This is more or less the situation we're in. We contacted the customer and they informed us the matter is in dispute with the RIR and that their customer (the assignee) is in the process of resolving the issue. We have to allow them time to accomplish this. I've asked for additional information to help us understand the nature of the dispute. In that time we received another request to stop announcing the prefix(s) in addition to a new set of prefixes, and a threat to contact our upstream providers as well as ARIN - which is not the RIR the disputed resources are allocated to. This is a new(er) customer, so there is some merit to dropping the prefix and letting them sort it out based on the current RIR contact(s). However, there is obvious concern over customer service and dropping such a large block of IPs. I'm definitely leaning toward "let the customer (or customer's customer) and the RIR sort it out" if the POC validates the request weighed responsibly against customer age. However, from a customer service perspective, I think we owe it to our customers to make sure a request is legitimate before we knock them offline. With a limited toolset to validate that information, I can't help but feel conflicted. I appreciate all the feedback this thread has generated so far! -----Original Message----- From: NANOG [mailto:nanog-bounces@nanog.org] On Behalf Of Naslund, Steve Sent: Tuesday, March 13, 2018 8:27 AM To: nanog@nanog.org Subject: RE: Proof of ownership; when someone demands you remove a prefix Yes, absolutely go with the RIR. Only thing I might adjust it whether I let the customer launch a dispute with the RIR before or after I make the change and to me that would depend on the preponderance of the evidence either way. I might give the long term customer the reasonable doubt. A new customer with a new advertisement not so much. Talk to your legal people of course but I would think if the RIR could verify a dispute in progress, you are covered until the dispute is resolved. Seems legally reasonable to me and shows due diligence on your part without you getting in the middle. Steven Naslund Chicago IL
Hi Sean,
There is a definitive technical means. It's called contact the POC published in WHOIS by the RIR and ask. It isn't flawless and you don't have to like >it, but there it is.
If you contacted the POC and the POC replied stop, you stop. If the POC was hijacked at the RIR, that's between your customer and the RIR. The RIR has a standard process and an expert team for dealing with these situations. It's their job.
Regards, Bill Herrin