Re: ARIN Fraud Reporting Form ... Don't waste your time
Yearly? I say every 30 days. mailing lists do the c-r every 30 days. surely correct arin registration data is more important than a single email address on a mailing list. -Dan On Fri, 1 Oct 2010, Franck Martin wrote: A yearly challenge response for legacy space contacts, could be useful. I think there is a plan like this in some RIRs - Original Message - From: Owen DeLong o...@delong.com To: George Bonser gbon...@seven.com Cc: nanog@nanog.org Sent: Friday, 1 October, 2010 4:03:56 PM Subject: Re: ARIN Fraud Reporting Form ... Don't waste your time On Oct 1, 2010, at 2:27 PM, George Bonser wrote: -Original Message- From: Ricky Beam Sent: Friday, October 01, 2010 1:00 PM To: nanog@nanog.org Subject: Re: ARIN Fraud Reporting Form ... Don't waste your time In the case of legacy space, it's actually very hard for ARIN to even identify the status of the organization in question, let alone take any sort of action with respect to said space. Owen
ARIN Fraud Reporting Form ... Don't waste your time
So ARIN put up on their web site this fancy schmancy web form that allows a person to report fraud relating to ARIN number resources. Here's what the introduction to that page says, exactly as it appears on ARIN's web site: This reporting process is to be used to notify ARIN of suspected Internet number resource abuse including the submission of falsified utilization or organization information, unauthorized changes to data in ARIN's WHOIS, hijacking of number resources in ARIN's database, or fraudulent transfers. Well, that's what it says anyway. And being naive, I actually believed that the folks at ARIN might actually give a rat's ass about all these kinds of fraud that they have enumerated above. Boy was I wrong! I just received the response attached below to one of my earlier reports using that form. And I gotta tell you, its an eye opener. Apparently the fine folks at ARIN, clever bureaucrats that they are, have subtly but substantially redefined the specific kinds of ``fraud'' they care to hear about and/or investigate, so that contrary to the above, mere hijacking of ASes or IP blocks isn't actually something that they want to hear about, much less DO anything about. Nope! Apparently, ARIN's fraud reporting form is only to be used for reporting cases where somebody has fiddled one of ARIN's whois records in a fradulent way. If somebody just waltzes in and starts announcing a bunch of routes to a bunch of hijacked IP space from a hijacked ASN (or two, or three) ARIN doesn't want to hear about it. In those rare cases where the perp is considerate enough to ALSO fiddle the relevant WHOIS records in some fradulent way, THEN (apparently) ARIN will get involved, but only to the extent of re-jiggering the WHOIS record(s). Once that's been done, they will happily leave the perp to announce all of the fradulent routes and hijacked space he wants, in perpetuity. Apparently, they consider the hijacking itself as being totally out of their charter to even look at or investigate. ONLY if a WHOIS record has been fiddled will they give a damn, and then the only one thing they will give a damn about will be the WHOIS record... and the rest of the net can go to hell, because hay! Not our problem man! Now I _know_ full well that by posting this rant here, the usual assortment of knuckle-walker throwbacks who still yearn for the wonderful rule-less frontier every-man-for-himself-and-no-sherrifs fun filled days of the old 20th Century Internet, will pipe up immediately and say `Good! Goddammit we don't want no steekin' ARIN to be ``policing'' anything at all. F**k that! Total anarchy is the best of all possible systems.' You know what? I don't care. Let them come. Let them lumber around and scream and pound their fists and try to tell me that because *I* didn't get onto the Internet until 1983 (or because their router can beat up my router) that they somehow magically outrank me, and that their opinions are God and mine are worthless. That's quite obviously horse shit. How do you have a pecking order anyway in a self-avowed anarchy? Sorry, no. The two are not compatible. I've got as much right to an opinion as you do. And until proved otherwise, mine is as valid as your's. And my opinion is that this sucks. ARIN's attitude sucks. And they are apparently redefining the word ``fraud'' in a way that will insure that they will have to do minimal work, and that they'll never ever have to do anything that might be ``hard'' in the sense of possibly being the lest bit contro- versial, you know, like telling some hijacker ``Stop doing that.'' Yes, I'm sure that there are a lot of people here who will pipe up and say that it's just wonderful that ARIN is useless and that ARIN will do nothing. Their anachronistic anarchist philosophy is not a philosophy. It's merely an abdication of responsibility, and should be seen as such. It is just a lazy man's way of avoiding having to think about how a society should be organized. It is the coward's way of avoiding making rules that some members of the group might find controversial. On the net, hijacking of IP space is just about the deepest kind of violation of the commonly accepted rules of how to behave in this shared space that I can imagine. And now, the people who _issue_ the IP space assignments say that they don't care to _police_ the very assignments that they themselves have made! Well then what's the bleeping point of even having them or their whole bloody allocation system then? I say let's disband the Federal Reserve *and* ARIN, because they are all just a bunch of useless bureaucrats at this point who are serving nobody other than themselves. If we are going to have anarchy, then bring it on! Let's not have this half-assed sort of anarchy that we have now. Let's have the real thing! I'm going out tomorrow and I'm going to buy me the biggest router than I can afford. Then I'm going to get it colocated
Re: ARIN Fraud Reporting Form ... Don't waste your time
Ronald, It's not so much a matter of whether ARIN cares or whether ARIN wants to do something about your issue. It's more a matter of whether ARIN is empowered to do anything at all about your issue. ARIN is a registry. They don't run routers (outside of a small handfull of them that provide certain ARIN infrastructure). They have no control over BGP, the routing table, or anything that would be able to do anything about your particular brand of issue. What they can do something about is, indeed, things that got into the registry data through fraud, deceit, error, omission, or other unintended mechanism. I'm sorry you're not satisfied with that fact. I'm sorry that you are obviously clearly very upset by this experience. However, I think your issue stems from a fundamental misunderstanding of the role ARIN plays in the community vs. that of the ISPs. It's kind of like asking a DMV representative to arrest an auto thief. ARIN does registrations. They aren't the internet police. Owen On Oct 1, 2010, at 2:22 AM, Ronald F. Guilmette wrote: So ARIN put up on their web site this fancy schmancy web form that allows a person to report fraud relating to ARIN number resources. Here's what the introduction to that page says, exactly as it appears on ARIN's web site: This reporting process is to be used to notify ARIN of suspected Internet number resource abuse including the submission of falsified utilization or organization information, unauthorized changes to data in ARIN's WHOIS, hijacking of number resources in ARIN's database, or fraudulent transfers. Well, that's what it says anyway. And being naive, I actually believed that the folks at ARIN might actually give a rat's ass about all these kinds of fraud that they have enumerated above. Boy was I wrong! I just received the response attached below to one of my earlier reports using that form. And I gotta tell you, its an eye opener. Apparently the fine folks at ARIN, clever bureaucrats that they are, have subtly but substantially redefined the specific kinds of ``fraud'' they care to hear about and/or investigate, so that contrary to the above, mere hijacking of ASes or IP blocks isn't actually something that they want to hear