Retirement of FTP protocol support at ARIN? (was: [ARIN-consult] Consultation for the Retirement of FTP Protocol Use at ARIN)

[John Curran]

NANOGers -

ARIN has opened a consultation on removing support for FTP as an access method 
(in preference to HTTP/HTTPS) for our data archive –
please see the attached consultation and provide feedback to the arin-consult 
mailing list if you have strong opinions on such a change.

Thanks!
/John

John Curran
President and CEO
American Registry for Internet Numbers


Begin forwarded message:

From: ARIN 
Subject: [ARIN-consult] Consultation for the Retirement of FTP Protocol Use at 
ARIN
Date: September 20, 2024 at 3:16:23 PM EDT
To: 

ARIN is seeking feedback from the community 
(https://arin.net/participate/community/acsp/consultations/2024/2024-5/) on 
retiring FTP protocol support, which serves data from ftp.arin.net. ARIN has 
operated an FTP protocol service for various reports and templates since its 
inception. All the data that is currently provided via FTP is also available 
over HTTP and HTTPS.

ARIN is working to remove redundant and seldom-used services to allow future 
efforts to focus on the improvement of core services, reduce residual technical 
debt, and increase our security posture. Removing the FTP protocol aligns with 
these objectives.

ARIN will not remove the data or change the existing directory structure. 
HTTP/HTTPS transport will continue to reference the data as it does today.

ARIN intends to remove FTP protocol support on or after 31 March 2025. We are 
interested in knowing:

- If there are ARIN customers who have a reliance on FTP that cannot be 
satisfied by obtaining data from ARIN via HTTP/HTTPS?
- Does setting the date for 31 March 2025 provide sufficient time for customers 
who use FTP to move to HTTP/HTTPS?

Please provide comments to arin-cons...@arin.net. You can subscribe to this 
mailing list at https://lists.arin.net/mailman/listinfo/arin-consult.

This consultation will remain open until 5:00 PM ET on 4 October. ARIN seeks 
clear direction through community input, so your feedback is important. This 
information will help with our planning and decision making.

Thank you for your continued support to improve ARIN’s services.

Regards,

John Curran
President and CEO
American Registry for Internet Numbers (ARIN)

___
ARIN-Consult

Important ARIN Operational Change re Automatic IRR object creation (was: [arin-announce] Reminder - Automatic Creation of Managed IRR Route Objects upon RPKI ROA Generation Coming Soon)

[John Curran]

NANOGers -

As announced in the recently closed consultation, ARIN Online will support 
automatic route object creation upon ROA generation starting on 4 November 2024 
- more details available in the attached announcement.

FYI,
/John

John Curran
President and CEO
American Registry for Internet Numbers

Begin forwarded message:

From: ARIN 
Subject: [arin-announce] Reminder - Automatic Creation of Managed IRR Route 
Objects upon RPKI ROA Generation Coming Soon
Date: September 4, 2024 at 11:52:16 AM EDT
To: 

In the software release scheduled for 4 November, ARIN will implement new 
features in ARIN Online that will provide tighter integration of ARIN’s 
Resource Public Key Infrastructure (RPKI) and Internet Routing Registry (IRR) 
routing security services. These improvements are informed by the community 
consultation that closed on 20 September 2023.

Based on feedback received from our community during the consultation, ARIN 
plans to deploy the following features in ARIN Online and in our Application 
Programming Interface (API) for Hosted RPKI:

1. When a Route Origin Authorization (ROA) is generated, an auto-managed IRR 
route object will be created based on the contents of the ROA. This feature 
will be on by default but can be disabled by user action at the Org level. 
Additionally, a user can opt out of creating an auto-managed IRR route object 
upon each instance of ROA generation. All auto-managed IRR Route Objects will 
be identified as such in a remark field.

2. Auto-managed route objects resulting from ROA generation will use the prefix 
entry only and not take the maxLength value into consideration (using the least 
specific match). At ROA generation, the user will have the option to replace 
any existing, matching, and unmanaged route objects with an auto-managed route 
object. Users may manually create longer match IRR objects, but these manually 
created objects will not be auto managed.

3. Deleting a ROA will remove associated auto-managed IRR route objects. A user 
can opt out of removing auto-managed IRR route objects upon each instance of 
ROA deletion. If a user chooses to not delete an auto-managed IRR route object, 
the remarks field will be updated to reflect that the IRR route object is no 
longer auto-managed. Users maintain the ability to create, modify, or delete 
all IRR route objects through the Manage IRR page in ARIN Online.

4. ARIN Online users will have the option to selectively create auto-managed 
IRR route objects based on the Org’s existing ROAs in ARIN’s RPKI repository.

The Reg-RWS API will be updated to reflect the capabilities as described in 
items one through three above. If you have questions about these upcoming 
features, please contact us by emailing routing.secur...@arin.net.

Regards,

Brad Gorman
Senior Product Owner, Routing Security
American Registry for Internet Numbers (ARIN)
___
ARIN-Announce

TIMELY - Are you an ARIN General Member? (was: [arin-announce] Deadline Approaching — Make Sure Your Organization Is Eligible to Vote in ARIN’s Upcoming Elections!)

[John Curran]

NANOGers -

As a reminder, all organizations with a registration services agreement for 
Internet number resources, including IPv4 address space, IPv6 address space 
and/or Autonomous System Numbers (ASNs) are "ARIN Service Members."

If your organization is an ARIN Service Member, you can apply to become an ARIN 
General Member within ARIN Online. As part of the General Member request, you 
will be asked to confirm your organization’s intent to vote in ARIN Elections 
and acknowledge that your organization will be publicly listed on the General 
Member list.

There is no cost involved, but make sure to become an ARIN general member and 
designate a voting contact before 9 September 2024 if you wish to participate 
in this year’s ARIN elections.  Additional details are available in the links 
below.

Thanks!
/John

John Curran
President and CEO
American Registry for Internet Numbers

Begin forwarded message:

From: ARIN 
Subject: [arin-announce] Deadline Approaching — Make Sure Your Organization Is 
Eligible to Vote in ARIN’s Upcoming Elections!
Date: August 28, 2024 at 11:16:10 AM EDT
To: "arin-annou...@arin.net" 

To participate in this year’s ARIN Elections, organizations must be classified 
as a General Member in Good Standing as of 5:00 PM ET on Monday, 9 September 
2024.

General Members are in good standing if the organization is current on all 
annual fees and has a valid Voting Contact on record.

If you are currently associated with an ARIN General Member, please ensure your 
organization has no overdue invoices on file and that you have designated a 
Voting Contact in your account before 5:00 PM ET on 9 September.

If you are not sure of your organization’s membership status, you may check 
this in your ARIN Online account. If your organization is eligible to request 
General Membership, you can access the General Member request form through the 
"Actions" drop down menu.

Don’t forget: General Members may also participate on ARIN’s General Members 
Mailing List. Subscription to the list is limited to General Members, Trustees, 
and key ARIN staff, and it is intended for discussion of topics related to the 
governance of ARIN and ARIN Elections. All candidates for the Board of 
Trustees, Advisory Council, and Number Resource Organization Number Council 
will be subscribed to the General Members Mailing List to answer direct 
questions from the voting community.

Voting in ARIN Elections helps steer the future of Internet number resource 
policy and Internet governance. We look forward to your organization being able 
to participate this October.

Regards,

American Registry for Internet Numbers (ARIN)

--
Important! Eligible organizations may update their Voting Contact after 9 
September, but all changes must be finalized by 3:00 PM ET on 17 October for 
that Voting Contact to participate in the 2024 ARIN Elections.

To learn more about how to designate, modify, or view your current Voting 
Contact, please visit: 
https://www.arin.net/participate/oversight/membership/voting/

For more information on ARIN’s elections, including a calendar of important 
dates, visit https://www.arin.net/elections.

To learn more about membership at ARIN, visit https://www.arin.net/membership.


___
ARIN-Announce

Deprecation of outdated crypto support (was: Fwd: [arin-announce] Changes Coming to Cryptographic Features Across ARIN Services)

[John Curran]

NANOGers -

Note the planned depreciation of outdated cryptographic support for ARIN 
services in February 2025, as per the attached announcement.

While this may seem to be quite some time away, please take a moment to note 
the upcoming change with your IT/devops folks just in case.

Thanks!
/John

John Curran
President and CEO
American Registry for Internet Numbers

Begin forwarded message:

From: ARIN 
Subject: [arin-announce] Changes Coming to Cryptographic Features Across ARIN 
Services
Date: August 1, 2024 at 2:37:57 PM AST
To: "arin-annou...@arin.net" 

As of 3 February 2025, ARIN Will Only Support TLS 1.2 and TLS 1.3 Cryptographic 
Features Across All ARIN Services.

Historically, ARIN has allowed the use of a wide range of Secure Socket Layer 
(SSL) and Transport Layer Security (TLS) algorithms to enable secure, encrypted 
communication between our customers and services. Currently, ARIN supports TLS 
1.2 and TLS 1.3 as well as a subset of the stronger algorithms within TLS 1.0, 
TLS 1.1, and SSLv3 specifications for publicly available services such as 
ARIN.net<http://arin.net/> mail, Whois Restful Web Service (Whois-RWS), 
Registry Data Access Protocol (RDAP), ftp://ftp.arin.net<ftp://ftp.arin.net/>, 
and Resource Public Key Infrastructure Repository Data Protocol (RRDP). The 
remainder of ARIN services, including the ARIN website and Registration RESTful 
Web Service (Reg-RWS), only support TLS 1.2 and TLS 1.3.

ARIN will deprecate the outdated versions of SSL and TLS on 3 February 2025 and 
begin only using TLS 1.2 and TLS 1.3 protocols across all our services. We are 
providing six months’ notice of this change to allow customers to ensure that 
all applicable software supports TLS 1.2 and TLS 1.3 protocols to avoid losing 
connectivity to ARIN services. 

In the future, ARIN may more regularly update cipher suite and algorithm 
support within our published supported protocols to align with requirements 
from internal and external audits, security certifications, and community 
feedback.

Regards,

American Registry for Internet Numbers (ARIN)

___
ARIN-Announce

Apply Today for the ARIN 54 Fellowship Program

[John Sweeting]

Hello NANOG,

Please see the announcement below reference ARIN’s Fellowship Program.

Thanks,
John S.



From: ARIN-announce  on behalf of ARIN 

Sent: Thursday, June 27, 2024 10:43 AM
To: arin-annou...@arin.net 
Subject: [arin-announce] Apply Today for the ARIN 54 Fellowship Program

Learn more about Internet governance, number resource policy, and the ARIN 
community by becoming an ARIN Fellow. Applications for the ARIN 54 Fellowship 
Program are now open, and we encourage you to apply for this specialized, 
interactive learning opportunity.

APPLY TODAY: https://arin.net/beafellow

Applications are now being accepted through 24 July 2024. 

Fellows will attend virtual sessions before and after the ARIN 54 Public Policy 
and Members Meeting, held 24-25 October 2024 in Toronto, Ontario, Canada, and 
may attend ARIN 54 either in person or virtually at the discretion of the 
Fellowship Selection Committee. Fellows may also choose to participate in NANOG 
92, held 21-23 October in Toronto.

With the personal support of ARIN community member Mentors, Fellows will have 
the opportunity to ask questions, get feedback, and gain the knowledge and 
confidence to join in community discussions, propose new ideas, and become part 
of the future of Internet governance and policy in the ARIN region. 

Individuals who are 18 years of age or older and reside in the ARIN region are 
eligible to apply if they have a demonstrated interest in the ARIN community 
and its Policy Development Process (PDP) for the management of Internet number 
resources.  

Applicants should understand the importance of ARIN’s mission and be familiar 
with ARIN services, including the Internet number resources it manages, and the 
process reflected in the Number Resource Policy Manual (NRPM).  

To learn more about ARIN’s Fellowship Program, the selection process, and the 
Terms and Conditions, please visit: https://www.arin.net/fellowship.

Applicants can email fellowsh...@arin.net for more information or to request a 
customizable letter to their employer that highlights the benefits of taking 
part in ARIN’s Fellowship Program. 

ARIN looks forward to receiving your application soon! 

Regards, 

Amanda Gauldin
Project Manager
American Registry for Internet Numbers (ARIN)


___

Re: IRR mirrors de-sync from ARIN or irrd4 bug or ARIN streaming is broken?

[Innocent Obi]

>From the CAIDA study on this
<https://www.caida.org/catalog/papers/2022_irr_hygiene_rpki_era/irr_hygiene_rpki_era.pdf>:
"In October 2021, we found matching Route Origin Authorization objects
(ROAs) for around 20% of RADB IRR records, and a consistency of 38% and 60%
in v4 and v6." Do think much has improved here.

On Wed, Jul 10, 2024 at 10:52 PM Job Snijders via NANOG 
wrote:

> On Wed, Jul 10, 2024 at 07:10:48PM -0400, Aliaksei Sheshka wrote:
> > nothing!  I suspect the mirror is out of sync.
> >
> > Now NTT mirror:
>
> Seems reloading helped:
>
> $ date
> Thu Jul 11 03:50:22 UTC 2024
>
> $ whois -h rr.ntt.net 199.52.73.0/24
> route:  199.52.73.0/24
> origin:     AS132055
> descr:  EY India
> admin-c:    IAM12-ARIN
> tech-c: DNSAD85-ARIN
> tech-c: IAM12-ARIN
> mnt-by: MNT-EYL-Z
> created:    2022-10-19T08:37:50Z
> last-modified:  2023-11-27T15:10:44Z
> source: ARIN
> rpki-ov-state:  valid
>
>
> route:  199.52.73.0/24
> descr:  RPKI ROA for 199.52.73.0/24 / AS132055
> remarks:This AS132055 route object represents routing data
> retrieved
> from the RPKI. This route object is the result of an
> automated
> RPKI-to-IRR conversion process performed by IRRd.
> max-length: 24
> origin: AS132055
> source: RPKI  # Trust Anchor: arin
>
>

Re: IRR mirrors de-sync from ARIN or irrd4 bug or ARIN streaming is broken?

[Job Snijders via NANOG]

On Wed, Jul 10, 2024 at 07:10:48PM -0400, Aliaksei Sheshka wrote:
> nothing!  I suspect the mirror is out of sync.
> 
> Now NTT mirror:

Seems reloading helped:

$ date
Thu Jul 11 03:50:22 UTC 2024

$ whois -h rr.ntt.net 199.52.73.0/24
route:  199.52.73.0/24
origin: AS132055
descr:  EY India
admin-c:    IAM12-ARIN
tech-c: DNSAD85-ARIN
tech-c:     IAM12-ARIN
mnt-by: MNT-EYL-Z
created:2022-10-19T08:37:50Z
last-modified:  2023-11-27T15:10:44Z
source: ARIN
rpki-ov-state:  valid


route:  199.52.73.0/24
descr:  RPKI ROA for 199.52.73.0/24 / AS132055
remarks:This AS132055 route object represents routing data retrieved
from the RPKI. This route object is the result of an automated
RPKI-to-IRR conversion process performed by IRRd.
max-length: 24
origin: AS132055
source: RPKI  # Trust Anchor: arin

Re: IRR mirrors de-sync from ARIN or irrd4 bug or ARIN streaming is broken?

[Job Snijders via NANOG]

On Wed, Jul 10, 2024 at 09:37:22PM -0400, Aliaksei Sheshka wrote:
> On Wed, Jul 10, 2024 at 9:26 PM Job Snijders via NANOG 
> wrote:
> 
> > Indeed, it appears both NTT’s and RADB’s mirror instances are
> > desynchronized in relationship to ARIN’s IRR. Both NTT and RADB
> > should do a database reload to rectify the issue.
> >
> > Desynchronisation can happen at either server side or client side,
> > so the root cause isn’t apparent to me.
> 
> Now I'm concerned about how frequent such silent corruptions are.
> Also, hard (impossible?) to tell when that happened.

Work is underway to at least get rid of NRTM v3
https://www.ietf.org/archive/id/draft-ietf-grow-nrtm-v4-04.html

> IRR `route` and friend should be retired, the sooner the better.

I am with you on that one, eventually, because 'just turning it off'
doesn't seem a great solution to me.

Not everyone who has access to IRR services has access to RPKI services.
Not everyone agrees with ARIN's Relying Party Agreement. RPKI doesn't do
all the things that IRR does (but I am not in favor of blindly porting
all features & misfeatures from IRR to RPKI!). There is a fair bit of
study to be done in this space.

Kind regards,

Job

Re: IRR mirrors de-sync from ARIN or irrd4 bug or ARIN streaming is broken?

[Aliaksei Sheshka]

On Wed, Jul 10, 2024 at 9:26 PM Job Snijders via NANOG 
wrote:

>
>
> Aliaksei,
>
> Indeed, it appears both NTT’s and RADB’s mirror instances are
> desynchronized in relationship to ARIN’s IRR. Both NTT and RADB should do a
> database reload to rectify the issue.
>
> Desynchronisation can happen at either server side or client side, so the
> root cause isn’t apparent to me.
>

Now I'm concerned about how frequent such silent corruptions are.
Also, hard (impossible?) to tell when that happened.
IRR `route` and friend should be retired, the sooner the better.

Re: IRR mirrors de-sync from ARIN or irrd4 bug or ARIN streaming is broken?

[Job Snijders via NANOG]

Rubens,

ARIN-NONAUTH was deprecated two years ago:
https://www.arin.net/vault/announcements/20220404-irr/

Aliaksei,

Indeed, it appears both NTT’s and RADB’s mirror instances are
desynchronized in relationship to ARIN’s IRR. Both NTT and RADB should do a
database reload to rectify the issue.

Desynchronisation can happen at either server side or client side, so the
root cause isn’t apparent to me.

