois - Addressing the Asia PacifcAPNIC
 
ARIN on the Road
ARIN on the RoadARIN on the Road
ARIN on the RoadARIN
 
APNIC Policy Documentation - APNIC 35
APNIC Policy Documentation - APNIC 35APNIC Policy Documentation - APNIC 35
APNIC Policy Documentation - APNIC 35APNIC
 
Internet Resource Transfer Policy: what can you learn from them?
Internet Resource Transfer Policy: what can you learn from them?Internet Resource Transfer Policy: what can you learn from them?
Internet Resource Transfer Policy: what can you learn from them?APNIC
 
IANA Transition: What does it all mean? @ SAMNOG 27
IANA Transition: What does it all mean? @ SAMNOG 27IANA Transition: What does it all mean? @ SAMNOG 27
IANA Transition: What does it all mean? @ SAMNOG 27APNIC
 
IDNOG 2: IPv4 Transfers
IDNOG 2: IPv4 TransfersIDNOG 2: IPv4 Transfers
IDNOG 2: IPv4 TransfersAPNIC
 
36th TWNIC OPM: APNIC 52 Policy Update
36th TWNIC OPM: APNIC 52 Policy Update36th TWNIC OPM: APNIC 52 Policy Update
36th TWNIC OPM: APNIC 52 Policy UpdateAPNIC
 
apnic handling-network-abuse
apnic handling-network-abuseapnic handling-network-abuse
apnic handling-network-abuseAPNIC
 
Introduction to RPKI - MyNOG
Introduction to RPKI - MyNOGIntroduction to RPKI - MyNOG
Introduction to RPKI - MyNOGSiena Perry
 
CommuniCast 2014: Connecting your business to the Internet
CommuniCast 2014: Connecting your business to the InternetCommuniCast 2014: Connecting your business to the Internet
CommuniCast 2014: Connecting your business to the InternetAPNIC
 
IANA: Who, What, Why?
IANA: Who, What, Why?IANA: Who, What, Why?
IANA: Who, What, Why?APNIC
 
Measuring latency from the browser
Measuring latency from the browserMeasuring latency from the browser
Measuring latency from the browserAPNIC
 
APNIC Regional Update: PacINET 2014
APNIC Regional Update: PacINET 2014APNIC Regional Update: PacINET 2014
APNIC Regional Update: PacINET 2014APNIC
 
09 (IDNOG01) Introduction about APNIC by Wita Laksono
09 (IDNOG01) Introduction about APNIC by Wita Laksono09 (IDNOG01) Introduction about APNIC by Wita Laksono
09 (IDNOG01) Introduction about APNIC by Wita LaksonoIndonesia Network Operators Group
 
APNIC's Resource Certification Service
APNIC's Resource Certification ServiceAPNIC's Resource Certification Service
APNIC's Resource Certification ServiceAPNIC
 
IPv4 Transfers in the RIPE Region
IPv4 Transfers in the RIPE RegionIPv4 Transfers in the RIPE Region
IPv4 Transfers in the RIPE RegionRIPE NCC
 
Government
Government Government
Government APNIC
 
IPv6 Tutorial RIPE 60
IPv6 Tutorial RIPE 60IPv6 Tutorial RIPE 60
IPv6 Tutorial RIPE 60RIPE Meetings
 
PacNOG 18/APNIC Regional Meeting, Guam: APNIC Activities Update
PacNOG 18/APNIC Regional Meeting, Guam: APNIC Activities UpdatePacNOG 18/APNIC Regional Meeting, Guam: APNIC Activities Update
PacNOG 18/APNIC Regional Meeting, Guam: APNIC Activities UpdateAPNIC
 
UN INCB: RIRs and LEAs
UN INCB: RIRs and LEAsUN INCB: RIRs and LEAs
UN INCB: RIRs and LEAsAPNIC
 
KHNOG 5: APNIC Services
KHNOG 5: APNIC ServicesKHNOG 5: APNIC Services
KHNOG 5: APNIC ServicesAPNIC
 

More Related Content

What's hot

BdNOG 3: A closer look at IPv4 transfers
BdNOG 3: A closer look at IPv4 transfersBdNOG 3: A closer look at IPv4 transfers
BdNOG 3: A closer look at IPv4 transfersAPNIC
 
Whois - Addressing the Asia Pacifc
Whois - Addressing the Asia PacifcWhois - Addressing the Asia Pacifc
Whois - Addressing the Asia PacifcAPNIC
 
ARIN on the Road
ARIN on the RoadARIN on the Road
ARIN on the RoadARIN
 
APNIC Policy Documentation - APNIC 35
APNIC Policy Documentation - APNIC 35APNIC Policy Documentation - APNIC 35
APNIC Policy Documentation - APNIC 35APNIC
 
Internet Resource Transfer Policy: what can you learn from them?
Internet Resource Transfer Policy: what can you learn from them?Internet Resource Transfer Policy: what can you learn from them?
Internet Resource Transfer Policy: what can you learn from them?APNIC
 
IANA Transition: What does it all mean? @ SAMNOG 27
IANA Transition: What does it all mean? @ SAMNOG 27IANA Transition: What does it all mean? @ SAMNOG 27
IANA Transition: What does it all mean? @ SAMNOG 27APNIC
 
IDNOG 2: IPv4 Transfers
IDNOG 2: IPv4 TransfersIDNOG 2: IPv4 Transfers
IDNOG 2: IPv4 TransfersAPNIC
 
36th TWNIC OPM: APNIC 52 Policy Update
36th TWNIC OPM: APNIC 52 Policy Update36th TWNIC OPM: APNIC 52 Policy Update
36th TWNIC OPM: APNIC 52 Policy UpdateAPNIC
 
apnic handling-network-abuse
apnic handling-network-abuseapnic handling-network-abuse
apnic handling-network-abuseAPNIC
 
Introduction to RPKI - MyNOG
Introduction to RPKI - MyNOGIntroduction to RPKI - MyNOG
Introduction to RPKI - MyNOGSiena Perry
 
CommuniCast 2014: Connecting your business to the Internet
CommuniCast 2014: Connecting your business to the InternetCommuniCast 2014: Connecting your business to the Internet
CommuniCast 2014: Connecting your business to the InternetAPNIC
 