about, much less DO anything about. Nope! Apparently, ARIN's fraud reporting form is only to be used for reporting cases where somebody has fiddled one of ARIN's whois records in a fradulent way. If somebody just waltzes in and starts announcing a bunch of routes to a bunch of hijacked IP space from a hijacked ASN (or two, or three) ARIN doesn't want to hear about it. In those rare cases where the perp is considerate enough to ALSO fiddle the relevant WHOIS records in some fradulent way, THEN (apparently) ARIN will get involved, but only to the extent of re-jiggering the WHOIS record(s). Once that's been done, they will happily leave the perp to announce all of the fradulent routes and hijacked space he wants, in perpetuity. Apparently, they consider the hijacking itself as being totally out of their charter to even look at or investigate. ONLY if a WHOIS record has been fiddled will they give a damn, and then the only one thing they will give a damn about will be the WHOIS record... and the rest of the net can go to hell, because hay! Not our problem man! Now I _know_ full well that by posting this rant here, the usual assortment of knuckle-walker throwbacks who still yearn for the wonderful rule-less frontier every-man-for-himself-and-no-sherrifs fun filled days of the old 20th Century Internet, will pipe up immediately and say `Good! Goddammit we don't want no steekin' ARIN to be ``policing'' anything at all. F**k that! Total anarchy is the best of all possible systems.' You know what? I don't care. Let them come. Let them lumber around and scream and pound their fists and try to tell me that because *I* didn't get onto the Internet until 1983 (or because their router can beat up my router) that they somehow magically outrank me, and that their opinions are God and mine are worthless. That's quite obviously horse shit. How do you have a pecking order anyway in a self-avowed anarchy? Sorry, no. The two are not compatible. I've got as much right to an opinion as you do. And until proved otherwise, mine is as valid as your's. And my opinion is that this sucks. ARIN's attitude sucks. And they are apparently redefining the word ``fraud'' in a way that will insure that they will have to do minimal work, and that they'll never ever have to do anything that might be ``hard'' in the sense of possibly being the lest bit contro- versial, you know, like telling some hijacker ``Stop doing that.'' Yes, I'm sure that there are a lot of people here who will pipe up and say that it's just wonderful that ARIN is useless and that ARIN will do nothing. Their anachronistic anarchist philosophy is not a philosophy. It's merely an
Re: ARIN Fraud Reporting Form ... Don't waste your time
In message b3543192-fb22-4cdc-84d0-2944ea237...@delong.com, Owen DeLong o...@delong.com wrote: It's not so much a matter of whether ARIN cares or whether ARIN wants to do something about your issue. It's more a matter of whether ARIN is empowered to do anything at all about your issue. That is complete and utter horse shit, and you're just dodging the real issue by trying to change the subject. It isn't going to work. People, even people here, may be stupid, but I think that most can recognize sleight of hand when they see it. I'm sorry you're not satisfied with that fact. I'm sorry that you are = obviously clearly very upset by this experience. However, I think your issue stems from a fundamental misunderstanding of the role ARIN plays in the community vs. that of the ISPs. No, it doesn't. I think that *your* issue stems from a fundamental inability to read what I wrote. It's kind of like asking a DMV representative to arrest an auto thief. No, it's kind of like asking the DMV whether the car belongs to the thief or to someone else. They keep the records for Christ's sake! They *can* take a position on that rudumentary, simple, and basic question, and they should. And that is all I ask or expect them to do. But they don't even want to do that miniscule amount of work, apparently. They want to be the Keeper of the Records, but then they want to roll over and play dead, or ignorant, or agnostic, whenever somebody has the temerrity to simply ask them what the f**king records they are keeping *mean* about who actually owns what. I already said it, but I'll say it again for the benefit of those with low reading comprehension. Nobody is asking ARIN to go out, with guns drawn, and pull the plug themselves. But they can and should take a position on who owns what. That is a judicial function, not a police function. If you don't understand the distinction, then you are dumber than you think I think you are. Regards, rfg
Re: ARIN Fraud Reporting Form ... Don't waste your time
Come one mate, there's no need to be just outright insulting people. Sure everyone disagrees on some things, but still... Lets play out this scenario then. What would you recommend ARIN actually do? I don't mean 'take a stance' or 'have an opinion', but rather what process should in your mind they be following? There are still other avenues. I mentioned in a previous email about IETF or a working group to come up with ideas and methods to combat spam and abuse. If you put as much time into one of them as you do fighting with the spammers directly and ARIN, then you might actually end up solving the problem at the core! I really don't want to drag this anti-spam stuff out. There's been a huge amount of posting these last few days over this (of which I am a culprit also), but I do think its valuable to hit this nail on the head. In other words, perhaps other people on this list are getting a bit fed up with it, so lets just sort it out and quickly..
Re: ARIN Fraud Reporting Form ... Don't waste your time
I sent an abuse complaint to Mr. Curran and the abuse helpdesk about a month or two ago. Took weeks to get an initial response from the helpdesk and i'm not certain they have actually done anything yet. Jeff On Fri, Oct 1, 2010 at 3:58 PM, Heath Jones hj1...@gmail.com wrote: Come one mate, there's no need to be just outright insulting people. Sure everyone disagrees on some things, but still... Lets play out this scenario then. What would you recommend ARIN actually do? I don't mean 'take a stance' or 'have an opinion', but rather what process should in your mind they be following? There are still other avenues. I mentioned in a previous email about IETF or a working group to come up with ideas and methods to combat spam and abuse. If you put as much time into one of them as you do fighting with the spammers directly and ARIN, then you might actually end up solving the problem at the core! I really don't want to drag this anti-spam stuff out. There's been a huge amount of posting these last few days over this (of which I am a culprit also), but I do think its valuable to hit this nail on the head. In other words, perhaps other people on this list are getting a bit fed up with it, so lets just sort it out and quickly.. -- Jeffrey Lyon, Leadership Team jeffrey.l...@blacklotus.net | http://www.blacklotus.net Black Lotus Communications - AS32421 First and Leading in DDoS Protection Solutions
Re: ARIN Fraud Reporting Form ... Don't waste your time
On Fri, Oct 01, 2010 at 04:10:12AM -0700, Ronald F. Guilmette wrote: No, it's kind of like asking the DMV whether the car belongs to the thief or to someone else. They keep the records for Christ's sake! They *can* take a position on that rudumentary, simple, and basic question, and they should. And that is all I ask or expect them to do. But they don't even want to do that miniscule amount of work, apparently. They want to be the Keeper of the Records, but then they want to roll over and play dead, or ignorant, or agnostic, whenever somebody has the temerrity to simply ask them what the f**king records they are keeping *mean* about who actually owns what. I already said it, but I'll say it again for the benefit of those with low reading comprehension. Nobody is asking ARIN to go out, with guns drawn, and pull the plug themselves. But they can and should take a position on who owns what. That is a judicial function, not a police function. If you don't understand the distinction, then you are dumber than you think I think you are. Regards, rfg R, I have a couple of questions for you... perhaps I am unclear here. are you asserting that [natural/legal] persons OWN address space? Last I checked, ARIN records a binding between a person and a Right to Use agreement that is reflected in the ARIN database. e.g. Bills Bait Sushi has the right to use 168.254.0.0/16 from 01oct1999 - current(*) * registration fees are current. ARIN publishes reports from its database in two basic forms, the WHOIS (et.al.) format and the [ip6/in-addr].arpa DNS format. Are you suggesting that ARIN does _NOT_ publish data or that ARIN doesn't keep the data current, or something else? --bill