Kind regards,

Job

On Thu, 11 Jul 2024 at 10:15, Rubens Kuhl  wrote:

> If you look at TC, you will see that this object is part of ARIN-NONAUTH:
>
> https://bgp.net.br/whois.html?q=199.52.73.0%2F24
>
> route:  199.52.72.0/22
> descr:  Ernst & Young, Gurgaon Cyberpark, India
> origin: AS132055
> mnt-by: MNT-EYL
> changed:zanub-h.kalathin...@sg.ey.com 20210614
> source: ARIN-NONAUTH
> remarks:
> remarks:* THIS OBJECT CONTAINS PLACEHOLDER DATA
> remarks:* Please note that all data that is generally regarded
> as personal
> remarks:* data has been removed from this object.
> remarks:* To view the original object, please query the ARIN
> Database at:
> remarks:* http://www.arin.net/whois
> remarks:
> rpki-ov-state:  not_found # No ROAs found, or RPKI validation not
> enabled for source
>
> It's also mapped to an existing RPKI entry:
>
> route:  199.52.73.0/24
> descr:  RPKI ROA for 199.52.73.0/24 / AS132055
> remarks:This AS132055 route object represents routing data
> retrieved
> from the RPKI. This route object is the result of an
> automated
> RPKI-to-IRR conversion process performed by IRRd.
> max-length: 24
> origin: AS132055
> source: RPKI  # Trust Anchor: arin
>
> Perhaps RADB is preferring not to mirror non-authoritative databases ?
>
>
> Rubens
>
> On Wed, Jul 10, 2024 at 10:05 PM Aliaksei Sheshka 
> wrote:
> >
> > Hi folks!
> >
> > I noticed something unusual today, and perhaps some of you know the
> answer.
> >
> > Consider ARIN rr:
> >
> > $ whois -h rr.arin.net 199.52.73.0/24
> > route:  199.52.73.0/24
> > origin: AS132055
> > descr:  EY India
> > admin-c:    IAM12-ARIN
> > tech-c: DNSAD85-ARIN
> > tech-c: IAM12-ARIN
> > mnt-by: MNT-EYL-Z
> > created:2022-10-19T08:37:50Z
> > last-modified:  2023-11-27T15:10:44Z
> > source: ARIN
> >
> > everything looks fine.
> >
> > Now RADB mirror:
> >
> > $ whois -h whois.radb.net 199.52.73.0/24
> > %  No entries found for the selected source(s).
> >
> > nothing!  I suspect the mirror is out of sync.
> >
> > Now NTT mirror:
> >
> > $ whois -h rr1.ntt.net 199.52.73.0/24
> > route:  199.52.73.0/24
> > descr:  RPKI ROA for 199.52.73.0/24 / AS132055
> > remarks:This AS132055 route object represents routing data
> retrieved
> > from the RPKI. This route object is the result of an
> automated
> > RPKI-to-IRR conversion process performed by IRRd.
> > max-length: 24
> > origin: AS132055
> > source: RPKI  # Trust Anchor: arin
> >
> > As you can see it returns only RPKI data, and not ARIN. So ARIN data is
> not in sync there as well?
> >
> > However for 199.52.53.0/24 it returns both
> >
> > $ whois -h rr1.ntt.net 199.52.53.0/24
> > route:  199.52.53.0/24
> > origin: AS132055
> > descr:  EY India
> > admin-c:IAM12-ARIN
> > tech-c: DNSAD85-ARIN
> > tech-c: IAM12-ARIN
> > mnt-by: MNT-EYL-Z
> > created:2022-07-11T07:05:30Z
> > last-modified:  2023-11-27T15:10:44Z
> > source: ARIN
> > rpki-ov-state:  valid
> >
> > route:  199.52.53.0/24
> > descr:      RPKI ROA for 199.52.53.0/24 / AS132055
> > remarks:This AS132055 route object represents routing data
> retrieved
> > from the RPKI. This route object is the result of an
> automated
> > RPKI-to-IRR conversion process performed by IRRd.
> > max-length: 24
> > origin: AS132055
> > source: RPKI  # Trust Anchor: arin
> >
> > My question is how and what happened? I suspect whois stream was
> incostent.
> > Because if one check todays ARIN DB it surely has the data
> >
> > $ wget ftp://ftp.arin.net/pub/rr/arin.db.gz -O - 2>/dev/null | gzip -d
> | grep -A10 199.52.73.0/24
> > route:  199.52.73.0/24
> > origin: AS132055
> > descr:  EY India
> > admin-c:IAM12-ARIN
> > tech-c: DNSAD85-ARIN
> > tech-c: IAM12-ARIN
> > mnt-by: MNT-EYL-Z
> > created:2022-10-19T08:37:50Z
> > last-modified:  2023-11-27T15:10:44Z
> > source: ARIN
> >
> > Thanks!
> >
>

Re: IRR mirrors de-sync from ARIN or irrd4 bug or ARIN streaming is broken?

[Rubens Kuhl]

If you look at TC, you will see that this object is part of ARIN-NONAUTH:

https://bgp.net.br/whois.html?q=199.52.73.0%2F24

route:  199.52.72.0/22
descr:  Ernst & Young, Gurgaon Cyberpark, India
origin: AS132055
mnt-by: MNT-EYL
changed:zanub-h.kalathin...@sg.ey.com 20210614
source: ARIN-NONAUTH
remarks:
remarks:* THIS OBJECT CONTAINS PLACEHOLDER DATA
remarks:* Please note that all data that is generally regarded
as personal
remarks:* data has been removed from this object.
remarks:* To view the original object, please query the ARIN
Database at:
remarks:* http://www.arin.net/whois
remarks:
rpki-ov-state:  not_found # No ROAs found, or RPKI validation not
enabled for source

It's also mapped to an existing RPKI entry:

route:  199.52.73.0/24
descr:  RPKI ROA for 199.52.73.0/24 / AS132055
remarks:This AS132055 route object represents routing data retrieved
from the RPKI. This route object is the result of an automated
RPKI-to-IRR conversion process performed by IRRd.
max-length: 24
origin: AS132055
source: RPKI  # Trust Anchor: arin

Perhaps RADB is preferring not to mirror non-authoritative databases ?


Rubens

On Wed, Jul 10, 2024 at 10:05 PM Aliaksei Sheshka  wrote:
>
> Hi folks!
>
> I noticed something unusual today, and perhaps some of you know the answer.
>
> Consider ARIN rr:
>
> $ whois -h rr.arin.net 199.52.73.0/24
> route:  199.52.73.0/24
> origin: AS132055
> descr:  EY India
> admin-c:IAM12-ARIN
> tech-c:     DNSAD85-ARIN
> tech-c: IAM12-ARIN
> mnt-by: MNT-EYL-Z
> created:2022-10-19T08:37:50Z
> last-modified:  2023-11-27T15:10:44Z
> source: ARIN
>
> everything looks fine.
>
> Now RADB mirror:
>
> $ whois -h whois.radb.net 199.52.73.0/24
> %  No entries found for the selected source(s).
>
> nothing!  I suspect the mirror is out of sync.
>
> Now NTT mirror:
>
> $ whois -h rr1.ntt.net 199.52.73.0/24
> route:  199.52.73.0/24
> descr:  RPKI ROA for 199.52.73.0/24 / AS132055
> remarks:This AS132055 route object represents routing data retrieved
> from the RPKI. This route object is the result of an automated
> RPKI-to-IRR conversion process performed by IRRd.
> max-length: 24
> origin:     AS132055
> source: RPKI  # Trust Anchor: arin
>
> As you can see it returns only RPKI data, and not ARIN. So ARIN data is not 
> in sync there as well?
>
> However for 199.52.53.0/24 it returns both
>
> $ whois -h rr1.ntt.net 199.52.53.0/24
> route:  199.52.53.0/24
> origin: AS132055
> descr:  EY India
> admin-c:IAM12-ARIN
> tech-c: DNSAD85-ARIN
> tech-c: IAM12-ARIN
> mnt-by: MNT-EYL-Z
> created:2022-07-11T07:05:30Z
> last-modified:  2023-11-27T15:10:44Z
> source: ARIN
> rpki-ov-state:  valid
>
> route:  199.52.53.0/24
> descr:  RPKI ROA for 199.52.53.0/24 / AS132055
> remarks:This AS132055 route object represents routing data retrieved
> from the RPKI. This route object is the result of an automated
> RPKI-to-IRR conversion process performed by IRRd.
> max-length: 24
> origin: AS132055
> source: RPKI  # Trust Anchor: arin
>
> My question is how and what happened? I suspect whois stream was incostent.
> Because if one check todays ARIN DB it surely has the data
>
> $ wget ftp://ftp.arin.net/pub/rr/arin.db.gz -O - 2>/dev/null | gzip -d | grep 
> -A10 199.52.73.0/24
> route:  199.52.73.0/24
> origin: AS132055
> descr:  EY India
> admin-c:IAM12-ARIN
> tech-c: DNSAD85-ARIN
> tech-c: IAM12-ARIN
> mnt-by: MNT-EYL-Z
> created:2022-10-19T08:37:50Z
> last-modified:  2023-11-27T15:10:44Z
> source: ARIN
>
> Thanks!
>

IRR mirrors de-sync from ARIN or irrd4 bug or ARIN streaming is broken?

[Aliaksei Sheshka]

Hi folks!

I noticed something unusual today, and perhaps some of you know the answer.

Consider ARIN rr:

$ whois -h rr.arin.net 199.52.73.0/24
route:  199.52.73.0/24
origin: AS132055
descr:  EY India
admin-c:IAM12-ARIN
tech-c: DNSAD85-ARIN
tech-c: IAM12-ARIN
mnt-by: MNT-EYL-Z
created:2022-10-19T08:37:50Z
last-modified:  2023-11-27T15:10:44Z
source: ARIN

everything looks fine.

Now RADB mirror:

$ whois -h whois.radb.net 199.52.73.0/24
%  No entries found for the selected source(s).

nothing!  I suspect the mirror is out of sync.

Now NTT mirror:

$ whois -h rr1.ntt.net 199.52.73.0/24
route:  199.52.73.0/24
descr:  RPKI ROA for 199.52.73.0/24 / AS132055
remarks:This AS132055 route object represents routing data retrieved
from the RPKI. This route object is the result of an
automated
RPKI-to-IRR conversion process performed by IRRd.
max-length: 24
origin: AS132055
source: RPKI  # Trust Anchor: arin

As you can see it returns only RPKI data, and not ARIN. So ARIN data is not
in sync there as well?

However for 199.52.53.0/24 it returns both

$ whois -h rr1.ntt.net 199.52.53.0/24
route:  199.52.53.0/24
origin: AS132055
descr:  EY India
admin-c:IAM12-ARIN
tech-c: DNSAD85-ARIN
tech-c: IAM12-ARIN
mnt-by: MNT-EYL-Z
created:2022-07-11T07:05:30Z
last-modified:  2023-11-27T15:10:44Z
source: ARIN
rpki-ov-state:  valid

route:  199.52.53.0/24
descr:  RPKI ROA for 199.52.53.0/24 / AS132055
remarks:This AS132055 route object represents routing data retrieved
from the RPKI. This route object is the result of an
automated
RPKI-to-IRR conversion process performed by IRRd.
max-length: 24
origin: AS132055
source: RPKI  # Trust Anchor: arin

My question is how and what happened? I suspect whois stream was incostent.
Because if one check todays ARIN DB it surely has the data

$ wget ftp://ftp.arin.net/pub/rr/arin.db.gz -O - 2>/dev/null | gzip -d |
grep -A10 199.52.73.0/24
route:  199.52.73.0/24
origin: AS132055
descr:  EY India
admin-c:IAM12-ARIN
tech-c: DNSAD85-ARIN
tech-c: IAM12-ARIN
mnt-by: MNT-EYL-Z
created:2022-10-19T08:37:50Z
last-modified:  2023-11-27T15:10:44Z
source:     ARIN

Thanks!

Would you make a good ARIN Trustee? (Fwd: [arin-announce] Call for Nominations Extended for ARIN Board of Trustees)

[John Curran]

NANOGers -

Per request of the 2024 Nomination Committee, we have extended the call for 
nominations for those interested in serving on the ARIN Board of Trustees – see 
the attached announcement below.

If you are interested in serving, or know someone that might be, please take a 
moment to review the requirements at the link below.

Thanks!
/John

John Curran
President and CEO
American Registry for Internet Numbers

Begin forwarded message:

From: ARIN 
Subject: [arin-announce] Call for Nominations Extended for ARIN Board of 
Trustees
Date: June 24, 2024 at 5:15:12 PM AST
To: "arin-annou...@arin.net" 

By request of the 2024 Nomination Committee, ARIN has extended the Call for 
Nominations for three seats on the Board of Trustees. Nominations will now be 
accepted through 7:00 PM EDT on 1 July 2024.

Candidates elected to full terms will serve three-year terms beginning 1 
January 2025, and incumbents may be reelected for consecutive terms.

Nominations may be submitted at:

Board of Trustees: https://www.surveymonkey.com/r/2024Board-Nom

**Nomination Information**

Anyone may submit a self-nomination for a seat on the Board if they meet the 
nomination guidelines.

To view the expected qualifications and responsibilities for this elected 
position, please visit:

Board of Trustees: https://www.arin.net/about/welcome/board/requirements/

All nominees must confirm that they do not violate the Nomination and 
Appointment Conflict of Interest Requirements found at: 
https://www.arin.net/participate/oversight/elections/conflicts/

Board Nominees will be assessed based on the following guidance letter:

Board Guidance Letter to the Nomination Committee: 
https://www.arin.net/vault/participate/oversight/elections/board_nomcom_guidance2024.pdf

For more information about ARIN Elections, the 2024 Election Calendar, or 
details of the processes, please visit https://www.arin.net/elections/.

If you have specific questions or need to request additional information, 
please contact electi...@arin.net.


Regards,

American Registry for Internet Numbers (ARIN)

___
ARIN-Announce

In Remembrance: ARIN Amassador Stacy Taylor (Hughes)

[Mel Beckman]

For those who haven't seen this yet, I'm passing it along from ARIN 
announcements. Stacy passed away suddenly in the hospital last week.

I first met Stacy when she worked as  "IP Godess" at TW Telecom, by which time 
she was already a force of nature within ARIN, and at many RIR and NANOG 
events. No matter who you were, Stacy always made you feel welcome and valued.  
 Good Memories are gathering on her Facebook page at 
https://www.facebook.com/stacy.taylor3k

  -mel



Posted: Friday, 24 May 2024
ARIN <https://www.arin.net/announcements/20240524/#related>

The ARIN Board of Trustees, Advisory Council, and staff are shocked and 
saddened by the death of their friend and former Advisory Council colleague, 
Stacy Taylor (Hughes).

Stacy, known to many by her email handle “IP Goddess,” served on the ARIN 
Advisory Council from 2002 to 2014. But beyond her contribution to policy, for 
more than a decade Stacy brought a spirit of joy and welcome to the wider ARIN 
community.

ARIN is a community first and foremost, and for many years, Stacy was one of 
its best ambassadors as she participated in Regional Internet Registry meetings 
around the globe. Her impact is still visible in the community where she 
mentored so many, and her spirit of welcome is still part of the Advisory 
Council.

The Board of Trustees hereby extends its sympathies to Stacy’s family and 
friends. We shall miss her spirit and remember her always with respect, 
admiration and warmth of heart.

Regards,

American Registry for Internet Numbers (ARIN)



https://www.arin.net/announcements/20240524/

[https://www.arin.net/img/logo-social.png]<https://www.arin.net/announcements/20240524/>
In Remembrance — Stacy Taylor 
(Hughes)<https://www.arin.net/announcements/20240524/>
The ARIN Board of Trustees, Advisory Council, and staff are shocked and 
saddened by the death of their friend and former Advisory Council colleague, 
Stacy Taylor (Hughes). Stacy, known to many by her email handle “IP Goddess,” 
served on the ARIN Advisory Council from 2002 to 2014. But beyond her 
contribution to policy, for more than a decade Stacy brought a spirit of joy 
and welcome to the wider ARIN community.
www.arin.net

TIMELY - FINAL REMINDER - ARIN Email Template Retirement Scheduled for 3 June 2024

[John Curran]

NANOGers -

If you are still emailing SWIP requests to ARIN for reporting reallocations and 
reassignments, please contact the ARIN Helpdesk ASAP to move a more 
appropriate/secure technology.

Thanks,
/John

John Curran
President and CEO
American Registry for Internet Numbers


Begin forwarded message:

Subject: [arin-announce] FINAL REMINDER - ARIN Email Template Retirement 
Scheduled for 3 June 2024
...
On 3 June 2024, ARIN will retire SWIP email templates for reporting 
reallocations and reassignments as described in the community Consultation 
conducted in November of 2023. After 3 June 2024, ARIN will not accept or 
respond to email templates.

We recognize this change is significant and have several alternative options 
for submitting reassignment information. To facilitate a smooth transition, we 
encourage users to explore ARIN’s Reg-RWS service, a secure and efficient means 
of interacting with ARIN’s database.

Those who do not need to automate reallocation and reassignment submissions may 
find it convenient to use ARIN Online to report this information to ARIN.

For organizations who are unable to utilize Reg-RWS or ARIN Online, or for 
those who prefer to continue composing reassignment information in email 
templates, ARIN has provided an open-source template processor that customers 
may run within their network. This software will allow users to convert email 
templates to REST calls compatible with Reg-RWS. This open-source template 
processor was released on GitHub on 1 November 2023, and is no longer 
maintained by ARIN post release. If you wish to use this product beyond its 
initial release, you will be able to fork the repository and maintain it as 
your needs require. To learn more, please visit: 
https://www.arin.net/resources/registry/reassignments/ostp/

If you have questions about this transition, or need assistance using Reg-RWS, 
please contact us by submitting an Ask ARIN ticket or chatting with us using 
ARIN Online, or calling the Registration Services Help Desk at +1.703.227.0660 
(Monday-Friday, 7:00 AM – 7:00 PM ET).

Regards,

John Sweeting
Chief Customer Officer
American Registry for Internet Numbers (ARIN)

---
REFERENCES:
ARIN Reg-RWS Service: https://www.arin.net/resources/manage/regrws/
Reporting Reassignments Using ARIN Online: 
https://www.arin.net/resources/registry/reassignments/#reporting-reassignments-using-arin-online

Apply Now for an ARIN Community Grant

[John Sweeting]

Hi NANOG’ers,

ARIN has announced the opening of applying for an ARIN grant. See below 
announcement.


Do you have a project that needs funding, is noncommercial in nature, and 
benefits the Internet community within the ARIN service region? Apply now for a 
2024 ARIN Community Grant.

The ARIN Community Grant Program provides financial grants in support of 
operational and research projects that improve the overall Internet industry 
and user environment, advancing ARIN’s mission and broadly benefiting the ARIN 
community within our region. Projects must fit into one or more of these four 
broad categories:

- Internet technical improvements that promote and facilitate the expansion, 
development, and growth of the infrastructure of the Internet consistent with 
the public interest
- Registry processes and technology improvements that help maintain a globally 
consistent and highly usable Internet number registry system
- Informational outreach that advances the Internet on topics such as, but not 
limited to, IPv6 deployment, Internet research, and Internet governance
- Research related to ARIN’s mission and operations

For 2024, the ARIN Board of Trustees has approved a total expenditure of up to 
US$60,000 for grants of varying amounts, from $1,000 to $20,000, and based on 
project need. We invite you to learn more about ARIN’s Community Grant Program 
and to find the link to the application form at: https://www.arin.net/grants.

The call for applications is open now through 7 June 2024. We encourage all 
applicants to clearly demonstrate how projects meet eligibility guidelines and 
selection criteria through the application form to improve chances of selection.

ARIN looks forward to funding important projects through the ARIN Community 
Grant Program in 2024.

Regards,

American Registry for Internet Numbers (ARIN)

Re: AT&T ARIN Contact

[John Sweeting]

Hi John,

If you CC: hostmas...@arin.net<mailto:hostmas...@arin.net> on the email to 
ipadmin-b...@att.com<mailto:ipadmin-b...@att.com>, ARIN will reach out to them 
and if the entries are not removed in 7 days ARIN will remove them for you.

Thanks,
John S.
ARIN CCO

From: NANOG  on behalf of John 
Conley via NANOG 
Date: Tuesday, March 26, 2024 at 9:58 AM
To: nanog@nanog.org 
Subject: AT&T ARIN Contact
I have a few old netblocks that were allocated to my company back in the early 
2010s that our security vendor is requiring us to either secure or remove from 
being registered to us. I've been unable to reach anyone at 
ipadmin-b...@att.com, and the number listed isn't connected anymore.

does anyone have some contact info at ATT/Bell for getting these records 
corrected?

