In an effort to avoid confusion on the issue of network abuse, ARIN has compiled a list of answers to frequently asked questions. It is hoped that all of your questions pertaining to network abuse and ARIN are answered here. However, if after looking at this page you still have questions, please visit the relevant links to other sites that are included on the right. If you have additional questions about ARIN, please check out the About Us section of our website.
What is ARIN?
The American Registry for Internet Numbers (ARIN) is a nonprofit corporation that serves users of Internet number resources, such as Internet Service Providers, governments, and end-users in its region. ARIN's service region includes Canada, the United States, and several islands in the Caribbean Sea and North Atlantic Ocean.
ARIN is one of five Regional Internet Registries (RIRs) worldwide that provide Internet number resource services to all regions of the globe.
Why is ARIN trying to hack my system?
While it may appear in some Internet tools that ARIN is a source of network abuse directed at you or your networks, this is not the case. Many current software programs designed to detect network abuse are configured to query only one of the five RIR Whois databases for identification purposes. If the software is unable to find an exact match, it may return results indicating ARIN is the source of the abuse. However, this usually means that the software has failed to query the other Whois databases.
If this happens, you may wish to query the ARIN Whois database directly for further information. The web version of Whois is available through the box at the top of every page of ARIN's website.
The ARIN Whois database contains detailed information for IP address ranges registered within ARIN's region. The ARIN Whois database also contains records for IP address ranges associated with other RIRs, including AFRINIC (Africa), APNIC (Asia Pacific Region), LACNIC (Latin America), and RIPE NCC (Europe, Middle East, and parts of Asia), but does not include information on delegations below the RIR level for these ranges.
Another possibility is that the source of the network abuse may be spoofing an IP address. The links on the right have some excellent advice on identifying legitimate IP information.
What can ARIN do to help me locate hackers/spammers?
Generally, the first step is to report fraudulent activity to the abuser's ISP, which will be listed as the organization that was delegated the IP address space. Most ISPs are responsive to concerns about hackers and spammers on their networks. If you are unsuccessful in resolving this situation with the ISP, you may wish to contact local law enforcement in your area.
ARIN maintains the Whois database as a service to the global Internet community. This database may be used by any individual in an attempt to identify the organization that has been delegated use of a specific IP address range. The database does not contain information regarding specific individual users of single addresses. ARIN does not have the authority to investigate or prosecute claims of hacking or mail abuse.
Can ARIN pursue hackers/spammers that invade my system?
ARIN does not have the authority to pursue spammers or hackers.
What is hacking?
Hacking is generally defined as someone attempting to gain improper access to your system or network. Hackers may be looking for passwords, credit card information, or may be trying to do harm to your system.
Where can I find more information about preventing hackers?
You may wish to review the links on the right for more information on how to prevent and detect hackers.
What if I'm unable to find the IP address I'm looking for in the ARIN Whois database?
It is possible that this address range has not been assigned by a Regional Internet Registry yet. Before ruling out this possibility, you may wish to review the Whois databases for the other four regional registries:
What should I do if I do a lookup, but the contact information listed for a resource in ARIN's Whois is out of date or incorrect?
The responsibility for maintaining the contact information belongs to the organization that is associated with the record. In cases where the information you find in Whois is out of date, please contact firstname.lastname@example.org via email, and be sure to include the record you are referring to, and why you believe it is incorrect. ARIN staff will then investigate, and work to get updated information from the responsible organization. If ARIN staff is unable to get updated information, it will mark the results in Whois accordingly.