Re: ARIN Fraud Reporting Form ... Don't waste your time
As to what ARIN can 'do' about addresses that are unused/abandoned and later hijacked... ARIN delegates Reverse DNS for every allocation that they make. Address blocks that are reported, investigated, and determined to be unused/abandoned could be delegated to special ARIN name servers that merely returned the following for any reverse DNS query: z.y.x.w.in-addr.arpa. 172800 IN PTR do.not.accept.anything.from.this.abandoned.address.space This is something that ARIN *could* easily do technically. Admittedly, this would require reporting and investigation that I am uncertain whether or not ARIN is empowered/funded to do. This would also require a process be put in place for removing allocations from the delegation to the unused/abandoned reverse DNS servers... -DM On 10/1/2010 8:20 AM, Jeffrey Lyon wrote: I sent an abuse complaint to Mr. Curran and the abuse helpdesk about a month or two ago. Took weeks to get an initial response from the helpdesk and i'm not certain they have actually done anything yet. Jeff On Fri, Oct 1, 2010 at 3:58 PM, Heath Joneshj1...@gmail.com wrote: Come one mate, there's no need to be just outright insulting people. Sure everyone disagrees on some things, but still... Lets play out this scenario then. What would you recommend ARIN actually do? I don't mean 'take a stance' or 'have an opinion', but rather what process should in your mind they be following? There are still other avenues. I mentioned in a previous email about IETF or a working group to come up with ideas and methods to combat spam and abuse. If you put as much time into one of them as you do fighting with the spammers directly and ARIN, then you might actually end up solving the problem at the core! I really don't want to drag this anti-spam stuff out. There's been a huge amount of posting these last few days over this (of which I am a culprit also), but I do think its valuable to hit this nail on the head. In other words, perhaps other people on this list are getting a bit fed up with it, so lets just sort it out and quickly..
Re: ARIN Fraud Reporting Form ... Don't waste your time
On Fri, Oct 01, 2010 at 08:47:29AM -0400, David Miller wrote: As to what ARIN can 'do' about addresses that are unused/abandoned and later hijacked... ARIN delegates Reverse DNS for every allocation that they make. Address blocks that are reported, investigated, and determined to be unused/abandoned could be delegated to special ARIN name servers that merely returned the following for any reverse DNS query: z.y.x.w.in-addr.arpa. 172800 IN PTR do.not.accept.anything.from.this.abandoned.address.space This is something that ARIN *could* easily do technically. Admittedly, this would require reporting and investigation that I am uncertain whether or not ARIN is empowered/funded to do. This would also require a process be put in place for removing allocations from the delegation to the unused/abandoned reverse DNS servers... -DM Goodness me - I've seen that trick before. Worked for about 15 minutes before I had legal camped out in the office. Pulled it shortly there after. I -think- what you are really after is the (fairly) new rPKI pilot - where there are crypto-keys tied to each delegated prefix. If the keys are valid, then ARIN (or other RIR) has sanctioned thier use. No or Bad crypto, then the RIR has some concerns about the resource. the downside to this is that the RIR can effectivey cut off someone who would otherwise be in good standing. Sort of removes a level of independence in network operations. Think of what happens when (due to backhoe-fade, for instance) you -can't- get to the RIR CA to validate your prefix crypto? Do you drop the routes? Or would you prefer a more resilient and robust solution? YMMV here, depending on whom you are willing to trust as both a reputation broker -AND- as the prefix police. The idea is that the crypto is harder to forge. DNS forging is almost as easy as prefix borrowing. --bill
Re: ARIN Fraud Reporting Form ... Don't waste your time
On 10/1/2010 9:07 AM, bmann...@vacation.karoshi.com wrote: On Fri, Oct 01, 2010 at 08:47:29AM -0400, David Miller wrote: As to what ARIN can 'do' about addresses that are unused/abandoned and later hijacked... ARIN delegates Reverse DNS for every allocation that they make. Address blocks that are reported, investigated, and determined to be unused/abandoned could be delegated to special ARIN name servers that merely returned the following for any reverse DNS query: z.y.x.w.in-addr.arpa. 172800 IN PTR do.not.accept.anything.from.this.abandoned.address.space This is something that ARIN *could* easily do technically. Admittedly, this would require reporting and investigation that I am uncertain whether or not ARIN is empowered/funded to do. This would also require a process be put in place for removing allocations from the delegation to the unused/abandoned reverse DNS servers... -DM Goodness me - I've seen that trick before. Worked for about 15 minutes before I had legal camped out in the office. Pulled it shortly there after. I -think- what you are really after is the (fairly) new rPKI pilot - where there are crypto-keys tied to each delegated prefix. If the keys are valid, then ARIN (or other RIR) has sanctioned thier use. No or Bad crypto, then the RIR has some concerns about the resource. the downside to this is that the RIR can effectivey cut off someone who would otherwise be in good standing. Sort of removes a level of independence in network operations. Think of what happens when (due to backhoe-fade, for instance) you -can't- get to the RIR CA to validate your prefix crypto? Do you drop the routes? Or would you prefer a more resilient and robust solution? YMMV here, depending on whom you are willing to trust as both a reputation broker -AND- as the prefix police. The idea is that the crypto is harder to forge. DNS forging is almost as easy as prefix borrowing. --bill I am not referring to DNS forging or crypto DNS validation or route announcement validation - which are certainly good topics that are worthy of further discussion. I am merely refuting the statement, which I have heard many times in many different forums, that ARIN (or any RIR) makes address allocations and then walks away with no further active involvement in the use of these allocations. This statement is simply not true. These sorts of statements about an RIR having no ability to affect prior allocations are normally formed like: 1) RIRs have no control over the routing table or anything operationally in the path of evil people using IPs. 2) An RIR just makes allocations and then has nothing to do with IPs on a daily basis. 3) An RIR is powerless to affect anything operationally (other than reclaiming allocations) for allocations that have been made in the past. These are all untrue statements. The RIR's reverse DNS servers are queried all day every day for the reverse DNS delegations for every netblock that they allocate. This means that RIRs are, in at least this way, actively operationally involved in the use of the allocations that they make. This also means that an RIR has the technical vector to affect the active present use of the allocations that they have made in the past. From ARIN's Number Resource Policy Manual [ https://www.arin.net/policy/nrpm.html ]: ... 3.6 Annual Whois POC Validation 3.6.1 Method of Annual Verification During ARINs annual Whois POC validation, an e-mail will be sent to every POC in the Whois database. Each POC will have a maximum of 60 days to respond with an affirmative that their Whois contact information is correct and complete. Unresponsive POC email addresses shall be marked as such in the database. If ARIN staff deems a POC to be completely and permanently abandoned or otherwise illegitimate, the POC record shall be marked invalid. ARIN will maintain, and make readily available to the community, a current list of number resources with no valid POC; this data will be subject to the current bulk Whois policy. ... 7. Reverse Mapping 7.1 Maintaining IN-ADDRs All ISPs receiving one or more distinct /16 CIDR blocks of IP addresses from ARIN will be responsible for maintaining all IN-ADDR.ARPA domain records for their respective customers. For blocks smaller than /16, and for the segment of larger blocks smaller than /16, ARIN can maintain IN-ADDRs. 7.2 Lame Delegations in IN-ADDR.ARPA ARIN will actively identify lame DNS name server(s) for reverse address delegations associated with address blocks allocated, assigned or administered by ARIN. Upon identification of a lame delegation, ARIN shall attempt to contact the POC for that resource and resolve the issue. If, following due diligence, ARIN is unable to resolve the lame delegation, ARIN will