John Conley - Covenant - Network Engineer - 423.463.3342


__
This communication and the information transmitted is intended solely for the 
individual or entity to which it is addressed and may contain confidential 
and/or privileged material. Any review, retransmission, dissemination or other 
use of or taking action in reliance upon this information by persons or 
entities other than the intended recipient is prohibited. If you have received 
this email in error please contact the sender immediately and delete the 
material from any computer. As a recipient of this email, you are responsible 
for screening its contents and the contents of any attachments for the presence 
of viruses. The organization sending this communication and its affiliates 
accept no liability for any damages caused by any virus transmitted by this 
email.

AT&T ARIN Contact

[John Conley via NANOG]

I have a few old netblocks that were allocated to my company back in the early 
2010s that our security vendor is requiring us to either secure or remove from 
being registered to us. I've been unable to reach anyone at 
ipadmin-b...@att.com, and the number listed isn't connected anymore.

does anyone have some contact info at ATT/Bell for getting these records 
corrected?

John Conley - Covenant - Network Engineer - 423.463.3342


__
This communication and the information transmitted is intended solely for the 
individual or entity to which it is addressed and may contain confidential 
and/or privileged material. Any review, retransmission, dissemination or other 
use of or taking action in reliance upon this information by persons or 
entities other than the intended recipient is prohibited. If you have received 
this email in error please contact the sender immediately and delete the 
material from any computer. As a recipient of this email, you are responsible 
for screening its contents and the contents of any attachments for the presence 
of viruses. The organization sending this communication and its affiliates 
accept no liability for any damages caused by any virus transmitted by this 
email.

Disclaimer

The information contained in this communication from the sender is 
confidential. It is intended solely for use by the recipient and others 
authorized to receive it. If you are not the recipient, you are hereby notified 
that any disclosure, copying, distribution or taking action in relation of the 
contents of this information is strictly prohibited and may be unlawful.

This email has been scanned for viruses and malware, and may have been 
automatically archived by Mimecast Ltd, an innovator in Software as a Service 
(SaaS) for business. Providing a safer and more useful place for your human 
generated data. Specializing in; Security, archiving and compliance. To find 
out more visit the Mimecast website.

Re: Ongoing ARIN consultation on Resource Public Key Infrastructure/BGP intelligence

[Randy Bush]

john:

> I’d tend to agree with you, but ARIN already once attempted to rollout
> such functionality – alas, with overly ambitious scope that not only
> provided increased visibility after potentially affected routes but
> functionality that also created default linkage to matching IRR
> objects

whoops!  i still code around another RIR doing that.  vendors have a
long history of thinking they know best what operators should do.  some
RIRs seem to have such hubris.

ok, i can see opening up discussion to reduce foot shooting risks.
sorry for skepticism.

randy

Re: Ongoing ARIN consultation on Resource Public Key Infrastructure/BGP intelligence

[John Curran]

On Feb 14, 2024, at 2:09 PM, Randy Bush  wrote:

john,

Read the full text of the consultation at:
https://www.arin.net/participate/community/acsp/consultations/2024/2024-1/

please explain the need for bureaucrazy to do what RPKI CAs have been
doing since dirt was invented.

Randy -

I’d tend to agree with you, but ARIN already once attempted to rollout such 
functionality –
alas, with overly ambitious scope that not only provided increased visibility 
after potentially
affected routes but functionality that also created default linkage to matching 
IRR objects –
and thus created a real potential for subtle operational impacts at the time of 
the rollout.
<https://mailman.nanog.org/pipermail/nanog/2023-August/222790.html>

Rather than have a repeat of that fiasco, we’re now moving ahead with changes 
that have
any potential for causing routing changes in a more deliberate and consultative 
manner.

Thanks!
/John

John Curran
President and CEO
American Registry for Internet Numbers

Re: Ongoing ARIN consultation on Resource Public Key Infrastructure/BGP intelligence

[Randy Bush]

john,

> Read the full text of the consultation at:
> https://www.arin.net/participate/community/acsp/consultations/2024/2024-1/

please explain the need for bureaucrazy to do what RPKI CAs have been
doing since dirt was invented.

randy

Ongoing ARIN consultation on Resource Public Key Infrastructure/BGP intelligence

[John Curran]

NANOGers -

ARIN would like to remind the community about the ongoing consultation on 
Resource Public Key Infrastructure/BGP intelligence. This consultation is 
slated to close on Thursday, 29 February. Please be sure to submit your 
comments to the arin-consult mailing list before then.

Read the full text of the consultation at: 
https://www.arin.net/participate/community/acsp/consultations/2024/2024-1/

As of 14 February 2024, we have received very few comments from the community 
regarding this consultation. We believe adding this feature would benefit many 
ARIN customers, and we are seeking input from our community for any additional 
information or capabilities that should be included in this proposed 
functionality development.

If you have feedback you’d like to share with ARIN, please provide it to the 
arin-consult mailing list via arin-cons...@arin.net. You may subscribe to this 
mailing list at https://lists.arin.net/mailman/listinfo/arin-consult. ARIN will 
use the feedback provided to determine how we move forward with improvements to 
our routing security services.

Thank you in advance for your participation in this community consultation.

Thanks!
/John

John Curran
President and CEO
American Registry for Internet Numbers (ARIN)

Know of any organization that uses SWIP email templates? (was: Fwd: [arin-announce] Email Template Retirement Scheduled for 3 June 2024)

[John Curran]

NANOGers -

Please note the following announcement from ARIN regarding retirement of 
email-based SWIP updates to the ARIN registry.

While we are presently providing transition assistance to several organizations 
identified by their use of this functionality in the recent past, it is 
possible that some organizations have little-used tools who may be unaware of 
this upcoming transition – hence this wider email distribution to make sure 
that the community is apprised of the retirement of SWIP email template 
processing at ARIN as of 3 June 2023.   See the attached announcement for 
information on the consultation that was held, the open source template 
processor we’ve made available and the REST-based alternative.

Thanks!
/John

John Curran
President and CEO
American Registry for Internet Numbers


Begin forwarded message:

From: ARIN 
Subject: [arin-announce] Email Template Retirement Scheduled for 3 June 2024
Date: January 11, 2024 at 5:24:56 AM HST
To: "arin-annou...@arin.net" 

Effective 3 June 2024, ARIN will be retiring SWIP email templates for reporting 
reallocations and reassignments as described in the community Consultation 
conducted in November of 2023.

Staff conducted analysis of email template usage and determined that this 
change will impact less than 75 organizations, and we will be working with 
these customers directly to guide them through this transition.

We recognize that this presents a meaningful change for users, and ARIN has 
completed two major improvements to ease the impact prior to retiring the 
template processor:

- Published an open-source template processor through GitHub on 31 October 2023 
that can convert email templates to REST calls that can be received by Reg-RWS. 
This template processor is a self-contained product that customers may run 
within their network to process templates. This is meant as a stopgap solution 
and, once released, will not be maintained, or supported. If customers wish to 
use this product beyond its initial release, they will be able to fork the 
repository and maintain it as their needs require.
- Deployed updates to ARIN Online on 7 August 2023 to provide feature parity 
with the existing template processor for reassignments.

We will continue to engage with customers who use email templates to educate 
them on alternative options and assist with their direct transition to our 
Restful API, Reg-RWS.

If you have questions about this transition or need assistance, you can contact 
us by:

- submitting an Ask ARIN ticket or chat with us using your ARIN Online account, 
or
- contacting the Registration Services Help Desk by phone Monday through 
Friday, 7:00 AM to 7:00 PM ET at +1.703.227.0660

Regards,

American Registry for Internet Numbers (ARIN)

--
Resources:

Community Consultation: 
https://www.arin.net/participate/community/acsp/consultations/2023/2023-5/
Open-source Template Processor: 
https://www.arin.net/resources/registry/reassignments/ostp/
Reg-RWS Information: https://www.arin.net/resources/manage/regrws/


___
ARIN-Announce

Fellowships for ARIN 53

[John Sweeting]

NANOGers –

For those folks (e.g., yourself, friends, coworkers, ...) who are looking for 
an in-depth mentored introduction to
ARIN, please consider applying to participate in the ARIN 53 Fellowship 
Program! Details
attached below, and more online at https://www.arin.net/fellowships.

Thanks,
John S.

Re: ARIN election statistics, eligible-to-vote ASNs/Org IDs vs. number of votes cast

[Eric Kuhnke]

Thank you John!  I suppose the impetus behind my original question was to
encourage everyone reading this thread to examine the slate of candidates
and vote.

If I'm reading this right it appears that approximately 8 percent of
eligible voters cast a vote for the 2020 Board of Trustees election.

I've been going through the periodic ARIN election related emails and
expect to put some more time into it this weekend.

On Thu, Oct 19, 2023 at 9:08 PM John Curran  wrote:

>
> On Oct 19, 2023, at 5:25 PM, Eric Kuhnke  wrote:
>
> Does anyone have general statistics on:
>
> a) Number of eligible voting org IDs
>
> b) Percentage of eligible voting org IDs which actually cast ballots in
> previous ARIN elections
>
>
> That’s an interesting question to ask over here on nanog’s mailing list,
> but anyway here goes -
>
> ARIN 2022 Election Results -
> https://www.arin.net/announcements/20221031_results/
> ARIN 2021 Election Results -
> https://www.arin.net/announcements/2027_election/
> ARIN 2020 Election Results -
> https://www.arin.net/announcements/20201103_election/
>
>
> Each election result posting contains a summary at the bottom that
> includes metrics you seek - For example -
> ===
>
> 2020 Voter Statistics
>
>
>- 6,689 ARIN Members as of 8 September 2020
>   - 5,684 ARIN eligible Voting Organizations* as of 8 September 2020
>   - ARIN Board of Trustees election: 490 voters on behalf of 603
>   unique ARIN Member organizations cast a ballot in the ARIN Board of
>   Trustees election
>   - ARIN Advisory Council election: 485 voters on behalf of 595
>   unique ARIN Member organizations cast a ballot in the ARIN Advisory 
> Council
>   election
>
> **ARIN Member in Good Standing with a properly registered Voting Contact
> linked to an ARIN Online account as of 8 September 2020.*
>
> ===
>
>
> Best wishes,
> /John
>
> John Curran
> President and CEO
> American Registry for Internet Numbers
>
>
>
>

Re: ARIN election statistics, eligible-to-vote ASNs/Org IDs vs. number of votes cast

[John Curran]

On Oct 19, 2023, at 5:25 PM, Eric Kuhnke  wrote:

Does anyone have general statistics on:

a) Number of eligible voting org IDs

b) Percentage of eligible voting org IDs which actually cast ballots in 
previous ARIN elections

That’s an interesting question to ask over here on nanog’s mailing list, but 
anyway here goes -

ARIN 2022 Election Results - 
https://www.arin.net/announcements/20221031_results/
ARIN 2021 Election Results - 
https://www.arin.net/announcements/2027_election/
ARIN 2020 Election Results - 
https://www.arin.net/announcements/20201103_election/

Each election result posting contains a summary at the bottom that includes 
metrics you seek - For example -
===
2020 Voter Statistics

 *   6,689 ARIN Members as of 8 September 2020
 *   5,684 ARIN eligible Voting Organizations* as of 8 September 2020
 *   ARIN Board of Trustees election: 490 voters on behalf of 603 unique 
ARIN Member organizations cast a ballot in the ARIN Board of Trustees election
 *   ARIN Advisory Council election: 485 voters on behalf of 595 unique 
ARIN Member organizations cast a ballot in the ARIN Advisory Council election

*ARIN Member in Good Standing with a properly registered Voting Contact linked 
to an ARIN Online account as of 8 September 2020.

===


Best wishes,
/John

John Curran
President and CEO
American Registry for Internet Numbers

ARIN election statistics, eligible-to-vote ASNs/Org IDs vs. number of votes cast

[Eric Kuhnke]

Does anyone have general statistics on:

a) Number of eligible voting org IDs

b) Percentage of eligible voting org IDs which actually cast ballots in
previous ARIN elections

Re: ARIN whois contact abuse from ipv4depot aka Silicon Desert International Inc

[Tim Burke]

I’d vote for whoever promises to perma ban Cogent and all of these other clowns 
from access WHOIS data. Someone get on that!

> On Oct 13, 2023, at 19:33, Randy Bush  wrote:
> 
> i received an arin board electioneering "vote for me" today.  i guess
> now i have to go vote against then.
> 
> randy

Re: ARIN whois contact abuse from ipv4depot aka Silicon Desert International Inc

[Randy Bush]

i received an arin board electioneering "vote for me" today.  i guess
now i have to go vote against then.

randy

Re: ARIN whois contact abuse from ipv4depot aka Silicon Desert International Inc

[Eric Kuhnke]

To clarify, the original post from myself is more ARIN related and scraping
of ARIN data. The incoming cold contacts from the ipv4-broker-spammer came
to ARIN POCs for an ASN with presence only in the USA.



On Fri, Oct 13, 2023 at 8:23 AM t...@pelican.org  wrote:

> On Friday, 13 October, 2023 16:04, "Laura Smith via NANOG" <
> nanog@nanog.org> said:
>
> > RIPE could do the same.  And some might argue that it is easier for RIPE
> because
> > all we are asking is for a valid abuse contact, so its not like Nominet
> who have
> > to verify e.g. registrant company ID numbers.
>
> They do.  In previous lives, I've regularly been on the receiving end of
> assorted audit requests from RIPE, some of which are to do with contact
> details in the DB (particularly when they find unreachable ones), and some
> of which are confirming that number resources are still in use by the
> organisation and for the purpose for which they were issued.
>
> I think the original complaint was that RIPE don't act (or less so than
> ARIN) to block or otherwise deal with people who are mining the DB for
> contacts, despite that being an incentive to put "real" data in the DB -
> not than that they don't push for accurate data in the DB.
>
> Thanks,
> Tim.
>
>
>

Re: ARIN whois contact abuse from ipv4depot aka Silicon Desert International Inc

[t...@pelican.org]

On Friday, 13 October, 2023 16:04, "Laura Smith via NANOG"  
said:

> RIPE could do the same.  And some might argue that it is easier for RIPE 
> because
> all we are asking is for a valid abuse contact, so its not like Nominet who 
> have
> to verify e.g. registrant company ID numbers.

They do.  In previous lives, I've regularly been on the receiving end of 
assorted audit requests from RIPE, some of which are to do with contact details 
in the DB (particularly when they find unreachable ones), and some of which are 
confirming that number resources are still in use by the organisation and for 
the purpose for which they were issued.

I think the original complaint was that RIPE don't act (or less so than ARIN) 
to block or otherwise deal with people who are mining the DB for contacts, 
despite that being an incentive to put "real" data in the DB - not than that 
they don't push for accurate data in the DB.

Thanks,
Tim.

Re: ARIN whois contact abuse from ipv4depot aka Silicon Desert International Inc

[Laura Smith via NANOG]

--- Original Message ---
On Thursday, October 12th, 2023 at 18:59, Niels Bakker  
wrote:


> RIPE have a policy that states 

Which is exactly what I said Neils.  When I asked about it, they pointed me at 
a policy.

Well hell, theoretically my company has a policy that describes zero-tolerance 
to spam. And yet if I published such a policy on the website, do you think 
spammers would adhere to it ?

As for you implying it is impossible for a RIR to validate such information, 
just ask anyone who is a Nominet (.uk registry) member.

Every year, Nominet do an audit of every member.  They pull a random-sample of 
domains from each member and attempt to perform an automated check of end-user 
name and address details.

If Nominet are unable to perform the automated check, then you receive an email 
from the Nominet compliance department asking for your assistance with a manual 
check (this happens rarely, Nominet's automated checks normally work).

Nominet do not expect 100% perfection, there is a tolerance percentage.

RIPE could do the same.  And some might argue that it is easier for RIPE 
because all we are asking is for a valid abuse contact, so its not like Nominet 
who have to verify e.g. registrant company ID numbers.

Re: ARIN whois contact abuse from ipv4depot aka Silicon Desert International Inc

[Owen DeLong via NANOG]

> On Oct 12, 2023, at 10:59, Niels Bakker  wrote:
> 
> * Laura Smith [Thu 12 Oct 2023, 19:01 CEST]:
>> I mean, most (all ?) of the registries still can't be bothered to validate 
>> the information the resource holders post to the database.  Last time I 
>> asked, e.g. RIPE about it, they basically said "not my problem guv" , 
>> pointed me to some policy document that said members should provide correct 
>> details and well, that was about it.
>> 
>> So if they don't do that, then what hope is there for them doing something 
>> about the harvesters ?
> 
> RIPE have a policy that states members should submit correct contact details. 
> Having spammers harvest the database discourages people from submitting 
> correct contact details. Ergo, RIPE have a vested interest in ensuring the 
> database doesn't get abused by spammers.

And yet, at least so far, RIPE refuses to take action on such reports, ergo, 
apparently they don’t really care as much as you say they should.


Owen

Re: ARIN whois contact abuse from ipv4depot aka Silicon Desert International Inc

[Niels Bakker]

* Laura Smith [Thu 12 Oct 2023, 19:01 CEST]:
I mean, most (all ?) of the registries still can't be bothered to 
validate the information the resource holders post to the 
database.  Last time I asked, e.g. RIPE about it, they basically 
said "not my problem guv" , pointed me to some policy document that 
said members should provide correct details and well, that was about 
it.


So if they don't do that, then what hope is there for them doing 
something about the harvesters ?


RIPE have a policy that states members should submit correct contact 
details. Having spammers harvest the database discourages people from 
submitting correct contact details. Ergo, RIPE have a vested interest 
in ensuring the database doesn't get abused by spammers.


Literally everybody hates spam and spammers so it's an easy choice.

How an RIR would validate information, how often that should be done, 
and what would constitute valid information anyway is a very long 
discussion that has no bearing on abuse of said information.



-- Niels.

Re: ARIN whois contact abuse from ipv4depot aka Silicon Desert International Inc

[Delong.com via NANOG]

RIPE != ARIN

RIPE has a very lessez faire attitude towards network abuse and always has. 
It’s rather unfortunate.

ARIN, OTOH, has a clear understanding of their mandate, and they won’t pursue 
abuse outside of that mandate (e.g. general SPAM complaints, DDOS, etc.), but 
they will pursue complaints within their mandate pretty effectively (e.g. abuse 
of WHOIS data beyond the AUP, fraudulent address acquisition, incorrect WHOIS 
data, etc.)

YMMV.

