On Oct 2, 2010, at 7:59 PM, James Hess wrote:
So, I wonder why only ARIN itself is singled out.. Have other RIRs found something much better to do with fraud reports? This matters, because scammers can concentrate on whichever IP blocks are easiest to hijack.
The reason: approximately 15000 legacy address blocks which ARIN become the successor registry for at its formation, many of which hadn't been updated since they were allocated. In the other regions, there are significantly fewer early allocations where the holders haven't also involved ongoing in the combined registry/operator forum in the region. Two particular quicks of this region is that the registry is not combined with the operator forum, and many of the assignments from the earliest days of the Internet are in this region, made with minimal documentation, and were often forgotten or never put into publicly routed use... Ergo, when a party appears and says that they'd like to update the contacts on their WHOIS record, and we see an organization which exists back to the original allocation, it is fairly straightforward to make it happen and know that we're not facilitating a hijacking. For this reason, legacy holders are allowed to change anything except the organization name without requiring documentation. It gets more challenging when you instead have a different organization name XYX, which states it is the rightful holder of NET-ABC123 because it acquired JKL company which in theory had earlier bought the right piece of company ABC which is now defunct but never updated any of IP records post business deal, and no one from ABC or JKL can be found and the public records may indeed show that JKL bought some part of ABC but most assuredly don't say anything about networks or as#'s... Circumstances such as the aformentioned are regretfully the rule, not the exception. (As an aside, I'll note that we do also look at the historical routing of the address block, since that provides some insight which often can corroborate an otherwise weak documentary record.) Now, we really want folks to come in and update their records but when it comes to updating the actual organization name for an address block, we either need to hold the line on legal/commercial documents (which reduces hijacking but almost sends some legitimate but underdocumented legacy folks away) or we can simply have folks attest to their view of reality and update the records accordingly (which will get us much more current Whois records but with "current" not necessarily implying any more accurate records...) This is *your* (the collective "your") WHOIS database, and ARIN will administer it per any policy which adopted by the community. /John John Curran President and CEO ARIN P.S. I will note that we fully have the potential to recreate this problem in IPv6 if we're not careful, and establishing some very clear record keeping requirements for IPv6 with both RIRs and ISPs/LIRs is going to be very important if we ever hope to determine the party using a given IPv6 block in just a few short years...