Skip to main content
Security Performance Management
Continuous Monitoring
Vendor Risk Management
Trust Management Hub
Cyber Insurance
National Cybersecurity

Updating IP Registration

Jessica

inactive IP address, remove inactive IP address, remove false-positive IP address

We use Regional Internet Registries (RIR) as one of our main sources of truth when attributing assets to a company. If a company stops using an IP or CIDR block and their Internet Service Provider (ISP) fails to update its registration, the asset will continue to be attributed to the company–even though it is unused; The record becomes stale.

Learn more about stale registry records.

Updating the registry record resolves this incorrect attribution. Once updated, we'll be able to backtrack the end-date. The attribution is end-dated and the IP will no longer be attributed to the company’s infrastructure going forward.

There’s a 90-day grace period as you work on updating the registration where your rating is not impacted.

Example Scenario:

Company Inc. was subscribed to the Internet and phone services, with Service LLC as their provider. During their subscription period, the office was assigned a /24 of IP addresses (1.0.0.0/24) and an official RIR record was made indicating the company’s ownership of /24. The office was shut down the following year and their internet service was disabled. However, the RIR record was not removed and is considered to be stale.

To correct this, Company Inc. should reach out to Service LLC and ask them to remove the stale record. Once removed, Bitsight will need to be informed and evidence from the ISP needs to be provided through Bitsight Support.

Updating Your Registration

Your registration can be updated by contacting either your ISP or registry. If the registrar reports the CIDR block is assigned to your ISP, please contact your ISP. If the ISP is unresponsive, refer to the registrar’s process for updating the registry. You will generally:

  1. Select the IP block in question in the ISP or registry (My Resources page).
  2. Navigate to the “Update information Object” section.
  3. Edit the information that corresponds to the latest state of ownership of the IP block.
  4. Save the changes.

We'll reach out to verify the registration update.

Contacting Your ISP to Request a Registration Update

Contact your ISP and request that they update the registration. We recommend this email template:

To: <ISP_SUPPORT_EMAIL_ADDRESS>

Subject: Request removal of stale CIDR assignment - <REQUESTOR_ORG> - <ISP_NAME>

Message:

We’re reaching out regarding one or more CIDR ranges requiring a registration update. In collaboration with Bitsight, we’ve identified one or more stale registry entries with our organization’s name on it, originally assigned by you.

Below is the information for the range or ranges no longer in use by <REQUESTOR_ORG>:

  • CIDR: <CIDR_RANGE>
  • Customer (as listed in WHOIS): <REGISTRY_FIELD>
  • Reason: PROVIDE CONTEXT

We would appreciate your assistance in updating the record, to reflect that the range is no longer allocated to <REQUESTOR_ORG>. If any additional information is needed, please reply to this message. Please include Bitsight, cc’ed on this email, in any communications as they are facilitating the resolution of this issue.

We look forward to hearing from you.

Once the registration is updated with your ISP, we will be able to backtrack the end-date.

Directly Contacting the Registry

Your ISP may not respond to your initial request. In this case, contact the registry directly and inform them that your ISP is unresponsive. Refer to Regional Internet Registries (RIR WHOIS) for instructions on working with and contacting the registry for your region.

Frequently Asked Questions

It is going to take me time to work with my ISP and the findings on this IP are hurting our reputation. What can we do?

Reach out to Bitsight Support. Let them know that you are working with your ISP; they may be able to work with your team to limit the IP’s impact while you update its registration.

Why can’t Bitsight just remove the IPs? Why does my company need to update the registration?

Bitsight data mirrors the information available on public registrars, including how assets are attributed to a company. We cannot update the information on our end until the respective registrar does so on their end. It’s part of each organization’s responsibility to keep their networks’ and assets’ registrations updated, so that any IPs/domains they no longer use are not traced back to them should they be involved in any malicious activity.

I’ve contacted the registry, but am still having no success getting the registration updated. What now?

This is a rare situation. First, make sure the Bitsight Support agent helping you is aware. In many cases, they can apply a grace period so you are not impacted while working with the registrar. If you still cannot get a response, send the agent a copy of the emails sent to the registrar and ISP with time stamps. They can then escalate internally for a review to see if there is anything we can do.

  • January 29, 2024: End-date can be backtracked.
  • July 21, 2022: Published.

Related articles

Feedback

0 comments

Please sign in to leave a comment.