IANA: Who, What, Why?
IANA: Who, What, Why?IANA: Who, What, Why?
IANA: Who, What, Why?APNIC
 
Measuring latency from the browser
Measuring latency from the browserMeasuring latency from the browser
Measuring latency from the browserAPNIC
 
APNIC Regional Update: PacINET 2014
APNIC Regional Update: PacINET 2014APNIC Regional Update: PacINET 2014
APNIC Regional Update: PacINET 2014APNIC
 
APNIC's Resource Certification Service
APNIC's Resource Certification ServiceAPNIC's Resource Certification Service
APNIC's Resource Certification ServiceAPNIC
 
IPv4 Transfers in the RIPE Region
IPv4 Transfers in the RIPE RegionIPv4 Transfers in the RIPE Region
IPv4 Transfers in the RIPE RegionRIPE NCC
 
Government
Government Government
Government APNIC
 
IPv6 Tutorial RIPE 60
IPv6 Tutorial RIPE 60IPv6 Tutorial RIPE 60
IPv6 Tutorial RIPE 60RIPE Meetings
 
PacNOG 18/APNIC Regional Meeting, Guam: APNIC Activities Update
PacNOG 18/APNIC Regional Meeting, Guam: APNIC Activities UpdatePacNOG 18/APNIC Regional Meeting, Guam: APNIC Activities Update
PacNOG 18/APNIC Regional Meeting, Guam: APNIC Activities UpdateAPNIC
 

What's hot (20)

BdNOG 3: A closer look at IPv4 transfers
BdNOG 3: A closer look at IPv4 transfersBdNOG 3: A closer look at IPv4 transfers
BdNOG 3: A closer look at IPv4 transfers
 
Whois - Addressing the Asia Pacifc
Whois - Addressing the Asia PacifcWhois - Addressing the Asia Pacifc
Whois - Addressing the Asia Pacifc
 
ARIN on the Road
ARIN on the RoadARIN on the Road
ARIN on the Road
 
APNIC Policy Documentation - APNIC 35
APNIC Policy Documentation - APNIC 35APNIC Policy Documentation - APNIC 35
APNIC Policy Documentation - APNIC 35
 
Internet Resource Transfer Policy: what can you learn from them?
Internet Resource Transfer Policy: what can you learn from them?Internet Resource Transfer Policy: what can you learn from them?
Internet Resource Transfer Policy: what can you learn from them?
 
IANA Transition: What does it all mean? @ SAMNOG 27
IANA Transition: What does it all mean? @ SAMNOG 27IANA Transition: What does it all mean? @ SAMNOG 27
IANA Transition: What does it all mean? @ SAMNOG 27
 
IDNOG 2: IPv4 Transfers
IDNOG 2: IPv4 TransfersIDNOG 2: IPv4 Transfers
IDNOG 2: IPv4 Transfers
 
36th TWNIC OPM: APNIC 52 Policy Update
36th TWNIC OPM: APNIC 52 Policy Update36th TWNIC OPM: APNIC 52 Policy Update
36th TWNIC OPM: APNIC 52 Policy Update
 
apnic handling-network-abuse
apnic handling-network-abuseapnic handling-network-abuse
apnic handling-network-abuse
 
Introduction to RPKI - MyNOG
Introduction to RPKI - MyNOGIntroduction to RPKI - MyNOG
Introduction to RPKI - MyNOG
 
CommuniCast 2014: Connecting your business to the Internet
CommuniCast 2014: Connecting your business to the InternetCommuniCast 2014: Connecting your business to the Internet
CommuniCast 2014: Connecting your business to the Internet
 
IANA: Who, What, Why?
IANA: Who, What, Why?IANA: Who, What, Why?
IANA: Who, What, Why?
 
Measuring latency from the browser
Measuring latency from the browserMeasuring latency from the browser
Measuring latency from the browser
 
APNIC Regional Update: PacINET 2014
APNIC Regional Update: PacINET 2014APNIC Regional Update: PacINET 2014
APNIC Regional Update: PacINET 2014
 
09 (IDNOG01) Introduction about APNIC by Wita Laksono
09 (IDNOG01) Introduction about APNIC by Wita Laksono09 (IDNOG01) Introduction about APNIC by Wita Laksono
09 (IDNOG01) Introduction about APNIC by Wita Laksono
 
APNIC's Resource Certification Service
APNIC's Resource Certification ServiceAPNIC's Resource Certification Service
APNIC's Resource Certification Service
 
IPv4 Transfers in the RIPE Region
IPv4 Transfers in the RIPE RegionIPv4 Transfers in the RIPE Region
IPv4 Transfers in the RIPE Region
 
Government
Government Government
Government
 
IPv6 Tutorial RIPE 60
IPv6 Tutorial RIPE 60IPv6 Tutorial RIPE 60
IPv6 Tutorial RIPE 60
 
PacNOG 18/APNIC Regional Meeting, Guam: APNIC Activities Update
PacNOG 18/APNIC Regional Meeting, Guam: APNIC Activities UpdatePacNOG 18/APNIC Regional Meeting, Guam: APNIC Activities Update
PacNOG 18/APNIC Regional Meeting, Guam: APNIC Activities Update
 

Similar to LEA Workshop dated 09052013

UN INCB: RIRs and LEAs
UN INCB: RIRs and LEAsUN INCB: RIRs and LEAs
UN INCB: RIRs and LEAsAPNIC
 
KHNOG 5: APNIC Services
KHNOG 5: APNIC ServicesKHNOG 5: APNIC Services
KHNOG 5: APNIC ServicesAPNIC
 
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85APNIC
 
Cybersecurity Opportunities Challenges APNIC
Cybersecurity Opportunities Challenges APNICCybersecurity Opportunities Challenges APNIC
Cybersecurity Opportunities Challenges APNICAPNIC
 
PCTA Convention 2023: APNIC Introduction
PCTA Convention 2023: APNIC IntroductionPCTA Convention 2023: APNIC Introduction
PCTA Convention 2023: APNIC IntroductionAPNIC
 
PCTA Convention 2023: APNIC Introduction
PCTA Convention 2023: APNIC IntroductionPCTA Convention 2023: APNIC Introduction
PCTA Convention 2023: APNIC IntroductionAPNIC
 
