On Oct 1, 2010, at 5:22 AM, Ronald F. Guilmette wrote:
Nope! Apparently, ARIN's fraud reporting form is only to be used for reporting cases where somebody has fiddled one of ARIN's whois records in a fradulent way. If somebody just waltzes in and starts announcing a bunch of routes to a bunch of hijacked IP space from a hijacked ASN (or two, or three) ARIN doesn't want to hear about it.
Ron - You note the following:
They could say, to everyone involved, and to the community as a whole, ``This ain't right. *We* maintain the official allocation records. In most cases, *we* made the allocations, and that guy should NOT be announcing routes to that IP space, and he shouldn't be announcing anything at all via that AS number, because these things ain't his.''
At present, ARIN doesn't review the routing of address space to see if an allocation made to party is being announced by another party.
From your emails, I'm guess that you'd like ARIN to do so.
I've run several several ISPs and a hosting firm, and I'm not quite sure how ARIN can definitively know that any of the AS#'s involved should or should not be routing a given network block. There are some heuristics that will suggest something is "fishy" about use of a network block, but are you actually suggesting that ARIN would revoke resources as a result of that?
In those rare cases where the perp is considerate enough to ALSO fiddle the relevant WHOIS records in some fradulent way, THEN (apparently) ARIN will get involved, but only to the extent of re-jiggering the WHOIS record(s). Once that's been done, they will happily leave the perp to announce all of the fradulent routes and hijacked space he wants, in perpetuity.
Correct. We will revoke the address space, but I'm uncertain what else you suggest we do... could you elaborate here? /John John Curran President and CEO ARIN