Re: ARIN Fraud Reporting Form ... Don't waste your time
On Fri, Oct 1, 2010 at 9:07 AM, bmann...@vacation.karoshi.com wrote: \ I -think- what you are really after is the (fairly) new rPKI pilot - where there are crypto-keys tied to each delegated prefix. If the keys are valid, then ARIN (or other RIR) has sanctioned thier use. No or Bad crypto, then the RIR has 'or anyone else in the heirarchy of certificates' (nominally: IANA - ARIN - LIR (uunet/701) - bmanning-inc - baitsushi (endsite) ) some concerns about the resource. or someone in the chain forgot to re-gen their cert, do the dance with resigning and such. (there are a few failure modes, but in general sure) the downside to this is that the RIR can effectivey cut off someone who would otherwise be in good standing. Sort of this depends entirely on the model that the network operators choose to use when accepting routes. Presuming they can, on-router, decide with policy what to do if a route origin (later hopefully route-path as well as origin) is seen as invalid/non-validated/uncool/etc, there could be many outcomes (local-pref change, community marking, route-reject...) chosen. removes a level of independence in network operations. Think of what happens when (due to backhoe-fade, for instance) you -can't- get to the RIR CA to validate your prefix crypto? Do you drop the routes? Or would you prefer a more resilient and robust solution? YMMV here, depending on whom you are willing to trust as both a reputation broker -AND- as the prefix police. hopefully the cache's you run are redundant (or the cache service you pay for is redundant enough), as well the cache view is not necessarily consistent (timing issues with updates and such), so some flexibility is required in the end system policy. (end-system here is the router, hopefully it is similar across an asn) I think so far the models proposed in SIDR-wg include: o more than one cert tree (trust anchor) o the provision of the main cert heirarchy NOT necessarily be the one I outlined above (iana-rir-lir-you) o operators have the ability to influence route marking based on certificate validation outcomes o low on-router crypto work o local and supportable systems to do the crypto heavy lifting, kept in sync with what seems like a reasonably well understood methodology o publication of the certification information for objects (asn's, netblocks, subnets) via existing processes (plus some crypto marking of course) The idea is that the crypto is harder to forge. DNS forging is almost as easy as prefix borrowing. and that the crypto/certificates will help us all better automate validation of the routing information... sort of adding certificate checking to rpsl? or, for whatever process you use to generate prefix-lists today for customers, add some openssl certificate validation as well. The end state I hope is NOT just prefix-lists, but certificate checking essentially in realtime with route acceptance in to Adj-RIB-in... I believe Randy Bush has presented some of this fodder at a previous nanog meeting actually? -chris
Verifying route origins and ownership (Was: ARIN Fraud Reporting Form ... Don't waste your time)
On 2010-10-01 17:04, Christopher Morrow wrote: [..] I think so far the models proposed in SIDR-wg include: o more than one cert tree (trust anchor) Why not in a similar vain as RBLs: white and black lists. One can then subscribe to the white black lists that one trust and give positive/negative points when an entry appears on one of those lists, based on the points that a prefix/asnpath combo gets it is either accepted, rejected or operator-warned. And the good one of course is that you can setup your own repository and give that out to your own systems or to other people's, then you just score your system above the other lists and presto you can overrule decisions which would be made otherwise. If you have multiple sources you trust, you are effectively just adding redundancy to your system, all problems solved. Works for spam, should also work for this. Greets, Jeroen
Re: Verifying route origins and ownership (Was: ARIN Fraud Reporting Form ... Don't waste your time)
On Fri, Oct 1, 2010 at 11:12 AM, Jeroen Massar jer...@unfix.org wrote: On 2010-10-01 17:04, Christopher Morrow wrote: [..] I think so far the models proposed in SIDR-wg include: o more than one cert tree (trust anchor) Why not in a similar vain as RBLs: white and black lists. I'm sure someone will think it's a fine plan to set up a TA and sign down ROA's that indicate 'badness' or 'invalid' or something similar. There's nothing stopping that, similarly today you COULD subscribe to a BGP feed of subnets of actually seen routes rewriting the next-hop to dsc0/Null0/honeypot... I don't think this sort of thing is in the SIDR-wg's charter though... much like RBL's are not in DNS-EXT's charter? -chris
Re: ARIN Fraud Reporting Form ... Don't waste your time
On 10/1/2010 5:22 AM, Ronald F. Guilmette wrote: really too much to ask? They could say, to everyone involved, and to the community as a whole, ``This ain't right. *We* maintain the official allocation records. In most cases, *we* made the allocations, and that guy should NOT be announcing routes to that IP space, and he shouldn't be announcing anything at all via that AS number, because these things ain't his.'' So what you're saying is that ARIN should publish data on the rightful users of the number resources in some online database? (maybe they could call it WHOIS) -- Dave
RE: ARIN Fraud Reporting Form ... Don't waste your time
So what you're saying is that ARIN should publish data on the rightful users of the number resources in some online database? (maybe they could call it WHOIS) -- Dave So ARIN is in the process of verifying their contacts database. Organizations with an unreachable contact might be a good place to plant a dig here sign. Maybe when one of us retires, we could engage in a little research project as a community service or something. A first step might be matching ASN resources to unreachable contacts. Then to collect the low hanging fruit, find the ASNs found above that are NOT in the routing table and attempt to match those up with organizations and see if those organizations even still exist. For the ones that obviously no longer exist, create a report of the ASNs and any other number resources associated with that organization and provide that information to the registrar. Then you go through the ones that ARE in the routing table. Any of those organizations that are obviously defunct would be the next higher level of fruit. This would be particularly true if a historical look at routing information shows the AS was in the table at some point, disappeared after the organization went defunct, and then suddenly appeared again in a completely different region of the planet with name resources pointing to a completely different organization than the number resources. Then if a suspicious operator is discovered, it must be reported to their upstream, the registrar with involved with the number resources, and the community. See how this goes? It takes someone working on this that has access to a lot of information and has the time to do it. It also has to be someone that isn't a loose cannon and can dig through it in a methodical fashion and whether or not spam has come from the address space really has no bearing on the process. At least it has no bearing on the process up to that point. All that is being done is to weed the database of defunct resources. So while the DMV doesn't go after car theft, this is more along the lines of stealing a neighbor's license plate from that old car in the back field, making a sticker to put on it, and driving around as if it is a legitimate plate. The DMV records would show who that license plate belongs to and a police officer in a traffic stop would find out in short order that the plate is defunct but the database available to internet operators is so poor that there really is no way to be sure if the data being returned is actionable or not. G
