FAQ: IRT Object

An IRT enables complaints about Internet security issues to be routed to the appropriate person.
Show or Hide answer New Why use an IRT object?

It enables complaints about Internet security issues to be routed to the appropriate person.

Show or Hide answer New Where do I find more information on this object?

More information can be found in the RIPE Database Documentation Library

Show or Hide answer New How do I obtain an IRT object?

Either through the RIPE NCC directly or through a trustbroker.

- A trustbroker is registered with the Database Administration to act as a single point of contact for creation of irt objects. There is currently only one registered trustbroker, the European Trusted Introducer (TI).

- To register through the RIPE NCC directly, read the creation procedure in RIPE IRT object - Technical HOW TO.

Show or Hide answer New How do the tools work?

There is currently just one tool to look specifically for irt objects in the RIPE Database, the RIPE Whois-client. Using the '-c' flag you will get the smallest specific inet(6)num object containing an "mnt-irt:" attribute. A second query is needed to obtain the irt object itself. Use the '-r' flag of the RIPE Whois tool to disable recursion and avoid unwanted information as a result of your query.

 

meijer@kruimel:~$ whois -h whois.ripe.net -c 192.87.108.3
% This is the RIPE Whois server.
% The objects are in RPSL format.
%
% The RIPE Database is subject to Terms and Conditions.
% See http://www.ripe.net/db/support/db-terms-conditions.pdf

inetnum: 192.87.108.0 - 192.87.111.255
netname: SIPLAN
descr: SURFnet bv
descr: Utrecht
country: NL
admin-c: SENS1-RIPE
tech-c: SENS1-RIPE
status: ASSIGNED PA
notify: sens _at_ surfnet _dot_ nl
notify: info _at_ SURFnet _dot_ nl
mnt-by: SN-LIR-MNT
mnt-irt: irt-CERT-NL
changed: Erik-Jan.Bos _at_ surfnet _dot_ nl 19961219
changed: ripe-dbm _at_ ripe _dot_ net 19990706
changed: jan.meijer _at_ surfnet _dot_ nl 20000417
changed: jan.meijer _at_ surfnet _dot_ nl 20010315
changed: Derk.Reinders _at_ SURFnet _dot_ nl 20010326
changed: Rogier.Spoor _at_ SURFnet _dot_ nl 20020607
source: RIPE

role: SURFnet Services and Support
address: Radboudkwartier 273
address: 3511 CK Utrecht
address: The Netherlands
phone: +31 30 2305305
fax-no: +31 30 2305329
e-mail: SenS _at_ surfnet _dot_ nl
admin-c: JS489-RIPE
tech-c: JS489-RIPE
nic-hdl: SENS1-RIPE
notify: info _at_ SURFnet _dot_ nl
notify: SenS _at_ surfnet _dot_ nl
mnt-by: SN-LIR-MNT
mnt-by: SN-LIR-MNT
changed: Jan.Meijer _at_ surfnet _dot_ nl 19980107
changed: Derk.Reinders _at_ SURFnet _dot_ nl 20010326
source: RIPE

meijer@kruimel:~$ whois -h whois.ripe.net -r irt-CERT-NL
% This is the RIPE Whois server.
% The objects are in RPSL format.
%
% Rights restricted by copyright.
% See http://www.ripe.net/ripencc/pub-services/db/copyright.html

irt: irt-CERT-NL
address: p/a SURFnet bv
address: Postbus 19035
address: 3501 DA Utrecht
phone: +31 30 2305305
fax-no: +31 30 2305329
e-mail: cert-nl _at_ surfnet _dot_ nl
signature: PGPKEY-A6D57ECE
encryption: PGPKEY-A6D57ECE
admin-c: SAM36-RIPE
tech-c: SAM36-RIPE
auth: PGPKEY-834125A1
auth: PGPKEY-3D10C493
remarks: CERT-NL is the Computer Emergency Response Team of SURFnet
remarks: This is a level 2 IRT (http://www.ti.terena.nl/teams/level2.html)
irt-nfy: cert-nl _at_ SURFnet _dot_ nl
notify: info _at_ SURFnet _dot_ nl
notify: tiirt _at_ stelvio _dot_ nl
mnt-by: TRUSTED-INTRODUCER-MNT
changed: menno.pieters _at_ stelvio _dot_ nl 20020305
source: RIPE
Show or Hide answer New What webtools query for the IRT object?

A Webtool that can be used to query for irt objects is the CERT-Polska webquery-tool.


Show or Hide answer New How do I handle more than one level of incident handling (SPAM complaints for example)?

