On Sat, Aug 14, 2010 at 12:32:50PM -0700, David Conrad wrote:
Bill,
On Aug 14, 2010, at 8:51 AM, bmanning@vacation.karoshi.com wrote:
In the formal ARIN context, there is a distiction between abuse and fraud.
abuse:: https://www.arin.net/abuse.html
This is a FAQ for folks who are accusing ARIN of abuse of network. With the possible exception of the last item in that FQA, it has nothing to do with the topic at hand.
This is the mechanism by which one reports fraud.
It would be helpful in clarifing the discussion if folks used the proper terminology.
Can you point to where ARIN defines exactly what they consider "abuse" and/or "fraud"?
Thanks, -drc
The AC accepted draft proposal below has a definition of abuse in #b ---- Draft Policy 2010-11 Required Resource Reviews Version/Date: 20 July 2010 Policy statement: Replace the text "under sections 4-6" in section 12, paragraph 7 with "under paragraphs 12.4 through 12.6" Add to section 12 the following text: 10. Except as provided below, resource reviews are conducted at the discretion of the ARIN staff. In any of the circumstances mentioned below, a resource review must be initiated by ARIN staff: a. Report or discovery of an acquisition, merger, transfer, trade or sale in which the infrastructure and customer base of a network move from one organization to another organization, but, the applicable IP resources are not transferred. In this case, the organization retaining the IP resources must be reviewed. The organization receiving the customers may also be reviewed at the discretion of the ARIN staff. b. Upon receipt by ARIN of one or more credible reports of fraud or abuse of an IP address block. Abuse shall be defined as use of the block in violation of the RSA or other ARIN policies and shall not extend to include general reports of host conduct which are not within ARIN's scope. While fraud is outlined here: https://www.arin.net/resources/fraud/index.html Version 1.2 - 18 November 2009 This reporting process is to be used to notify ARIN of suspected Internet number resource abuse including the submission of falsified utilization or organization information, unauthorized changes to data in ARIN's WHOIS, hijacking of number resources in ARIN's database, or fraudulent transfers. This reporting process is NOT for reporting illegal or fraudulent Internet activity like network abuse, phishing, spam, identity theft, hacking, scams, or any other activity unrelated to the scope of ARIN's mission. ---- so fraud, from ARINs perspective seems to be: - submitting falsified untilization or org info - unauthorized changes to the data in ARINs whois - hijacking number resources in ARINs database - fraudulent transfers a kewpie doll for the first one to point out the circular dependencies! :) --bill