Re: Corporate Identity Theft: Azuki, LLC -- AS13389, 216.179.128.0/17

2019-08-15 Thread Christopher Morrow
(I hate to step into the pond, but...) On Thu, Aug 15, 2019 at 8:02 AM John Curran wrote: > > On 14 Aug 2019, at 11:16 PM, Ronald F. Guilmette > wrote: > > > > Report it on some webpage and call it "Internet > Resources stolen", document every incident as you do via email, send a > copy to the

RE: RPKI adoption (was: Re: Corporate Identity Theft: Azuki, LLC -- AS13389, 216.179.128.0/17)

2019-08-15 Thread Michel Py
Hi John, > John Curran wrote : > Even so, we at ARIN are in the midst of a Board-directed review of the RPKI > legal framework to see if any improvements can be made > > – I will provide further updates

Re: Corporate Identity Theft: Azuki, LLC -- AS13389, 216.179.128.0/17

2019-08-15 Thread John Curran
On 14 Aug 2019, at 11:16 PM, Ronald F. Guilmette mailto:r...@tristatelogic.com>> wrote: Report it on some webpage and call it "Internet Resources stolen", document every incident as you do via email, send a copy to the appropriate RIR and upstream ISP allowing the hijack in question to show

Re: Corporate Identity Theft: Azuki, LLC -- AS13389, 216.179.128.0/17

2019-08-14 Thread Hank Nussbacher
On 15/08/2019 06:16, Ronald F. Guilmette wrote: - If the resource owner is no where to be found, why should we as a community care? I'm so glad you asked. Regardless, in -either- the case where no heir can be found -or- in the case where the rightful heir is either just too dumb or just too

Re: Corporate Identity Theft: Azuki, LLC -- AS13389, 216.179.128.0/17

2019-08-14 Thread Ronald F. Guilmette
In message <20190810003820.gd2...@jima.tpb.net>, Niels Bakker wrote: >* r...@tristatelogic.com (Ronald F. Guilmette) [Sat 10 Aug 2019, 02:26 CEST]: >>As far as I am aware, no RIR makes any effort whatsoever to vet >>changes to WHOIS records, either for IP blocks or ASNs or ORG >>records. >

Re: Corporate Identity Theft: Azuki, LLC -- AS13389, 216.179.128.0/17

2019-08-14 Thread Ronald F. Guilmette
In message <4fcb73bf-224f-e011-f310-522193c86...@efes.iucc.ac.il>, Hank Nussbacher wrote: >Just as an observer to your long resource theft postings: >- Do you attempt to contact directly the organization or person who have >had their resource taken over? To the extent that I can spare the

Re: RPKI adoption (was: Re: Corporate Identity Theft: Azuki, LLC -- AS13389, 216.179.128.0/17)

2019-08-14 Thread Ronald F. Guilmette
In message , John Curran wrote: >Alas, it’s not those who fail to properly configure RPKI that are likely to be >litigating, but rather their impacted customers and those customers' business >partners who all were unable to communicate due to no fault of their own. > >Such a matter will not be

Re: RPKI adoption (was: Re: Corporate Identity Theft: Azuki, LLC -- AS13389, 216.179.128.0/17)

2019-08-14 Thread Anne P. Mitchell, Esq.
> There's obviously a disconnect where people aren't worried about indemnifying > Spamhaus for using their block list, but are worried about indemnifying ARIN > for > using the TAL. That would be because there is a rather substantial difference between publishing an IP address for which you

Re: RPKI adoption (was: Re: Corporate Identity Theft: Azuki, LLC -- AS13389, 216.179.128.0/17)

2019-08-14 Thread Valdis Klētnieks
On Wed, 14 Aug 2019 16:07:49 -, John Curran said: > > But I suspect a lot of companies are reading it as: "If a spammer sues you > > for using > > a block list that prevents them from spamming your customers, you can't end > > up > > owing money to the block list maintainers. But if you

Re: RPKI adoption (was: Re: Corporate Identity Theft: Azuki, LLC -- AS13389, 216.179.128.0/17)

2019-08-14 Thread Rubens Kuhl
On Wed, Aug 14, 2019 at 1:09 PM John Curran wrote: > On 14 Aug 2019, at 11:15 AM, Valdis Klētnieks > wrote: > > > > On Wed, 14 Aug 2019 02:42:09 -, John Curran said: > > > >> You might want want to ask them why they are now a problem when they > weren’t > >> before (Also worth noting that

