ARIN Fraud Reporting Form ... Don't waste your time
So ARIN put up on their web site this fancy schmancy web form that allows a person to report fraud relating to ARIN number resources. Here's what the introduction to that page says, exactly as it appears on ARIN's web site: This reporting process is to be used to notify ARIN of suspected Internet number resource abuse including the submission of falsified utilization or organization information, unauthorized changes to data in ARIN's WHOIS, hijacking of number resources in ARIN's database, or fraudulent transfers. Well, that's what it says anyway. And being naive, I actually believed that the folks at ARIN might actually give a rat's ass about all these kinds of fraud that they have enumerated above. Boy was I wrong! I just received the response attached below to one of my earlier reports using that form. And I gotta tell you, its an eye opener. Apparently the fine folks at ARIN, clever bureaucrats that they are, have subtly but substantially redefined the specific kinds of ``fraud'' they care to hear about and/or investigate, so that contrary to the above, mere hijacking of ASes or IP blocks isn't actually something that they want to hear about, much less DO anything about. Nope! Apparently, ARIN's fraud reporting form is only to be used for reporting cases where somebody has fiddled one of ARIN's whois records in a fradulent way. If somebody just waltzes in and starts announcing a bunch of routes to a bunch of hijacked IP space from a hijacked ASN (or two, or three) ARIN doesn't want to hear about it. In those rare cases where the perp is considerate enough to ALSO fiddle the relevant WHOIS records in some fradulent way, THEN (apparently) ARIN will get involved, but only to the extent of re-jiggering the WHOIS record(s). Once that's been done, they will happily leave the perp to announce all of the fradulent routes and hijacked space he wants, in perpetuity. Apparently, they consider the hijacking itself as being totally out of their charter to even look at or investigate. ONLY if a WHOIS record has been fiddled will they give a damn, and then the only one thing they will give a damn about will be the WHOIS record... and the rest of the net can go to hell, because hay! Not our problem man! Now I _know_ full well that by posting this rant here, the usual assortment of knuckle-walker throwbacks who still yearn for the wonderful rule-less frontier every-man-for-himself-and-no-sherrifs fun filled days of the old 20th Century Internet, will pipe up immediately and say `Good! Goddammit we don't want no steekin' ARIN to be ``policing'' anything at all. F**k that! Total anarchy is the best of all possible systems.' You know what? I don't care. Let them come. Let them lumber around and scream and pound their fists and try to tell me that because *I* didn't get onto the Internet until 1983 (or because their router can beat up my router) that they somehow magically outrank me, and that their opinions are God and mine are worthless. That's quite obviously horse shit. How do you have a pecking order anyway in a self-avowed anarchy? Sorry, no. The two are not compatible. I've got as much right to an opinion as you do. And until proved otherwise, mine is as valid as your's. And my opinion is that this sucks. ARIN's attitude sucks. And they are apparently redefining the word ``fraud'' in a way that will insure that they will have to do minimal work, and that they'll never ever have to do anything that might be ``hard'' in the sense of possibly being the lest bit contro- versial, you know, like telling some hijacker ``Stop doing that.'' Yes, I'm sure that there are a lot of people here who will pipe up and say that it's just wonderful that ARIN is useless and that ARIN will do nothing. Their anachronistic anarchist philosophy is not a philosophy. It's merely an abdication of responsibility, and should be seen as such. It is just a lazy man's way of avoiding having to think about how a society should be organized. It is the coward's way of avoiding making rules that some members of the group might find controversial. On the net, hijacking of IP space is just about the deepest kind of violation of the commonly accepted rules of how to behave in this shared space that I can imagine. And now, the people who _issue_ the IP space assignments say that they don't care to _police_ the very assignments that they themselves have made! Well then what's the bleeping point of even having them or their whole bloody allocation system then? I say let's disband the Federal Reserve *and* ARIN, because they are all just a bunch of useless bureaucrats