Owen


> On Oct 12, 2023, at 09:59, Laura Smith via NANOG  wrote:
> 
> Honestly Mike I don't think they care.
> 
> I mean, most (all ?) of the registries still can't be bothered to validate 
> the information the resource holders post to the database.  Last time I 
> asked, e.g. RIPE about it, they basically said "not my problem guv" , pointed 
> me to some policy document that said members should provide correct details 
> and well, that was about it.
> 
> So if they don't do that, then what hope is there for them doing something 
> about the harvesters ?
> 
> 
> --- Original Message ---
> On Thursday, October 12th, 2023 at 17:08, Mike Hammett  
> wrote:
> 
> 
>> Do we know if the organizations with key Internet resources (ARIN, RIPE, 
>> PeeringDB, etc.) have any honeypots in their arsenal? Obviously, publicly 
>> knowing about it kind of defeats the purpose of it, but that might be a way 
>> to help be proactive - make fake entries with unique contact information to 
>> catch those harvesting.
>> 
>> 
>> 
>> -
>> Mike Hammett
>> Intelligent Computing Solutions
>> http://www.ics-il.com
>> 
>> Midwest-IX
>> http://www.midwest-ix.com
>> 
>> 
>> From: "Mel Beckman" 
>> To: "Tom Beecher" 
>> Cc: "nanog@nanog.org list" 
>> Sent: Thursday, October 12, 2023 11:01:20 AM
>> Subject: Re: ARIN whois contact abuse from ipv4depot aka Silicon Desert 
>> International Inc
>> 
>> Tom,
>> When an ARIN member violates their agreement and spams from ARIN’s 
>> databases, it’s not just an “Internet is fertile ground” deal. It’s a 
>> betrayal of a legal trust, one that demands accountability. I’m quite happy 
>> that ARIN promptly responds to these abuses, and gets results. That only 
>> works if victims report spam and compare notes. Let the “fertile ground” be 
>> elsewhere!
>> 
>>  -mel beckman
>> 
>> 
>>> On Oct 12, 2023, at 8:49 AM, Tom Beecher  wrote:
>> 
>>> 
>>> 
>>>> It's ridiculous that they resort to scraping public lists and DBs to try 
>>>> and achieve what they're attempting to do.
>>> 
>>> 
>>> Everyone is always looking for information they can use to advance some 
>>> agenda or purpose. The internet is fertile ground for that. Always has 
>>> been, always will be. 
>>> 
>>> Not taking shots at anyone here, but I am boggled why this is a common 
>>> public complaint. Block the sender and move on. 
>>> 
>>> On Wed, Oct 11, 2023 at 7:56 PM Peter Potvin via NANOG  
>>> wrote:
>>> 
>>>> Definitely have received this same spam multiple times and so have a few 
>>>> others I know. It's ridiculous that they resort to scraping public lists 
>>>> and DBs to try and achieve what they're attempting to do.
>>>> Regards,Peter Potvin | Executive Director
>>>> --
>>>> Accuris Technologies Ltd.
>>>> 
>>>> 
>>>> On Wed, Oct 11, 2023 at 7:52 PM Eric Kuhnke  wrote:
>>>> 
>>>>> Is anyone else receiving spam from this organization? Based on the 
>>>>> contents of the cold solicitations they are sending us, and the addresses 
>>>>> being sent to, they have scraped ARIN WHOIS data for noc and abuse POC 
>>>>> contact info and recent ipv4 block transfers. 
>>>>> It's trivially easy to block their entire domain at the mail server 
>>>>> level, of course...
>>>>> 
>>>>> 

Re: ARIN whois contact abuse from ipv4depot aka Silicon Desert International Inc

[Andrew Latham]

As mentioned weekly email complia...@arin.net with details.

On Wed, Oct 11, 2023 at 8:58 PM Eric Kuhnke  wrote:

> Is anyone else receiving spam from this organization? Based on the
> contents of the cold solicitations they are sending us, and the addresses
> being sent to, they have scraped ARIN WHOIS data for noc and abuse POC
> contact info and recent ipv4 block transfers.
>
> It's trivially easy to block their entire domain at the mail server level,
> of course...
>
>
>

-- 
- Andrew "lathama" Latham -

Re: ARIN whois contact abuse from ipv4depot aka Silicon Desert International Inc

[Mel Beckman]

Laura,

just a couple of weeks ago, I reported and ARIN abuse here on NANOG, and ARIN 
responded immediately, contacting the offender and getting them to stop. The 
system works, and ARIN has the power to deter repeat offenders.

 -mel

> On Oct 12, 2023, at 10:01 AM, Laura Smith via NANOG  wrote:
> 
> Honestly Mike I don't think they care.
> 
> I mean, most (all ?) of the registries still can't be bothered to validate 
> the information the resource holders post to the database.  Last time I 
> asked, e.g. RIPE about it, they basically said "not my problem guv" , pointed 
> me to some policy document that said members should provide correct details 
> and well, that was about it.
> 
> So if they don't do that, then what hope is there for them doing something 
> about the harvesters ?
> 
> 
> --- Original Message ---
>> On Thursday, October 12th, 2023 at 17:08, Mike Hammett  
>> wrote:
>> 
>> 
>> Do we know if the organizations with key Internet resources (ARIN, RIPE, 
>> PeeringDB, etc.) have any honeypots in their arsenal? Obviously, publicly 
>> knowing about it kind of defeats the purpose of it, but that might be a way 
>> to help be proactive - make fake entries with unique contact information to 
>> catch those harvesting.
>> 
>> 
>> 
>> -
>> Mike Hammett
>> Intelligent Computing Solutions
>> http://www.ics-il.com
>> 
>> Midwest-IX
>> http://www.midwest-ix.com
>> 
>> 
>> From: "Mel Beckman" 
>> To: "Tom Beecher" 
>> Cc: "nanog@nanog.org list" 
>> Sent: Thursday, October 12, 2023 11:01:20 AM
>> Subject: Re: ARIN whois contact abuse from ipv4depot aka Silicon Desert 
>> International Inc
>> 
>> Tom,
>> When an ARIN member violates their agreement and spams from ARIN’s 
>> databases, it’s not just an “Internet is fertile ground” deal. It’s a 
>> betrayal of a legal trust, one that demands accountability. I’m quite happy 
>> that ARIN promptly responds to these abuses, and gets results. That only 
>> works if victims report spam and compare notes. Let the “fertile ground” be 
>> elsewhere!
>> 
>>  -mel beckman
>> 
>> 
>>>> On Oct 12, 2023, at 8:49 AM, Tom Beecher  wrote:
>>> 
>>> 
>>> 
>>>> It's ridiculous that they resort to scraping public lists and DBs to try 
>>>> and achieve what they're attempting to do.
>>> 
>>> 
>>> Everyone is always looking for information they can use to advance some 
>>> agenda or purpose. The internet is fertile ground for that. Always has 
>>> been, always will be. 
>>> 
>>> Not taking shots at anyone here, but I am boggled why this is a common 
>>> public complaint. Block the sender and move on. 
>>> 
>>>> On Wed, Oct 11, 2023 at 7:56 PM Peter Potvin via NANOG  
>>>> wrote:
>>> 
>>>> Definitely have received this same spam multiple times and so have a few 
>>>> others I know. It's ridiculous that they resort to scraping public lists 
>>>> and DBs to try and achieve what they're attempting to do.
>>>> Regards,Peter Potvin | Executive Director
>>>> --
>>>> Accuris Technologies Ltd.
>>>> 
>>>> 
>>>> On Wed, Oct 11, 2023 at 7:52 PM Eric Kuhnke  wrote:
>>>> 
>>>>> Is anyone else receiving spam from this organization? Based on the 
>>>>> contents of the cold solicitations they are sending us, and the addresses 
>>>>> being sent to, they have scraped ARIN WHOIS data for noc and abuse POC 
>>>>> contact info and recent ipv4 block transfers. 
>>>>> It's trivially easy to block their entire domain at the mail server 
>>>>> level, of course...
>>>>> 
>>>>> 

Re: ARIN whois contact abuse from ipv4depot aka Silicon Desert International Inc

[Laura Smith via NANOG]

Honestly Mike I don't think they care.

I mean, most (all ?) of the registries still can't be bothered to validate the 
information the resource holders post to the database.  Last time I asked, e.g. 
RIPE about it, they basically said "not my problem guv" , pointed me to some 
policy document that said members should provide correct details and well, that 
was about it.

So if they don't do that, then what hope is there for them doing something 
about the harvesters ?


--- Original Message ---
On Thursday, October 12th, 2023 at 17:08, Mike Hammett  wrote:


> Do we know if the organizations with key Internet resources (ARIN, RIPE, 
> PeeringDB, etc.) have any honeypots in their arsenal? Obviously, publicly 
> knowing about it kind of defeats the purpose of it, but that might be a way 
> to help be proactive - make fake entries with unique contact information to 
> catch those harvesting.
> 
> 
> 
> -
> Mike Hammett
> Intelligent Computing Solutions
> http://www.ics-il.com
> 
> Midwest-IX
> http://www.midwest-ix.com
> 
> 
> From: "Mel Beckman" 
> To: "Tom Beecher" 
> Cc: "nanog@nanog.org list" 
> Sent: Thursday, October 12, 2023 11:01:20 AM
> Subject: Re: ARIN whois contact abuse from ipv4depot aka Silicon Desert 
> International Inc
> 
> Tom,
> When an ARIN member violates their agreement and spams from ARIN’s databases, 
> it’s not just an “Internet is fertile ground” deal. It’s a betrayal of a 
> legal trust, one that demands accountability. I’m quite happy that ARIN 
> promptly responds to these abuses, and gets results. That only works if 
> victims report spam and compare notes. Let the “fertile ground” be elsewhere!
> 
>  -mel beckman
> 
> 
> > On Oct 12, 2023, at 8:49 AM, Tom Beecher  wrote:
> 
> > 
> > 
> > > It's ridiculous that they resort to scraping public lists and DBs to try 
> > > and achieve what they're attempting to do.
> > 
> > 
> > Everyone is always looking for information they can use to advance some 
> > agenda or purpose. The internet is fertile ground for that. Always has 
> > been, always will be. 
> > 
> > Not taking shots at anyone here, but I am boggled why this is a common 
> > public complaint. Block the sender and move on. 
> > 
> > On Wed, Oct 11, 2023 at 7:56 PM Peter Potvin via NANOG  
> > wrote:
> > 
> > > Definitely have received this same spam multiple times and so have a few 
> > > others I know. It's ridiculous that they resort to scraping public lists 
> > > and DBs to try and achieve what they're attempting to do.
> > > Regards,Peter Potvin | Executive Director
> > > --
> > > Accuris Technologies Ltd.
> > > 
> > > 
> > > On Wed, Oct 11, 2023 at 7:52 PM Eric Kuhnke  wrote:
> > > 
> > > > Is anyone else receiving spam from this organization? Based on the 
> > > > contents of the cold solicitations they are sending us, and the 
> > > > addresses being sent to, they have scraped ARIN WHOIS data for noc and 
> > > > abuse POC contact info and recent ipv4 block transfers. 
> > > > It's trivially easy to block their entire domain at the mail server 
> > > > level, of course...
> > > > 
> > > >

Re: ARIN whois contact abuse from ipv4depot aka Silicon Desert International Inc

[Tom Beecher]

Sure. I have no issues ARIN handling what is reported to them.

That only works if victims report spam and compare notes.
>

I don't agree with the 'compare notes' part. That's ARIN's job in the
processing of reports.

On Thu, Oct 12, 2023 at 12:01 PM Mel Beckman  wrote:

> Tom,
>
> When an ARIN member violates their agreement and spams from ARIN’s
> databases, it’s not just an “Internet is fertile ground” deal. It’s a
> betrayal of a legal trust, one that demands accountability. I’m quite happy
> that ARIN promptly responds to these abuses, and gets results. That only
> works if victims report spam and compare notes. Let the “fertile ground” be
> elsewhere!
>
>  -mel beckman
>
> On Oct 12, 2023, at 8:49 AM, Tom Beecher  wrote:
>
> 
>
>> It's ridiculous that they resort to scraping public lists and DBs to try
>> and achieve what they're attempting to do.
>>
>
> Everyone is always looking for information they can use to advance some
> agenda or purpose. The internet is fertile ground for that. Always has
> been, always will be.
>
> Not taking shots at anyone here, but I am boggled why this is a common
> public complaint. Block the sender and move on.
>
> On Wed, Oct 11, 2023 at 7:56 PM Peter Potvin via NANOG 
> wrote:
>
>> Definitely have received this same spam multiple times and so have a few
>> others I know. It's ridiculous that they resort to scraping public lists
>> and DBs to try and achieve what they're attempting to do.
>>
>> Regards,
>> Peter Potvin | Executive Director
>>
>> --
>> *Accuris Technologies Ltd.*
>>
>>
>>
>> On Wed, Oct 11, 2023 at 7:52 PM Eric Kuhnke 
>> wrote:
>>
>>> Is anyone else receiving spam from this organization? Based on the
>>> contents of the cold solicitations they are sending us, and the addresses
>>> being sent to, they have scraped ARIN WHOIS data for noc and abuse POC
>>> contact info and recent ipv4 block transfers.
>>>
>>> It's trivially easy to block their entire domain at the mail server
>>> level, of course...
>>>
>>>
>>>

Re: ARIN whois contact abuse from ipv4depot aka Silicon Desert International Inc

[Mike Hammett]

Do we know if the organizations with key Internet resources (ARIN, RIPE, 
PeeringDB, etc.) have any honeypots in their arsenal? Obviously, publicly 
knowing about it kind of defeats the purpose of it, but that might be a way to 
help be proactive - make fake entries with unique contact information to catch 
those harvesting. 




- 
Mike Hammett 
Intelligent Computing Solutions 
http://www.ics-il.com 

Midwest-IX 
http://www.midwest-ix.com 

- Original Message -

From: "Mel Beckman"  
To: "Tom Beecher"  
Cc: "nanog@nanog.org list"  
Sent: Thursday, October 12, 2023 11:01:20 AM 
Subject: Re: ARIN whois contact abuse from ipv4depot aka Silicon Desert 
International Inc 

Tom, 


When an ARIN member violates their agreement and spams from ARIN’s databases, 
it’s not just an “Internet is fertile ground” deal. It’s a betrayal of a legal 
trust, one that demands accountability. I’m quite happy that ARIN promptly 
responds to these abuses, and gets results. That only works if victims report 
spam and compare notes. Let the “fertile ground” be elsewhere! 


-mel beckman 



On Oct 12, 2023, at 8:49 AM, Tom Beecher  wrote: 









It's ridiculous that they resort to scraping public lists and DBs to try and 
achieve what they're attempting to do. 





Everyone is always looking for information they can use to advance some agenda 
or purpose. The internet is fertile ground for that. Always has been, always 
will be. 


Not taking shots at anyone here, but I am boggled why this is a common public 
complaint. Block the sender and move on. 


On Wed, Oct 11, 2023 at 7:56 PM Peter Potvin via NANOG < nanog@nanog.org > 
wrote: 



Definitely have received this same spam multiple times and so have a few others 
I know. It's ridiculous that they resort to scraping public lists and DBs to 
try and achieve what they're attempting to do. 




Regards, 
Peter Potvin | Executive Director 
-- 
Accuris Technologies Ltd. 






On Wed, Oct 11, 2023 at 7:52 PM Eric Kuhnke < eric.kuh...@gmail.com > wrote: 



Is anyone else receiving spam from this organization? Based on the contents of 
the cold solicitations they are sending us, and the addresses being sent to, 
they have scraped ARIN WHOIS data for noc and abuse POC contact info and recent 
ipv4 block transfers. 


It's trivially easy to block their entire domain at the mail server level, of 
course... 

Re: ARIN whois contact abuse from ipv4depot aka Silicon Desert International Inc

[Mel Beckman]

Tom,

When an ARIN member violates their agreement and spams from ARIN’s databases, 
it’s not just an “Internet is fertile ground” deal. It’s a betrayal of a legal 
trust, one that demands accountability. I’m quite happy that ARIN promptly 
responds to these abuses, and gets results. That only works if victims report 
spam and compare notes. Let the “fertile ground” be elsewhere!

 -mel beckman

On Oct 12, 2023, at 8:49 AM, Tom Beecher  wrote:


It's ridiculous that they resort to scraping public lists and DBs to try and 
achieve what they're attempting to do.

Everyone is always looking for information they can use to advance some agenda 
or purpose. The internet is fertile ground for that. Always has been, always 
will be.

Not taking shots at anyone here, but I am boggled why this is a common public 
complaint. Block the sender and move on.

On Wed, Oct 11, 2023 at 7:56 PM Peter Potvin via NANOG 
mailto:nanog@nanog.org>> wrote:
Definitely have received this same spam multiple times and so have a few others 
I know. It's ridiculous that they resort to scraping public lists and DBs to 
try and achieve what they're attempting to do.

Regards,
Peter Potvin | Executive Director
--
Accuris Technologies Ltd.



On Wed, Oct 11, 2023 at 7:52 PM Eric Kuhnke 
mailto:eric.kuh...@gmail.com>> wrote:
Is anyone else receiving spam from this organization? Based on the contents of 
the cold solicitations they are sending us, and the addresses being sent to, 
they have scraped ARIN WHOIS data for noc and abuse POC contact info and recent 
ipv4 block transfers.

It's trivially easy to block their entire domain at the mail server level, of 
course...

Re: ARIN whois contact abuse from ipv4depot aka Silicon Desert International Inc

[Tom Beecher]

>
> It's ridiculous that they resort to scraping public lists and DBs to try
> and achieve what they're attempting to do.
>

Everyone is always looking for information they can use to advance some
agenda or purpose. The internet is fertile ground for that. Always has
been, always will be.

Not taking shots at anyone here, but I am boggled why this is a common
public complaint. Block the sender and move on.

On Wed, Oct 11, 2023 at 7:56 PM Peter Potvin via NANOG 
wrote:

> Definitely have received this same spam multiple times and so have a few
> others I know. It's ridiculous that they resort to scraping public lists
> and DBs to try and achieve what they're attempting to do.
>
> Regards,
> Peter Potvin | Executive Director
>
> --
> *Accuris Technologies Ltd.*
>
>
>
> On Wed, Oct 11, 2023 at 7:52 PM Eric Kuhnke  wrote:
>
>> Is anyone else receiving spam from this organization? Based on the
>> contents of the cold solicitations they are sending us, and the addresses
>> being sent to, they have scraped ARIN WHOIS data for noc and abuse POC
>> contact info and recent ipv4 block transfers.
>>
>> It's trivially easy to block their entire domain at the mail server
>> level, of course...
>>
>>
>>

Re: ARIN whois contact abuse from ipv4depot aka Silicon Desert International Inc

[John Stitt]

Our organization has also received cold contact emails from this company, and 
their unsubscribe link doesn’t appear to have slowed them down.

They now hit my junk folder.

John Stitt
HES Energynet

On Oct 11, 2023, at 6:56 PM, Peter Potvin via NANOG  wrote:


Definitely have received this same spam multiple times and so have a few others 
I know. It's ridiculous that they resort to scraping public lists and DBs to 
try and achieve what they're attempting to do.

Regards,
Peter Potvin | Executive Director
--
Accuris Technologies Ltd.



On Wed, Oct 11, 2023 at 7:52 PM Eric Kuhnke 
mailto:eric.kuh...@gmail.com>> wrote:
Is anyone else receiving spam from this organization? Based on the contents of 
the cold solicitations they are sending us, and the addresses being sent to, 
they have scraped ARIN WHOIS data for noc and abuse POC contact info and recent 
ipv4 block transfers.

It's trivially easy to block their entire domain at the mail server level, of 
course...




CAUTION: This email originated from outside of the organization. Do not click 
links or open attachments unless you recognize the sender and know the content 
is safe. If you are not expecting this message contact the sender directly via 
phone/text to verify.

Re: ARIN whois contact abuse from ipv4depot aka Silicon Desert International Inc

[Peter Potvin via NANOG]

Definitely have received this same spam multiple times and so have a few
others I know. It's ridiculous that they resort to scraping public lists
and DBs to try and achieve what they're attempting to do.

