While its certainly wrongb to steal IPs like this, some of the blame must go to the RIRs. They should be repo-ing this space. I realize they engage in much handwrining over their "lack of authority", but authority to route address space is, for all intents and purposes, given by those who actually do the routing. Furthermore, ARIN has a large warchest for defending against legal challenges. ARIN needs to repo any space that has been advertised for a reasonable length of time, and reissue it. - Dan On Mon, 28 Apr 2003, Kai Schlichting wrote:
On 4/28/2003 at 9:32 AM, billmojo@australia.edu wrote:
Our client wants to purchase a number of IPv4 addresses. Yes we know ARIN allocates them but many people have had problems routing the new addresses and we don't have the time for those sort of problems.
<sarcasm on>
Why settle for a few /24's, when you can have the whole enchilada for pennys on the dollar!
http://spamhaus.org/sbl/listings.lasso?isp=arin
Like many of our convicted felons^W^Wfriends in the criminal trespassing^Wemail business, the new strategy to help yourself to a few /16's without stupid questions being asked is now:
- scan the routing tables for /16-size holes in space that has been assigned in the timeframe 1989 through 1995. - determine if said "hole" is registered with any relevant address space registry (ARIN,RIPE,APNIC, but LACNIC need not apply), and the space is not routed. - determine if all registered POCs for the space are dead by way of the domains having expired - spend less than $10 to re-register the "missing" domains, using the original contact details (and persons) still listed in the IP space registration. - eventually change the POCs for the address space to your liking - voila. substantially more IP space than you wanted in the first place. - slice & dice, and sell the space in /20 chunks to those highest-bidding Florida state-prison buddies of yours, many of which have found new ways of making a living without tipping the hands of their parole officers (in way too obvious ways). Gee, don't you love Florida: all you can expect there for, say: a cocaine trafficking charge is parole after 14 months served out of your 3-year-sentence. And carrying drivers licenses is optional, the same seems to be true for gun permits. - find yourself some nice, conspiring providers like AS 6453, 14551, 6939 or 10910 who will find nothing (or hardly anything, given the lack of abuse complaints implicating the space) wrong by you (for example) announcing IP space belonging to a german steel mill from some god- forgotten swamp in Panama. Like: that steel mill must have moved, yeah.
</sarcasm>
Makes you wonder how some providers' (paging AS 10910!) business due diligence process works: they do a credit check, pull the D&B report, they confirm the service address (occasionally with a visit by a sales person), but then fail to notice that the prefix filter installed for the customer has a few /16's and more /19's from a few other /16's in it, where the address space registration bears no resemblance with reality, following the pattern in the point list above, and has little if any legitimacy that you and I could possibly see.
I am sure you can figure out the likely operational impact resulting from appearance of hijacked/stolen IP space just about now. AS 16506 is routing VPN tunnel endpoints for Al-Qaeda, you said? you surely must be joking, or it's a really bad rumor not reflecting reality, Sir...
bye,Kai