Where are the whois databases and what do they contain?
There are three RIRs, each maintaining a whois database holding details of IP address registrations in their regions. The RIR whois databases are located at:
- ARIN (the Americas and sub-Saharan Africa)
- APNIC (Asia Pacific region)
- RIPE NCC (Europe and northern Africa)
For historical reasons, the ARIN Whois Database is generally the starting point for searches. If an address is outside of ARIN's region, then that database will provide a reference to either APNIC or RIPE NCC.
Unfortunately, many people misinterpret this referral to mean that either APNIC or RIPE NCC is the network from where the problem arose. In fact, APNIC and RIPE NCC perform the same function as ARIN. To get more specific information you must follow the referral and search the appropriate database.
Top
What does the APNIC Whois database contain?
The APNIC Whois Database contains registration details of IP addresses and AS numbers originally allocated by APNIC. It contains details of the organisations that hold the resources, the country where the allocations were made, and contact details for the networks. The organisations that hold those resources are responsible for updating their information in the database.
Please note, the APNIC Whois Database will be able to identify the details of the network routing the IP address you are searching for. In general it will not identify the individual actually using the specific address. Only the network administrator will have access to user information.
Top
How do I use the APNIC Whois Database?
To find details about the IP address you are searching for, simply enter it into the text box and click "Search Whois".
There are many other options available in the advanced Whois interface, but for simple IP look-ups you should just use the default settings.
Top
What do the query results mean?
A. Which are the most important parts to look at?
For spam and hacking complaints, you really only need to consider the admin-c and tech-c fields.
These two fields show the administrative and technical contacts for the organisation holding the relevant address range. Click on the hyperlinked entry (it looks like "AB12-AP"). This takes you to the address details of the contact.
B. What do all the other fields mean?
The other fields are included as part of the proper registration of public resources. If you're just using the database to look for the organisation responsible for network abuse, these other fields should not be relevant.
C. Your database says APNIC is the "source" of the IP address I've looked up
The source field shows the RIR responsible for keeping records of the IP address allocation. It does not show the organisation responsible for the administration or operation of the network.
Also note that the changed field is not a network contact address, as it merely records who made the most recent change to the registration information. All APNIC addresses will initially record an APNIC address in this field, as APNIC creates the first database object.
Top
Where do I go from here?
To contact the network responsible for the IP address of the spammer or hacker, you will need to contact the admin-c or tech-c.
See what if the registered contact details are wrong? for more information.
Top
Are there any exceptions?
In many cases the APNIC Whois Database will refer you to a National Internet Registry (NIR). The NIRs perform a similar function to APNIC, but on a national level only. If the netname in the Whois record shows one of the following NIRs, you will need to access their databases to find out which ISP they allocated the address space to and contact the admin-c or tech-c of that ISP. Only contact the NIR itself if there are problems with the contacts registered in their database.
*KRNIC maintains a list of ISP network abuse contacts.
Top
I'm ready to query the APNIC Whois Database
The APNIC Whois Database is located at http://www.apnic.net/apnic-bin/
Top
More information
Top | APNIC FAQs
Last modified Tuesday, 20-Aug-2002 09:55:34 EST | © 1999 - 2002 APNIC Pty. Ltd. Comments to: webmaster@apnic.net
| 