Re: ARIN Fraud Reporting Form ... Don't waste your time
In message 20101001123356.ga10...@vacation.karoshi.com., bmann...@vacation.karoshi.com wrote: On Fri, Oct 01, 2010 at 04:10:12AM -0700, Ronald F. Guilmette wrote: No, it's kind of like asking the DMV whether the car belongs to the thief or to someone else. They keep the records for Christ's sake! They *can* take a position on that rudumentary, simple, and basic question, and they should. And that is all I ask or expect them to do. But they don't even want to do that miniscule amount of work, apparently. They want to be the Keeper of the Records, but then they want to roll over and play dead, or ignorant, or agnostic, whenever somebody has the temerrity to simply ask them what the f**king records they are keeping *mean* about who actually owns what. I already said it, but I'll say it again for the benefit of those with low reading comprehension. Nobody is asking ARIN to go out, with guns drawn, and pull the plug themselves. But they can and should take a position on who owns what. That is a judicial function, not a police function. If you don't understand the distinction, then you are dumber than you think I think you are. ... Are you suggesting that ARIN does _NOT_ publish data or that ARIN doesn't keep the data current, or something else? I already said what I meant, twice, and quite clearly, I think. If you don't get it after two repetitions, then I doubt that me trying to rephrase it yet a third time is going to help your comprehension any. Regards, rfg
Re: ARIN Fraud Reporting Form ... Don't waste your time
On Fri, Oct 1, 2010 at 10:32 AM, David Miller dmil...@tiggee.com wrote: I am merely refuting the statement, which I have heard many times in many different forums, that ARIN (or any RIR) makes address allocations and then walks away with no further active involvement in the use of these allocations. This statement is simply not true. David, What *is* true is that ARIN's further involvement in the use of those allocations is regulated by the policies that you and I wrote and instructed ARIN to follow. Those policies include no actions to be taken when a hijacker announces routes contrary to ARIN's registry information. So long as ARIN's information has not been falsified, forcing or not forcing folks to obey it is left for the ISPs to resolve for themselves. Do you think ARIN should should act as a clearinghouse for action with respect to hijacked BGP announcements? Draft a policy proposal and post it on the PPML. If your colleagues agree with you, that will become one of ARIN's roles. Until then, you criticize ARIN unfairly for doing what you and I have told it to do. Regards, Bill Herrin -- William D. Herrin her...@dirtside.com b...@herrin.us 3005 Crane Dr. .. Web: http://bill.herrin.us/ Falls Church, VA 22042-3004
Re: ARIN Fraud Reporting Form ... Don't waste your time
On Fri, Oct 01, 2010 at 11:07:58AM -0700, Ronald F. Guilmette wrote: In message 20101001123356.ga10...@vacation.karoshi.com., bmann...@vacation.karoshi.com wrote: On Fri, Oct 01, 2010 at 04:10:12AM -0700, Ronald F. Guilmette wrote: No, it's kind of like asking the DMV whether the car belongs to the thief or to someone else. They keep the records for Christ's sake! They *can* take a position on that rudumentary, simple, and basic question, and they should. And that is all I ask or expect them to do. But they don't even want to do that miniscule amount of work, apparently. They want to be the Keeper of the Records, but then they want to roll over and play dead, or ignorant, or agnostic, whenever somebody has the temerrity to simply ask them what the f**king records they are keeping *mean* about who actually owns what. I already said it, but I'll say it again for the benefit of those with low reading comprehension. Nobody is asking ARIN to go out, with guns drawn, and pull the plug themselves. But they can and should take a position on who owns what. That is a judicial function, not a police function. If you don't understand the distinction, then you are dumber than you think I think you are. ... Are you suggesting that ARIN does _NOT_ publish data or that ARIN doesn't keep the data current, or something else? I already said what I meant, twice, and quite clearly, I think. If you don't get it after two repetitions, then I doubt that me trying to rephrase it yet a third time is going to help your comprehension any. Regards, rfg Ok... thanks for the favor of your reply. --bill
Re: ARIN Fraud Reporting Form ... Don't waste your time
On Oct 1, 2010, at 5:22 AM, Ronald F. Guilmette wrote: Nope! Apparently, ARIN's fraud reporting form is only to be used for reporting cases where somebody has fiddled one of ARIN's whois records in a fradulent way. If somebody just waltzes in and starts announcing a bunch of routes to a bunch of hijacked IP space from a hijacked ASN (or two, or three) ARIN doesn't want to hear about it. Ron - You note the following: They could say, to everyone involved, and to the community as a whole, ``This ain't right. *We* maintain the official allocation records. In most cases, *we* made the allocations, and that guy should NOT be announcing routes to that IP space, and he shouldn't be announcing anything at all via that AS number, because these things ain't his.'' At present, ARIN doesn't review the routing of address space to see if an allocation made to party is being announced by another party. From your emails, I'm guess that you'd like ARIN to do so. I've run several several ISPs and a hosting firm, and I'm not quite sure how ARIN can definitively know that any of the AS#'s involved should or should not be routing a given network block. There are some heuristics that will suggest something is fishy about use of a network block, but are you actually suggesting that ARIN would revoke resources as a result of that? In those rare cases where the perp is considerate enough to ALSO fiddle the relevant WHOIS records in some fradulent way, THEN (apparently) ARIN will get involved, but only to the extent of re-jiggering the WHOIS record(s). Once that's been done, they will happily leave the perp to announce all of the fradulent routes and hijacked space he wants, in perpetuity. Correct. We will revoke the address space, but I'm uncertain what else you suggest we do... could you elaborate here? /John John Curran President and CEO ARIN
Re: ARIN Fraud Reporting Form ... Don't waste your time
On Fri, 1 Oct 2010, Ronald F. Guilmette wrote: Are you suggesting that ARIN does _NOT_ publish data or that ARIN doesn't keep the data current, or something else? I already said what I meant, twice, and quite clearly, I think. If you don't get it after two repetitions, then I doubt that me trying to rephrase it yet a third time is going to help your comprehension any. Ok, it's clear that you're pretty upset about your recent dealings with ARIN. I think you've made that abundantly clear. Having said that, responding to people with snarky insults is not going to advance your position or motivate people to try to help you. This is my first and only contribution to this thread. jms
Re: ARIN Fraud Reporting Form ... Don't waste your time
