Re: ARIN Fraud Reporting Form ... (Resource listings yes, resource routing no)
On Oct 1, 2010, at 8:08 PM, Ronald F. Guilmette wrote: 1) You folks _are_ already (apparently) making some efforts... at least as of this last summer, but perhaps also earlier... to ``validate'' (is that the word you would use?) POC contacts. I know because I've lately seen quite a number of your POC contact records (from the WHOIS data base) that have a very helpful annotation attached to them, saying quite directly and explicitly, that ARIN has been unable to verify or make contact with this POC or that POC. So you are already passing judgement on the validity and/or probable invalidity of things in your data base. Yes, we're attempting to validate contacts per the policy which the community set (ARIN Network Resource Policy Manual, section 3.6 - https://www.arin.net/policy/nrpm.html#three6) And more, you are making your determinations public, via the data base itself. I'm not quite sure how it constitutes such a big leap to merely extend what you are already doing in the way of validating POCs and just impute the exact same level of confidence, or lack thereof, to IP block and/or AS records which are associated with unverifiable/uncontactable POCs... a set which you are already making serious efforts to delineate anyway. We will shortly be providing a list of number resources with no valid POC for those who desire it (per the current bulk Whois policy.) If you can put an annotation into a whois records for a POC, saying explicity that you can't get ahold of this person, then it would seem to me to be a rather trivial matter of programming to transplant a very similar sort of annotation into each and every IP block or AS record that has that same specific POC record as one of its associated POC records, either Admin, or Technical, or whatever. Also a nice idea, and one that I've taken as a formal suggestion for improvement. ... 2) You are already (apparently) processing _some_ certain flavors of ``fraud reports'' that come in to you via that nice fancy web form you folks built and put up on the ARIN web site... you know... the one with the nice (and misleading) introduction that entices people like me to take the time to use it enter reports about incidents that have traditionally been called around these parts ``hijacking''. (Note: That's the word that _you_ used on your web site to say what should be reported via the form. Was I a fool to take you at your word? Let me be clear... I am *not* *not* *not* encouraging you to simply redact/delete that word from your web site. No no! Rather I hope to encourage you/ARIN to actually accept and at least investigate reports of _all_ flavors of what we around here used to call good old fashioned ``hijacking'', regardless of whether the perp was gracious enough to also make your choice clearer by dicking with the relevant WHOIS records or not.) Your understanding of our fraud process is correct, and presently the only form of hijacking which we have the ability to correct is address blocks where the organization have been changed contrary to policy. To address your follow-on question, our determinations are indeed definitive and we correct the WHOIS database accordingly. I think you can see where I'm going with this. You have, I think, tried to demur (is that the right word?) on ARIN's behalf, from _either_ investigating or, subsequently, from issuing any kind of ``determination'' as regards to whether a given block is being routed by the party or parties who ought to be routing it, or by some uninvited interloper. Incorrect. We determine whether an entry for an address block in WHOIS has been changed contrary to community-adopted policy. This means carefully reviewing the information supplied on the associated change requests and various corresponding public records. *None of it related to whether a given party should be routing a given address block* ... So no, please *do not* go around ``revoking resources''... whatever the hell that means. Certainly, if some half-dead, left-for-dead dot-bomb company has a /18, and if your records still say that they have a /18, then they still have a /18. Period. And if then, some hijacker punk criminal comes along and starts routing that /18... well... he's a shmuck, and ought to be dealt with. But the old Dot-Bomb semi-defunct company still does ``own'' (please excuse my use of that terminology, which I'm sure you won't approve) that block. So you shouldn't be ``revoking'' anything. That's not what any of this is about. Semi-defunct firms may hold address blocks, but address blocks assigned to fully defunct organizations are returned to the free pool per community policy. All I want from ARIN, and all I expect from ARIN, in cases like these are (a) at least some willingness and effort expended to investigate and (2) at least *some sort* of (perhaps minimalist) public statement to the effect of ``Look folks, we've looked at
