The main purpose of ARIN’s Whois directory service is fairly clear-cut: maintain and display accurate registration records of who has the rights of use to a particular Internet Number resource. Simple enough, right? It’s easy to see how network operators would value this service; but did you know that researchers, law enforcement, and many other community stakeholders also use Whois data for a variety of reasons?
With that in mind, it’s easy to see the importance of maintaining accurate registration records in Whois. Aside from the fact that accurate data helps keep the Internet secure and safe (and quite simply, it’s the right thing to do), there are other reasons that you may not have considered.
ARIN has increasingly found that registration records that haven’t been updated have become the prime targets of hijackers and other potential criminals. The common approach is to find these dormant resource, organization, and Point of Contact (POC) records, and subsequently go through a series of checks to determine if the associated Internet number resources are being used by a viable organization. If it appears that the Internet number resources may not be used or that the registrant is no longer in business, the perpetrators then attempt to emulate the organization so as to take over the organization record and its related resources (including persuading ISPs to begin routing those resources). With enough effort, this type of fraud can lead to a registrant losing control of its resources if not promptly detected.
So what can you do to defend yourself? There are a couple of important steps organizations and individuals can take to protect their Whois data and prevent their resources from being hijacked. The first and most important one is to ensure the timely and accurate maintenance of your Whois data. This includes updating ARIN about any mergers, acquisitions, transfers, or name changes that have taken place over the years. You can make registration updates by logging into your ARIN Online account (or creating a new one if you don’t already have one) and selecting the appropriate request category in the left-hand navigation.
A second, very important step that organizations and individuals can take is to respond to ARIN’s annual POC validation request. Either confirming that your registration information is correct or sending ARIN updated contact information helps to ensure that the Whois database is properly and accurately updated.
Note that the ability to update IP registry records is currently available to all individuals and organizations receiving ARIN services, whether pursuant to a Registration Services Agreement or because the registrant holds legacy number resources issued before ARIN’s formation.
All updates made to Whois records will be reflected in the “Last Updated” date field in Whois. When a potential hijacker sees a recent “Last Updated” date, this is an indicator that the contact and its associated organization are current and active, which can be a significant deterrent to potential hijackers. If you observe an inaccuracy in Whois for other organizations, please let us know so we can work to update the record accordingly. To do so, please click the “Whois Inaccuracy Reporting” link on ARIN’s homepage and fill out a short web form or send an email to firstname.lastname@example.org.
We encourage everyone to take the time necessary to update their registration data whenever it changes – remember: it only takes a little effort now to defend yourself against larger problems down the line!