(I hate to step into the pond, but...) On Thu, Aug 15, 2019 at 8:02 AM John Curran <jcurran@arin.net> wrote:
On 14 Aug 2019, at 11:16 PM, Ronald F. Guilmette <rfg@tristatelogic.com> wrote:
Report it on some webpage and call it "Internet Resources stolen", document every incident as you do via email, send a copy to the appropriate RIR and upstream ISP allowing the hijack in question to show that you did the appropriate effort and we can then move on.
I can and will stop posting here, and go off an blog about this stuff instead, if the consensus is that I'm utterly off-topic or utterly uninteresting and useless. But a few folks have told me they find this stuff interesting, and it has operational significance, I think. So for now, at least, I'd like to continue to share here.
As regards to reporting to RIRs or upstreams, what makes you think that either of those would care one wit? The RIRs are not the Internet Police, or so I am told.
Good morning Ron –
The RIRs are not the Internet Police, but we do care very much about the integrity of the Internet number registry system.
Please report to ARIN any instances of number resource records in the ARIN registry whose organization you believe to be incorrect – while such records are updated only based on appropriate documentation, that doesn’t preclude the use of fraudulent documentation that goes undetected.
There seem to be 2 different (at least) classes of thing Ron's noting here: 1) an aggregate (an ALLOCATION in RIR resource divying-up parlance) with (perhaps) bad data showing in WHOIS: 216.179.128.0/17 2) a subnet (an ASSIGNMENT in IR resource divying-up parlance) with bad data showing in WHOIS: 216.179.183.0/24 How data gets into the WHOIS system here is mechanically the same, but the control ARIN (or any RIR) can exert is drastically different. During the process of ALLOCATION from the RIR to an LIR (or end-site) there is some process which includes validating "who" and "where" and such, which John (and a few others) have outlined. During the ASSIGNMENT from LIR -> customer / end-site the LIR is solely (well.. mostly, yes the LIR can create and ORG and permit the Customer the ability to send SWIP updates....) in control of what data ends up in the WHOIS. ARIN (for example) has no real say in the records for ASSIGNMENTS. They could, I suppose, do something ... but that seems a lot like drinking from a firehose without any real ability on the part of ARIN (for instance) to validate anything in the inbound data :( -chris