APNIC IRM Tutorial, by Sheryl Hermoso [APRICOT 2015]
APNIC IRM Tutorial, by Sheryl Hermoso [APRICOT 2015]APNIC IRM Tutorial, by Sheryl Hermoso [APRICOT 2015]
APNIC IRM Tutorial, by Sheryl Hermoso [APRICOT 2015]APNIC
 
PacNOG 23: APNIC Regional Update
PacNOG 23: APNIC Regional UpdatePacNOG 23: APNIC Regional Update
PacNOG 23: APNIC Regional UpdateAPNIC
 
How APNIC can support law enforcement agencies in cybercrime investigtaion
How APNIC can support law enforcement agencies in cybercrime investigtaionHow APNIC can support law enforcement agencies in cybercrime investigtaion
How APNIC can support law enforcement agencies in cybercrime investigtaionAPNIC
 
IDNIC OPM 2023 - Internet Number Registry System
IDNIC OPM 2023 - Internet Number Registry SystemIDNIC OPM 2023 - Internet Number Registry System
IDNIC OPM 2023 - Internet Number Registry SystemAPNIC
 
Law Enforcement engagement capacity building
Law Enforcement engagement capacity buildingLaw Enforcement engagement capacity building
Law Enforcement engagement capacity buildingAPNIC
 
Nznog2014 apnic updates
Nznog2014 apnic updatesNznog2014 apnic updates
Nznog2014 apnic updatesAPNIC
 
APNIC Policy Webinar
APNIC Policy Webinar APNIC Policy Webinar
APNIC Policy Webinar Siena Perry
 
APNIC Policy and Services Update - ARM2
APNIC Policy and Services Update - ARM2APNIC Policy and Services Update - ARM2
APNIC Policy and Services Update - ARM2APNIC
 
APNIC Update - Member Briefing
APNIC Update - Member BriefingAPNIC Update - Member Briefing
APNIC Update - Member BriefingAPNIC
 
Internet Resource Management (IRM) & Internet Routing Registry (IRR)
Internet Resource Management (IRM) & Internet Routing Registry (IRR)Internet Resource Management (IRM) & Internet Routing Registry (IRR)
Internet Resource Management (IRM) & Internet Routing Registry (IRR)APNIC
 
APNIC services and Policy Development Process | IDNOG 5
APNIC services and Policy Development Process | IDNOG 5APNIC services and Policy Development Process | IDNOG 5
APNIC services and Policy Development Process | IDNOG 5APNIC
 
What is APNIC: Infotel 2014
What is APNIC: Infotel 2014What is APNIC: Infotel 2014
What is APNIC: Infotel 2014APNIC
 
PCTA 2019: How to obtain Internet resources to join the IXP
PCTA 2019: How to obtain Internet resources to join the IXPPCTA 2019: How to obtain Internet resources to join the IXP
PCTA 2019: How to obtain Internet resources to join the IXPAPNIC
 

Similar to LEA Workshop dated 09052013 (20)

UN INCB: RIRs and LEAs
UN INCB: RIRs and LEAsUN INCB: RIRs and LEAs
UN INCB: RIRs and LEAs
 
KHNOG 5: APNIC Services
KHNOG 5: APNIC ServicesKHNOG 5: APNIC Services
KHNOG 5: APNIC Services
 
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
 
Apnic-irme
Apnic-irmeApnic-irme
Apnic-irme
 
Cybersecurity Opportunities Challenges APNIC
Cybersecurity Opportunities Challenges APNICCybersecurity Opportunities Challenges APNIC
Cybersecurity Opportunities Challenges APNIC
 
PCTA Convention 2023: APNIC Introduction
PCTA Convention 2023: APNIC IntroductionPCTA Convention 2023: APNIC Introduction
PCTA Convention 2023: APNIC Introduction
 
PCTA Convention 2023: APNIC Introduction
PCTA Convention 2023: APNIC IntroductionPCTA Convention 2023: APNIC Introduction
PCTA Convention 2023: APNIC Introduction
 
APNIC IRM Tutorial, by Sheryl Hermoso [APRICOT 2015]
APNIC IRM Tutorial, by Sheryl Hermoso [APRICOT 2015]APNIC IRM Tutorial, by Sheryl Hermoso [APRICOT 2015]
APNIC IRM Tutorial, by Sheryl Hermoso [APRICOT 2015]
 
PacNOG 23: APNIC Regional Update
PacNOG 23: APNIC Regional UpdatePacNOG 23: APNIC Regional Update
PacNOG 23: APNIC Regional Update
 
How APNIC can support law enforcement agencies in cybercrime investigtaion
How APNIC can support law enforcement agencies in cybercrime investigtaionHow APNIC can support law enforcement agencies in cybercrime investigtaion
How APNIC can support law enforcement agencies in cybercrime investigtaion
 
IDNIC OPM 2023 - Internet Number Registry System
IDNIC OPM 2023 - Internet Number Registry SystemIDNIC OPM 2023 - Internet Number Registry System
IDNIC OPM 2023 - Internet Number Registry System
 
Law Enforcement engagement capacity building
Law Enforcement engagement capacity buildingLaw Enforcement engagement capacity building
Law Enforcement engagement capacity building
 
Nznog2014 apnic updates
Nznog2014 apnic updatesNznog2014 apnic updates
Nznog2014 apnic updates
 
APNIC Policy Webinar
APNIC Policy Webinar APNIC Policy Webinar
APNIC Policy Webinar
 
APNIC Policy and Services Update - ARM2
APNIC Policy and Services Update - ARM2APNIC Policy and Services Update - ARM2
APNIC Policy and Services Update - ARM2
 
APNIC Update - Member Briefing
APNIC Update - Member BriefingAPNIC Update - Member Briefing
APNIC Update - Member Briefing
 
Internet Resource Management (IRM) & Internet Routing Registry (IRR)
Internet Resource Management (IRM) & Internet Routing Registry (IRR)Internet Resource Management (IRM) & Internet Routing Registry (IRR)
Internet Resource Management (IRM) & Internet Routing Registry (IRR)
 
APNIC services and Policy Development Process | IDNOG 5
APNIC services and Policy Development Process | IDNOG 5APNIC services and Policy Development Process | IDNOG 5
APNIC services and Policy Development Process | IDNOG 5
 
What is APNIC: Infotel 2014
What is APNIC: Infotel 2014What is APNIC: Infotel 2014
What is APNIC: Infotel 2014
 