On Fri, 01 Oct 2010 06:45:10 -0400, Owen DeLong o...@delong.com wrote: It's not so much a matter of whether ARIN cares or whether ARIN wants to do something about your issue. It's more a matter of whether ARIN is empowered to do anything at all about your issue. EXACTLY. Ron, what exactly do you expect ARIN to do? Where is the magic wand one would wave to erase routes from the internet? ARIN (in fact NO ONE) has no actual means to block or recend any route announcement. Do you suggest they sue whomever is involved? That won't be very fast, or even an option outside the US. The only reason this sort of shit happens is because of bad network operators who allow it and participate in it. Responsible operators ask for and verify one's rights to address space before accepting it. (AS path and prefix filtering can only go so far.) --Ricky
Re: ARIN Fraud Reporting Form ... Don't waste your time
On 10/1/2010 2:17 PM, William Herrin wrote: On Fri, Oct 1, 2010 at 10:32 AM, David Millerdmil...@tiggee.com wrote: I am merely refuting the statement, which I have heard many times in many different forums, that ARIN (or any RIR) makes address allocations and then walks away with no further active involvement in the use of these allocations. This statement is simply not true. David, What *is* true is that ARIN's further involvement in the use of those allocations is regulated by the policies that you and I wrote and instructed ARIN to follow. Those policies include no actions to be taken when a hijacker announces routes contrary to ARIN's registry information. So long as ARIN's information has not been falsified, forcing or not forcing folks to obey it is left for the ISPs to resolve for themselves. Do you think ARIN should should act as a clearinghouse for action with respect to hijacked BGP announcements? Draft a policy proposal and post it on the PPML. If your colleagues agree with you, that will become one of ARIN's roles. Until then, you criticize ARIN unfairly for doing what you and I have told it to do. Regards, Bill Herrin I apologize if I was unclear. I stated in my first message regarding the possibility that RIRs could delegate abandoned/hijacked space to provide reverse DNS answers - This is something that ARIN *could* easily do technically. Admittedly, this would require reporting and investigation that I am uncertain whether or not ARIN is empowered/funded to do. This would also require a process be put in place for removing allocations from the delegation to the unused/abandoned reverse DNS servers... The word 'could' was chosen by me instead of the word 'should' for a reason. In my second message on this topic I in fact quoted the parts of ARIN's Number Resource Policy Manual regarding POC and reverse DNS delegation validation / removal. I am well aware of ARIN's policies and the process for changing them. To be clear, my point is merely that RIRs do not make address allocations and then walk away with no day to day involvement with these addresses on some technical level. To reiterate: The RIR's reverse DNS servers are queried all day every day for the reverse DNS delegations for every netblock that they allocate. This means that RIRs are, in at least this way, actively operationally involved in the use of the allocations that they make. This also means that an RIR has the technical vector to affect the active present use of the allocations that they have made in the past. This was meant in no way to criticize RIRs (or any RIR in particular) or proscribe actions that I believe RIRs should take. This was meant to correct anyone that incorrectly states that RIRs allocate addresses and then walk away or do nothing but maintain whois records. Reverse DNS delegation is a technical vector that could be used by RIRs to affect the active present use of the allocations that they have made in the past. I understand that reverse DNS would not affect route announcements/hijacks, but it would/could/might affect spam coming from these abandoned address spaces - which was the original topic for this discussion. I agree that little/nothing is proscribed for RIRs at a policy level. The policies and procedures regarding this could be written. I agree that these policies and procedures do not exist now. -DM
RE: ARIN Fraud Reporting Form ... Don't waste your time
-Original Message- From: Ricky Beam Sent: Friday, October 01, 2010 1:00 PM To: nanog@nanog.org Subject: Re: ARIN Fraud Reporting Form ... Don't waste your time On Fri, 01 Oct 2010 06:45:10 -0400, Owen DeLong o...@delong.com wrote: It's not so much a matter of whether ARIN cares or whether ARIN wants to do something about your issue. It's more a matter of whether ARIN is empowered to do anything at all about your issue. EXACTLY. Ron, what exactly do you expect ARIN to do? Where is the magic wand one would wave to erase routes from the internet? ARIN (in fact NO ONE) has no actual means to block or recend any route announcement. Do you suggest they sue whomever is involved? That won't be very fast, or even an option outside the US. The problem as I see it is that ARIN is responsible for issuing number resources but is not responsible for any maintenance of the number space. It seems they have no requirement/method/need to revoke assignments once the assigned entity no longer exists. I am not looking for perfection but there should be some sort of diligence requirement that the most obvious of the low hanging fruit (or fruit that falls right off the tree into their lap) be dealt with in some way. If an entity liquidates, then their resources should be reclaimed. How many entities does ARIN have who have not made a payment for 2 or more consecutive years but still have resources assigned? It is my personal opinion that ARIN (and the other registrars) must have the authority and the mechanism to reclaim community resources when the entity they were issued to disappears. That seems like a fairly easy concept. Note I am not talking about misuse here, just the fact that if a community resource is issued to an entity and that entity no longer exists, those resources should be reclaimed by the community within some reasonable amount of time. G
Re: ARIN Fraud Reporting Form ... Don't waste your time
On Oct 1, 2010, at 5:27 PM, George Bonser gbon...@seven.com wrote: The problem as I see it is that ARIN is responsible for issuing number resources but is not responsible for any maintenance of the number space. It seems they have no requirement/method/need to revoke assignments once the assigned entity no longer exists. I am not looking for perfection but there should be some sort of diligence requirement that the most obvious of the low hanging fruit (or fruit that falls right off the tree into their lap) be dealt with in some way. If an entity liquidates, then their resources should be reclaimed. Resources being used by actual defunct organizations we will reclaim if reported. How many entities does ARIN have who have not made a payment for 2 or more consecutive years but still have resources assigned? It is my personal opinion that ARIN (and the other registrars) must have the authority and the mechanism to reclaim community resources when the entity they were issued to disappears. We already do this type of reclamation. That seems like a fairly easy concept. Note I am not talking about misuse here, just the fact that if a community resource is issued to an entity and that entity no longer exists, those resources should be reclaimed by the community within some reasonable amount of time Agreed, /John John Curran President and CEO ARIN
Re: ARIN Fraud Reporting Form ... Don't waste your time (more re: recovered resources)
On Oct 1, 2010, at 5:43 PM, John Curran wrote: Resources being used by actual defunct organizations we will reclaim if reported. Folks - It occurred to me that I could have been clearer, so here I am replying to myself... When we at ARIN can readily determine that an organization is defunct and has no apparent successor, we will reclaim resources. This generally happens because someone attempts a fraudulent transfer of those resources but can also be a result of other investigations. We give a report of returned, revoked, and reclaimed number resources at each member meeting - last April's report can be found here: https://www.arin.net/participate/meetings/reports/ARIN_XXV/PDF/Wednesday/Nobile_RSD.pdf Obviously, we'll be presenting updated statistics this upcoming week in Atlanta; there's been a bit of a surge of activity in this area. /John John Curran President and CEO ARIN