There are two ways to implement multi-level incident handling. The first method involves using multiple "e-mail:" attributes and accompanying "remarks:" attributes inside an irt object. The second method is to link to multiple irt objects in your inetnum objects and indicate the purpose of each, again by using "remarks:" attributes.

Show or Hide answer New Are links to different IRT objects possible?

A: Yes. The inetnum specification defines this:

mnt-irt: [optional] [multiple] [inverse key] 
Show or Hide answer New Why can I not link my IRT object to AS objects?

When the irt object was introduced, it was decided to implement it only in the inetnum object. Implementation into the AS object is being considered. This will depend on how widely it is used in inetnum objects.

Show or Hide answer New How do I implement a hierarchy of CSIRTs?

There are two ways: By referencing different irt objects in the inetnum-hierarchy. In the following example the inetnum object UK-V4 references the IRT-UK: The larger inetnum object UNIVIE references the IRT-ACOnet-CERT:

meijer@gebbetje:~$ whois -h whois.ripe.net -r -c  131.130.0.0
% This is the RIPE Whois server.
% The objects are in RPSL format.
%
% Rights restricted by copyright.
% See http://www.ripe.net/ripencc/pub-services/db/copyright.html

inetnum:      131.130.0.0 - 131.130.255.255
netname:      UNIVIE
descr:        LAN University of Vienna
country:      AT
admin-c:      HS118
tech-c:       UVNA1-RIPE
mnt-by:       AS760-MNT
mnt-irt:      IRT-ACOnet-CERT
status:       ASSIGNED PI
changed:      porten _at_ mvs.gmd _dot_ de 19900816
changed:      dfk _at_ cwi _dot_ nl 19900917
changed:      Ewald.Jenisch _at_ cc.univie.ac _dot_ at 19930315
changed:      ripe-dbm _at_ ripe _dot_ net 20000225
changed:      woeber _at_ cc.univie.ac _dot_ at 20010626
changed:      panigl _at_ cc.univie.ac _dot_ at 20010629
source:       RIPE

meijer@gebbetje:~$ whois -h whois.ripe.net -r -c 131.130.7.33
% This is the RIPE Whois server.
% The objects are in RPSL format.
%
% Rights restricted by copyright.
% See http://www.ripe.net/ripencc/pub-services/db/copyright.html

inetnum:      131.130.7.32 - 131.130.7.47
netname:      UK-V4
mnt-irt:      IRT-UK
descr:        LAN Ulrich Kiermayr
country:      AT
admin-c:      UK6107-RIPE
tech-c:       UK3
mnt-by:       AS760-MNT
mnt-by:       UK-MNT
status:       ASSIGNED PA
changed:      ulrich.kiermayr _at_ univie.ac _dot_ at 20020822
source:       RIPE


Another way would be to reference multiple irt objects in the most specific inetnum object, but that does not convey how the hierarchy is made up. This is the only way if there is no IP hierarchy that is usable for this purpose. This might occur with legacy class B/C addresses where one constituent might want to add his own irt object as well as the one of the NREN/LIR and the LIR does not also control the less-specific. Then the only way is for you to use both irt objects.

 

Show or Hide answer New What if I am not a member of the Trusted Introducer but I have a lot of IRT objects to register?

There are four possibilities:

  • Have them all become Trusted Introducer accredited teams.
  • Have all of them go through ripe-dbm _at_ ripe _dot_ net.
  • Approach some other organisation to become an irt object registrar.
  • Set up your own irt object registrar.
Show or Hide answer New How do I mass-link my INETNUM objects to my IRT object?

Normally you do not have to do this. It is sufficient to link the inetnum that is less specific to other inetnums (which would usually be an allocation inetnum) would be enough, because if the query uses a '-c' flag, the smallest specific inet(6)num object with an "mnt-irt:" attribute will be returned.

If you really need to do this, this can be done as follows: If your inetnum objects have a "mnt-by:" attribute, it is straightforward. Retrieve all your inetnum objects by querying for that "mnt-by:" attribute, modify them to include the irt object reference and add a "changed:" attribute line to every object.

Query for all your inetnum objects:

meijer@gebbetje:~$ whois -h whois.ripe.net -Tinetnum -i mnt-by SN-LIR-MNT -r > snlirmnt.txt
The RIPE Database reference manual, section 2.8. The '-r' flag prevents you coming up against these access-controls.