PCTA 2019: How to obtain Internet resources to join the IXP
PCTA 2019: How to obtain Internet resources to join the IXPPCTA 2019: How to obtain Internet resources to join the IXP
PCTA 2019: How to obtain Internet resources to join the IXP
 

More from APNIC

APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...APNIC
 
APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53APNIC
 
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024APNIC
 
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...APNIC
 
On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024APNIC
 
Networking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGNetworking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGAPNIC
 
IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119APNIC
 
draft-harrison-sidrops-manifest-number-01, presented at IETF 119
draft-harrison-sidrops-manifest-number-01, presented at IETF 119draft-harrison-sidrops-manifest-number-01, presented at IETF 119
draft-harrison-sidrops-manifest-number-01, presented at IETF 119APNIC
 
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119APNIC
 
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119APNIC
 
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119APNIC
 
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...APNIC
 
NANOG 90: 'BGP in 2023' presented by Geoff Huston
NANOG 90: 'BGP in 2023' presented by Geoff HustonNANOG 90: 'BGP in 2023' presented by Geoff Huston
NANOG 90: 'BGP in 2023' presented by Geoff HustonAPNIC
 
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff HustonDNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff HustonAPNIC
 
APAN 57: APNIC Report at APAN 57, Bangkok, Thailand
APAN 57: APNIC Report at APAN 57, Bangkok, ThailandAPAN 57: APNIC Report at APAN 57, Bangkok, Thailand
APAN 57: APNIC Report at APAN 57, Bangkok, ThailandAPNIC
 
Lao Digital Week 2024: It's time to deploy IPv6
Lao Digital Week 2024: It's time to deploy IPv6Lao Digital Week 2024: It's time to deploy IPv6
Lao Digital Week 2024: It's time to deploy IPv6APNIC
 
AINTEC 2023: Networking in the Penumbra!
AINTEC 2023: Networking in the Penumbra!AINTEC 2023: Networking in the Penumbra!
AINTEC 2023: Networking in the Penumbra!APNIC
 
CNIRC 2023: Global and Regional IPv6 Deployment 2023
CNIRC 2023: Global and Regional IPv6 Deployment 2023CNIRC 2023: Global and Regional IPv6 Deployment 2023
CNIRC 2023: Global and Regional IPv6 Deployment 2023APNIC
 
AFSIG 2023: APNIC Foundation and support for Internet development
AFSIG 2023: APNIC Foundation and support for Internet developmentAFSIG 2023: APNIC Foundation and support for Internet development
AFSIG 2023: APNIC Foundation and support for Internet developmentAPNIC
 
AFNOG 1: Afghanistan IP Deployment Status
AFNOG 1: Afghanistan IP Deployment StatusAFNOG 1: Afghanistan IP Deployment Status
AFNOG 1: Afghanistan IP Deployment StatusAPNIC
 

More from APNIC (20)

APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
 
APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53
 
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
 
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
 
On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024
 
Networking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGNetworking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOG
 
IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119
 
draft-harrison-sidrops-manifest-number-01, presented at IETF 119
draft-harrison-sidrops-manifest-number-01, presented at IETF 119draft-harrison-sidrops-manifest-number-01, presented at IETF 119
draft-harrison-sidrops-manifest-number-01, presented at IETF 119
 
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119
 
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
 
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
 
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
 
NANOG 90: 'BGP in 2023' presented by Geoff Huston
NANOG 90: 'BGP in 2023' presented by Geoff HustonNANOG 90: 'BGP in 2023' presented by Geoff Huston
NANOG 90: 'BGP in 2023' presented by Geoff Huston
 
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff HustonDNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
 
APAN 57: APNIC Report at APAN 57, Bangkok, Thailand
APAN 57: APNIC Report at APAN 57, Bangkok, ThailandAPAN 57: APNIC Report at APAN 57, Bangkok, Thailand
APAN 57: APNIC Report at APAN 57, Bangkok, Thailand
 
Lao Digital Week 2024: It's time to deploy IPv6
Lao Digital Week 2024: It's time to deploy IPv6Lao Digital Week 2024: It's time to deploy IPv6
Lao Digital Week 2024: It's time to deploy IPv6
 
AINTEC 2023: Networking in the Penumbra!
AINTEC 2023: Networking in the Penumbra!AINTEC 2023: Networking in the Penumbra!
AINTEC 2023: Networking in the Penumbra!
 
CNIRC 2023: Global and Regional IPv6 Deployment 2023
CNIRC 2023: Global and Regional IPv6 Deployment 2023CNIRC 2023: Global and Regional IPv6 Deployment 2023
CNIRC 2023: Global and Regional IPv6 Deployment 2023
 
AFSIG 2023: APNIC Foundation and support for Internet development
AFSIG 2023: APNIC Foundation and support for Internet developmentAFSIG 2023: APNIC Foundation and support for Internet development
AFSIG 2023: APNIC Foundation and support for Internet development
 
AFNOG 1: Afghanistan IP Deployment Status
AFNOG 1: Afghanistan IP Deployment StatusAFNOG 1: Afghanistan IP Deployment Status
AFNOG 1: Afghanistan IP Deployment Status
 

Recently uploaded

Dreaming Music Video Treatment _ Project & Portfolio III
Dreaming Music Video Treatment _ Project & Portfolio IIIDreaming Music Video Treatment _ Project & Portfolio III
Dreaming Music Video Treatment _ Project & Portfolio IIINhPhngng3
 
If this Giant Must Walk: A Manifesto for a New Nigeria
If this Giant Must Walk: A Manifesto for a New NigeriaIf this Giant Must Walk: A Manifesto for a New Nigeria
If this Giant Must Walk: A Manifesto for a New NigeriaKayode Fayemi
 
My Presentation "In Your Hands" by Halle Bailey
My Presentation "In Your Hands" by Halle BaileyMy Presentation "In Your Hands" by Halle Bailey
My Presentation "In Your Hands" by Halle Baileyhlharris
 
lONG QUESTION ANSWER PAKISTAN STUDIES10.
lONG QUESTION ANSWER PAKISTAN STUDIES10.lONG QUESTION ANSWER PAKISTAN STUDIES10.
lONG QUESTION ANSWER PAKISTAN STUDIES10.lodhisaajjda
 
BDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort ServiceBDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort ServiceDelhi Call girls
 