Re: ARIN Fraud Reporting Form ... Don't waste your time (more re: recovered resources)
Thanks John, On Fri, 1 Oct 2010, John Curran wrote: On Oct 1, 2010, at 5:43 PM, John Curran wrote: Resources being used by actual defunct organizations we will reclaim if reported. Folks - It occurred to me that I could have been clearer, so here I am replying to myself... When we at ARIN can readily determine that an organization is defunct and has no apparent successor, we will reclaim resources. This generally happens because someone attempts a fraudulent transfer of those resources but can also be a result of other investigations. We give a report of returned, revoked, and reclaimed number resources at each member meeting - last April's report can be found here: https://www.arin.net/participate/meetings/reports/ARIN_XXV/PDF/Wednesday/Nobile_RSD.pdf Is the information on Leslie's slide 5 at the above link available broken down by year? It might be informative to see any trends. Thanks again, John Springer Obviously, we'll be presenting updated statistics this upcoming week in Atlanta; there's been a bit of a surge of activity in this area. /John John Curran President and CEO ARIN
Re: ARIN Fraud Reporting Form ... Don't waste your time
On Oct 1, 2010, at 2:27 PM, George Bonser wrote: -Original Message- From: Ricky Beam Sent: Friday, October 01, 2010 1:00 PM To: nanog@nanog.org Subject: Re: ARIN Fraud Reporting Form ... Don't waste your time On Fri, 01 Oct 2010 06:45:10 -0400, Owen DeLong o...@delong.com wrote: It's not so much a matter of whether ARIN cares or whether ARIN wants to do something about your issue. It's more a matter of whether ARIN is empowered to do anything at all about your issue. EXACTLY. Ron, what exactly do you expect ARIN to do? Where is the magic wand one would wave to erase routes from the internet? ARIN (in fact NO ONE) has no actual means to block or recend any route announcement. Do you suggest they sue whomever is involved? That won't be very fast, or even an option outside the US. The problem as I see it is that ARIN is responsible for issuing number resources but is not responsible for any maintenance of the number space. It seems they have no requirement/method/need to revoke assignments once the assigned entity no longer exists. I am not looking They do, indeed, for space that is/was issued by ARIN. That space is subject to annual fees and there is a clear and consistent method for doing so. The bigger problem is with legacy space (most of the space listed in the complaint we are discussing, if not all). In the case of legacy space, it's actually very hard for ARIN to even identify the status of the organization in question, let alone take any sort of action with respect to said space. for perfection but there should be some sort of diligence requirement that the most obvious of the low hanging fruit (or fruit that falls right off the tree into their lap) be dealt with in some way. If an entity liquidates, then their resources should be reclaimed. Again, for space issued by ARIN, yes. For legacy space, this is a much more complicated problem. The good news is that this is limited to IPv4. Since there are no Pre-RIR IPv6 allocations or assignments, it is a non-issue in IPv6. How many entities does ARIN have who have not made a payment for 2 or more consecutive years but still have resources assigned? It is my I suspect not many. (Unless you are including those organizations that do not pay fees because of their legacy status). Owen
Re: ARIN Fraud Reporting Form ... Don't waste your time
A yearly challenge response for legacy space contacts, could be useful. I think there is a plan like this in some RIRs - Original Message - From: Owen DeLong o...@delong.com To: George Bonser gbon...@seven.com Cc: nanog@nanog.org Sent: Friday, 1 October, 2010 4:03:56 PM Subject: Re: ARIN Fraud Reporting Form ... Don't waste your time On Oct 1, 2010, at 2:27 PM, George Bonser wrote: -Original Message- From: Ricky Beam Sent: Friday, October 01, 2010 1:00 PM To: nanog@nanog.org Subject: Re: ARIN Fraud Reporting Form ... Don't waste your time In the case of legacy space, it's actually very hard for ARIN to even identify the status of the organization in question, let alone take any sort of action with respect to said space. Owen
Re: ARIN Fraud Reporting Form ... Don't waste your time
In message 608b18db-6e75-4b5e-ba42-d1f69ece4...@arin.net, John Curran wrote: You note the following: They could say, to everyone involved, and to the community as a whole, ``This ain't right. *We* maintain the official allocation records. In most cases, *we* made the allocations, and that guy should NOT be announcing routes to that IP space, and he shouldn't be announcing anything at all via that AS number, because these things ain't his.'' At present, ARIN doesn't review the routing of address space to see if an allocation made to party is being announced by another party. From your emails, I'm guess that you'd like ARIN to do so. John, First, let me say thanks for your personal response. Second let me also say that I am pleased to know, at least, that my serious efforts to express myself clearly were not lost on everyone. You have grasped my meaning clearly. (But not everyone here has done likewise.) I've run several several ISPs and a hosting firm, and I'm not quite sure how ARIN can definitively know that any of the AS#'s involved should or should not be routing a given network block. Please allow me to attempt to refute what you just said. I think that I can do so, briefly, in (at least) two different ways. 1) You folks _are_ already (apparently) making some efforts... at least as of this last summer, but perhaps also earlier... to ``validate'' (is that the word you would use?) POC contacts. I know because I've lately seen quite a number of your POC contact records (from the WHOIS data base) that have a very helpful annotation attached to them, saying quite directly and explicitly, that ARIN has been unable to verify or make contact with this POC or that POC. So you are already passing judgement on the validity and/or probable invalidity of things in your data base. And more, you are making your determinations public, via the data base itself. I'm not quite sure how it constitutes such a big leap to merely extend what you are already doing in the way of validating POCs and just impute the exact same level of confidence, or lack thereof, to IP block and/or AS records which are associated with unverifiable/uncontactable POCs... a set which you are already making serious efforts to delineate anyway. If you can put an annotation into a whois records for a POC, saying explicity that you can't get ahold of this person, then it would seem to me to be a rather trivial matter of programming to transplant a very similar sort of annotation into each and every IP block or AS record that has that same specific POC record as one of its associated POC records, either Admin, or Technical, or whatever. You could just say, you know, something like ``We have been tring to contact the Technical POC for this since XX-XX-2010, and we've been unable to do so.'' Well, not those words exactly, but I hope you get the general idea. Just take the determinations that you folks are _already_ making, for the POC records, and just impute them to, and include them in, also, to the relevant block and/or AS records. Or alternatively, you could stop using verbage altogether and just switch over to a system based on simple, universally understood icons: http://farm2.static.flickr.com/1082/820306671_6a0520fe17_m.jpg http://farm2.static.flickr.com/1382/1263977902_d0e9a43821_o.jpg Now, you may perhaps be tempted to quibble with my point here, and repeat again what you said above, I.e. that ARIN cannot make ``definitive'' determinations. Please don't yield to any such temptation. Quite frankly, to the best of my knowledge, no living human can reliably make any truly ``definitive'' determinations about anything at all. Only God can do that. (And frankly, I harbor lingering suspicions that even He gets it wrong a fair percentage of the time.) Nobody expects you to have the infallibility of God... or even of the Pope. And nobody is asking you to display such a level of infinite perfection, least of all me. But ya know, even in the abundant absence of certainty in our day-to-day lives, we all still drag ourselves out of bed in the morning and do the best that we can. And that's all that either I or anybody else has any right to ask of you/ARIN or to expect of you/ARIN. Just do the best you can. Are your deteminations that this POC or that POC cannot be contacted, or cannot currently be verified ``definitive''? No, that's probably too stong a word. But you/ARIN have the good sense and the courtesy to publish the information you have gathered regarding the contactability of POCs anyway, and it's appreciated. It helps. Please just do more of it. This is not an all-or-nothing ``We can't say anything definitively so we can't say anything at all, ever'' kind of situation, I think. 