We use Regional Internet Registries (RIR) as one of our main sources of truth when attributing assets to a company. If a company stops using an IP or CIDR block and their Internet Service Provider (ISP) fails to update its registration, the asset will continue to be attributed to the company–even though it is unused; The record becomes stale.
Learn more about stale registry records.
Updating the registry record resolves this incorrect attribution. Once updated, the attribution is end-dated and not attributed to the company’s infrastructure going forward.
Your registration can be updated by contacting either your ISP or registry. If the registrar reports the CIDR block is assigned to your ISP, please contact your ISP. If the ISP is unresponsive, refer to the registrar’s process for updating the registry. You will generally:
- Select the IP block in question in the ISP or registry “My Resources” page.
- Navigate to the “Update information Object” section.
- Edit the information that corresponds to the latest state of ownership of the IP block.
- Save the changes.
Example Scenario:
Company Inc. was subscribed to the Internet and phone services, with Service LLC as their provider. During their subscription period, the office was assigned a /24 of IP addresses (1.0.0.0/24) and an official RIR record was made indicating the company’s ownership of /24. The office was shut down the following year and their internet service was disabled. However, the RIR record was not removed and is considered to be stale.
To correct this, Company Inc. should reach out to Service LLC and ask them to remove the stale record. Once removed, Bitsight will need to be informed and evidence from the ISP needs to be provided through Bitsight Support.
Contacting Your ISP
Contact your ISP and request that they update the registration. We recommend this email template:
To:
<ISP_SUPPORT_EMAIL_ADDRESS>Subject: Request removal of stale CIDR assignment -
<REQUESTOR_ORG>-<ISP_NAME>Message:
We’re reaching out regarding one or more CIDR ranges requiring a registration update. In collaboration with Bitsight, we’ve identified one or more stale registry entries with our organization’s name on it, originally assigned by you.
Below is the information for the range or ranges no longer in use by
<REQUESTOR_ORG>:
- CIDR:
<CIDR_RANGE>- Customer (as listed in WHOIS):
<REGISTRY_FIELD>- Reason:
PROVIDE CONTEXTWe would appreciate your assistance in updating the record, to reflect that the range is no longer allocated to
<REQUESTOR_ORG>. If any additional information is needed, please reply to this message. Please include Bitsight, cc’ed on this email, in any communications as they are facilitating the resolution of this issue.We look forward to hearing from you.
Once the registration is updated with your ISP, reach out to Bitsight Support to have the attribution end-dated.
Contacting the Registry
Your ISP may not respond to your initial request. In this case, contact the registry directly and inform them that your ISP is unresponsive. Refer to Regional Internet Registries (RIR WHOIS) for instructions on working with and contacting the registry for your region.
Frequently Asked Questions
It is going to take me time to work with my ISP and the findings on this IP are hurting our reputation. What can we do?
Reach out to Bitsight Support. Let them know that you are working with your ISP; they may be able to work with your team to limit the IP’s impact while you update its registration.
Why can’t Bitsight just remove the IPs? Why does my company need to update the registration?
Bitsight data mirrors the information available on public registrars, including how assets are attributed to a company. We cannot update the information on our end until the respective registrar does so on their end. It’s part of each organization’s responsibility to keep their networks’ and assets’ registrations updated, so that any IPs/domains they no longer use are not traced back to them should they be involved in any malicious activity.
I’ve contacted the registry, but am still having no success getting the registration updated. What now?
This is a rare situation. First, make sure the Bitsight Support agent helping you is aware. In many cases, they can apply a grace period so you are not impacted while working with the registrar. If you still cannot get a response, send the agent a copy of the emails sent to the registrar and ISP with time stamps. They can then escalate internally for a review to see if there is anything we can do.