Air breathing and respiratory adaptations in diver animals
Air breathing and respiratory adaptations in diver animalsAir breathing and respiratory adaptations in diver animals
Air breathing and respiratory adaptations in diver animalsaqsarehman5055
 
No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...
No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...
No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...Sheetaleventcompany
 
Sector 62, Noida Call girls :8448380779 Noida Escorts | 100% verified
Sector 62, Noida Call girls :8448380779 Noida Escorts | 100% verifiedSector 62, Noida Call girls :8448380779 Noida Escorts | 100% verified
Sector 62, Noida Call girls :8448380779 Noida Escorts | 100% verifiedDelhi Call girls
 
Dreaming Marissa Sánchez Music Video Treatment
Dreaming Marissa Sánchez Music Video TreatmentDreaming Marissa Sánchez Music Video Treatment
Dreaming Marissa Sánchez Music Video Treatmentnswingard
 
AWS Data Engineer Associate (DEA-C01) Exam Dumps 2024.pdf
AWS Data Engineer Associate (DEA-C01) Exam Dumps 2024.pdfAWS Data Engineer Associate (DEA-C01) Exam Dumps 2024.pdf
AWS Data Engineer Associate (DEA-C01) Exam Dumps 2024.pdfSkillCertProExams
 
The workplace ecosystem of the future 24.4.2024 Fabritius_share ii.pdf
The workplace ecosystem of the future 24.4.2024 Fabritius_share ii.pdfThe workplace ecosystem of the future 24.4.2024 Fabritius_share ii.pdf
The workplace ecosystem of the future 24.4.2024 Fabritius_share ii.pdfSenaatti-kiinteistöt
 
Introduction to Prompt Engineering (Focusing on ChatGPT)
Introduction to Prompt Engineering (Focusing on ChatGPT)Introduction to Prompt Engineering (Focusing on ChatGPT)
Introduction to Prompt Engineering (Focusing on ChatGPT)Chameera Dedduwage
 
Report Writing Webinar Training
Report Writing Webinar TrainingReport Writing Webinar Training
Report Writing Webinar TrainingKylaCullinane
 
Thirunelveli call girls Tamil escorts 7877702510
Thirunelveli call girls Tamil escorts 7877702510Thirunelveli call girls Tamil escorts 7877702510
Thirunelveli call girls Tamil escorts 7877702510Vipesco
 
Presentation on Engagement in Book Clubs
Presentation on Engagement in Book ClubsPresentation on Engagement in Book Clubs
Presentation on Engagement in Book Clubssamaasim06
 
Uncommon Grace The Autobiography of Isaac Folorunso
Uncommon Grace The Autobiography of Isaac FolorunsoUncommon Grace The Autobiography of Isaac Folorunso
Uncommon Grace The Autobiography of Isaac FolorunsoKayode Fayemi
 
Chiulli_Aurora_Oman_Raffaele_Beowulf.pptx
Chiulli_Aurora_Oman_Raffaele_Beowulf.pptxChiulli_Aurora_Oman_Raffaele_Beowulf.pptx
Chiulli_Aurora_Oman_Raffaele_Beowulf.pptxraffaeleoman
 
SaaStr Workshop Wednesday w/ Lucas Price, Yardstick
SaaStr Workshop Wednesday w/ Lucas Price, YardstickSaaStr Workshop Wednesday w/ Lucas Price, Yardstick
SaaStr Workshop Wednesday w/ Lucas Price, Yardsticksaastr
 
BDSM⚡Call Girls in Sector 97 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 97 Noida Escorts >༒8448380779 Escort ServiceBDSM⚡Call Girls in Sector 97 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 97 Noida Escorts >༒8448380779 Escort ServiceDelhi Call girls
 

Recently uploaded (20)

Dreaming Music Video Treatment _ Project & Portfolio III
Dreaming Music Video Treatment _ Project & Portfolio IIIDreaming Music Video Treatment _ Project & Portfolio III
Dreaming Music Video Treatment _ Project & Portfolio III
 
If this Giant Must Walk: A Manifesto for a New Nigeria
If this Giant Must Walk: A Manifesto for a New NigeriaIf this Giant Must Walk: A Manifesto for a New Nigeria
If this Giant Must Walk: A Manifesto for a New Nigeria
 
My Presentation "In Your Hands" by Halle Bailey
My Presentation "In Your Hands" by Halle BaileyMy Presentation "In Your Hands" by Halle Bailey
My Presentation "In Your Hands" by Halle Bailey
 
lONG QUESTION ANSWER PAKISTAN STUDIES10.
lONG QUESTION ANSWER PAKISTAN STUDIES10.lONG QUESTION ANSWER PAKISTAN STUDIES10.
lONG QUESTION ANSWER PAKISTAN STUDIES10.
 
BDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort ServiceBDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort Service
 
Air breathing and respiratory adaptations in diver animals
Air breathing and respiratory adaptations in diver animalsAir breathing and respiratory adaptations in diver animals
Air breathing and respiratory adaptations in diver animals
 
No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...
No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...
No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...
 
Sector 62, Noida Call girls :8448380779 Noida Escorts | 100% verified
Sector 62, Noida Call girls :8448380779 Noida Escorts | 100% verifiedSector 62, Noida Call girls :8448380779 Noida Escorts | 100% verified
Sector 62, Noida Call girls :8448380779 Noida Escorts | 100% verified
 
Dreaming Marissa Sánchez Music Video Treatment
Dreaming Marissa Sánchez Music Video TreatmentDreaming Marissa Sánchez Music Video Treatment
Dreaming Marissa Sánchez Music Video Treatment
 
AWS Data Engineer Associate (DEA-C01) Exam Dumps 2024.pdf
AWS Data Engineer Associate (DEA-C01) Exam Dumps 2024.pdfAWS Data Engineer Associate (DEA-C01) Exam Dumps 2024.pdf
AWS Data Engineer Associate (DEA-C01) Exam Dumps 2024.pdf
 
The workplace ecosystem of the future 24.4.2024 Fabritius_share ii.pdf
The workplace ecosystem of the future 24.4.2024 Fabritius_share ii.pdfThe workplace ecosystem of the future 24.4.2024 Fabritius_share ii.pdf
The workplace ecosystem of the future 24.4.2024 Fabritius_share ii.pdf
 