Re: RPKI adoption (was: Re: Corporate Identity Theft: Azuki, LLC -- AS13389, 216.179.128.0/17)

2019-08-14 Thread John Curran
On 14 Aug 2019, at 11:15 AM, Valdis Klētnieks wrote: > > On Wed, 14 Aug 2019 02:42:09 -, John Curran said: > >> You might want want to ask them why they are now a problem when they weren’t >> before (Also worth noting that many of these ISP's own contracts with their >> customers have

Re: RPKI adoption (was: Re: Corporate Identity Theft: Azuki, LLC -- AS13389, 216.179.128.0/17)

2019-08-14 Thread Valdis Klētnieks
On Wed, 14 Aug 2019 02:42:09 -, John Curran said: > You might want want to ask them why they are now a problem when they weren’t > before (Also worth noting that many of these ISP's own contracts with their > customers have rather similar indemnification clauses.) Actually, it's probably

Re: RPKI adoption (was: Re: Corporate Identity Theft: Azuki, LLC -- AS13389, 216.179.128.0/17)

2019-08-14 Thread John Curran
On 14 Aug 2019, at 1:21 AM, Ronald F. Guilmette mailto:r...@tristatelogic.com>> wrote: In message <06570278-e1ad-4bb0-a9fc-11a77bed7...@arin.net>, John Curran mailto:jcur...@arin.net>> wrote: Even so, we at ARIN are in the midst of a

Re: RPKI adoption (was: Re: Corporate Identity Theft: Azuki, LLC -- AS13389, 216.179.128.0/17)

2019-08-14 Thread John Curran
On 14 Aug 2019, at 2:26 AM, Matthew Petach wrote: > ... > Now, at the risk of bringing down the ire > of the community on my head...ARIN could > consider tying the elements together, at > least for ARIN members. Add the RPKI terms > into the RSA document. You need IP number > resources,

Re: RPKI adoption (was: Re: Corporate Identity Theft: Azuki, LLC -- AS13389, 216.179.128.0/17)

2019-08-14 Thread John Curran
On 14 Aug 2019, at 1:01 AM, William Herrin wrote: > ... > > I would observe that continued use at that point has been held > > to indicate agreement on your part [ref: Register.com, Inc. v. Verio, Inc., > > 356 F.3d 393 (2d Cir. 2004)] > > In which Verio admitted to the court that they knew

Re: RPKI adoption (was: Re: Corporate Identity Theft: Azuki, LLC -- AS13389, 216.179.128.0/17)

2019-08-14 Thread Matthew Petach
On Tue, Aug 13, 2019 at 5:44 PM John Curran wrote: > On 13 Aug 2019, at 9:28 PM, Ronald F. Guilmette > wrote: > > ... > The last time I looked, RPKI adoption was sitting at around a grand total > of 15% worldwide. Ah yes, here it is... > > https://rpki-monitor.antd.nist.gov/ > > I've asked

Re: RPKI adoption (was: Re: Corporate Identity Theft: Azuki, LLC -- AS13389, 216.179.128.0/17)

2019-08-13 Thread Ronald F. Guilmette
In message <06570278-e1ad-4bb0-a9fc-11a77bed7...@arin.net>, John Curran wrote: >Even so, we at ARIN are in the midst of a Board-directed review of the RPKI >legal framework to see if any improvements can be made

Re: RPKI adoption (was: Re: Corporate Identity Theft: Azuki, LLC -- AS13389, 216.179.128.0/17)

2019-08-13 Thread William Herrin
On Tue, Aug 13, 2019 at 8:25 PM John Curran wrote: > On 13 Aug 2019, at 11:03 PM, William Herrin wrote: > I signed no legal agreement either to register my legacy addresses or to do a whois lookup to check someone else's addresses. Just sayin’. > > If you instead used a command line interface

Re: Corporate Identity Theft: Azuki, LLC -- AS13389, 216.179.128.0/17

2019-08-13 Thread Hank Nussbacher
On 13/08/2019 22:17, Ronald F. Guilmette wrote: Just as an observer to your long resource theft postings: - Do you attempt to contact directly the organization or person who have had their resource taken over? - Do they care or are they apathetic? - If the resource owner is no where to be