Regards,
Peter Potvin | Executive Director
--
*Accuris Technologies Ltd.*



On Wed, Oct 11, 2023 at 7:52 PM Eric Kuhnke  wrote:

> Is anyone else receiving spam from this organization? Based on the
> contents of the cold solicitations they are sending us, and the addresses
> being sent to, they have scraped ARIN WHOIS data for noc and abuse POC
> contact info and recent ipv4 block transfers.
>
> It's trivially easy to block their entire domain at the mail server level,
> of course...
>
>
>

ARIN whois contact abuse from ipv4depot aka Silicon Desert International Inc

[Eric Kuhnke]

Is anyone else receiving spam from this organization? Based on the contents
of the cold solicitations they are sending us, and the addresses being sent
to, they have scraped ARIN WHOIS data for noc and abuse POC contact info
and recent ipv4 block transfers.

It's trivially easy to block their entire domain at the mail server level,
of course...

Re: cogent spamming directly from ARIN records?

[Matthew Petach]

On Mon, Oct 2, 2023 at 7:27 PM Collider 
wrote:

> Congrats! LIOAWKI is a hapax legomenon in DuckDuckGo's search results!
> Could you please tell me & the list what it means?
>

Large Internet Outages Are What Kills Income!

It's a phrase that is uttered by members of the finance organization every
time they see Network Engineers planning a "routine maintenance on the core
backbone routers".

Matt

Re: cogent spamming directly from ARIN records?

[Eric Kuhnke]

Based on my personal experience of getting onto the contact list of an
extremely persistent Cogent sales person, mostly, I am morbidly curious
what their CRM system looks like for cold and stale leads, and how often
these sets of non-responsive leads get passed on to new junior salespeople.
And exactly how many of those sales people there are and what
policies/management structure they work under.

It took a fair amount of effort and many strongly worded responses on my
part to eventually get my personal cellular phone number removed from their
CRM system (or at least marked as a do-not-contact).

On Mon, Oct 2, 2023 at 6:52 PM Mel Beckman  wrote:

> This morning I received an email from someone at Cogent asking about an
> ASN I administer. They didn’t give any details, but I assumed it might be
> related to some kind of network transport issue. I replied cordially,
> asking them what they needed. The person then replied with a blatant spam,
> advertising Cogent IP services, in violation of the U.S. CAN-SPAM Act’s
> prohibition against deceptive UCE.
>
> I believe they got the contact information from ARIN, because the ARIN
> technical POC is the only place where my name and the ASN are connected. I
> believe this is a violation of Cogent’s contract with ARIN. Does anybody
> know how I can effectively report this to ARIN? If we can’t even police
> infrastructure providers for spamming, LIOAWKI.
>
>  -mel beckman

Re: cogent spamming directly from ARIN records?

[Delong.com via NANOG]

My best guess is “Life As We Know It Will Be Over”, but that’s just a guess.

Owen


> On Oct 2, 2023, at 17:32, Collider  wrote:
> 
> So is LAWKIWBO, which is the correct acronym mentioned downthread.
> 
> 
> Le 3 octobre 2023 00:29:08 UTC, Collider  a 
> écrit :
>> Congrats! LIOAWKI is a hapax legomenon in DuckDuckGo's search results! Could 
>> you please tell me & the list what it means?
>> 
>> 
>> Le 2 octobre 2023 15:28:03 UTC, Mel Beckman  a écrit :
>>> This morning I received an email from someone at Cogent asking about an ASN 
>>> I administer. They didn’t give any details, but I assumed it might be 
>>> related to some kind of network transport issue. I replied cordially, 
>>> asking them what they needed. The person then replied with a blatant spam, 
>>> advertising Cogent IP services, in violation of the U.S. CAN-SPAM Act’s 
>>> prohibition against deceptive UCE.
>>> 
>>> I believe they got the contact information from ARIN, because the ARIN 
>>> technical POC is the only place where my name and the ASN are connected. I 
>>> believe this is a violation of Cogent’s contract with ARIN. Does anybody 
>>> know how I can effectively report this to ARIN? If we can’t even police 
>>> infrastructure providers for spamming, LIOAWKI.
>>> 
>>>  -mel beckman
> 
> -- 
> Sent from my Android device with K-9 Mail. Please excuse my brevity.

Re: ARIN email address (was cogent spamming directly from ARIN records?)

[Owen DeLong via NANOG]

Problem with that theory is the ratio of collateral damage to pain inflicted. 

Filter or deeper cogent and they don’t feel anything themselves. Their 
customers _might_ miss being able to reach your customers (or you), but then it 
is Cogent’s customers that feel the pain the most and Cogent to a much lesser 
degree and only as a second order effect. 

You will definitely miss connecting to some of Cogent’s customers, so you have 
also directly inflicted pain upon your self (and likely your customers). 

Personally, I would support any of my providers teaching Cogent a lesson this 
way, but most customers aren’t so understanding or even aware of the situation 
and they don’t care even if it is explained to them. They expect their packets 
to get delivered. That’s why they pay you.

It would be nice if there were a way to get Cogent fined or to sue Cogent for 
these acts and raise their costs directly without harming their customers, but 
so far nobody has figured out a way to do it. (Perhaps the layer 9 types in the 
list can put their brains to work on this problem). 

Owen


> On Oct 4, 2023, at 04:30, b...@uu3.net wrote:
> 
> This is not the outcome of internet ecosystem, this is outcome
> of commercialization, where money is what is all cared, not good
> product, ethical behavior, etc.
> 
> This is also because good guys do NOT fight back strong enough.
> Cogent start to give you hard time? Start to filter they whole
> prefixes? Maybe depeer them?
> 
> I know this sound extreme, but.. everything else seems to fail..
> 
> 
> -- Original message --
> 
> From: Christopher Morrow 
> To: nanog@nanog.org
> Subject: Re: ARIN email address (was cogent spamming directly from ARIN
>records?)
> Date: Tue, 3 Oct 2023 15:48:11 -0400
> 
> i agree this is a sad outcome of the internet ecosystem.
> 
>> We keep discussing it because we care about keeping the internet
>> running. It's similar to why we keep looking for new security holes in
>> existing software: we don't stop because inevitably we'll find more so
>> it's a lost cause, we keep looking because inevitably we'll find more
>> so the product becomes more secure.
> 
> those are a bit of a false equivalence... but... ok.
> I think: "Oh look, more spam, delete"
> is basically how this sort of problem (email from randos trying to
> sell me ED pills or 10Gs) should be treated.
> I don't know that it's helpful to keep re-litigating that end state :(
> 
> I'm sure telling dave shaeffer: "Hey, your sales droids are being
> rude" is going to end as well as sending him ED pill emails.

Re: ARIN email address (was cogent spamming directly from ARIN records?)

[borg]

This is not the outcome of internet ecosystem, this is outcome
of commercialization, where money is what is all cared, not good
product, ethical behavior, etc.

This is also because good guys do NOT fight back strong enough.
Cogent start to give you hard time? Start to filter they whole
prefixes? Maybe depeer them?

I know this sound extreme, but.. everything else seems to fail..


-- Original message --

From: Christopher Morrow 
To: nanog@nanog.org
Subject: Re: ARIN email address (was cogent spamming directly from ARIN
records?)
Date: Tue, 3 Oct 2023 15:48:11 -0400

i agree this is a sad outcome of the internet ecosystem.

> We keep discussing it because we care about keeping the internet
> running. It's similar to why we keep looking for new security holes in
> existing software: we don't stop because inevitably we'll find more so
> it's a lost cause, we keep looking because inevitably we'll find more
> so the product becomes more secure.

those are a bit of a false equivalence... but... ok.
I think: "Oh look, more spam, delete"
is basically how this sort of problem (email from randos trying to
sell me ED pills or 10Gs) should be treated.
I don't know that it's helpful to keep re-litigating that end state :(

I'm sure telling dave shaeffer: "Hey, your sales droids are being
rude" is going to end as well as sending him ED pill emails.

Re: ARIN Election

[John Curran]

Hello Nich!

On Oct 3, 2023, at 4:26 PM, Nicholas Warren  wrote:

Does anyone know how many people will be elected from each category?

This year’s ARIN election will fill four (4) seats on the ARIN Board of 
Trustees and seven (7) seats on the ARIN Advisory Council.

I don’t regularly keep up with everyone’s business. So, are any of candidates 
overachievers or, well, underachievers?

I don’t know the scope of appropriate discussions on the nanog mailing list, 
but I would be remiss if I didn’t point out that there’s ARIN general-members 
mailing list where such discussion is actively encouraged –


All candidates for the Board and Advisory Council will be offered the ability 
to subscribe to the General Members Mailing 
List<https://lists.arin.net/mailman/listinfo/general-members> to answer 
questions from the voting community. If your organization is a General Member 
at ARIN and plans to vote this year, we encourage you to join the mailing list 
to stay up to date on ARIN Election activity. Candidates have also been offered 
the opportunity to present themselves to the general membership in a brief, 
pre-recorded speech during ARIN 52<https://www.arin.net/ARIN52/>, and those 
speeches will be made available online during the voting period.

I’ve attached the full ARIN Candidate Slate announcement below, for those 
interested in such matters.

Thanks!
/John

John Curran
President and CEO
American Registry for Internet Numbers


===


Begin forwarded message:

From: ARIN 
Subject: [arin-announce] The 2023 Slate of Candidates for ARIN Elections
Date: September 12, 2023 at 4:38:42 PM EDT
To: "arin-annou...@arin.net" 

The 2023 ARIN Slate of Candidates has been amended to reflect that Rebecca 
Naughton has withdrawn as a candidate from the election for the Board of 
Trustees.
Candidates for ARIN Elections
ARIN Elections will be held online from 3:00 PM EDT on Thursday, 19 October 
2023 through 7:00 PM EDT on Friday, 27 October 2023. These elections will fill 
four seats on the Board of Trustees and seven seats on the Advisory Council. 
The Nomination Committee (NomCom) has put forward the following slates of 
candidates with classifications for the terms beginning 1 January 2024:
Board of Trustees Candidates:

  *   Dan Alexander (Well Qualified)
  *   Nancy Carter (Well Qualified)
  *   Jack Cathey (Qualified)
  *   Philip Duclos (Qualifications not Demonstrated)
  *   Andrew Dul (Qualified)
  *   Khaled Koubaa (Well Qualified)
  *   Tina Morris (Well Qualified)
  *   William Sylvester (Well Qualified)
  *   Christian Tacit (Well Qualified)
  *   David Zumwalt (Well Qualified)

Advisory Council Candidates:

  *   Douglas Camin (Well Qualified)
  *   Anthony Delacruz (Qualified)
  *   Matthew Gamble (Well Qualified)
  *   Elizabeth Goodson (Qualified)
  *   Dean Hardy (Qualifications not Demonstrated)
  *   Roy Hoover (Qualified)
  *   Rob Johnstone (Qualifications not Demonstrated)
  *   Dustin Moses (Qualified)
  *   Kaitlyn Pellak (Qualified)
  *   Leif Sawyer (Qualified)
  *   Daniel Schatte (Qualified)
  *   Ibrahim (Ibro) Seremet (Qualifications not Demonstrated)
  *   Jason Weil (Qualified)
  *   Matthew Wilder (Well Qualified)

A compilation of candidate biographies and questionnaire responses is available 
at:
https://www.arin.net/participate/oversight/elections/candidate_bios.pdf
Each candidate for the Board of Trustees and Advisory Council, listed above, 
has a classification next to their name. The candidates were classified by an 
independent third-party vendor firm based on the Nominee Classification Process 
in the NomCom Charter. Every nominee is put forward on the initial slate unless 
the third-party vendor firm classifies a nominee as “Unable to Qualify.” No 
nominees were classified as “Unable to Qualify” this year. Fourteen nominations 
were received for the Advisory Council and twelve were received for the Board; 
all are present on the Final Slate of Candidates except for one Board nominee 
who withdrew their candidacy.
You are encouraged to submit and view Statements of Support for the candidates 
at: https://www.arin-elections.net/. Please note that all Statements of Support 
are automatically held for moderation and will be posted, upon approval, within 
one business day. All submissions are subject to the Statements of Support 
Acceptable Use 
Policy<https://arin-elections.net/statements-of-support-acceptable-use-policy/>.
All candidates for the Board and Advisory Council will be offered the ability 
to subscribe to the General Members Mailing 
List<https://lists.arin.net/mailman/listinfo/general-members> to answer 
questions from the voting community. If your organization is a General Member 
at ARIN and plans to vote this year, we encourage you to join the mailing list 
to stay up to date on ARIN Election activity. Candidates have also been offered 
the opportunity to present themselves to the general membership in a brief, 
pre-re

Re: ARIN email address (was cogent spamming directly from ARIN records?)

[Collider]

Heh. (:

Le 4 octobre 2023 01:23:13 UTC, Owen DeLong via NANOG  a écrit 
:
>I was one of the main people behind their suspension from ARIN whois for 6 
>months.
>
>They have not spammed me since.
>
>They’re probably afraid of another cake.
>
>Owen
>
>
>> On Oct 3, 2023, at 18:18, Mike Lyon  wrote:
>> 
>> Give it time :)
>> 
>> -Mike
>> 
>>> On Oct 3, 2023, at 18:06, Owen DeLong via NANOG  wrote:
>>> 
>>> But I seem to have finally gotten Cogent trained not to spam this one, so 
>>> I think I’ll leave it as is.
>>> 
>>> YMMV
>>> 
>>> Owen
>>> 
>>> 
>>>> On Oct 3, 2023, at 08:52, Bryan Fields  wrote:
>>>> 
>>>>> On 10/2/23 11:28 AM, Mel Beckman wrote:
>>>>> I believe they got the contact information from ARIN
>>>> 
>>>> I'd suggest everyone use an alias unique to ARIN for your POC and/or 
>>>> public email.  Makes it super simple to verify where it was sourced from.
>>>> 
>>>> (and yes I've got the same spam)
>>>> -- 
>>>> Bryan Fields
>>>> 
>>>> 727-409-1194 - Voice
>>>> http://bryanfields.net
>>> 
>

-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.

Re: ARIN email address (was cogent spamming directly from ARIN records?)

[John Curran]

On Oct 3, 2023, at 11:52 AM, Bryan Fields  wrote:

On 10/2/23 11:28 AM, Mel Beckman wrote:
I believe they got the contact information from ARIN

I'd suggest everyone use an alias unique to ARIN for your POC and/or public 
email.  Makes it super simple to verify where it was sourced from.

(and yes I've got the same spam)

Bryan -

You are absolutely correct - it is wise to use a unique email address if at all 
possible, and please report misuse to 
complia...@arin.net<mailto:complia...@arin.net>.

It does make a difference, as abuse reports result in discussions with 
organizations regarding appropriate reeducation regimes for violating staff – 
and further implications if the pattern of abuse appears systemic as opposed to 
incidental.

(It is not a perfect system, as it often needs periodically refreshment in some 
orgs due to inevitable turnover and miscreant creativity, but it does tamp down 
the worst of the abuse that would occur otherwise…)

Thanks!
/John

John Curran
President and CEO
American Registry for Internet Numbers

Re: ARIN email address (was cogent spamming directly from ARIN records?)

[John Curran]

> On Oct 3, 2023, at 11:52 AM, Bryan Fields  wrote:
> 
> On 10/2/23 11:28 AM, Mel Beckman wrote:
>> I believe they got the contact information from ARIN
> 
> I'd suggest everyone use an alias unique to ARIN for your POC and/or public 
> email.  Makes it super simple to verify where it was sourced from.
> 
> (and yes I've got the same spam)

Bryan - 

You are absolutely correct - it is wise to use a unique email address if at all 
possible, and please report misuse to complia...@arin.net 
<mailto:complia...@arin.net>. 

It does make a difference, as abuse reports result in discussions with 
organizations regarding appropriate reeducation regimes for violating staff – 
and further implications if the pattern of abuse appears systemic as opposed to 
incidental. 

(It is not a perfect system, as it often needs periodically refreshment in some 
orgs due to inevitable turnover and miscreant creativity, but it does tamp down 
the worst of the abuse that would occur otherwise…)

Thanks!
/John

John Curran
President and CEO
American Registry for Internet Numbers

Re: ARIN email address (was cogent spamming directly from ARIN records?)

[Owen DeLong via NANOG]

I was one of the main people behind their suspension from ARIN whois for 6 
months.

They have not spammed me since.

They’re probably afraid of another cake.

Owen


> On Oct 3, 2023, at 18:18, Mike Lyon  wrote:
> 
> Give it time :)
> 
> -Mike
> 
>> On Oct 3, 2023, at 18:06, Owen DeLong via NANOG  wrote:
>> 
>> But I seem to have finally gotten Cogent trained not to spam this one, so I 
>> think I’ll leave it as is.
>> 
>> YMMV
>> 
>> Owen
>> 
>> 
>>> On Oct 3, 2023, at 08:52, Bryan Fields  wrote:
>>> 
>>>> On 10/2/23 11:28 AM, Mel Beckman wrote:
>>>> I believe they got the contact information from ARIN
>>> 
>>> I'd suggest everyone use an alias unique to ARIN for your POC and/or public 
>>> email.  Makes it super simple to verify where it was sourced from.
>>> 
>>> (and yes I've got the same spam)
>>> -- 
>>> Bryan Fields
>>> 
>>> 727-409-1194 - Voice
>>> http://bryanfields.net
>> 

Re: ARIN email address (was cogent spamming directly from ARIN records?)

[Mike Lyon]

Give it time :)

-Mike

> On Oct 3, 2023, at 18:06, Owen DeLong via NANOG  wrote:
> 
> But I seem to have finally gotten Cogent trained not to spam this one, so I 
> think I’ll leave it as is.
> 
> YMMV
> 
> Owen
> 
> 
>> On Oct 3, 2023, at 08:52, Bryan Fields  wrote:
>> 
>>> On 10/2/23 11:28 AM, Mel Beckman wrote:
>>> I believe they got the contact information from ARIN
>> 
>> I'd suggest everyone use an alias unique to ARIN for your POC and/or public 
>> email.  Makes it super simple to verify where it was sourced from.
>> 
>> (and yes I've got the same spam)
>> -- 
>> Bryan Fields
>> 
>> 727-409-1194 - Voice
>> http://bryanfields.net
> 

Re: ARIN email address (was cogent spamming directly from ARIN records?)

[Owen DeLong via NANOG]

But I seem to have finally gotten Cogent trained not to spam this one, so I 
think I’ll leave it as is.

YMMV

Owen


> On Oct 3, 2023, at 08:52, Bryan Fields  wrote:
> 
> On 10/2/23 11:28 AM, Mel Beckman wrote:
>> I believe they got the contact information from ARIN
> 
> I'd suggest everyone use an alias unique to ARIN for your POC and/or public 
> email.  Makes it super simple to verify where it was sourced from.
> 
> (and yes I've got the same spam)
> -- 
> Bryan Fields
> 
> 727-409-1194 - Voice
> http://bryanfields.net

Re: ARIN email address (was cogent spamming directly from ARIN records?)

[niels=nanog]

* morrowc.li...@gmail.com (Christopher Morrow) [Tue 03 Oct 2023, 21:50 CEST]:
I'm sure telling dave shaeffer: "Hey, your sales droids are being 
rude" is going to end as well as sending him ED pill emails.