at this point who are serving nobody other than themselves. If we are going to have anarchy, then bring it on! Let's not have this half-assed sort of anarchy that we have now. Let's have the real thing! I'm going out tomorrow and I'm going to buy me the biggest router than I can afford. Then I'm going to get it colocated someplace, and then I'm going to start announcing all the routes I feel like, and nobody will do shit about it... because its not their job man! And some people still wonder why this planet is so f**ked up. Geeezzz. Regards, rfg P.S. It ain't as if I'm either asking or expecting anybody from ARIN to take a plane out to that place where the hunters shot down that cable, or some exchange point in Bumf**k, Idaho, and with guns drawn, physically pull the wire out of the socket. No. I'm *not* asking for that kind of ``policing''. But Christ! They could at least take a position, instead of simply standing around with their hands in their pockets. Is that really too much to ask? They could say, to everyone involved, and to the community as a whole, ``This ain't right. *We* maintain the official allocation records. In most cases, *we* made the allocations, and that guy should NOT be announcing routes to that IP space, and he shouldn't be announcing anything at all via that AS number, because these things ain't his.'' That's all. I'd just like to see them maybe take a postion. I'm quite sure that ARIN corporate counsel has advised them to never take a position on anything... kind-of like Minister Hacker in "Yes, Minister", who often hoped that the government could have NO position on anything the least bit controversial...except with respect to things that might erode their own power, you know, like the position that IP addresses are not property, which they try desperately to maintain (against all obvious facts to the contrary) as a way of keeping courts out of the business of saying who gets what, so that they can maintain their own total and absolute sovereignty over this shit, with no annoying judges to get in their way. But you know, if they won't even take a position on a bloody blatant hijacking by low life spammer slugs and/or by others who the spammers have paid Big Bucks to, to steal the space for them, they really, like I said, what's the point of even having an allocation ``authority''? (And obviously, I am using that term very very loosely here, because they clearly only care to use their ``authority'' when it makes everybody happy, and won't use it at all when it might make even one lone spammer/hijacker sad. If there is a better definition of cowardice and abdication, I don't know what it is.) ------- Forwarded Message Replied: Fri, 01 Oct 2010 00:49:08 -0700 Replied: hostmaster@arin.net Return-Path: hostmaster@arin.net Delivery-Date: Thu Sep 30 08:30:13 2010 Return-Path: <hostmaster@arin.net> X-Original-To: rfg@tristatelogic.com Delivered-To: rfg@tristatelogic.com Received: from smtp1.arin.net (smtp1.arin.net [192.149.252.33]) by segfault.tristatelogic.com (Postfix) with ESMTP id 389DDBDC34 for <rfg@tristatelogic.com>; Thu, 30 Sep 2010 08:30:13 -0700 (PDT) Received: by smtp1.arin.net (Postfix, from userid 323) id 89AD4165331; Thu, 30 Sep 2010 11:30:07 -0400 (EDT) X-Spam-Checker-Version: SpamAssassin 3.2.5-arin1 (2008-06-10) on smtp1.arin.net X-Spam-Level: X-Spam-Status: No, score=-144.2 required=5.0 tests=AWL,BAYES_00, FH_DATE_PAST_20XX,USER_IN_WHITELIST autolearn=no version=3.2.5-arin1 Received: from pgp.arin.net (pgp.arin.net [192.136.136.159]) by smtp1.arin.net (Postfix) with ESMTP id 5F592165324 for <rfg@tristatelogic.com>; Thu, 30 Sep 2010 11:30:07 -0400 (EDT) Received: by pgp.arin.net (Postfix, from userid 688) id 37E9F1A8069; Thu, 30 Sep 2010 11:30:07 -0400 (EDT) Received: from shell.arin.net (shell.arin.net [192.136.136.149]) by pgp.arin.net (Postfix) with ESMTP id AD3C81A8103 for <rfg@tristatelogic.com>; Thu, 30 Sep 2010 11:30:06 -0400 (EDT) Received: by shell.arin.net (Postfix, from userid 2006) id C6F5D8059; Thu, 30 Sep 2010 11:30:06 -0400 (EDT) Received: from localhost (localhost [127.0.0.1]) by shell.arin.net (Postfix) with ESMTP id C5B0A8058; Thu, 30 Sep 2010 11:30:06 -0400 (EDT) Date: Thu, 30 Sep 2010 11:30:06 -0400 (EDT) From: hostmaster@arin.net X-X-Sender: jonw@shell.arin.net To: rfg@tristatelogic.com Subject: Re: [ARIN-20100928-F683] Fraud Report Confirmed In-Reply-To: <mailbox-17204-1285704731-754558@shell.arin.net> Message-ID: <Pine.LNX.4.64.1009301126150.20077@shell.arin.net> References: <mailbox-17204-1285704731-754558@shell.arin.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello, Thanks for your report.
