Security (FAQ)

Why is LACNIC trying to hack into my computer?

This information is incorrect. Some computer security programs (firewalls) can be configured to search for IP address information in other registries' databases, and these may not have the most accurate information.

Many of these programs are configured to search for information in the databases maintained by ARIN (American Registry for Internet Numbers), which is the organization responsible for registering and assigning IP addresses in the North American region.

LACNIC is the organization responsible for registering and assigning IP addresses to organizations in Latin America and Caribbean.

There are five regional Internet registries worldwide:

APNICthe regional Internet registry for the Asia Pacific region; ARIN the regional Internet registry for North America; LACNIC   the regional Internet registry for Latin America and the Caribbean; RIPE NCC  the regional Internet registry for Europe; AFRINIC the regional Internet registry for Africa.

Therefore, if your firewall searches other databases instead of LACNIC's, you will only obtain generic information that simply states that a particular IP address is under LACNIC's responsibility.

Note that the information provided by our database is authoritative and should be used as an accurate source of information. To search our database you can use the whois service.

So, how can I obtain the most accurate information available regarding the person responsible for the IP address that is trying to hack into my computer?

Any information regarding the IP addresses assigned by LACNIC can be obtained using the WHOIS tool in two different ways:

  1. Via web at http://lacnic.net/cgi-bin/lacnic/whois
  2. Using the nicname protocol: whois -h

What kind of information does the Whois tool provide?

The Whois tool provides, among other information, the name of organization to which the IP address or ASN was assigned as well as its postal address, technical and administrative contacts, DNS servers, and registration date.

In this case the most important information is the organization to which an address was assigned and its points of contact (technical and administrative).

The Whois tool identifies this information as follows:

The owner-c and tech-c fields will only show the codes assigned by LACNIC's system. The contacts' complete information can be found in the response provided by the Whois tool itself, including the contacts' name, email address, postal address and telephone number.

  1. owner: Name of the organization to which the IP address was assigned
  2. owner-c: The organization's administrative contact
  3. tech-c: Technical contact for the IP address

What should I do if the information provided by the Whois tool is incorrect?

Organizations receiving IP addresses from LACNIC are required to update their information.

If you notice any incorrect information, please notify LACNIC at hostmaster@lacnic.net specifying the IP address that contains invalid information.

What should I do in case of an attack?

You should contact the organization responsible for the IP address that originated the attack, emailing the organization's point of contact to politely request that they identify who is using this IP address and take the necessary measures according to acceptable use policies.

The message should include the IP address that originated the attack and the time that it occurred. This information should be available on your firewall's logs.

Can't LACNIC go after the user of this IP address?

LACNIC does not have the legal means to take action against attackers; neither does LACNIC have the necessary technical means to do so, as this is an ISP's user, not LACNIC's.

LACNIC is simply the entity responsible for registering and assigning the resources (IPv4, IPv6 and ASN), and it is only responsible for providing information about the organization to which a certain resource has been assigned.

I've received a lot of unsolicited emails (spam), and certain security software has identified LACNIC as the sender. Why is that?

Some security programs are configured to query ARIN's database to determine who is responsible for an IP address. That database contains only generic information that states that a particular IP address is under LACNIC's responsibility, but this does not mean that LACNIC is sending the unsolicited emails.

In this case you should contact the organization responsible for the IP address that originated the spam.

Can't LACNIC simply remove my email address from these spam distribution lists?

LACNIC does not send unsolicited emails (spam), nor does it maintain any email distribution lists.

How can I protect myself against unsolicited email?

Some recommendations on how to protect yourself against spam or minimize the problem:

More useful tips can be found at:
"Fight Spam on the Internet!"
"Documentos Produzidos pelo NBSO"

  1. Never reply to spam messages, as this will only confirm that your email address is valid.
  2. Notify those responsible for the IP address where the spam is originating; often they don't know that their computer is being used for this purpose.
  3. Don't publish your email address on websites you don't trust. If an online shopping site requires an email address, you can use a free address that can later discarded.

LACNIC está certificado por SGS:SGS

Top CHK_LACNIC