Re: ARIN Fraud Reporting Form ... (Resource listings yes, resource routing no)
John, Let me thank you yet again for devoting your personal time (on a Friday night no less) to responding to me concerns. I may not always agree with you, but I appreciate the effort, and the consideration. In message 4db05053-fcd4-4459-b226-991435e90...@arin.net, John Curran jcur...@arin.net wrote: We will shortly be providing a list of number resources with no valid POC for those who desire it (per the current bulk Whois policy.) But I think you understand that I was suggesting something that's readily accessible, even to the Great Unwashed Masses, within the individual WHOIS records... not exclusive to just your ordained bulk whois clientel. You did get that, right? If you can put an annotation into a whois records for a POC, saying explicity that you can't get ahold of this person, then it would seem to me to be a rather trivial matter of programming to transplant a very similar sort of annotation into each and every IP block or AS record that has that same specific POC record as one of its associated POC records, either Admin, or Technical, or whatever. Also a nice idea, and one that I've taken as a formal suggestion for improvement. Thank you. Your understanding of our fraud process is correct, and presently the only form of hijacking which we have the ability to correct... Well, now, as Ronald Regan used to say ``There you go again!'' I've tried to be clear. I'll try again. Many many many people have told me, off-list, and even before this conver- sation, that you folks can't change the routing table, and that even if you could, most probably would never want you to exercise that authority. So I do fully understand where the weight of public opinion falls along that particular axis. Believe me, I do. But please do try to understand me. I was not asking you to ``correct'' any hijacking incident. You can't. So let's just agree on that, and also agree that that is not what we are even talking about. What I said was ``annotate'' and/or ``announce'' and/or ``make _some_ sort of public statement or comment''. This, I think, would not be straying so substantially outside of your charter than anybody would ever beat you up over it, especially if you folks exercised the kind of caution and careful investigation which I believe you are more than capable of, and if you thence only made public ``This is really fishy looking'' type comments when your internal investigations have shown that yes, indeed, this one really looks, smells, and tastes pretty darn awful. (And frankly, I think this would apply to all four of the cases I have written about here recently.) So have I been unambiguously clear now? I neither want nor expect you to ``correct'' anything. That sort of thing, I would agree, is not your job. But I don't think that fact implies that either you personally, or ARIN as an organization have any kind of formal responsibility to behave as blind deaf mutes with no opinions whatsoever, at any time, about anything. Some people would tell you that its a free country, and that you have a right to an opinion. I guess what I'm saying is that when it comes to ARIN, and allegations of hijacking of number resources that you have been chartered to administer, you have not merely a right, but actually a _responsibility_ to an opinion. And you should formulate it, and state it, publically, when the need arises, which is to say whenever you receive a credible allegation of the misappropriation of number resources that lie within your portfolio. I think you can see where I'm going with this. You have, I think, tried to demur (is that the right word?) on ARIN's behalf, from _either_ investigating or, subsequently, from issuing any kind of ``determination'' as regards to whether a given block is being routed by the party or parties who ought to be routing it, or by some uninvited interloper. Incorrect. We determine whether an entry for an address block in WHOIS has been changed contrary to community-adopted policy. This means carefully reviewing the information supplied on the associated change requests and various corresponding public records. *None of it related to whether a given party should be routing a given address block* Right. You may perhaps not have realized it, but I do believe that you actually just _agreed_ completely with what I said just above. At present, you decline to even look at things that don't involve the fiddling of WHOIS records. Somebody could be murdered in the next room, and you would decline to investigate that too, because the community hasn't explicitly chartered you to do that. I understand your position, and I think I may even understand what motivates it... like maybe years and years of having your own constituency beat you about the head and neck whenever you try to do even the smallest, kindest, and most generous and well-meaning things if they... the herd of cats... haven't explicity approved of you doing it, themselves, in writing,
