We got a subpeona for one of our IPs, it is in our ARIN allocation, but has never been assigned or live that I can tell. I assume malicious actors have a tool to look at IP space for dormant numbers, if it historically has not been active its better for spoofing? Is this the case or is this an instance of watching too much NCIS?
On a side note, this request was not from FBI or DHS, it was a different .gov entity, They initiated contact, we verified externally they were actually government and who they say they are. Ran it past our Lawyer. The odd thing was, they wanted our Tax ID before they proceeded since we can generate a bill for our time on the issue. This completely red flagged it for me, but apparently this is not uncommon?
