Security FAQ

Why is LACNIC trying to hack into my computer?

LACNIC is not hacking your computer. Some computer security programs (firewalls) can be configured to search for IP address information in other registry databases, and these may not have the most accurate information.

Many of these programs are configured to search for information in the databases maintained by ARIN, which is the organization responsible for registering and assigning IP addresses in the North American region.

LACNIC is the organization responsible for registering and assigning IP addresses to organizations in Latin America and Caribbean.

There are five regional Internet registries worldwide:

APNIC is the regional Internet registry for the Asia Pacific region; ARIN is the regional Internet registry for North America; LACNIC is the regional Internet registry for Latin America and the Caribbean; RIPENCC is the regional Internet registry for Europe; and AFRINIC is the regional Internet registry for Africa.

Therefore, if your firewall searches other databases instead of LACNIC's, you will only obtain generic information that simply states that an IP address is under LACNIC's responsibility.

Note that the information provided by our database is authoritative and should be used as an accurate source of information. To search our database, you can use the Whois service.

How can I obtain the most accurate information available regarding the person responsible for the IP address that is trying to hack into my computer?

Any information regarding IP addresses assigned by LACNIC can be obtained using the Whois tool in two different ways:

Via the web at http://lacnic.net/cgi-bin/lacnic/whois
Using the nickname protocol: whois-h

What kind of information does the Whois tool provide?

The Whois tool provides the name of an organization to which the IP address or ASN was assigned as well as its postal address, technical and administrative contacts, DNS servers and registration date (in addition to other information).

In this case the most important information is the name of the organization to which an address was assigned and its points of contact (technical and administrative).

The Whois tool identifies this information as follows:

The owner-c and tech-c fields will only show the codes assigned by LACNIC's system. The contact’s complete information can be found in the response provided by the Whois service itself, including the contact’s name, email address, postal address and telephone number.

owner: Name of the organization to which the IP address was assigned
owner-c: Organization's administrative contact
tech-c: Technical contact for the IP address

What should I do if the information provided by the Whois tool is incorrect?

Organizations receiving IP addresses from LACNIC are required to update their information. If you notice any incorrect information, please notify LACNIC at hostmaster@lacnic.net specifying the IP address that contains invalid information.

What should I do in case of an attack?

You should contact the organization responsible for the IP address that originated the attack: email the organization's point of contact to politely request that they identify who is using this IP address and take the necessary measures according to acceptable use policies. The message should include the IP address that originated the attack and the time that it occurred. This information should be available on your firewall's logs.

Is it possible for LACNIC to go after the user of this IP address?

LACNIC does not have the legal means to take action against attackers; neither does LACNIC have the necessary technical means to do so since this is an ISP’s user (third-party user), not LACNIC's.

LACNIC is simply the entity responsible for registering and assigning the resources (IPv4, IPv6 and ASN), and it is only responsible for providing information about the organization to which a resource has been directly assigned.

I have received a lot of unsolicited emails (spam) and my security software has identified LACNIC as the sender. Why is that?

Some security programs are configured to query ARIN's database to determine who is responsible for an IP address. That database contains only generic information that states that an IP address is under LACNIC's authority, but this does not mean that LACNIC is sending the unsolicited emails.

In this case you should contact the organization responsible for the IP address that originated the spam.

Is it possible for LACNIC to simply remove my email address from these spam distribution lists?

LACNIC does not send unsolicited emails or spam, nor does it maintain any email distribution lists.

How can I protect myself against unsolicited email?

Some recommendations on how to protect yourself against spam or minimize the problem are:

Never reply to spam messages. Doing so will only confirm that your email address is valid.
Notify the organization or user responsible for the IP address from which the spam is originating. Often they do not know that their computer is being used for this purpose.
Do not publish your email address on websites you do not trust. If an online shopping site, for example, requires an email address then you can use a free address that can be discarded later.

More useful tips can be found at:

Fight Spam on the Internet!
Documentos Produzidos pelo NBSO

Lenguaje Language Lingua

Security FAQ