Such outreach to technical contacts is counterproductive anyway. Which 
is more likely, that noc@ leads to a person with purchasing power, or 
that it leads to one who happens to be rabidly anti-spam who may then 
help get you thrown off the PeeringDB island for a few seasons?



-- Niels.

Re: ARIN email address (was cogent spamming directly from ARIN records?)

[Daniel Corbe]

On 10/3/2023 3:48 PM, Christopher Morrow wrote:

those are a bit of a false equivalence... but... ok.
I think: "Oh look, more spam, delete"
is basically how this sort of problem (email from randos trying to
sell me ED pills or 10Gs) should be treated.
I don't know that it's helpful to keep re-litigating that end state :(

I'm sure telling dave shaeffer: "Hey, your sales droids are being
rude" is going to end as well as sending him ED pill emails.


On the other hand, it's actually nice knowing Cogent are up to their 
same old tricks, so that when they try to end-around me to get a sale 
done, I have plenty of ammunition at my disposal to shoot them down.


Much like your ED pill E-Mail analogy above (and I think you might have 
been able to pick a less explicit example, but hey, edgy humor amirite?) 
it should be pretty trivial for you to nuke this thread so it doesn't 
keep appearing at the top of your inbox.


OpenPGP_signature.asc
Description: OpenPGP digital signature

ARIN Election

[Nicholas Warren]

Does anyone know how many people will be elected from each category?

I don't regularly keep up with everyone's business. So, are any of candidates 
overachievers or, well, underachievers?

Nich Warren

Re: ARIN email address (was cogent spamming directly from ARIN records?)

[Christopher Morrow]

On Tue, Oct 3, 2023 at 12:54 PM  wrote:
>
> * morrowc.li...@gmail.com (Christopher Morrow) [Tue 03 Oct 2023, 18:29 CEST]:
> >this sort of thing (provider X scrapes Y and mails Z for sales leads)
> >every ~18 months.
> >the same outrage and conversation happens every time.
> >the same protection mechanisms are noted every time.
> >
> >Is there a reason that: "killfileand move on" is not the answer
> >everytime for this?
> >(why do we need to keep rediscussing it)
>
> It's a vicious circle: provider scrapes operational addresses and
> spams them, providers stop putting useful addresses in public
> databases to avoid spam, everybody who needs to find operational
> contacts in a variety of situations loses in the end.

i agree this is a sad outcome of the internet ecosystem.

> We keep discussing it because we care about keeping the internet
> running. It's similar to why we keep looking for new security holes in
> existing software: we don't stop because inevitably we'll find more so
> it's a lost cause, we keep looking because inevitably we'll find more
> so the product becomes more secure.

those are a bit of a false equivalence... but... ok.
I think: "Oh look, more spam, delete"
is basically how this sort of problem (email from randos trying to
sell me ED pills or 10Gs) should be treated.
I don't know that it's helpful to keep re-litigating that end state :(

I'm sure telling dave shaeffer: "Hey, your sales droids are being
rude" is going to end as well as sending him ED pill emails.

Re: ARIN email address (was cogent spamming directly from ARIN records?)

[niels=nanog]

* morrowc.li...@gmail.com (Christopher Morrow) [Tue 03 Oct 2023, 18:29 CEST]:
this sort of thing (provider X scrapes Y and mails Z for sales leads) 
every ~18 months.

the same outrage and conversation happens every time.
the same protection mechanisms are noted every time.

Is there a reason that: "killfileand move on" is not the answer 
everytime for this?

(why do we need to keep rediscussing it)


It's a vicious circle: provider scrapes operational addresses and 
spams them, providers stop putting useful addresses in public 
databases to avoid spam, everybody who needs to find operational 
contacts in a variety of situations loses in the end.


We keep discussing it because we care about keeping the internet 
running. It's similar to why we keep looking for new security holes in 
existing software: we don't stop because inevitably we'll find more so 
it's a lost cause, we keep looking because inevitably we'll find more 
so the product becomes more secure.



-- Niels.

Re: ARIN email address (was cogent spamming directly from ARIN records?)

[Christopher Morrow]

this sort of thing (provider X scrapes Y and mails Z for sales leads)
every ~18 months.
the same outrage and conversation happens every time.
the same protection mechanisms are noted every time.

Is there a reason that: "killfileand move on" is not the answer
everytime for this?
(why do we need to keep rediscussing it)

On Tue, Oct 3, 2023 at 11:54 AM Bryan Fields  wrote:
>
> On 10/2/23 11:28 AM, Mel Beckman wrote:
> > I believe they got the contact information from ARIN
>
> I'd suggest everyone use an alias unique to ARIN for your POC and/or public
> email.  Makes it super simple to verify where it was sourced from.
>
> (and yes I've got the same spam)
> --
> Bryan Fields
>
> 727-409-1194 - Voice
> http://bryanfields.net
>

ARIN email address (was cogent spamming directly from ARIN records?)

[Bryan Fields]

On 10/2/23 11:28 AM, Mel Beckman wrote:

I believe they got the contact information from ARIN


I'd suggest everyone use an alias unique to ARIN for your POC and/or public 
email.  Makes it super simple to verify where it was sourced from.


(and yes I've got the same spam)
--
Bryan Fields

727-409-1194 - Voice
http://bryanfields.net

Re: cogent spamming directly from ARIN records?

[Collider]

So is LAWKIWBO, which is the correct acronym mentioned downthread.

Le 3 octobre 2023 00:29:08 UTC, Collider  a 
écrit :
>Congrats! LIOAWKI is a hapax legomenon in DuckDuckGo's search results! Could 
>you please tell me & the list what it means?
>
>Le 2 octobre 2023 15:28:03 UTC, Mel Beckman  a écrit :
>>This morning I received an email from someone at Cogent asking about an ASN I 
>>administer. They didn’t give any details, but I assumed it might be related 
>>to some kind of network transport issue. I replied cordially, asking them 
>>what they needed. The person then replied with a blatant spam, advertising 
>>Cogent IP services, in violation of the U.S. CAN-SPAM Act’s prohibition 
>>against deceptive UCE.
>>
>>I believe they got the contact information from ARIN, because the ARIN 
>>technical POC is the only place where my name and the ASN are connected. I 
>>believe this is a violation of Cogent’s contract with ARIN. Does anybody know 
>>how I can effectively report this to ARIN? If we can’t even police 
>>infrastructure providers for spamming, LIOAWKI.
>>
>> -mel beckman
>-- 
>Sent from my Android device with K-9 Mail. Please excuse my brevity.
-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.

Re: cogent spamming directly from ARIN records?

[Collider]

Congrats! LIOAWKI is a hapax legomenon in DuckDuckGo's search results! Could 
you please tell me & the list what it means?

Le 2 octobre 2023 15:28:03 UTC, Mel Beckman  a écrit :
>This morning I received an email from someone at Cogent asking about an ASN I 
>administer. They didn’t give any details, but I assumed it might be related to 
>some kind of network transport issue. I replied cordially, asking them what 
>they needed. The person then replied with a blatant spam, advertising Cogent 
>IP services, in violation of the U.S. CAN-SPAM Act’s prohibition against 
>deceptive UCE.
>
>I believe they got the contact information from ARIN, because the ARIN 
>technical POC is the only place where my name and the ASN are connected. I 
>believe this is a violation of Cogent’s contract with ARIN. Does anybody know 
>how I can effectively report this to ARIN? If we can’t even police 
>infrastructure providers for spamming, LIOAWKI.
>
> -mel beckman
-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.

Re: cogent spamming directly from ARIN records?

[Tim Burke]

In this case, it came from a person with the title of “Global Account Manager”. 
Unless sales people are handling peering requests all of a sudden, it’s 
definitely a sales pitch. 

> On Oct 2, 2023, at 16:47, Patrick W. Gilmore  wrote:
> 
>  Has anyone replied?
> 
> If this is a peering request, not sure that is a bad use of the AS contact 
> info.
> 
> If it is a sales pitch, then yeah, that’s a problem.
> 
> -- 
> TTFN,
> patrick
> 
>> On Oct 2, 2023, at 14:58, Tim Burke  wrote:
>> 
>> Hurricane has been doing the same thing lately... but their schtick is to 
>> say that "we are seeing a significant amount of hops in your AS path and 
>> wanted to know if you are open to resolve this issue".
>> 
>> complia...@arin.net is about all that can be done, other than public shaming!
>> 
>> Other outfits have been spamming using the nanog attendees list, but I guess 
>> that’s not as bad as the continued scraping of ARIN records, so I won't call 
>> them out... yet, at least. 😊
>> 
>> -Original Message-
>> From: NANOG  On Behalf Of Mel Beckman
>> Sent: Monday, October 2, 2023 10:28 AM
>> To: nanog list 
>> Subject: cogent spamming directly from ARIN records?
>> 
>> This morning I received an email from someone at Cogent asking about an ASN 
>> I administer. They didn’t give any details, but I assumed it might be 
>> related to some kind of network transport issue. I replied cordially, asking 
>> them what they needed. The person then replied with a blatant spam, 
>> advertising Cogent IP services, in violation of the U.S. CAN-SPAM Act’s 
>> prohibition against deceptive UCE.
>> 
>> I believe they got the contact information from ARIN, because the ARIN 
>> technical POC is the only place where my name and the ASN are connected. I 
>> believe this is a violation of Cogent’s contract with ARIN. Does anybody 
>> know how I can effectively report this to ARIN? If we can’t even police 
>> infrastructure providers for spamming, LIOAWKI.
>> 
>> -mel beckman
> 

Re: cogent spamming directly from ARIN records?

[Mel Beckman]

Patrick,

It’s a sales pitch, and ARIN acknowledges it violates their terms and has taken 
action.

 -mel

> On Oct 2, 2023, at 2:47 PM, Patrick W. Gilmore  wrote:
> 
>  Has anyone replied?
> 
> If this is a peering request, not sure that is a bad use of the AS contact 
> info.
> 
> If it is a sales pitch, then yeah, that’s a problem.
> 
> -- 
> TTFN,
> patrick
> 
>> On Oct 2, 2023, at 14:58, Tim Burke  wrote:
>> 
>> Hurricane has been doing the same thing lately... but their schtick is to 
>> say that "we are seeing a significant amount of hops in your AS path and 
>> wanted to know if you are open to resolve this issue".
>> 
>> complia...@arin.net is about all that can be done, other than public 
>> shaming! 
>> 
>> Other outfits have been spamming using the nanog attendees list, but I guess 
>> that’s not as bad as the continued scraping of ARIN records, so I won't call 
>> them out... yet, at least. 😊
>> 
>> -Original Message-
>> From: NANOG  On Behalf Of Mel Beckman
>> Sent: Monday, October 2, 2023 10:28 AM
>> To: nanog list 
>> Subject: cogent spamming directly from ARIN records?
>> 
>> This morning I received an email from someone at Cogent asking about an ASN 
>> I administer. They didn’t give any details, but I assumed it might be 
>> related to some kind of network transport issue. I replied cordially, asking 
>> them what they needed. The person then replied with a blatant spam, 
>> advertising Cogent IP services, in violation of the U.S. CAN-SPAM Act’s 
>> prohibition against deceptive UCE.
>> 
>> I believe they got the contact information from ARIN, because the ARIN 
>> technical POC is the only place where my name and the ASN are connected. I 
>> believe this is a violation of Cogent’s contract with ARIN. Does anybody 
>> know how I can effectively report this to ARIN? If we can’t even police 
>> infrastructure providers for spamming, LIOAWKI.
>> 
>> -mel beckman
> 

Re: cogent spamming directly from ARIN records?

[Patrick W. Gilmore]

Has anyone replied?

If this is a peering request, not sure that is a bad use of the AS contact info.

If it is a sales pitch, then yeah, that’s a problem.

-- 
TTFN,
patrick

> On Oct 2, 2023, at 14:58, Tim Burke  wrote:
> 
> Hurricane has been doing the same thing lately... but their schtick is to say 
> that "we are seeing a significant amount of hops in your AS path and wanted 
> to know if you are open to resolve this issue".
> 
> complia...@arin.net is about all that can be done, other than public shaming! 
> 
> Other outfits have been spamming using the nanog attendees list, but I guess 
> that’s not as bad as the continued scraping of ARIN records, so I won't call 
> them out... yet, at least. 😊
> 
> -Original Message-
> From: NANOG  On Behalf Of Mel Beckman
> Sent: Monday, October 2, 2023 10:28 AM
> To: nanog list 
> Subject: cogent spamming directly from ARIN records?
> 
> This morning I received an email from someone at Cogent asking about an ASN I 
> administer. They didn’t give any details, but I assumed it might be related 
> to some kind of network transport issue. I replied cordially, asking them 
> what they needed. The person then replied with a blatant spam, advertising 
> Cogent IP services, in violation of the U.S. CAN-SPAM Act’s prohibition 
> against deceptive UCE.
> 
> I believe they got the contact information from ARIN, because the ARIN 
> technical POC is the only place where my name and the ASN are connected. I 
> believe this is a violation of Cogent’s contract with ARIN. Does anybody know 
> how I can effectively report this to ARIN? If we can’t even police 
> infrastructure providers for spamming, LIOAWKI.
> 
> -mel beckman

Re: cogent spamming directly from ARIN records?

[Mark Tinka]

On 10/2/23 22:59, Matthew Petach wrote:


Huh?

In all my decades of time in the network industry, I have never seen a 
case where a smaller transit contract had lower per mbit cost than a 
larger volume contract.


I would expect that HE would make *more* money off 10 smaller customer 
transit contracts than one big tier 3 wholesaler transit contract.


That's my point.

Smaller ISP's will get better per-Mbps rates from their direct upstreams 
than they would from HE/Cogent. The rates they'd get from HE/Cogent 
would be to HE's/Cogen's favour, and not to the ISP's favour.


So if the goal is transit-free glory vanity, HE/Cogent would have to 
take a bit of a haircut which they "could" make up in contract length.


Just another way to skin the cat.

Mark.

Re: cogent spamming directly from ARIN records?

[Matthew Petach]

On Mon, Oct 2, 2023, 12:14 Mark Tinka  wrote:

>
>
> On 10/2/23 20:58, Tim Burke wrote:
>
> > Hurricane has been doing the same thing lately... but their schtick is
> to say that "we are seeing a significant amount of hops in your AS path and
> wanted to know if you are open to resolve this issue".
>
> I get what HE are trying to do here, as I am sure all of us do.
>
> The potential fallout is a declining relationship with their existing
> customers that bring other downstream ISP's behind them. Contacting
> those downstream ISP's to "resolve this issue" puts them at odds with
> their existing customers who bring those customers in already.
>
> There is a chance they dilute their income because, well, smaller ISP's
> will not be keen to pay the higher transit fees their upstreams pay to
> HE. Which means that HE are more willing to be closer to eyeballs than
> they are maximizing margins.
>

Huh?

In all my decades of time in the network industry, I have never seen a case
where a smaller transit contract had lower per mbit cost than a larger
volume contract.

I would expect that HE would make *more* money off 10 smaller customer
transit contracts than one big tier 3 wholesaler transit contract.

It seems like a win-win for HE:
more customer revenue *and* shorter hop-count paths they can advertise to
the rest of the world.

Is the loss of customer trust worth the transit-free glory?
>

When it's offset by more revenue?

Sure seems like it.   ;)


> Mark.
>

Matt

Re: cogent spamming directly from ARIN records?

[Mark Tinka]

On 10/2/23 20:58, Tim Burke wrote:


Hurricane has been doing the same thing lately... but their schtick is to say that 
"we are seeing a significant amount of hops in your AS path and wanted to know if 
you are open to resolve this issue".


I get what HE are trying to do here, as I am sure all of us do.

The potential fallout is a declining relationship with their existing 
customers that bring other downstream ISP's behind them. Contacting 
those downstream ISP's to "resolve this issue" puts them at odds with 
their existing customers who bring those customers in already.


There is a chance they dilute their income because, well, smaller ISP's 
will not be keen to pay the higher transit fees their upstreams pay to 
HE. Which means that HE are more willing to be closer to eyeballs than 
they are maximizing margins.


Is the loss of customer trust worth the transit-free glory?

Mark.

RE: cogent spamming directly from ARIN records?

[Tim Burke]

Hurricane has been doing the same thing lately... but their schtick is to say 
that "we are seeing a significant amount of hops in your AS path and wanted to 
know if you are open to resolve this issue".

complia...@arin.net is about all that can be done, other than public shaming! 

Other outfits have been spamming using the nanog attendees list, but I guess 
that’s not as bad as the continued scraping of ARIN records, so I won't call 
them out... yet, at least. 😊

-Original Message-
From: NANOG  On Behalf Of Mel Beckman
Sent: Monday, October 2, 2023 10:28 AM
To: nanog list 
Subject: cogent spamming directly from ARIN records?

This morning I received an email from someone at Cogent asking about an ASN I 
administer. They didn’t give any details, but I assumed it might be related to 
some kind of network transport issue. I replied cordially, asking them what 
they needed. The person then replied with a blatant spam, advertising Cogent IP 
services, in violation of the U.S. CAN-SPAM Act’s prohibition against deceptive 
UCE.

I believe they got the contact information from ARIN, because the ARIN 
technical POC is the only place where my name and the ASN are connected. I 
believe this is a violation of Cogent’s contract with ARIN. Does anybody know 
how I can effectively report this to ARIN? If we can’t even police 
infrastructure providers for spamming, LIOAWKI.

 -mel beckman

Re: cogent spamming directly from ARIN records?

[Mel Beckman]

Jay,

Apparently my sarcasm was too subtle :)

 -mel

> On Oct 2, 2023, at 10:01 AM, Jay Hennigan  wrote:
> 
> On 10/2/23 09:16, Mel Beckman wrote:
>> Tom,
>> Thanks for that pointer! apparently cogent has a history of abuse.
> 
> Apparently?
> 
> In other news, apparently bears have been using our National Forests as their 
> personal toilets for decades.
> 
> -- 
> Jay Hennigan - j...@west.net
> Network Engineering - CCIE #7880
> 503 897-8550 - WB6RDV
> 

Re: cogent spamming directly from ARIN records?

[Jay Hennigan]

On 10/2/23 09:16, Mel Beckman wrote:

Tom,

Thanks for that pointer! apparently cogent has a history of abuse.


Apparently?

In other news, apparently bears have been using our National Forests as 
their personal toilets for decades.


--
Jay Hennigan - j...@west.net
Network Engineering - CCIE #7880
503 897-8550 - WB6RDV

Re: cogent spamming directly from ARIN records?

[Mel Beckman]

 dang auto correct! I should’ve caught that bad change. what I meant to 
say, was:

LAWKIWBO.