Update your inetnum objects using, for example, a variant on this script:
/^inetnum.*194.171.*/,/^$/{
/^mnt-by.*SN-LIR-MNT/{
         a\
mnt-irt:      irt-CERT-NL
}
/^source:.*RIPE/{
	 i\
changed:      Rogier.Spoor _at_ SURFnet _dot_ nl
}
p
}

# Call this script like this:
# sed -n -f  
# This script searches for inetnums in the range 194.171.0.0/16
# and adds a MNT-IRT and "changed" to them.

Send your updated inetnum objects to the RIPE Database using your usual method(s).

The update itself can be one large e-mail containing all the updated inetnum objects. This e-mail, assumes you are using PGP as your authentication method, can be signed as a whole, it is not necessary to sign all the individual inetnum entries. Although the message size limit is fairly generous, you should try to keep the overall size of the e-mail to less than three megabytes.

Show or Hide answer New How do I let my regular RIPE object-maintainer link INETNUM objects to my IRT object without my involvement?

Include the PGP authentication key of your RIPE object-maintainer in your IRT object. Looking at the irt-CERT-NL object you can see two "auth:" attributes are defined. They contain the authorisation keys used by the SN-LIR-MNT, which is the SURFnet maintainer object responsible for updating SURFnet inetnum objects. There is no security-risk involved: only the maintainer of your IRT object can modify your IRT object. What you do by adding the "auth:" attribute is giving another maintainer the right to link its inetnum objects to your irt object. Please read chapter 5. Authorisation checks of ripe-254, IRT Object in the RIPE Database for a precise definition of the authorisation checks in the IRT object.

irt:          irt-CERT-NL
address: p/a SURFnet bv
address: Postbus 19035
address: 3501 DA Utrecht
phone: +31 30 2305305
fax-no: +31 30 2305329
e-mail: cert-nl _at_ surfnet _dot_ nl
signature: PGPKEY-A6D57ECE
encryption: PGPKEY-A6D57ECE
admin-c: SAM36-RIPE
tech-c: SAM36-RIPE
auth: PGPKEY-834125A1 <--------!first SN-LIR-MNT authorisation key
auth: PGPKEY-3D10C493 <--------!second SN-LIR-MNT authorisation key
remarks: CERT-NL is the Computer Emergency Response Team of SURFnet
remarks: This is a level 2 IRT (http://www.ti.terena.nl/teams/level2.html)
irt-nfy: cert-nl _at_ SURFnet _dot_ nl
notify: info _at_ SURFnet _dot_ nl
notify: tiirt _at_ stelvio _dot_ nl
mnt-by: TRUSTED-INTRODUCER-MNT
changed: menno.pieters _at_ stelvio _dot_ nl 20020305
source: RIPE

mntner: SN-LIR-MNT
descr: SURFnet LIR Maintainer
admin-c: SAM36-RIPE
tech-c: SNS1-RIPE
upd-to: info _at_ surfnet _dot_ nl
auth: PGPKEY-3D10C493 <--------!first SN-LIR-MNT authorisation key
auth: PGPKEY-834125A1 <--------!second SN-LIR-MNT authorisation key
notify: info _at_ surfnet _dot_ nl
mnt-by: AS1103-MNT
referral-by: RIPE-DBM-MNT
changed: Peter.Hinrich _at_ SURFnet _dot_ nl 20000128
changed: Peter.Hinrich _at_ SURFnet _dot_ nl 20000725
changed: Wim.Biemolt _at_ SURFnet _dot_ nl 20020211
source: RIPE

mntner: TRUSTED-INTRODUCER-MNT
descr: Maintainer for Trusted Introducer Accredited CSIRT teams
admin-c: DS660-RIPE
tech-c: MP2890-RIPE
tech-c: GHB1-RIPE
upd-to: tiirt _at_ s-cure _dot_ nl
mnt-nfy: tiirt _at_ s-cure _dot_ nl
auth: PGPKEY-7F74D279
auth: PGPKEY-CD60C417
auth: PGPKEY-7111E05E
notify: ti _at_ s-cure _dot_ nl
mnt-by: TRUSTED-INTRODUCER-MNT
referral-by: RIPE-DBM-MNT
changed: Menno.Pieters _at_ Stelvio _dot_ nl 20020219
changed: Menno.Pieters _at_ Stelvio _dot_ nl 20020305
changed: Menno.Pieters _at_ Stelvio _dot_ nl 20021030
changed: Menno.Pieters _at_ Stelvio _dot_ nl 20030122
changed: Menno.Pieters _at_ Stelvio _dot_ nl 20030720
changed: Menno.Pieters _at_ Stelvio _dot_ nl 20030909
source: RIPE

 

This document was first created by jan.meijer _at_ surfnet _dot_ nl and is used with permission.