Introduction to Prompt Engineering (Focusing on ChatGPT)
Introduction to Prompt Engineering (Focusing on ChatGPT)Introduction to Prompt Engineering (Focusing on ChatGPT)
Introduction to Prompt Engineering (Focusing on ChatGPT)
 
Report Writing Webinar Training
Report Writing Webinar TrainingReport Writing Webinar Training
Report Writing Webinar Training
 
Thirunelveli call girls Tamil escorts 7877702510
Thirunelveli call girls Tamil escorts 7877702510Thirunelveli call girls Tamil escorts 7877702510
Thirunelveli call girls Tamil escorts 7877702510
 
Presentation on Engagement in Book Clubs
Presentation on Engagement in Book ClubsPresentation on Engagement in Book Clubs
Presentation on Engagement in Book Clubs
 
Uncommon Grace The Autobiography of Isaac Folorunso
Uncommon Grace The Autobiography of Isaac FolorunsoUncommon Grace The Autobiography of Isaac Folorunso
Uncommon Grace The Autobiography of Isaac Folorunso
 
Chiulli_Aurora_Oman_Raffaele_Beowulf.pptx
Chiulli_Aurora_Oman_Raffaele_Beowulf.pptxChiulli_Aurora_Oman_Raffaele_Beowulf.pptx
Chiulli_Aurora_Oman_Raffaele_Beowulf.pptx
 
ICT role in 21st century education and it's challenges.pdf
ICT role in 21st century education and it's challenges.pdfICT role in 21st century education and it's challenges.pdf
ICT role in 21st century education and it's challenges.pdf
 
SaaStr Workshop Wednesday w/ Lucas Price, Yardstick
SaaStr Workshop Wednesday w/ Lucas Price, YardstickSaaStr Workshop Wednesday w/ Lucas Price, Yardstick
SaaStr Workshop Wednesday w/ Lucas Price, Yardstick
 
BDSM⚡Call Girls in Sector 97 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 97 Noida Escorts >༒8448380779 Escort ServiceBDSM⚡Call Girls in Sector 97 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 97 Noida Escorts >༒8448380779 Escort Service
 