Re: RPKI adoption (was: Re: Corporate Identity Theft: Azuki, LLC -- AS13389, 216.179.128.0/17)

2019-08-13 Thread John Curran
On 13 Aug 2019, at 11:03 PM, William Herrin mailto:b...@herrin.us>> wrote: On Tue, Aug 13, 2019 at 7:42 PM John Curran mailto:jcur...@arin.net>> wrote: On 13 Aug 2019, at 9:28 PM, Ronald F. Guilmette mailto:r...@tristatelogic.com>> wrote: The last time I looked, RPKI adoption was sitting at

Re: RPKI adoption (was: Re: Corporate Identity Theft: Azuki, LLC -- AS13389, 216.179.128.0/17)

2019-08-13 Thread William Herrin
On Tue, Aug 13, 2019 at 7:42 PM John Curran wrote: > On 13 Aug 2019, at 9:28 PM, Ronald F. Guilmette > wrote: > > The last time I looked, RPKI adoption was sitting at around a grand total > of 15% worldwide. Ah yes, here it is... > > https://rpki-monitor.antd.nist.gov/ > > I've asked many

RPKI adoption (was: Re: Corporate Identity Theft: Azuki, LLC -- AS13389, 216.179.128.0/17)

2019-08-13 Thread John Curran
On 13 Aug 2019, at 9:28 PM, Ronald F. Guilmette mailto:r...@tristatelogic.com>> wrote: ... The last time I looked, RPKI adoption was sitting at around a grand total of 15% worldwide. Ah yes, here it is... https://rpki-monitor.antd.nist.gov/ I've asked many people and many companies why

Re: Corporate Identity Theft: Azuki, LLC -- AS13389, 216.179.128.0/17

2019-08-13 Thread Ronald F. Guilmette
In message , Eric Kuhnke wrote: rfg>> 4) Filing a "fraud request" with ARIN is a serious step and one that rfg>could quite conceivably end up with the party filing such a formal rfg>report being on the business end of lawsuit, just for having filed rfg>such a report.

Re: Corporate Identity Theft: Azuki, LLC -- AS13389, 216.179.128.0/17

2019-08-13 Thread Eric Kuhnke
> 4) Filing a "fraud request" with ARIN is a serious step and one that could quite conceivably end up with the party filing such a formal report being on the business end of lawsuit, just for having filed such a report. What makes you think that the sort of persons who

Re: Corporate Identity Theft: Azuki, LLC -- AS13389, 216.179.128.0/17

2019-08-13 Thread Marco Belmonte
For the record, there are just as many of us that appreciate your verbosity. On 8/13/2019 12:35 PM, Ronald F. Guilmette wrote: In message Ross Tajvar wrote: Seems like submitting a fraud request to ARIN is more effective than

Re: Corporate Identity Theft: Azuki, LLC -- AS13389, 216.179.128.0/17

2019-08-13 Thread Rich Kulawiec
On Mon, Aug 12, 2019 at 04:11:00PM -0400, Ross Tajvar wrote: > Seems like submitting a fraud request to ARIN is more effective than > writing a novel and sending it to NANOG, and doesn't require the latter... But if he didn't fully document his assertion(s), then he would be faced with a plethora

Re: Corporate Identity Theft: Azuki, LLC -- AS13389, 216.179.128.0/17

2019-08-13 Thread Ronald F. Guilmette
In message Ross Tajvar wrote: >Seems like submitting a fraud request to ARIN is more effective than >writing a novel and sending it to NANOG, and doesn't require the latter... As noted in my immediately prior posting, ARIN's careful adjudication of this or any other possible case of fraud

Re: Corporate Identity Theft: Azuki, LLC -- AS13389, 216.179.128.0/17

2019-08-13 Thread Ronald F. Guilmette
In message , John Curran wrote: >On 9 Aug 2019, at 4:09 PM, Ronald F. Guilmette wrote: >> ... >> Unfortunately, we cannot read too much into this change that was made >> to the block's public-facing WHOIS record. Neither the new WHOIS info >> nor even the old WHOIS info can be used to