AS11296 appears to have been hijacked.
Separately and additionally, all of the IPv4 blocks currently being announced by AS11296 appear to have been hijacked also:
63.247.160.0/19 199.241.64.0/19 206.226.64.0/24 206.226.65.0/24 206.226.66.0/24 206.226.67.0/24 206.226.68.0/24 206.226.69.0/24 206.226.70.0/24 206.226.71.0/24 206.226.72.0/24 206.226.73.0/24 206.226.74.0/24 206.226.75.0/24 206.226.76.0/24 206.226.77.0/24 206.226.78.0/24 206.226.79.0/24 206.226.96.0/19
We've looked through these records and can't find any unauthorized changes. Do you have any further details regarding unauthorized changes to ARIN's Whois data? If not, we can't take action. We can investigate fraudulent changes to registration data, but we can't investigate fraudulent activity related to use of numbering resources (e.g. routing of resources by someone other than the registrant). If you have any further questions, comments, or concerns please respond to this message or contact me directly. Regards, Jon Worley Senior Resource Analyst ARIN Registration Services https://www.arin.net/ hostmaster@arin.net 703.227.0660 Are you ready for IPv6? For information on transitioning to IPv6, see: https://www.arin.net/knowledge/about_resources/v6/v6.html - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) iD8DBQFMpKz/ZKymzxl/LaURAvVuAJsFT6DZxoZ5O13SDRKWK6Lkz1yusgCdFt01 aMTBE0O/ucnRx+8rk8+QbEE= =qqf5 - -----END PGP SIGNATURE----- ------- End of Forwarded Message
Ronald, It's not so much a matter of whether ARIN cares or whether ARIN wants to do something about your issue. It's more a matter of whether ARIN is empowered to do anything at all about your issue. ARIN is a registry. They don't run routers (outside of a small handfull of them that provide certain ARIN infrastructure). They have no control over BGP, the routing table, or anything that would be able to do anything about your particular brand of issue. What they can do something about is, indeed, things that got into the registry data through fraud, deceit, error, omission, or other unintended mechanism. I'm sorry you're not satisfied with that fact. I'm sorry that you are obviously clearly very upset by this experience. However, I think your issue stems from a fundamental misunderstanding of the role ARIN plays in the community vs. that of the ISPs. It's kind of like asking a DMV representative to arrest an auto thief. ARIN does registrations. They aren't the internet police. Owen On Oct 1, 2010, at 2:22 AM, Ronald F. Guilmette wrote:
So ARIN put up on their web site this fancy schmancy web form that allows a person to report fraud relating to ARIN number resources. Here's what the introduction to that page says, exactly as it appears on ARIN's web site:
This reporting process is to be used to notify ARIN of suspected Internet number resource abuse including the submission of falsified utilization or organization information, unauthorized changes to data in ARIN's WHOIS, hijacking of number resources in ARIN's database, or fraudulent transfers.
Well, that's what it says anyway. And being naive, I actually believed that the folks at ARIN might actually give a rat's ass about all these kinds of fraud that they have enumerated above. Boy was I wrong!
I just received the response attached below to one of my earlier reports using that form. And I gotta tell you, its an eye opener.
Apparently the fine folks at ARIN, clever bureaucrats that they are, have subtly but substantially redefined the specific kinds of ``fraud'' they care to hear about and/or investigate, so that contrary to the above, mere hijacking of ASes or IP blocks isn't actually something that they want to hear about, much less DO anything about.
Nope! Apparently, ARIN's fraud reporting form is only to be used for reporting cases where somebody has fiddled one of ARIN's whois records in a fradulent way. If somebody just waltzes in and starts announcing a bunch of routes to a bunch of hijacked IP space from a hijacked ASN (or two, or three) ARIN doesn't want to hear about it. In those rare cases where the perp is considerate enough to ALSO fiddle the relevant WHOIS records in some fradulent way, THEN (apparently) ARIN will get involved, but only to the extent of re-jiggering the WHOIS record(s). Once that's been done, they will happily leave the perp to announce all of the fradulent routes and hijacked space he wants, in perpetuity.