2) You are already (apparently) processing _some_ certain flavors of ``fraud reports'' that come in to you via that nice fancy web form you folks built and put up on the ARIN web site... you know... the one with the nice
RE: ARIN Fraud Reporting Form ... Don't waste your time
-Original Message- From: Owen DeLong Sent: Friday, October 01, 2010 4:04 PM To: George Bonser Cc: Ricky Beam; nanog@nanog.org Subject: Re: ARIN Fraud Reporting Form ... Don't waste your time On Oct 1, 2010, at 2:27 PM, George Bonser wrote: They do, indeed, for space that is/was issued by ARIN. That space is subject to annual fees and there is a clear and consistent method for doing so. The bigger problem is with legacy space (most of the space listed in the complaint we are discussing, if not all). In the case of legacy space, it's actually very hard for ARIN to even identify the status of the organization in question, let alone take any sort of action with respect to said space. Maybe this is a teachable moment for me. According to my reading of the Legacy RSA: For purposes of this Legacy Agreement, the term Services may include, without limitation, the inclusion of the legacy IP address space, and/or Autonomous System numbers (ASNs) previously issued to Legacy Applicant in the ARIN WHOIS database, inverse addressing on network blocks, maintenance of resource records, and administration of IP address space related to Included Number Resources issued prior to ARIN's inception on December 22, 1997 in its service area. IP address space and ASNs shall be defined as number resources. ... If Legacy Applicant does not pay the Annual Legacy Maintenance Fee or other fees that may be owed ARIN hereunder, ARIN shall provide written notification to the Legacy Applicant approximately thirty (30) days following the date on which the payment is not made. If Legacy Applicant fails to make payment in response to the notice of delinquency, ARIN shall provide Legacy Applicant with an additional written notice, by certified or registered mail, return receipt requested, (as appropriate in each country), and, when possible, by e-mail and telephone. If the Legacy Applicant has not made payment within 12 months of the due date and/or ARIN is unable to contact the Legacy Applicant during those 12 months, ARIN has the right to: (i) stop providing Services, or (ii) terminate this Legacy Agreement and revoke the Included Number Resources. Or is this some other sort of legacy thing?
RE: ARIN Fraud Reporting Form ... Don't waste your time
They do, indeed, for space that is/was issued by ARIN. That space is subject to annual fees and there is a clear and consistent method for doing so. The bigger problem is with legacy space (most of the space listed in the complaint we are discussing, if not all). In the case of legacy space, it's actually very hard for ARIN to even identify the status of the organization in question, let alone take any sort of action with respect to said space. Ok, I think I have a solution that is workable. A second database ... call it whoisnt ... of number resources and their points of contact that have not signed the legacy RSA and allow the community members to decide individually if they wish to continue to provide unfettered access from those resources. It might also provide maybe even some small amount of community pressure on the holders of those resources to place them under the legacy RSA.
Re: ARIN Fraud Reporting Form ... Don't waste your time
In message 67ef8ee2-8b1e-45f9-892e-9e6b88adb...@arin.net, John Curran jcur...@arin.net wrote: Resources being used by actual defunct organizations we will reclaim if reported. Well, fortunately, Joytel and some of their fellow travelers have just recently gone 'round and identified a whole pantload of these for you: 24.230.0.0/19 NET-24-230-0-0-1 hijacked - empty 68.67.64.0/20 NET-68-67-64-0-1 legit -- GoRack, LLC (Jacksonville, FL) 192.100.5.0/24NET-192-100-5-0-1 hijacked - empty 192.100.88.0/24 NET-192-100-88-0-1hijacked - empty 192.100.134.0/24 NET-192-100-134-0-1 hijacked - empty 192.100.143.0/24 NET-192-100-143-0-1 hijacked - empty 192.101.177.0/24 NET-192-101-177-0-1 hijacked - empty 192.101.187.0/24 NET-192-101-187-0-1 hijacked - empty ... Do you want me to repost the whole list, or have you seen it already? Do I need to do something else to turn this into whatever qualifies at your place as a formal report? (Note: The whole list is too long to fit into the tiny little window you provide for fraud reporting on your web site. Should I print it all out as hardcopy and FedEx it to you in a shoebox?) Regards, rfg
Re: ARIN Fraud Reporting Form ... Don't waste your time
In message 5a6d953473350c4b9995546afe9939ee0a52b...@rwc-ex1.corp.seven.com, George Bonser gbon...@seven.com wrote: So ARIN is in the process of verifying their contacts database. Organizations with an unreachable contact might be a good place to plant a dig here sign. Fyi -- They (ARIN) already _are_ putting up ``dig here'' signs... in the POC records. Unfortunately, it would now appear that the folks doing the digging in those exact spots, are the hijackers, like Joytel. (Unless I'm mistaken, every last one of the blocks that Joytel grabbed had one of those little annotations on the associated POC record(s)). Talk about the Law of Unintended Conseqences! Oh well. It all comes out in the wash. Those POC annotations may perhaps have helped Joytel to identify easy takeover targets, but then they also helped _me_ to find the specific blocks that Joytel had jacked. On balance, I say it is better to have them than to not have them. Even if they might occasionally give those with sinister intent a small leg up. Regards, rfg P.S. I hope that everybody knows that the jerk behind Joytel also, apparently, tried to screw the taxpayers out of about $11+ million of ``stimulus'' money... undoubtedly for yet another useless make-work ``shovel ready'' project. http://jacksonville.bizjournals.com/jacksonville/stories/2009/11/30/story1.html# No word on whether he ever actually got his hoped-for $11.8 million payoff. Knowing how ga-ga the Obama administration is over anything that has the word ``broadband'' in it however, I wouldn't put it past them, and they probably did give this schmuck the cash. (They also really like the words ``young entrepreneur''. Sounds great to the unwashed masses in a press release.) If companies want to move here, they have a great labor force, great quality of life and affordable office space, said Mark Anthony Marques, Joytel president and CEO. What we lack is a good enough connection to the Internet infrastructure. The company expects to know by mid-December whether it will receive funding for the project, which has the support of key players including Mayor John Peyton, U.S. Sen. Bill Nelson and U.S. Reps. Corrine Brown and Ander Crenshaw. About 400 gigabytes of high-speed Internet capacity will be available to providers by mid-2010 if funding is received. That is enough capacity to transfer the entire contents of the Library of Congress within five minutes. ... or alternatively, to spam every person on the planet, twice, in under twenty minutes.