 -mel

> On Oct 2, 2023, at 9:15 AM, Mel Beckman  wrote:
> 
> John,
> 
> Thank you for your guidance!
> 
> -mel
> 
>> On Oct 2, 2023, at 8:33 AM, John Sweeting  wrote:
>> 
>> Mel, I will reply to you off list. Thanks.
>> 
>> On 10/2/23, 11:28 AM, "NANOG on behalf of Mel Beckman" 
>> mailto:arin@nanog.org> on 
>> behalf of m...@beckman.org <mailto:m...@beckman.org>> wrote:
>> 
>> 
>> This morning I received an email from someone at Cogent asking about an ASN 
>> I administer. They didn’t give any details, but I assumed it might be 
>> related to some kind of network transport issue. I replied cordially, asking 
>> them what they needed. The person then replied with a blatant spam, 
>> advertising Cogent IP services, in violation of the U.S. CAN-SPAM Act’s 
>> prohibition against deceptive UCE.
>> 
>> 
>> I believe they got the contact information from ARIN, because the ARIN 
>> technical POC is the only place where my name and the ASN are connected. I 
>> believe this is a violation of Cogent’s contract with ARIN. Does anybody 
>> know how I can effectively report this to ARIN? If we can’t even police 
>> infrastructure providers for spamming, LIOAWKI.
>> 
>> 
>> -mel beckman
>> 

Re: cogent spamming directly from ARIN records?

[Mel Beckman]

Tom,

Thanks for that pointer! apparently cogent has a history of abuse.

 -mel

On Oct 2, 2023, at 8:34 AM, Tom Beecher  wrote:


complia...@arin.net<mailto:complia...@arin.net>

Refer back to an email John Curran sent to this list on Jan 6 2020 , 
"Suspension of Cogent access to ARIN Whois"

On Mon, Oct 2, 2023 at 11:29 AM Mel Beckman 
mailto:m...@beckman.org>> wrote:
This morning I received an email from someone at Cogent asking about an ASN I 
administer. They didn’t give any details, but I assumed it might be related to 
some kind of network transport issue. I replied cordially, asking them what 
they needed. The person then replied with a blatant spam, advertising Cogent IP 
services, in violation of the U.S. CAN-SPAM Act’s prohibition against deceptive 
UCE.

I believe they got the contact information from ARIN, because the ARIN 
technical POC is the only place where my name and the ASN are connected. I 
believe this is a violation of Cogent’s contract with ARIN. Does anybody know 
how I can effectively report this to ARIN? If we can’t even police 
infrastructure providers for spamming, LIOAWKI.

 -mel beckman

Re: cogent spamming directly from ARIN records?

[Mel Beckman]

John,

Thank you for your guidance!

 -mel

> On Oct 2, 2023, at 8:33 AM, John Sweeting  wrote:
> 
> Mel, I will reply to you off list. Thanks.
> 
> On 10/2/23, 11:28 AM, "NANOG on behalf of Mel Beckman" 
> mailto:arin@nanog.org> on 
> behalf of m...@beckman.org <mailto:m...@beckman.org>> wrote:
> 
> 
> This morning I received an email from someone at Cogent asking about an ASN I 
> administer. They didn’t give any details, but I assumed it might be related 
> to some kind of network transport issue. I replied cordially, asking them 
> what they needed. The person then replied with a blatant spam, advertising 
> Cogent IP services, in violation of the U.S. CAN-SPAM Act’s prohibition 
> against deceptive UCE.
> 
> 
> I believe they got the contact information from ARIN, because the ARIN 
> technical POC is the only place where my name and the ASN are connected. I 
> believe this is a violation of Cogent’s contract with ARIN. Does anybody know 
> how I can effectively report this to ARIN? If we can’t even police 
> infrastructure providers for spamming, LIOAWKI.
> 
> 
> -mel beckman
> 

Re: cogent spamming directly from ARIN records?

[Tom Beecher]

complia...@arin.net

Refer back to an email John Curran sent to this list on Jan 6 2020 ,
"Suspension of Cogent access to ARIN Whois"

On Mon, Oct 2, 2023 at 11:29 AM Mel Beckman  wrote:

> This morning I received an email from someone at Cogent asking about an
> ASN I administer. They didn’t give any details, but I assumed it might be
> related to some kind of network transport issue. I replied cordially,
> asking them what they needed. The person then replied with a blatant spam,
> advertising Cogent IP services, in violation of the U.S. CAN-SPAM Act’s
> prohibition against deceptive UCE.
>
> I believe they got the contact information from ARIN, because the ARIN
> technical POC is the only place where my name and the ASN are connected. I
> believe this is a violation of Cogent’s contract with ARIN. Does anybody
> know how I can effectively report this to ARIN? If we can’t even police
> infrastructure providers for spamming, LIOAWKI.
>
>  -mel beckman

Re: cogent spamming directly from ARIN records?

[John Sweeting]

Mel, I will reply to you off list. Thanks.

On 10/2/23, 11:28 AM, "NANOG on behalf of Mel Beckman" 
mailto:arin@nanog.org> on 
behalf of m...@beckman.org <mailto:m...@beckman.org>> wrote:


This morning I received an email from someone at Cogent asking about an ASN I 
administer. They didn’t give any details, but I assumed it might be related to 
some kind of network transport issue. I replied cordially, asking them what 
they needed. The person then replied with a blatant spam, advertising Cogent IP 
services, in violation of the U.S. CAN-SPAM Act’s prohibition against deceptive 
UCE.


I believe they got the contact information from ARIN, because the ARIN 
technical POC is the only place where my name and the ASN are connected. I 
believe this is a violation of Cogent’s contract with ARIN. Does anybody know 
how I can effectively report this to ARIN? If we can’t even police 
infrastructure providers for spamming, LIOAWKI.


-mel beckman

cogent spamming directly from ARIN records?

[Mel Beckman]

This morning I received an email from someone at Cogent asking about an ASN I 
administer. They didn’t give any details, but I assumed it might be related to 
some kind of network transport issue. I replied cordially, asking them what 
they needed. The person then replied with a blatant spam, advertising Cogent IP 
services, in violation of the U.S. CAN-SPAM Act’s prohibition against deceptive 
UCE.

I believe they got the contact information from ARIN, because the ARIN 
technical POC is the only place where my name and the ASN are connected. I 
believe this is a violation of Cogent’s contract with ARIN. Does anybody know 
how I can effectively report this to ARIN? If we can’t even police 
infrastructure providers for spamming, LIOAWKI.

 -mel beckman

Re: Spam from ARIN to POC addresses

[packetcat]

On Wed, 13 Sep 2023, at 14:40, John Curran wrote:
> Thanks for raising this…   here’s how ARIN Meeting Invites are handled – 
>
> A series of announcements about registration and related reminders are 
> sent to arin-announce and published on www.arin.net, including:
>> Registration Open – 12-16 weeks prior
>> Meeting Materials Available – 1 week prior
>> Meeting Open – Day 1
>> 
> There are two direct email invitations:
>> Admin and Tech POCs within 100 – 150 miles of the meeting location – 45-30 
>> days prior
>> Admin, Tech, and Voting Contacts for all Member organizations (Service and 
>> General) – “Per the VA nonstock corporation act - Formal notice (to 
>> membership) shall be no more than 60 days and no less than 10 days prior to 
>> the announced date of the special meeting.”
> (Note that our registration system will dedupe so that contacts do not 
> receive both of these emails.) 
>
> All ASN holders are now legal members of ARIN, and therefore by 
> applicable law get notice of the meetings.  
>
> We could probably cut this list to just Admin and Voting by dropping 
> Tech contacts, but you’d end up getting one via the Admin POC. 
> (you want to suggest such a change - or any other change on how our 
> meeting announcements are handled, then please
> submit such to the ARIN Consultation and Suggestion Process -  
> https://www.arin.net/participate/community/acsp/process/ ) 
>
> Thanks!
> /John
>
> John Curran
> President and CEO
> American Registry for Internet Numbers

Thank you for your response John. My suggestion here is that legal text you 
quoted would be useful at the bottom of such emails so recipients know why they 
are getting them. I'll look into getting the suggestion submitted via the 
official channel.

-- 
packetcat
https://bastetrix.com

Re: Spam from ARIN to POC addresses

[John Curran]

On Sep 12, 2023, at 5:56 PM, packetcat  wrote:

At 14:01 and 14.46 EST I received two identical emails from 
meeti...@arin-events.net with the subject “Join us for ARIN 52 in October”. One 
was sent to the NOC POC address and one to the abuse POC address for my ASN.

As far as I am aware, I never signed up for whatever that mailing list is and 
if I did I wouldn’t subscribe to it on those addresses. Furthermore, I am not 
seeing an unsubscribe button on either email. That makes both messages spam.

Considering I’ve never received messages like those from ARIN on those 
addresses, I’ll give ARIN the benefit of the doubt and say someone accidentally 
imported the wrong list of emails into their MSP. I hope this is not the start 
of a new pattern of behaviour because that would not be…good to put it mildly.

Thanks for raising this…   here’s how ARIN Meeting Invites are handled –

A series of announcements about registration and related reminders are sent to 
arin-announce and published on www.arin.net, including:
Registration Open – 12-16 weeks prior
Meeting Materials Available – 1 week prior
Meeting Open – Day 1

There are two direct email invitations:
Admin and Tech POCs within 100 – 150 miles of the meeting location – 45-30 days 
prior
Admin, Tech, and Voting Contacts for all Member organizations (Service and 
General) – “Per the VA nonstock corporation act - Formal notice (to membership) 
shall be no more than 60 days and no less than 10 days prior to the announced 
date of the special meeting.”
(Note that our registration system will dedupe so that contacts do not receive 
both of these emails.)

All ASN holders are now legal members of ARIN, and therefore by applicable law 
get notice of the meetings.

We could probably cut this list to just Admin and Voting by dropping Tech 
contacts, but you’d end up getting one via the Admin POC.
(you want to suggest such a change - or any other change on how our meeting 
announcements are handled, then please
submit such to the ARIN Consultation and Suggestion Process -  
https://www.arin.net/participate/community/acsp/process/ )

Thanks!
/John

John Curran
President and CEO
American Registry for Internet Numbers

Re: Spam from ARIN to POC addresses

[TJ Trout]

I can help you get rid of pesky ARIN, let's start a 8.2 transfer!

On Tue, Sep 12, 2023 at 3:00 PM packetcat  wrote:

> At 14:01 and 14.46 EST I received two identical emails from
> meeti...@arin-events.net with the subject “Join us for ARIN 52 in
> October”. One was sent to the NOC POC address and one to the abuse POC
> address for my ASN.
>
> As far as I am aware, I never signed up for whatever that mailing list is
> and if I did I wouldn’t subscribe to it on those addresses. Furthermore, I
> am not seeing an unsubscribe button on either email. That makes both
> messages spam.
>
> Considering I’ve never received messages like those from ARIN on those
> addresses, I’ll give ARIN the benefit of the doubt and say someone
> accidentally imported the wrong list of emails into their MSP. I hope this
> is not the start of a new pattern of behaviour because that would not
> be…good to put it mildly.
>
> --
> packetcat
> https://bastetrix.com
>

Re: Spam from ARIN to POC addresses

[Tom Beecher]

>
>  I hope this is not the start of a new pattern of behaviour because that
> would not be…good to put it mildly.
>

What exactly is "not good" about ARIN emailing about the ARIN Public Policy
and Members meeting, to email addresses on file related to ARIN assigned
resources?

On Tue, Sep 12, 2023 at 5:58 PM packetcat  wrote:

> At 14:01 and 14.46 EST I received two identical emails from
> meeti...@arin-events.net with the subject “Join us for ARIN 52 in
> October”. One was sent to the NOC POC address and one to the abuse POC
> address for my ASN.
>
> As far as I am aware, I never signed up for whatever that mailing list is
> and if I did I wouldn’t subscribe to it on those addresses. Furthermore, I
> am not seeing an unsubscribe button on either email. That makes both
> messages spam.
>
> Considering I’ve never received messages like those from ARIN on those
> addresses, I’ll give ARIN the benefit of the doubt and say someone
> accidentally imported the wrong list of emails into their MSP. I hope this
> is not the start of a new pattern of behaviour because that would not
> be…good to put it mildly.
>
> --
> packetcat
> https://bastetrix.com
>

Spam from ARIN to POC addresses

[packetcat]

At 14:01 and 14.46 EST I received two identical emails from 
meeti...@arin-events.net with the subject “Join us for ARIN 52 in October”. One 
was sent to the NOC POC address and one to the abuse POC address for my ASN.

As far as I am aware, I never signed up for whatever that mailing list is and 
if I did I wouldn’t subscribe to it on those addresses. Furthermore, I am not 
seeing an unsubscribe button on either email. That makes both messages spam.

Considering I’ve never received messages like those from ARIN on those 
addresses, I’ll give ARIN the benefit of the doubt and say someone accidentally 
imported the wrong list of emails into their MSP. I hope this is not the start 
of a new pattern of behaviour because that would not be…good to put it mildly.

--
packetcat
https://bastetrix.com

ARIN Consultation on Automatic Creation of IRR Route Objects

[John Curran]

NANOGers -

As I noted earlier, we have opened a community consultation seeking input on 
the desired technical functionality
for RPKI ROA / IRR route object integration in the ARIN registry - see the 
message attached below for details.

If you have particular views on this topic, then please subscribe to the 
arin-consult mailing list (open to all at
http://lists.arin.net/mailman/listinfo/arin-consult) and provide your input.

Thanks!
/John

John Curran
President and CEO
American Registry for Internet Numbers

Begin forwarded message:

From: ARIN 
Subject: [arin-announce] Consultation on Pending Functionality for Automatic 
Creation of IRR Route Objects for Uncovered ROAs
Date: August 10, 2023 at 3:35:01 PM EDT
To: "arin-annou...@arin.net" 

Dear ARIN Community,

ARIN is seeking feedback from the community regarding a specific aspect of the 
recent ARIN Online functionality that was deployed on 7 August 2023. This 
upgrade to ARIN Online brought several new features – including tighter 
integration of ARIN’s Resource Public Key Infrastructure (RPKI) and Internet 
Routing Registry (IRR) routing security services.

Upon further review and out of an abundance of caution, we have decided to 
pause the additional functionality that creates corresponding IRR Route Objects 
for every Route Origin Authorization (ROA) created. We have also paused the 
functionality that automatically creates IRR Route Objects for all preexisting 
ROAs that presently lack a matching Route Object. We recognize the importance 
of ensuring that our services align with the needs and expectations of our 
community and believe that additional time for community consultation on this 
integration functionality is warranted.

The current development plan is to provide an opt-in feature to allow for the 
creation of IRR Route Objects during new ROA creation in the near future. We 
are seeking operator input through this community consultation 
(https://www.arin.net/participate/community/acsp/consultations/2023/2023-4/) to 
gather input on the desirability of additional functionality related to 
integrating RPKI and IRR security services.

The questions for community consideration are:

- Should the automatic creation of IRR route objects for resources that have 
RPKI ROAs be compulsory, the default setting, or require explicit opt-in?

- Should IRR Objects be managed via a direct linkage to a ROAs such that they 
can only be deleted through deletion of the covering ROA, or should ARIN 
continue to support independent management of IRR route objects?

- Should ARIN automatically create managed IRR Route Objects for all validated 
ROAs in the Hosted RPKI repository that do not have matching IRR Route Objects 
today?

- If so, what is the anticipated benefit of doing so? Conversely, if this 
functionality is not desired, why not?

- If a customer agrees to link a ROA with the IRR, what is the appropriate 
number of route objects that should be created based on the ROA prefix and max 
length configuration? Would a “least specific” route object meet expectations?

We sincerely apologize for any inconvenience that pausing this functionality 
may have caused and appreciate your understanding as we work to ensure that our 
services are aligned with the interests of the community.

I encourage all community members to provide their comments and feedback on 
this matter – the feedback you provide during this consultation will be 
instrumental in determining how ARIN moves forward with this RPKI/IRR 
integration functionality.

Please provide comments to arin-cons...@arin.net. You can subscribe to this 
mailing list at https://lists.arin.net/mailman/listinfo/arin-consult

This consultation will remain open until 5:00 PM ET on 10 September 2023. ARIN 
seeks clear direction through community input, so your feedback is important.

Thank you for your continued support and engagement.

Regards,

John Curran
President and CEO
American Registry for Internet Numbers (ARIN)


___
ARIN-Announce
You are receiving this message because you are subscribed to
the ARIN Announce Mailing List (arin-annou...@arin.net).
Unsubscribe or manage your mailing list subscription at:
https://lists.arin.net/mailman/listinfo/arin-announce
Please contact i...@arin.net if you experience any issues.

Re: Changes to ARIN Online - Routing Security Dashboard - RPKI & IRR integration (was: Fwd: [arin-announce] New Features Added to ARIN Online)

[Mark Kosters]

Following up on John Curran's note, we just deployed a new release of ARIN 
Online at approx. 16:10 UTC today (10 Aug 2023). Here are the release notes:

ARIN has completed a new release to pause functionality deployed on 7 August 
2023 that creates corresponding IRR Route Objects for every ROA created. We 
have also paused the functionality that automatically creates IRR Route Objects 
for all preexisting ROAs that presently lack a matching Route Object. We 
recognize the importance of ensuring that our services align with the needs and 
expectations of our community and believe that additional time for community 
consultation on this integration functionality is warranted.

Regards,
Mark

From: NANOG  on behalf of John Curran 

Date: Wednesday, August 9, 2023 at 6:20 PM
To: NANOG 
Subject: Re: Changes to ARIN Online - Routing Security Dashboard - RPKI & IRR 
integration (was: Fwd: [arin-announce] New Features Added to ARIN Online)

NANOGers -  

As alluded to by Mark Kosters in his message below, we are placing on hold the 
functionality for the automatic 
creation of corresponding new route objects for RPKI validated ROAs that lack 
such.  This is being done out of 
an abundance of caution in order to allow us to conduct a community 
consultation in the near future to confirm 
with the operational community the desired functionality in this area. 

Thanks!
/John

John Curran
President and CEO
American Registry for Internet Number

Re: Changes to ARIN Online - Routing Security Dashboard - RPKI & IRR integration (was: Fwd: [arin-announce] New Features Added to ARIN Online)

[John Curran]

NANOGers -

As alluded to by Mark Kosters in his message below, we are placing on hold the 
functionality for the automatic
creation of corresponding new route objects for RPKI validated ROAs that lack 
such.  This is being done out of
an abundance of caution in order to allow us to conduct a community 
consultation in the near future to confirm
with the operational community the desired functionality in this area.

Thanks!
/John

John Curran
President and CEO
American Registry for Internet Numbers


On Aug 9, 2023, at 2:42 PM, Mark Kosters  wrote:

Responses inline starting with "MK:"

On 8/9/23, 10:21 AM, "NANOG on behalf of Jay Borkenhagen" 
mailto:arin@nanog.org> on behalf 
of j...@braeburn.org <mailto:j...@braeburn.org>> wrote:

I agree that in ARIN's RPKI-->IRR synthesis, the set of route[6]
objects created should not depend on the maxlength used. In Mark's
phrasing, "just have least-specific."

MK: I think it was Job that brought it up as a recommendation and glad to hear 
you agree with him.

Ideally, discussion about details such as this should have occurred on
some ARIN technical mailing list in the months leading up to ARIN
deploying this change to production.

MK: I agree that we have some improvements to make here on issues that directly 
impact the operations community. In fact, we will be placing the automatic 
creation of new route objects on hold. We are in the process of issuing a 
community consultation that is being formulated to solicit feedback on several 
technical aspects of this change. We hope to hear from you and others when this 
consultation is announced (it will conducted on the arin-consult mailing list - 
https://lists.arin.net/mailman/listinfo/arin-consult).