Apparently, they consider the hijacking itself as being totally out of their charter to even look at or investigate. ONLY if a WHOIS record has been fiddled will they give a damn, and then the only one thing they will give a damn about will be the WHOIS record... and the rest of the net can go to hell, because hay! Not our problem man!
Now I _know_ full well that by posting this rant here, the usual assortment of knuckle-walker throwbacks who still yearn for the wonderful rule-less frontier every-man-for-himself-and-no-sherrifs fun filled days of the old 20th Century Internet, will pipe up immediately and say `Good! Goddammit we don't want no steekin' ARIN to be ``policing'' anything at all. F**k that! Total anarchy is the best of all possible systems.'
You know what? I don't care. Let them come. Let them lumber around and scream and pound their fists and try to tell me that because *I* didn't get onto the Internet until 1983 (or because their router can beat up my router) that they somehow magically outrank me, and that their opinions are God and mine are worthless. That's quite obviously horse shit. How do you have a pecking order anyway in a self-avowed anarchy? Sorry, no. The two are not compatible. I've got as much right to an opinion as you do. And until proved otherwise, mine is as valid as your's. And my opinion is that this sucks. ARIN's attitude sucks. And they are apparently redefining the word ``fraud'' in a way that will insure that they will have to do minimal work, and that they'll never ever have to do anything that might be ``hard'' in the sense of possibly being the lest bit contro- versial, you know, like telling some hijacker ``Stop doing that.''
Yes, I'm sure that there are a lot of people here who will pipe up and say that it's just wonderful that ARIN is useless and that ARIN will do nothing. Their anachronistic anarchist philosophy is not a philosophy. It's merely an abdication of responsibility, and should be seen as such. It is just a lazy man's way of avoiding having to think about how a society should be organized. It is the coward's way of avoiding making rules that some members of the group might find controversial.
On the net, hijacking of IP space is just about the deepest kind of violation of the commonly accepted rules of how to behave in this shared space that I can imagine. And now, the people who _issue_ the IP space assignments say that they don't care to _police_ the very assignments that they themselves have made! Well then what's the bleeping point of even having them or their whole bloody allocation system then? I say let's disband the Federal Reserve *and* ARIN, because they are all just a bunch of useless bureaucrats at this point who are serving nobody other than themselves. If we are going to have anarchy, then bring it on! Let's not have this half-assed sort of anarchy that we have now. Let's have the real thing! I'm going out tomorrow and I'm going to buy me the biggest router than I can afford. Then I'm going to get it colocated someplace, and then I'm going to start announcing all the routes I feel like, and nobody will do shit about it... because its not their job man!
And some people still wonder why this planet is so f**ked up. Geeezzz.
Regards, rfg
P.S. It ain't as if I'm either asking or expecting anybody from ARIN to take a plane out to that place where the hunters shot down that cable, or some exchange point in Bumf**k, Idaho, and with guns drawn, physically pull the wire out of the socket. No. I'm *not* asking for that kind of ``policing''. But Christ! They could at least take a position, instead of simply standing around with their hands in their pockets. Is that really too much to ask? They could say, to everyone involved, and to the community as a whole, ``This ain't right. *We* maintain the official allocation records. In most cases, *we* made the allocations, and that guy should NOT be announcing routes to that IP space, and he shouldn't be announcing anything at all via that AS number, because these things ain't his.''
That's all. I'd just like to see them maybe take a postion. I'm quite sure that ARIN corporate counsel has advised them to never take a position on anything... kind-of like Minister Hacker in "Yes, Minister", who often hoped that the government could have NO position on anything the least bit controversial...except with respect to things that might erode their own power, you know, like the position that IP addresses are not property, which they try desperately to maintain (against all obvious facts to the contrary) as a way of keeping courts out of the business of saying who gets what, so that they can maintain their own total and absolute sovereignty over this shit, with no annoying judges to get in their way. But you know, if they won't even take a position on a bloody blatant hijacking by low life spammer slugs and/or by others who the spammers have paid Big Bucks to, to steal the space for them, they really, like I said, what's the point of even having an allocation ``authority''? (And obviously, I am using that term very very loosely here, because they clearly only care to use their ``authority'' when it makes everybody happy, and won't use it at all when it might make even one lone spammer/hijacker sad. If there is a better definition of cowardice and abdication, I don't know what it is.)
