So ARIN put up on their web site this fancy schmancy web form that allows a person to report fraud relating to ARIN number resources. Here's what the introduction to that page says, exactly as it appears on ARIN's web site: This reporting process is to be used to notify ARIN of suspected Internet number resource abuse including the submission of falsified utilization or organization information, unauthorized changes to data in ARIN's WHOIS, hijacking of number resources in ARIN's database, or fraudulent transfers. Well, that's what it says anyway. And being naive, I actually believed that the folks at ARIN might actually give a rat's ass about all these kinds of fraud that they have enumerated above. Boy was I wrong! I just received the response attached below to one of my earlier reports using that form. And I gotta tell you, its an eye opener. Apparently the fine folks at ARIN, clever bureaucrats that they are, have subtly but substantially redefined the specific kinds of ``fraud'' they care to hear about and/or investigate, so that contrary to the above, mere hijacking of ASes or IP blocks isn't actually something that they want to hear about, much less DO anything about. Nope! Apparently, ARIN's fraud reporting form is only to be used for reporting cases where somebody has fiddled one of ARIN's whois records in a fradulent way. If somebody just waltzes in and starts announcing a bunch of routes to a bunch of hijacked IP space from a hijacked ASN (or two, or three) ARIN doesn't want to hear about it. In those rare cases where the perp is considerate enough to ALSO fiddle the relevant WHOIS records in some fradulent way, THEN (apparently) ARIN will get involved, but only to the extent of re-jiggering the WHOIS record(s). Once that's been done, they will happily leave the perp to announce all of the fradulent routes and hijacked space he wants, in perpetuity. Apparently, they consider the hijacking itself as being totally out of their charter to even look at or investigate. ONLY if a WHOIS record has been fiddled will they give a damn, and then the only one thing they will give a damn about will be the WHOIS record... and the rest of the net can go to hell, because hay! Not our problem man! Now I _know_ full well that by posting this rant here, the usual assortment of knuckle-walker throwbacks who still yearn for the wonderful rule-less frontier every-man-for-himself-and-no-sherrifs fun filled days of the old 20th Century Internet, will pipe up immediately and say `Good! Goddammit we don't want no steekin' ARIN to be ``policing'' anything at all. F**k that! Total anarchy is the best of all possible systems.' You know what? I don't care. Let them come. Let them lumber around and scream and pound their fists and try to tell me that because *I* didn't get onto the Internet until 1983 (or because their router can beat up my router) that they somehow magically outrank me, and that their opinions are God and mine are worthless. That's quite obviously horse shit. How do you have a pecking order anyway in a self-avowed anarchy? Sorry, no. The two are not compatible. I've got as much right to an opinion as you do. And until proved otherwise, mine is as valid as your's. And my opinion is that this sucks. ARIN's attitude sucks. And they are apparently redefining the word ``fraud'' in a way that will insure that they will have to do minimal work, and that they'll never ever have to do anything that might be ``hard'' in the sense of possibly being the lest bit contro- versial, you know, like telling some hijacker ``Stop doing that.'' Yes, I'm sure that there are a lot of people here who will pipe up and say that it's just wonderful that ARIN is useless and that ARIN will do nothing. Their anachronistic anarchist philosophy is not a philosophy. It's merely an abdication of responsibility, and should be seen as such. It is just a lazy man's way of avoiding having to think about how a society should be organized. It is the coward's way of avoiding making rules that some members of the group might find controversial. On the net, hijacking of IP space is just about the deepest kind of violation of the commonly accepted rules of how to behave in this shared space that I can imagine. And now, the people who _issue_ the IP space assignments say that they don't care to _police_ the very assignments that they themselves have made! Well then what's the bleeping point of even having them or their whole bloody allocation system then? I say let's disband the Federal Reserve *and* ARIN, because they are all just a bunch of useless bureaucrats at this point who are serving nobody other than themselves. If we are going to have anarchy, then bring it on! Let's not have this half-assed sort of anarchy that we have now. Let's have the real thing! I'm going out tomorrow and I'm going to buy me the biggest router than I can afford. Then I'm going to get it colocated someplace, and then I'm going to start announcing all the routes I feel like, and nobody will do shit about it... because its not their job man! And some people still wonder why this planet is so f**ked up. Geeezzz. Regards, rfg P.S. It ain't as if I'm either asking or expecting anybody from ARIN to take a plane out to that place where the hunters shot down that cable, or some exchange point in Bumf**k, Idaho, and with