Thanks,
Mark

Re: Changes to ARIN Online - Routing Security Dashboard - RPKI & IRR integration (was: Fwd: [arin-announce] New Features Added to ARIN Online)

[Mark Kosters]

Responses inline starting with "MK:"

On 8/9/23, 10:21 AM, "NANOG on behalf of Jay Borkenhagen" 
mailto:arin@nanog.org> on behalf 
of j...@braeburn.org <mailto:j...@braeburn.org>> wrote:

I agree that in ARIN's RPKI-->IRR synthesis, the set of route[6]
objects created should not depend on the maxlength used. In Mark's
phrasing, "just have least-specific."

MK: I think it was Job that brought it up as a recommendation and glad to hear 
you agree with him.

Ideally, discussion about details such as this should have occurred on
some ARIN technical mailing list in the months leading up to ARIN
deploying this change to production.

MK: I agree that we have some improvements to make here on issues that directly 
impact the operations community. In fact, we will be placing the automatic 
creation of new route objects on hold. We are in the process of issuing a 
community consultation that is being formulated to solicit feedback on several 
technical aspects of this change. We hope to hear from you and others when this 
consultation is announced (it will conducted on the arin-consult mailing list - 
https://lists.arin.net/mailman/listinfo/arin-consult).

Thanks,
Mark

Re: Changes to ARIN Online - Routing Security Dashboard - RPKI & IRR integration (was: Fwd: [arin-announce] New Features Added to ARIN Online)

[Jay Borkenhagen]

Job Snijders via NANOG writes:
 > >
 > > > Would it not be advantageous to create at a minimum the 256 of the
 > > > 'least-specific' objects?
 > > 
 > > MK: That may be a reasonable approach. Do you see any adverse effects
 > > in simplifying the IRR Route creation logic to just have
 > > least-specific?
 > 
 > I don't think I see a downside of mapping a single VRP to a single IRR
 > route/route6 object.
 > 

I agree that in ARIN's RPKI-->IRR synthesis, the set of route[6]
objects created should not depend on the maxlength used.  In Mark's
phrasing, "just have least-specific."

Ideally, discussion about details such as this should have occurred on
some ARIN technical mailing list in the months leading up to ARIN
deploying this change to production.

Thanks.

Jay B.

Re: Changes to ARIN Online - Routing Security Dashboard - RPKI & IRR integration (was: Fwd: [arin-announce] New Features Added to ARIN Online)

[Job Snijders via NANOG]

Dear Mark,

Thank you for sharing all the details in your previous email. For
brevity I'm snipping most of your reply.

On Tue, Aug 08, 2023 at 03:59:19PM +, Mark Kosters wrote:
> Job Snijders wrote:
>
> > Would it not be advantageous to create at a minimum the 256 of the
> > 'least-specific' objects?
> 
> MK: That may be a reasonable approach. Do you see any adverse effects
> in simplifying the IRR Route creation logic to just have
> least-specific?

I don't think I see a downside of mapping a single VRP to a single IRR
route/route6 object.

Synthesizing only the least-specific is how RPKI-integration was
implemented in IRRd v4, and that implemntation has seen quite some
flight hours by now. The approach seemed to work well in the last ~ 5
years. No request ever came up to extend IRRd v4 to synthesize (a
limited number of) more-specific route/route6 objects if maxLength was
present in the ROA generation request.

IRRd v4 does expose the 'maxLength' value by inserting a non-standard
RPSL attribute called 'max-length:' in the route/route6 object. While
this is not IETF-standardized, it seemed intuitive enough. RPSL parsers
are expected to ignore what they don't recognize anyway. ARIN could
mimick this practise. See the following example:

$ whois -h rr.ntt.net -- '-s RPKI -T route6 2001:67c:208c::/48' \
  | egrep "route6|max-length|origin" | paste - - -
route6: 2001:67c:208c::/48  max-length: 48  origin: AS0
route6: 2001:67c:208c::/48  max-length: 48  origin: AS15562

I'd suggest to consider simplying the IRR creation logic to just a
singular least-specific route/route object, and not bother with
generating 'potentially up to 256' more-specific route/route6 objects.

I see a few advantages:

G* Every single VRP resulting from a ROA generation request will always
  result in the instantiation of exactly one IRR route/route6 object. As
  I understand the current proposal, sometimes a route/route6 object is
  created, sometimes not, depending on the value of the maxLength. In
  this I see a source for potential confusion.

* By creating just 1 route/route6 object per validated ROA payload, any
  potential load on the NRTM mirror ecosystem is minimized to the
  fullest extend possible: 65,285 ROAs on 'rpki.arin.net' will result in
  72,082 Validated ROA Payloads thus result in 13,933 'route6:' objects
  and 58,149 'route:' objects. A significant smaller number compared to
  expanding up to 256 additional objects if maxLength is set wide enough.

* the use of maxLength isn't really recommended anyway, see BCP 185 /
  RFC 9319 https://datatracker.ietf.org/doc/html/rfc9319. As a rule of
  thumb I recommend: 1 BGP announcement == 1 ROA == 1 IRR object and
  avoid just using maxLength all together.

* Most transit providers and IXP route server operators create so-called
  'upto /24' prefix-list-filters, regardless of maxLength values. So in
  the vast majority of cases I don't think the additional up to 256
  more-specific route objects would change anything.

Finally, if people can articulate why exactly synthesizing up to 256
more-specific route objects really would be a useful feature, it can
always be added at a later point in time. Adding extra objects to the
IRR has always been easier than removing them. :-)

Thanks!

Kind regards,

Job

Re: Changes to ARIN Online - Routing Security Dashboard - RPKI & IRR integration (was: Fwd: [arin-announce] New Features Added to ARIN Online)

[Mark Kosters]

Hi Job

Answers below starting with MK:

On 8/7/23, 7:31 PM, "NANOG on behalf of Job Snijders via NANOG" 
mailto:arin@nanog.org> on behalf 
of nanog@nanog.org > wrote:

- is the IRR state directly derived from the RPKI state?

MK: No.  This is all done in software. First a ROA is generated, then one or 
more IRR objects based on how the ROA was defined by the user.

An example for context: should some kind of unfortunate failure happen
in ARIN's HSMs and thusly a new Manifest + CRL pair isn't signed and
published before the 'nextUpdate' timestamp of the previous pair,
would the associated IRR objects be deleted via NRTM? Or is the
creation of ROAs and IRR route:/route6: objects discoupled in the
sense that an operator creates an abstract object which then is
transformed into both IRR and RPKI objects?

MK: When the resource holder submits a ROA generation request, we have code 
that translates the ROA into the equivalent auto-managed route/route6 IRR 
objects, from the starting prefix to longest possible match. This process does 
not use the capabilities or features in third party software implementations. 

- What is the expected delay (if any) between creating a RPKI ROA and
the associated IRR route/route6 objects appearing via NRTM?
Is there online documentation outlining expectations, and is there
internal monitoring on the delivery of the RPKI-to-IRR transformation
service?

MK: New RPKI ROAs are published every three minutes. IRR objects are published 
every five minutes. There is a possibility that the route object derived from a 
ROA could be seen in ARIN’s IRR database before the ROA in ARIN’s RPKI 
repository.

- The documentation states "If the creation of a ROA would result in
more than 256 IRR Route Objects, no managed IRR Route Objects will be
created." - but, why not? 

MK: Our reason to limiting the creation is to protect the IRR mirroring 
service. A rapid influx of route object creation may overrun the IRR processes 
if a poor decision was made with respect to the use of the maxlength field.  
For example a 205.188.0.0/16 maxlength 24 ROA, would generate 511 IRR route 
objects (( 2^( prefix_length - max_length + 1 ))- 1). We may revisit this 
maximum limit in the future.

Would it not be advantageous to create at a minimum the 256 of the 
'least-specific' objects?

MK: That may be a reasonable approach. Do you see any adverse effects in 
simplifying the IRR Route creation logic to just have least-specific?

Thanks,
Mark

Re: Changes to ARIN Online - Routing Security Dashboard - RPKI & IRR integration (was: Fwd: [arin-announce] New Features Added to ARIN Online)

[Job Snijders via NANOG]

Dear John, ARIN, NANOG,

On Mon, Aug 07, 2023 at 06:24:09PM +, John Curran wrote:
> We have made some fairly significant changes for those customers using
> ARIN Online for routing security administration – see attached message
> for specifics.

Yes, significant changes! I very much appreciate ARIN's efforts to
streamline IRR & RPKI operations for INR holders. :-)

I too think that having to enter "sorta similar" data in 2 places of
course is more prone to error (in terms of internal discrepancies
between the two inputs of data) compared to entering routing data in
just one place. I imagine the scheduled simplification of the user
interface (intertwining IRR & RPKI) will lead to improved data accuracy
and fewer operator errors. Thank you ARIN for that!

I think the industry's transition from plain-text IRR data towards
cryptographically verifiable RPKI data really starts happening when
there are automated processes coupling the two sets of data, and indeed
also retroactively glueing the two together (within ARIN's auspices the
'ARIN Online' environment).

A few questions arose in my mind while wondering about implementation
aspects on ARIN's side:

- is the IRR state directly derived from the RPKI state?

  An example for context: should some kind of unfortunate failure happen
  in ARIN's HSMs and thusly a new Manifest + CRL pair isn't signed and
  published before the 'nextUpdate' timestamp of the previous pair,
  would the associated IRR objects be deleted via NRTM? Or is the
  creation of ROAs and IRR route:/route6: objects discoupled in the
  sense that an operator creates an abstract object which then is
  transformed into both IRR and RPKI objects?

- What is the expected delay (if any) between creating a RPKI ROA and
  the associated IRR route/route6 objects appearing via NRTM?
  Is there online documentation outlining expectations, and is there
  internal monitoring on the delivery of the RPKI-to-IRR transformation
  service?

- The documentation states "If the creation of a ROA would result in
  more than 256 IRR Route Objects, no managed IRR Route Objects will be
  created." - but, why not? Would it not be advantageous to create at
  a minimum the 256 of the 'least-specific' objects? I wonder if the
  current approach violates the principle of least astonishment in the
  sense that an operator picking an unfortunate 'maxLength' value
  results in no IRR objects at all.

Kind regards,

Job

Changes to ARIN Online - Routing Security Dashboard - RPKI & IRR integration (was: Fwd: [arin-announce] New Features Added to ARIN Online)

[John Curran]

NANOGers -

We have made some fairly significant changes for those customers using ARIN 
Online for routing security administration – see attached message for specifics.

FYI,
/John

John Curran
President and CEO
American Registry for Internet Numbers


Begin forwarded message:

From: ARIN 
Subject: [arin-announce] New Features Added to ARIN Online
Date: August 7, 2023 at 1:37:51 PM EDT
To: 

ARIN is pleased to present the latest version of ARIN Online, including 
improvements, new features, and updates. Full release notes are included at the 
end of this message.

All ARIN systems have been restored and are now operating normally. We thank 
you for your patience. If you have additional questions, comments, or issues, 
please submit an Ask ARIN ticket using your ARIN Online account or contact the 
Registration Services Help Desk by phone Monday through Friday, 7:00 AM to 7:00 
PM ET at +1.703.227.0660.

Regards,

Mark Kosters
Chief Technology Officer
American Registry for Internet Numbers (ARIN)

Release Notes

- Navigation and eligibility status for ARIN’s routing security services, the 
Resource Public Key Infrastructure (RPKI), and Internet Routing Registry (IRR) 
have been condensed into a single Routing Security Dashboard in ARIN Online. We 
have also made the navigation of the IRR pages consistent with the RPKI 
portions of the website.
- Abuse, Network Operation Center (NOC), and DNS Points of Contact now have 
read-only viewing privileges for RPKI details in both ARIN Online and the 
RESTful API.
- Creating a new Route Origin Authorization (ROA) in ARIN Online now 
automatically creates and manages the matching IRR Route Objects based on the 
ROA prefix and max length configuration. If the creation of a ROA would result 
in more than 256 IRR Route Objects, no managed IRR Route Objects will be 
created. Managed IRR Route Objects may not be removed independently of their 
covering ROAs. Deleting a ROA in ARIN Online will automatically delete its 
corresponding managed IRR Route Objects. In the coming weeks, ARIN will create 
managed IRR Route Objects for all preexisting ROAs that do not currently have 
matching IRR Route Objects. Preexisting IRR Route Objects that match ROAs will 
be associated with the covering ROA.
- To create feature parity with templates, we have added the capability to 
modify reassignment information within ARIN Online without any changes to the 
registration date.
- Customers can begin the application process for the Qualified Facilitator 
Program in ARIN Online. ARIN Qualified Facilitators serve as resources for the 
community by assisting organizations seeking to acquire or transfer IPv4 or 
Autonomous System Number (ASN) resources.


___
ARIN-Announce
You are receiving this message because you are subscribed to
the ARIN Announce Mailing List (arin-annou...@arin.net).
Unsubscribe or manage your mailing list subscription at:
https://lists.arin.net/mailman/listinfo/arin-announce
Please contact i...@arin.net if you experience any issues.

Apply Today for the ARIN 52 Fellowship Program

[John Sweeting]

NANOGers -

For those folks (e.g., yourself, friends, coworkers, ...) who are looking for 
an in-depth mentored introduction to ARIN, please consider submitting an 
application to participate in the ARIN 52 Fellowship Program! Details attached 
below, and more online at https://www.arin.net/fellowships 
<https://www.arin.net/fellowships>. Thanks!" 

Thanks,
John S.


-Original Message-
From: ARIN-announce mailto:arin-announce-boun...@arin.net>> On Behalf Of ARIN
Sent: Thursday, July 6, 2023 11:05 AM
To: arin-annou...@arin.net <mailto:arin-annou...@arin.net>
Subject: [arin-announce] Apply Today for the ARIN 52 Fellowship Program


Learn more about Internet governance, number resource policy, and the ARIN 
community by becoming an ARIN Fellow. Applications for the ARIN 52 Fellowship 
Program are now open, and we encourage you to apply for this specialized, 
interactive learning opportunity.


Apply now: https://arin.net/beafellow <https://arin.net/beafellow> 


Applications are accepted from Thursday, 6 July, to Wednesday, 26 July, 2023.


Fellows will attend virtual sessions before and after the ARIN 52 Public Policy 
and Members Meeting (19-20 October 2023), held in San Diego, California, and 
may choose to attend ARIN 52 either in person or virtually. Fellows may also 
choose to attend NANOG 89, held in the days leading up to ARIN 52.


With the personal support of ARIN community member Mentors, Fellows will have 
the opportunity to ask questions, get feedback, and gain the knowledge and 
confidence to join in community discussions, propose new ideas, and become part 
of the future of Internet governance and policy in the ARIN region.


Individuals who are 18 years of age or older and reside in the ARIN region are 
eligible to apply if they have a demonstrated interest in the ARIN community 
and its Policy Development Process (PDP) for the management of Internet number 
resources.


Applicants must understand the importance of ARIN’s mission and be familiar 
with ARIN services, including the Internet number resources it manages and the 
process reflected in the Number Resource Policy Manual (NRPM). 


To learn more about ARIN’s Fellowship Program, the selection process, and the 
Terms and Conditions, please visit https://www.arin.net/fellowship 
<https://www.arin.net/fellowship>. 


Applicants can email fellowsh...@arin.net <mailto:fellowsh...@arin.net> for 
more information or to request a customizable letter to their employer that 
highlights the benefits of taking part in ARIN’s Fellowship Program.


ARIN looks forward to receiving your application soon!


Regards,


Amanda Gauldin
Community Programs Manager
American Registry for Internet Numbers (ARIN)

Re: My first ARIN Experience but probably not the last, unfortunately..

[John Curran]

On Jul 16, 2023, at 3:33 PM, Randy Bush  wrote:

… and see if we can round off the rough edges where they got caught.

To that end, the “IPv6 fee waiver” text on the fee schedule has been expanded 
to more fully
explain its operation.  From 
 –

*There is a temporary IPv6 fee waiver for organizations in the 3X-Small service 
category allowing for more IPv6 resources than normal while still remaining in 
the 3X-Small service category and paying only the 3X-Small service category 
fee. A 3X-Small organization may receive registry services for up to a /36 of 
total IPv6 space and remain in the 3X-Small service category rather than being 
charged the 2X-Small service category fee. This waiver will expire 31 December 
2026.

The terminology “fee waiver” is acknowledged as less than ideal, but has been 
retained for
consistency as there’s extensive historical references to it in this manner – 
it is hoped that
the more extensive explanation will suffice to clarify any confusion in how it 
is actually handled.

Thanks,
/John

John Curran
President and CEO
American Registry for Internet Numbers

Re: My first ARIN Experience but probably not the last, unfortunately..

[Randy Bush]

> #define SOAPBOX
> 
> Please remember ARIN covers more than just the relatively prosperous
> United States.  There are places like Jamaica, which are also in the
> ARIN region, where the average annual income is $2,337.

indeed

i find this thread to be depressing.  the economics you mention, of
course.

but also folk being rude, judgemental, and blaming the user for being
confused by the complex and jargon-infested bureaucrazy we have created
in the rirs.

and yes, props to the rirs for trying to document rules and processes.
but that often seems to create even more documents.  and, of course, if
you have to deal with multiple rirs, expect no parallelism, similar
nomenclature, etc.

it is very easy for a new rir user to get confused by corner cases,
terminology, quirks of history, and the detritus of our amateur policy
wonkage.

give 'em a break.  and see if we can round off the rough edges where
they got caught.

randy

---

note that i use the first person plural

Re: My first ARIN Experience but probably not the last, unfortunately..

[Matthew Petach]

On Fri, Jul 14, 2023 at 2:09 PM Darin Steffl 
wrote:

> This screams of entitlement. If you can't afford $250 a year for ARIN, you
> probably shouldn't be starting a new business. Sorry
>

#define SOAPBOX

Darin,

Please remember ARIN covers more than just the relatively prosperous United
States.
There are places like Jamaica, which are also in the ARIN region, where the
average
annual income is $2,337.

Having to put aside 11% of your annual income for ARIN registry fees to
start a business
is a big decision.
I don't think you'd like it if we called you "entitled" for not wanting to
shell out 11% of your
annual income for ARIN fees to start a business.

While NANOG by name does narrow the focus to just "North America", we
should all remember
that even in North America, wealth is not distributed equally.  There are
communities that very
much need the economic development that new businesses can bring, where a
$250/year annual
fee represents a significant headwind.  Rather than pooh-pooh their
concerns, we should instead
strive to see the world through that entrepreneur's eyes, and address their
concerns, rather than
brush them aside.

 Thanks!

Matt

#undef SOAPBOX

Re: My first ARIN Experience but probably not the last, unfortunately..

[William Herrin]

On Sat, Jul 15, 2023 at 8:57 PM Tom Beecher  wrote:
> There is no possible way that anyone should interpret
> the current wording of the asterisk'd text as ALL IPv6
> fees are waived until 2026. None. If that's your take
> away, I'm not sure what to say.

Hi Tom,

I think the point is that "waiver" is the wrong word. It's not a
waiver, it's a discount.

You go calling things waivers that aren't, someone's gonna miss the
asterisk and get rudely surprised.

Regards,
Bill Herrin


-- 
William Herrin
b...@herrin.us
https://bill.herrin.us/