------- Forwarded Message
Replied: Fri, 01 Oct 2010 00:49:08 -0700 Replied: hostmaster@arin.net Return-Path: hostmaster@arin.net Delivery-Date: Thu Sep 30 08:30:13 2010 Return-Path: <hostmaster@arin.net> X-Original-To: rfg@tristatelogic.com Delivered-To: rfg@tristatelogic.com Received: from smtp1.arin.net (smtp1.arin.net [192.149.252.33]) by segfault.tristatelogic.com (Postfix) with ESMTP id 389DDBDC34 for <rfg@tristatelogic.com>; Thu, 30 Sep 2010 08:30:13 -0700 (PDT) Received: by smtp1.arin.net (Postfix, from userid 323) id 89AD4165331; Thu, 30 Sep 2010 11:30:07 -0400 (EDT) X-Spam-Checker-Version: SpamAssassin 3.2.5-arin1 (2008-06-10) on smtp1.arin.net X-Spam-Level: X-Spam-Status: No, score=-144.2 required=5.0 tests=AWL,BAYES_00, FH_DATE_PAST_20XX,USER_IN_WHITELIST autolearn=no version=3.2.5-arin1 Received: from pgp.arin.net (pgp.arin.net [192.136.136.159]) by smtp1.arin.net (Postfix) with ESMTP id 5F592165324 for <rfg@tristatelogic.com>; Thu, 30 Sep 2010 11:30:07 -0400 (EDT) Received: by pgp.arin.net (Postfix, from userid 688) id 37E9F1A8069; Thu, 30 Sep 2010 11:30:07 -0400 (EDT) Received: from shell.arin.net (shell.arin.net [192.136.136.149]) by pgp.arin.net (Postfix) with ESMTP id AD3C81A8103 for <rfg@tristatelogic.com>; Thu, 30 Sep 2010 11:30:06 -0400 (EDT) Received: by shell.arin.net (Postfix, from userid 2006) id C6F5D8059; Thu, 30 Sep 2010 11:30:06 -0400 (EDT) Received: from localhost (localhost [127.0.0.1]) by shell.arin.net (Postfix) with ESMTP id C5B0A8058; Thu, 30 Sep 2010 11:30:06 -0400 (EDT) Date: Thu, 30 Sep 2010 11:30:06 -0400 (EDT) From: hostmaster@arin.net X-X-Sender: jonw@shell.arin.net To: rfg@tristatelogic.com Subject: Re: [ARIN-20100928-F683] Fraud Report Confirmed In-Reply-To: <mailbox-17204-1285704731-754558@shell.arin.net> Message-ID: <Pine.LNX.4.64.1009301126150.20077@shell.arin.net> References: <mailbox-17204-1285704731-754558@shell.arin.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Hello,
Thanks for your report.
AS11296 appears to have been hijacked.
Separately and additionally, all of the IPv4 blocks currently being announced by AS11296 appear to have been hijacked also:
63.247.160.0/19 199.241.64.0/19 206.226.64.0/24 206.226.65.0/24 206.226.66.0/24 206.226.67.0/24 206.226.68.0/24 206.226.69.0/24 206.226.70.0/24 206.226.71.0/24 206.226.72.0/24 206.226.73.0/24 206.226.74.0/24 206.226.75.0/24 206.226.76.0/24 206.226.77.0/24 206.226.78.0/24 206.226.79.0/24 206.226.96.0/19
We've looked through these records and can't find any unauthorized changes. Do you have any further details regarding unauthorized changes to ARIN's Whois data? If not, we can't take action. We can investigate fraudulent changes to registration data, but we can't investigate fraudulent activity related to use of numbering resources (e.g. routing of resources by someone other than the registrant).
If you have any further questions, comments, or concerns please respond to this message or contact me directly.