LEA Workshop dated 09052013

  • 1. Law Enforcement Agency Workshop Champika Wijayatunga <champika@apnic.net> 03, October, 2013 In conjunction with Annual National Cyber Security Week.
  • 2. Agenda •  Introduction to APNIC –  Know about APNIC •  Internet Policy Development –  How the Internet Policies are developed •  Internet Challenges Today –  How APNIC can assist LEAs •  Internet Resource Registration –  APNIC Whois Database •  Resource Public Key Infrastructure (RPKI) –  How to Secure Routing 2
  • 4.
  • 6. What is APNIC? •  Regional Internet Registry (RIR) for the Asia Pacific region –  One of five RIRs currently operating around the world •  Membership based organisation –  Non-profit, Open, Consensus-based and Transparent 6
  • 7. APNIC’s Vision: A global, open, stable, and secure Internet that serves the entire Asia Pacific community. How we achieve this: •  Serving Members •  Supporting the Asia Pacific Region •  Collaborating with the Internet Community 7
  • 8. APNIC’s Mission •  Function as the Regional Internet Registry for the Asia Pacific, in the service of the community of Members and others •  Provide Internet registry services to the highest possible standards of trust, neutrality, and accuracy •  Provide information, training, and supporting services to assist the community in building and managing the Internet •  Support critical Internet infrastructure to assist in creating and maintaining a robust Internet environment •  Provide leadership and advocacy in support of its vision and the community •  Facilitate regional Internet development as needed throughout the APNIC community 8
  • 9. How APNIC support the Internet community •  Distribution and Registration of Internet Resources •  Facilitate the policy development process –  Via mailing lists, conferences etc. •  Training services •  Information dissemination •  Collaboration & Liaison
  • 11. Assisting LEAs •  APNIC has a fundamental role to play in the stability and security of the Internet, ensuring that the services we provide such as the APNIC Whois Database and Reverse DNS zone delegations are accurate, reliable, and up-to-date. •  LEAs are an important segment of the APNIC community. We collaborate, cooperate, and work together with them to ensure the Internet remains an open, secure, and stable platform •  Data from the Whois may be a source of information for the LEAs in our community. •  APNIC encourages the LEAs to participate in the APNIC Policy Development Process, and have your voices heard on issues that are important to you! 11
  • 13. Internet Policies •  Policies are constantly changing the meet the needs of the Internet operation •  There is a system in place called the Policy Development Process –  Anyone can participate –  Anyone can propose a policy –  All decisions & policies documented & freely available to anyone
  • 14. OPEN TRANSPARENTBOTTOM UP Implement Need Discuss Consensus Evaluate Anyone can participate All decisions & policies are documented & available Internet community proposes and approves policy 14 Policy Development Process
  • 16. Internet Challenges Today •  Internet Security –  Unauthorized Intrusions –  Denial of Service (DoS) Attacks –  Internal Attacks –  Non-compliance etc. •  Spam –  Unsolicited Commercial Email (UCE) & Unsolicited Bulk Email (UBE) –  Spam volume is exploding •  Network abuse –  RIR’s do not regulate conduct of Internet activity –  Investigation possibilities •  Cooperation of the network administrators •  Law enforcement agencies
  • 17. APNIC Service offerings •  Whois Database – an important resource! –  Troubleshooting –  Tracking source of abuse –  Protecting address space to prevent hijacking •  Information dissemination –  APNIC Conferences •  Technical talks & tutorials –  Publications & Research •  Education –  Training courses, Workshops and Seminars
  • 18. Steps we take to ensure Whois accuracy •  Member account opening –  verification of corporate existence with corporate registries or regulators (where possible) •  Membership renewal –  once a year –  email to corporate contact, with payment record –  Internet resources revoked if account not paid or renewed •  Transfer policies –  encourage registration of resources –  “value” of Internet resources encourage registration
  • 19. Efforts in Preventing Network Abuse •  As a registry, APNIC adopts and applies policies for it’s community which address network abuse. APNIC does not have the capacity to investigate abuse complaints or the legal powers to regulate Internet activity. •  APNIC seeks to raise awareness of the need for responsible network management in the Asia Pacific, through training and communication.
  • 20. Why APNIC appear as the source in some abuse search reports? •  Some designed to search the ARIN Whois database and may refer to APNIC as the culprit •  Many websites with Whois lookup functions has the same limitations •  However the IP addresses are registered by five RIRs on a regional basis
  • 21. •  If a standard search refers you to APNIC – It means only that the network in question is registered in the Asia Pacific region – Does not mean that APNIC is responsible or that the hacker/spammer is using APNIC network Detecting the Abuse
  • 22. Can APNIC stop Abuse? •  No, because… –  APNIC is not an ISP and does not provide network connectivity to other networks –  APNIC does not control Internet routing –  APNIC is not a law enforcement agency –  APNIC has no industry regulatory power
  • 23. Investigation of Complaints •  Laws relating to network abuse vary from country to country •  Investigation possibilities –  Cooperation of the network administrators –  Law enforcement agencies •  Local jurisdiction •  Jurisdiction where the problem originates
  • 24. What can you do? •  Use the APNIC Whois Database to obtain network contact information •  APNIC Whois may or may not show specific customer assignments for the addresses in question –  But will show the ISP holding APNIC space •  Contact the network responsible and also its ISP/upstream •  Contact APNIC for help, advice, training or support •  Community discussions can be raised in the APNIC conferences, mailing lists, etc.
  • 28. IPv4 vs IPv6 Internet Source: CAIDA
  • 29. IPv6 Addressing Structure 0 127 ISP /32 32 128 bits Customer Site /48 16 Subnet /64 16 64 Device /128
  • 30. How IP Addresses are Delegated APNIC Delegates to APNIC Member Member (ISP) Customer / End User Delegates to customers ISP customer /8 APNIC Allocation /22 Member Allocation Sub- Allocation/24 /26/27 /25 Customer Assignments /26 /27 RegistryRealmOperatorsRealm
  • 31. IP Address Management •  Portable Allocations –  Allocations made by APNIC •  Non Portable Allocations –  Allocations made by APNIC Members •  Portable Assignments –  Customer addresses independent from ISP –  Keeps addresses when changing ISP –  Bad for size of routing tables –  Bad for QoS: routes may be filtered, flap- dampened •  Non-portable Assignments –  Customer uses ISP’s address space –  Must renumber if changing ISP –  Helps scale the Internet effectively ISP Allocation Customer assignments Customer assignments ISP 31
  • 32. Address Management Hierarchy Describes “portability” of the address space Non-Portable /12 APNIC Allocation Portable /48Assignment /64 - /48 Assignment APNIC Allocation /64 - /48Assignment Non-Portable Sub-allocation /40 /32Member Allocation Portable Non-Portable /12 32
  • 33. Transferring IP Addresses •  Transfers, Mergers, Acquisitions are possible •  There are transfer policies exists to transfer IP addresses –  In the APNIC region –  Inter-RIR IPv4 Transfers •  Conditions on the source and recipient RIR will apply •  APNIC will review the status of IP allocations 33
  • 34. APNIC Resource Quality Assurance •  Community awareness •  Build relationships with reputable organizations that maintain bogon/black list •  Keep the WHOIS Database accurate –  Actively remind resource holders to update their data
  • 35. APNIC also manages Reverse DNS •  ‘Forward DNS’ maps names to numbers –  svc00.apnic.net è202.12.28.131 •  ‘Reverse DNS’ maps numbers to names –  202.12.28.131 è svc00.apnic.net Person (Host) Address (IPv4/IPv6) 35
  • 36. Reverse DNS - why bother? •  Service denials –  That only allow access when fully reverse delegated •  Diagnostics –  Assisting in network troubleshooting •  Spam prevention –  Reverse lookup to confirm the mail servers and source of the email –  Failed lookup adds to an email’s spam score •  Registration responsibilities 36
  • 37. whois Root DNS Principles – DNS Tree net edu com nz whois apnic arpa 22 .64 .in-addr.202 .arpa Mapping numbers to names - ‘reverse DNS’ 203 210 211..202RIR 6464ISP 2222 Customer in-addr 37
  • 38. Reverse DNS Tree – with IPv6 whois Root DNS net edu com whois apnic arpa 203 210202 2222 in-addr 6464 RIR ISP Customer ip6 IPv6 Addresses 38