Re: Corporate Identity Theft: Azuki, LLC -- AS13389, 216.179.128.0/17

2019-08-12 Thread Ross Tajvar
Seems like submitting a fraud request to ARIN is more effective than writing a novel and sending it to NANOG, and doesn't require the latter... On Mon, Aug 12, 2019, 3:16 PM John Curran wrote: > On 9 Aug 2019, at 4:09 PM, Ronald F. Guilmette > wrote: > > ... > > Unfortunately, we cannot read

Re: Corporate Identity Theft: Azuki, LLC -- AS13389, 216.179.128.0/17

2019-08-12 Thread John Curran
On 9 Aug 2019, at 4:09 PM, Ronald F. Guilmette wrote: > ... > Unfortunately, we cannot read too much into this change that was made > to the block's public-facing WHOIS record. Neither the new WHOIS info > nor even the old WHOIS info can be used to reliably infer who or what > is the legitimate

Re: Corporate Identity Theft: Azuki, LLC -- AS13389, 216.179.128.0/17

2019-08-09 Thread Ronald F. Guilmette
In message Ross Tajvar wrote: >First he thought that a /17 got stolen (by creating a company with the same >name as the original, now-defunct owner), but he then said he was wrong and >actually it either 1) got transferred against ARIN policy or 2) was made to >look like it was transferred by

Re: Corporate Identity Theft: Azuki, LLC -- AS13389, 216.179.128.0/17

2019-08-09 Thread Niels Bakker
* r...@tristatelogic.com (Ronald F. Guilmette) [Sat 10 Aug 2019, 02:26 CEST]: As far as I am aware, no RIR makes any effort whatsoever to vet changes to WHOIS records, either for IP blocks or ASNs or ORG records. This is hilarious. You should hear the whining from any EU-based operator who

Re: Corporate Identity Theft: Azuki, LLC -- AS13389, 216.179.128.0/17

2019-08-09 Thread Ross Tajvar
First he thought that a /17 got stolen (by creating a company with the same name as the original, now-defunct owner), but he then said he was wrong and actually it either 1) got transferred against ARIN policy or 2) was made to look like it was transferred by altering the whois data. On Fri, Aug

Re: Corporate Identity Theft: Azuki, LLC -- AS13389, 216.179.128.0/17

2019-08-09 Thread Ronald F. Guilmette
In message , Brandon Price wrote: > > > 1) On or about 02-17-2010 HHSI, Inc. (California) transfered the >registration of the 216.179.128.0/17 block from itself to the >2009 vintage Delaware entity Azuki, LLC. If this is what happened, >then it is likely that the

Re: Corporate Identity Theft: Azuki, LLC -- AS13389, 216.179.128.0/17

2019-08-09 Thread Töma Gavrichenkov
Peace, On Thu, Aug 8, 2019 at 10:54 PM Ronald F. Guilmette wrote: > Corporate identity theft is a simple ploy which may be used to illicitly > obtain valuable IPv4 address space. Actual use of this fradulent ploy > was first described publicly in April, 2008 (https://wapo.st/2YLEhlZ).

Re: Corporate Identity Theft: Azuki, LLC -- AS13389, 216.179.128.0/17

2019-08-09 Thread Ronald F. Guilmette
Further investigation of this case obliges me to post the following correction and retraction. Additional evidence now strongly suggests that the 216.179.128.0/17 IP address block has NOT been "stolen" as I had suggested yesterday. I simply mis-read the ARIN historical registration ("WhoWas")

RE: Corporate Identity Theft: Azuki, LLC -- AS13389, 216.179.128.0/17

2019-08-09 Thread Kevin McCormick
To: nanog@nanog.org Subject: Corporate Identity Theft: Azuki, LLC -- AS13389, 216.179.128.0/17 Corporate identity theft is a simple ploy which may be used to illicitly obtain valuable IPv4 address space. Actual use of this fradulent ploy was first described publicly in April, 2008 (https

Corporate Identity Theft: Azuki, LLC -- AS13389, 216.179.128.0/17

2019-08-08 Thread Ronald F. Guilmette
Corporate identity theft is a simple ploy which may be used to illicitly obtain valuable IPv4 address space. Actual use of this fradulent ploy was first described publicly in April, 2008 (https://wapo.st/2YLEhlZ). Quite simply, a party bent on undertaking this ploy may just search the publicly