Regards,
Jon Worley Senior Resource Analyst ARIN Registration Services https://www.arin.net/ hostmaster@arin.net 703.227.0660
Are you ready for IPv6? For information on transitioning to IPv6, see:
https://www.arin.net/knowledge/about_resources/v6/v6.html - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux)
iD8DBQFMpKz/ZKymzxl/LaURAvVuAJsFT6DZxoZ5O13SDRKWK6Lkz1yusgCdFt01 aMTBE0O/ucnRx+8rk8+QbEE= =qqf5 - -----END PGP SIGNATURE-----
------- End of Forwarded Message
In message <B3543192-FB22-4CDC-84D0-2944EA237464@delong.com>, Owen DeLong <owen@delong.com> wrote:
It's not so much a matter of whether ARIN cares or whether ARIN wants to do something about your issue. It's more a matter of whether ARIN is empowered to do anything at all about your issue.
That is complete and utter horse shit, and you're just dodging the real issue by trying to change the subject. It isn't going to work. People, even people here, may be stupid, but I think that most can recognize sleight of hand when they see it.
I'm sorry you're not satisfied with that fact. I'm sorry that you are = obviously clearly very upset by this experience. However, I think your issue stems from a fundamental misunderstanding of the role ARIN plays in the community vs. that of the ISPs.
No, it doesn't. I think that *your* issue stems from a fundamental inability to read what I wrote.
It's kind of like asking a DMV representative to arrest an auto thief.
No, it's kind of like asking the DMV whether the car belongs to the thief or to someone else. They keep the records for Christ's sake! They *can* take a position on that rudumentary, simple, and basic question, and they should. And that is all I ask or expect them to do. But they don't even want to do that miniscule amount of work, apparently. They want to be the Keeper of the Records, but then they want to roll over and play dead, or ignorant, or agnostic, whenever somebody has the temerrity to simply ask them what the f**king records they are keeping *mean* about who actually owns what. I already said it, but I'll say it again for the benefit of those with low reading comprehension. Nobody is asking ARIN to go out, with guns drawn, and pull the plug themselves. But they can and should take a position on who owns what. That is a judicial function, not a police function. If you don't understand the distinction, then you are dumber than you think I think you are. Regards, rfg
Come one mate, there's no need to be just outright insulting people. Sure everyone disagrees on some things, but still... Lets play out this scenario then. What would you recommend ARIN actually do? I don't mean 'take a stance' or 'have an opinion', but rather what process should in your mind they be following? There are still other avenues. I mentioned in a previous email about IETF or a working group to come up with ideas and methods to combat spam and abuse. If you put as much time into one of them as you do fighting with the spammers directly and ARIN, then you might actually end up solving the problem at the core! I really don't want to drag this anti-spam stuff out. There's been a huge amount of posting these last few days over this (of which I am a culprit also), but I do think its valuable to hit this nail on the head. In other words, perhaps other people on this list are getting a bit fed up with it, so lets just sort it out and quickly..
I sent an abuse complaint to Mr. Curran and the abuse helpdesk about a month or two ago. Took weeks to get an initial response from the helpdesk and i'm not certain they have actually done anything yet. Jeff On Fri, Oct 1, 2010 at 3:58 PM, Heath Jones <hj1980@gmail.com> wrote:
Come one mate, there's no need to be just outright insulting people. Sure everyone disagrees on some things, but still...
Lets play out this scenario then. What would you recommend ARIN actually do? I don't mean 'take a stance' or 'have an opinion', but rather what process should in your mind they be following?
There are still other avenues. I mentioned in a previous email about IETF or a working group to come up with ideas and methods to combat spam and abuse. If you put as much time into one of them as you do fighting with the spammers directly and ARIN, then you might actually end up solving the problem at the core!
I really don't want to drag this anti-spam stuff out. There's been a huge amount of posting these last few days over this (of which I am a culprit also), but I do think its valuable to hit this nail on the head. In other words, perhaps other people on this list are getting a bit fed up with it, so lets just sort it out and quickly..
