How can I obtain the abuse e-mail address for IPs from Japan?

Kurt_Kraut · August 23, 2017, 2:08pm

Hello,

I'm having a hard time to figure out the abuse e-mail address for IPs from
Japan. Any query I perform at the WHOIS, for any IP, from any autonomoyus
system I get the same e-mail addresses:

abuse@apnic.net
hm-changed@apnic.net
ip-apnic@nic.ad.jp
hostmaster@nic.ad.jp

These e-mail addresses belong to JPNIC, not the autonomous system itself.
So any messages sent to these e-mail addresses will not reach the offending
NOC/SOC so I can report vulnerabilities and DDoS attacks.

What am I missing and how should I report security issues to autonomous
systems from this region? Has anyone here any experience on this?

Thanks in advance,

Kurt Kraut

Suresh_Ramasubramani · August 23, 2017, 2:55pm

whois -h whois.nic.ad.jp IP /e

--srs

Kurt_Kraut · August 23, 2017, 3:16pm

Hello Suresh,

It doesn't seem to help a lot:

ktk@ktk:~$ whois -h whois.nic.ad.jp 59.106.13.181
[ JPNIC database provides information regarding IP address and ASN. Its use
  ]
[ is restricted to network administration purposes. For further
information, ]
[ use 'whois -h whois.nic.ad.jp help'. To only display English output,
   ]
[ add '/e' at the end of command, e.g. 'whois -h whois.nic.ad.jp xxx/e'.
   ]

Network Information:
a. [Network Number] 59.106.12.0-59.106.27.255
b. [Network Name] SAKURA-NET
g. [Organization] SAKURA Internet Inc.
m. [Administrative Contact] KT749JP
n. [Technical Contact] KW419JP
p. [Nameserver] ns1.dns.ne.jp
p. [Nameserver] ns2.dns.ne.jp
[Assigned Date] 2004/11/24
[Return Date]
[Last Update] 2004/11/24 18:41:02(JST)

Less Specific Info.

Marc_Gimeno · August 23, 2017, 3:26pm

Maybe simple whois from debian machine. Then he looks to related Regional
Internet address Registry, in this case, APNIC. I mark it in *bold*.

hois 59.106.13.181
% [whois.apnic.net]
% Whois data copyright terms http://www.apnic.net/db/dbcopyright.html

% Information related to '59.106.0.0 - 59.106.255.255'

% Abuse contact for '59.106.0.0 - 59.106.255.255' is 'hostmaster@nic.ad.jp'

inetnum: 59.106.0.0 - 59.106.255.255
netname: SAKURA
descr: SAKURA Internet Inc.
descr: Grandfront Osaka Bldg. Tower-A 35F, 4-20, Ofukacho,
Kita-ku, Osaka 530-0011 Japan
country: JP
admin-c: JNIC1-AP
tech-c: JNIC1-AP
status: ALLOCATED PORTABLE
*remarks: Email address for spam or abuse complaints :
support@sakura.ad.jp <support@sakura.ad.jp>*
mnt-by: MAINT-JPNIC
mnt-irt: IRT-JPNIC-JP
mnt-lower: MAINT-JPNIC
changed: hm-changed@apnic.net 20041013
changed: ip-apnic@nic.ad.jp 20070523
changed: hm-changed@apnic.net 20151202
changed: ip-apnic@nic.ad.jp 20170703
source: APNIC

irt: IRT-JPNIC-JP
address: Urbannet-Kanda Bldg 4F, 3-6-2 Uchi-Kanda
address: Chiyoda-ku, Tokyo 101-0047, Japan
e-mail: hostmaster@nic.ad.jp
abuse-mailbox: hostmaster@nic.ad.jp
admin-c: JNIC1-AP
tech-c: JNIC1-AP
auth: # Filtered
mnt-by: MAINT-JPNIC
changed: abuse@apnic.net 20101108
changed: hm-changed@apnic.net 20101111
changed: ip-apnic@nic.ad.jp 20140702
source: APNIC

Justin_M_Streiner2 · August 23, 2017, 3:43pm

Since they don't have an abuse contact and there's not much additional useful contact information in their peeringdb entry, your next best bet would be to reach out to the admin and technical contacts listed in their whois record, or try the abuse contacts for one or more of their
upstreams.

jms

Andrew_Latham · August 23, 2017, 3:52pm

Kurt

I see contact info for KW419JP maybe I don't understand what you are
looking for.

Kurt_Kraut · August 23, 2017, 3:58pm

Hello folks,

Thank you for your assistance. I'm used to query AS entries for LACNIC
region and their WHOIS spit out righ away all contacts. I didn't realise I
had to make a secondary query for the Technical Contact ID to only then see
the e-mail address.

Best regards,

Kurt Kraut

Niels_Bakker · August 23, 2017, 3:59pm

* listas@kurtkraut.net (Kurt Kraut) [Wed 23 Aug 2017, 17:16 CEST]:

No e-mail addresses of the abuse team or NOC or SOC.

% whois 59.106.13.181 | grep support
remarks: Email address for spam or abuse complaints : support@sakura.ad.jp

That's not a special whois client but is in the text returned by APNIC.

note that whois.nic.ad.jp does not, unlike RIPE whois, automatically also include person objects referenced in an inetnum object, so you will have to query for those separately, as another poster pointed out.

-- Niels.

John_L · August 23, 2017, 8:03pm

In article <CAPbn28=jm02=uVQh341SjvO4_frZo0Lj-5KTNp+eP6RYN9jmUQ@mail.gmail.com> you write:

Thank you for your assistance. I'm used to query AS entries for LACNIC
region and their WHOIS spit out righ away all contacts. I didn't realise I
had to make a secondary query for the Technical Contact ID to only then see
the e-mail address.

If you do write to Japanese network contacts, expect a very polite
response saying that they can't deal with your report because they're
too scared to open attachments.

R's,
John

Kazunori_ANDO · August 25, 2017, 4:06am

one more command.

whois -h whois.nic.ad.jp KW419JP