  • 40. The APNIC Whois Database •  Holds IP address records within the AP region •  Can use this database to track down the source of the network abuse –  IP addresses, ASNs, Reverse Domains, Routing policies •  Can find contact details of the relevant network administrators –  not the individual users –  use administrators log files to contact the individual involved
  • 41. Resource Registration •  As part of the membership agreement with APNIC, all members are required to register their resources in the APNIC Whois database. •  Members must keep records up to date: –  Whenever there is a change in contacts –  When new resources are received –  When resources are sub-allocated or assigned 41
  • 42. Whois Object Types OBJECT PURPOSE person contact persons role contact groups/roles inetnum IPv4 addresses Inet6num IPv6 addresses aut-num Autonomous System number domain reverse domains route prefixes being announced mntner (maintainer) data protection mnt-irt Incident Response Team http://www.apnic.net/db/ 42
  • 43. How to use APNIC Whois •  Web browser –  http://www.apnic.net/whois •  Whois client or query tool –  whois.apnic.net •  Identify network contacts from the registration records –  IRT (Incident Response Team) if present –  Contact persons: “tech-c” or “admin-c”
  • 44. What if Whois info is invalid? •  Members (ISPs) are responsible for reporting changes to APNIC –  Under formal membership agreement •  Report invalid ISP contacts to APNIC –  http://www.apnic.net/invalidcontact –  APNIC will contact member and update registration details
  • 45. What if Whois info is invalid? •  Customer assignment information is the responsibility of ISPs –  ISPs are responsible for updating their customer network registrations •  Tools such as ‘traceroute’, ‘looking glass’ and RIS may be used to track the upstream provider if needed –  More information available from APNIC
  • 46. Inetnum / Inet6num Objects •  Contains IP allocation and assignment information •  APNIC creates an inetnum (or inet6num) object for each allocation or assignment they make to the Member •  All members must create inetnum (or inet6num) objects for each sub-allocation or assignment they make to customers 46
  • 51. Maintainer Hierarchy Diagram 51 Allocated to APNIC: Maint-by can only be changed by IANA Allocated to Member: Maint-by can only be changed by APNIC Sub-allocated to Customer: Maint-by can only be changed by Member
  • 52. inetnum: Allocation (Created by APNIC) 3 Using the Whois – step by step Customer Assignments (Created by Member) person: nic-hdl: KX17-AP Contact info 1 Data Protection mntner: 2 inetnum: ... KX17-AP ... mnt-by: ... 4 inetnum: ... KX17-AP ... mnt-by: ... 5 inetnum: ... KX17-AP ... mnt-by: ... 6
  • 53. Whois Database Queries –  Flags used for inetnum queries None find exact match - l find one level less specific matches - L find all less specific matches - m find first level more specific matches - M find all More specific matches - x find exact match (if no match, nothing) - d enables use of flags for reverse domains - r turn off recursive lookups
  • 54. inetnum: 202.64.0.0 – 202.64.15.255 202.64.0.0/20 inetnum: 202.0.0.0 – 202.255.255.255 202.0.0.0/8 Whois Database Query - inetnum 202.64.12.128/25 inetnum: whois -L 202.64.0.0 /20 whois 202.64.0.0 /20 whois –m 202.64.0.0 /20 inetnum: 202.64.15.192/26 inetnum: 202.64.10.0/24More specific à (= smaller blocks) Less specific à (= bigger block)
  • 55. Recursive Lookups •  whois 202.12.29.0 à –  whois -r 202.12.29.0 à –  whois -T inetnum 202.12.29.0 à –  whois -r -T inetnum 202.12.29.0 à personinetnum route inetnum route person personinetnum inetnum recursion enabled by default recursion turned off ‘type’ of object specified ‘type’ of object specified & recursion turned off , & & &
  • 56. Inverse Queries •  Inverse queries are performed on inverse keys •  See object template (whois –t) •  Returns all public objects that reference the object with the key specified as a query argument •  Practical when searching for objects in which a particular value is referenced, such as your nic-hdl •  Syntax: whois -i <attribute> <value>
  • 57. Inverse Queries - examples •  What objects are referencing my nic-hdl? –  whois –i person KX17-AP (or –ipn KX17-AP) •  In what objects am I registered as tech-c? –  whois –i tech-c KX17-AP •  Return all domain objects where I am registered as admin-c or tech-c –  whois -i admin-c tech-c -T domain KX17-AP •  What objects are protected by my maintainer? –  whois -i mnt-by MAINT-WF-EX
  • 58. Customer Privacy •  Public data –  Includes portable addresses (inetnum objects), and other objects e.g.route objects –  Public data: must be visible •  Private data –  Can include non-portable addresses (inetnum objects) –  Members have the option to make private data visible •  Customer assignments –  Can be changed to be public data (public data is an optional choice)
  • 59. What needs to be visible? IANA range Non-APNIC range APNIC range NIR rangeAPNIC allocations & assignments NIR allocations & assignments Customer assignments Infrastructure Sub-allocations must be visible visibility optional LIR/ISP PORTABLE addresses NON-PORTABLE addresses
  • 60. APNIC Whois Database & the Internet Routing Registry •  APNIC Whois Database –  Two databases in one •  Public Network Management Database –  “Whois” info about networks & contact persons •  IP addresses, AS numbers etc •  Routing Registry –  contains routing information •  routing policy, routes, filters, peers etc. –  APNIC RR is part of the global IRR
  • 61. Benefits of APNIC RR integrated in Whois Database •  Facilitates network troubleshooting •  Registration of routing policies •  Generation of router configurations •  Provides global view of routing
  • 63. What is RPKI? •  Resource Public Key Infrastructure (RPKI) •  A robust security framework for verifying the association between resource holder and their Internet resources •  Created to address the issues in RFC 4593 •  Uses X.509 v3 certificates –  With RFC3779 extensions •  Helps to secure Internet routing by validating routes –  Proof that prefix announcements are coming from the legitimate holder of the resource •  A system to manage the creation and storage of digital certificates and the associated Route Origin Authorization documents
  • 64. Benefits of RPKI - Routing •  Prevents “Route Hijacking” –  when an entity participating in Internet routing announces a prefix without authorization –  Reason: malicious attack or operational mistake
  • 65. “Right” to Resources •  ISP gets their resources from the RIR •  ISP notifies its upstream of the prefixes to be announce •  Upstream _must_ check the Whois database if resource has been delegated to customer ISP.
  • 66. X.509 Certificate •  Resource certificates are based on the X.509 certificate format - RFC 5280 •  Extended by RFC 3779 – this extension binds a list of resources (IP, ASN) to the subject of the certificate
  • 67. X.509 Certificate with 3779 Extension •  SIA – Subject Information Access; contains a URI that references the directoryX.509 Certificate RFC 3779 Extension SIA Owner's Public Key
  • 68. Two Components •  Certificate Authority (CA) –  Internet Registries (RIR, NIR, Large LIR) –  Issue certificates for customers –  Allow customers to use the CA’s GUI to issue ROAs for their prefixes •  Relying Party (RP) –  Software which gathers data from CAs
  • 69. Route Origin Authorisations (ROA) •  Certificate holder uses its private key to sign an ROA •  Verifies that an AS has been given permission by an address block holder to advertise routes to one or more fpxies without a blog. •  RPKI in the RIRs –  APNIC implemented RPKI Resource Certification
  • 70. APNIC Resource Certification •  A robust security framework for verifying the association between resource holders and their Internet resources. •  Initiative from APNIC aimed at –  improving the security of inter-domain routing, and –  augmenting the information published in the Whois database •  Verifies a holder’s current “right-of-use” over an Internet resource
  • 72. Resource Certification (APNIC) •  Verify signed data using the signer’s public key •  Verify public key through a chain of interlocking certificates that connect a Trust Anchor to the signer’s public key certificate. –  This is what we refer to as RPKI •  Why it’s important: –  Routing advertisements is now verifiable
  • 73. Creating ROA Records •  Login to MyAPNIC, then Resources -> Certification
  • 74. Adding ROA Records •  Simple view and add using the form
  • 76. Summary •  Introduction to APNIC –  Know about APNIC •  Internet Policy Development –  How the Internet Policies are developed •  Internet Challenges Today –  How APNIC can assist LEAs •  Internet Resource Registration –  APNIC Whois Database •  Resource Public Key Infrastructure (RPKI) –  How to Secure Routing 76