guns drawn, physically pull the wire out of the socket. No. I'm *not* asking for that kind of ``policing''. But Christ! They could at least take a position, instead of simply standing around with their hands in their pockets. Is that really too much to ask? They could say, to everyone involved, and to the community as a whole, ``This ain't right. *We* maintain the official allocation records. In most cases, *we* made the allocations, and that guy should NOT be announcing routes to that IP space, and he shouldn't be announcing anything at all via that AS number, because these things ain't his.'' That's all. I'd just like to see them maybe take a postion. I'm quite sure that ARIN corporate counsel has advised them to never take a position on anything... kind-of like Minister Hacker in "Yes, Minister", who often hoped that the government could have NO position on anything the least bit controversial...except with respect to things that might erode their own power, you know, like the position that IP addresses are not property, which they try desperately to maintain (against all obvious facts to the contrary) as a way of keeping courts out of the business of saying who gets what, so that they can maintain their own total and absolute sovereignty over this shit, with no annoying judges to get in their way. But you know, if they won't even take a position on a bloody blatant hijacking by low life spammer slugs and/or by others who the spammers have paid Big Bucks to, to steal the space for them, they really, like I said, what's the point of even having an allocation ``authority''? (And obviously, I am using that term very very loosely here, because they clearly only care to use their ``authority'' when it makes everybody happy, and won't use it at all when it might make even one lone spammer/hijacker sad. If there is a better definition of cowardice and abdication, I don't know what it is.) ------- Forwarded Message Replied: Fri, 01 Oct 2010 00:49:08 -0700 Replied: hostmaster@arin.net Return-Path: hostmaster@arin.net Delivery-Date: Thu Sep 30 08:30:13 2010 Return-Path: <hostmaster@arin.net> X-Original-To: rfg@tristatelogic.com Delivered-To: rfg@tristatelogic.com Received: from smtp1.arin.net (smtp1.arin.net [192.149.252.33]) by segfault.tristatelogic.com (Postfix) with ESMTP id 389DDBDC34 for <rfg@tristatelogic.com>; Thu, 30 Sep 2010 08:30:13 -0700 (PDT) Received: by smtp1.arin.net (Postfix, from userid 323) id 89AD4165331; Thu, 30 Sep 2010 11:30:07 -0400 (EDT) X-Spam-Checker-Version: SpamAssassin 3.2.5-arin1 (2008-06-10) on smtp1.arin.net X-Spam-Level: X-Spam-Status: No, score=-144.2 required=5.0 tests=AWL,BAYES_00, FH_DATE_PAST_20XX,USER_IN_WHITELIST autolearn=no version=3.2.5-arin1 Received: from pgp.arin.net (pgp.arin.net [192.136.136.159]) by smtp1.arin.net (Postfix) with ESMTP id 5F592165324 for <rfg@tristatelogic.com>; Thu, 30 Sep 2010 11:30:07 -0400 (EDT) Received: by pgp.arin.net (Postfix, from userid 688) id 37E9F1A8069; Thu, 30 Sep 2010 11:30:07 -0400 (EDT) Received: from shell.arin.net (shell.arin.net [192.136.136.149]) by pgp.arin.net (Postfix) with ESMTP id AD3C81A8103 for <rfg@tristatelogic.com>; Thu, 30 Sep 2010 11:30:06 -0400 (EDT) Received: by shell.arin.net (Postfix, from userid 2006) id C6F5D8059; Thu, 30 Sep 2010 11:30:06 -0400 (EDT) Received: from localhost (localhost [127.0.0.1]) by shell.arin.net (Postfix) with ESMTP id C5B0A8058; Thu, 30 Sep 2010 11:30:06 -0400 (EDT) Date: Thu, 30 Sep 2010 11:30:06 -0400 (EDT) From: hostmaster@arin.net X-X-Sender: jonw@shell.arin.net To: rfg@tristatelogic.com Subject: Re: [ARIN-20100928-F683] Fraud Report Confirmed In-Reply-To: <mailbox-17204-1285704731-754558@shell.arin.net> Message-ID: <Pine.LNX.4.64.1009301126150.20077@shell.arin.net> References: <mailbox-17204-1285704731-754558@shell.arin.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello, Thanks for your report.
AS11296 appears to have been hijacked.
Separately and additionally, all of the IPv4 blocks currently being announced by AS11296 appear to have been hijacked also:
63.247.160.0/19 199.241.64.0/19 206.226.64.0/24 206.226.65.0/24 206.226.66.0/24 206.226.67.0/24 206.226.68.0/24 206.226.69.0/24 206.226.70.0/24 206.226.71.0/24 206.226.72.0/24 206.226.73.0/24 206.226.74.0/24 206.226.75.0/24 206.226.76.0/24 206.226.77.0/24 206.226.78.0/24 206.226.79.0/24 206.226.96.0/19
We've looked through these records and can't find any unauthorized changes. Do you have any further details regarding unauthorized changes to ARIN's Whois data? If not, we can't take action. We can investigate fraudulent changes to registration data, but we can't investigate fraudulent activity related to use of numbering resources (e.g. routing of resources by someone other than the registrant). If you have any further questions, comments, or concerns please respond to this message or contact me directly. Regards, Jon Worley Senior Resource Analyst ARIN Registration Services https://www.arin.net/ hostmaster@arin.net 703.227.0660 Are you ready for IPv6? For information on transitioning to IPv6, see: https://www.arin.net/knowledge/about_resources/v6/v6.html - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) iD8DBQFMpKz/ZKymzxl/LaURAvVuAJsFT6DZxoZ5O13SDRKWK6Lkz1yusgCdFt01 aMTBE0O/ucnRx+8rk8+QbEE= =qqf5 - -----END PGP SIGNATURE----- ------- End of Forwarded Message