-- Jeffrey Lyon, Leadership Team jeffrey.lyon@blacklotus.net | http://www.blacklotus.net Black Lotus Communications - AS32421 First and Leading in DDoS Protection Solutions
As to what ARIN can 'do' about addresses that are unused/abandoned and later hijacked... ARIN delegates Reverse DNS for every allocation that they make. Address blocks that are reported, investigated, and determined to be unused/abandoned could be delegated to special ARIN name servers that merely returned the following for any reverse DNS query: z.y.x.w.in-addr.arpa. 172800 IN PTR do.not.accept.anything.from.this.abandoned.address.space This is something that ARIN *could* easily do technically. Admittedly, this would require reporting and investigation that I am uncertain whether or not ARIN is empowered/funded to do. This would also require a process be put in place for removing allocations from the delegation to the unused/abandoned reverse DNS servers... -DM On 10/1/2010 8:20 AM, Jeffrey Lyon wrote:
I sent an abuse complaint to Mr. Curran and the abuse helpdesk about a month or two ago. Took weeks to get an initial response from the helpdesk and i'm not certain they have actually done anything yet.
Jeff
On Fri, Oct 1, 2010 at 3:58 PM, Heath Jones<hj1980@gmail.com> wrote:
Come one mate, there's no need to be just outright insulting people. Sure everyone disagrees on some things, but still...
Lets play out this scenario then. What would you recommend ARIN actually do? I don't mean 'take a stance' or 'have an opinion', but rather what process should in your mind they be following?
There are still other avenues. I mentioned in a previous email about IETF or a working group to come up with ideas and methods to combat spam and abuse. If you put as much time into one of them as you do fighting with the spammers directly and ARIN, then you might actually end up solving the problem at the core!
I really don't want to drag this anti-spam stuff out. There's been a huge amount of posting these last few days over this (of which I am a culprit also), but I do think its valuable to hit this nail on the head. In other words, perhaps other people on this list are getting a bit fed up with it, so lets just sort it out and quickly..
On Fri, Oct 01, 2010 at 08:47:29AM -0400, David Miller wrote:
As to what ARIN can 'do' about addresses that are unused/abandoned and later hijacked...
ARIN delegates Reverse DNS for every allocation that they make. Address blocks that are reported, investigated, and determined to be unused/abandoned could be delegated to special ARIN name servers that merely returned the following for any reverse DNS query:
z.y.x.w.in-addr.arpa. 172800 IN PTR do.not.accept.anything.from.this.abandoned.address.space
This is something that ARIN *could* easily do technically. Admittedly, this would require reporting and investigation that I am uncertain whether or not ARIN is empowered/funded to do. This would also require a process be put in place for removing allocations from the delegation to the unused/abandoned reverse DNS servers...
-DM
Goodness me - I've seen that trick before. Worked for about 15 minutes before I had legal camped out in the office. Pulled it shortly there after. I -think- what you are really after is the (fairly) new rPKI pilot - where there are crypto-keys tied to each delegated prefix. If the keys are valid, then ARIN (or other RIR) has "sanctioned" thier use. No or Bad crypto, then the RIR has some concerns about the resource. the downside to this is that the RIR can effectivey cut off someone who would otherwise be in good standing. Sort of removes a level of independence in network operations. Think of what happens when (due to backhoe-fade, for instance) you -can't- get to the RIR CA to validate your prefix crypto? Do you drop the routes? Or would you prefer a more resilient and robust solution? YMMV here, depending on whom you are willing to trust as both a reputation broker -AND- as the prefix police. The idea is that the crypto is harder to forge. DNS forging is almost as easy as prefix "borrowing". --bill
On 10/1/2010 9:07 AM, bmanning@vacation.karoshi.com wrote:
On Fri, Oct 01, 2010 at 08:47:29AM -0400, David Miller wrote:
As to what ARIN can 'do' about addresses that are unused/abandoned and later hijacked...
ARIN delegates Reverse DNS for every allocation that they make. Address blocks that are reported, investigated, and determined to be unused/abandoned could be delegated to special ARIN name servers that merely returned the following for any reverse DNS query:
z.y.x.w.in-addr.arpa. 172800 IN PTR do.not.accept.anything.from.this.abandoned.address.space
This is something that ARIN *could* easily do technically. Admittedly, this would require reporting and investigation that I am uncertain whether or not ARIN is empowered/funded to do. This would also require a process be put in place for removing allocations from the delegation to the unused/abandoned reverse DNS servers...
-DM
Goodness me - I've seen that trick before. Worked for about 15 minutes before I had legal camped out in the office. Pulled it shortly there after.
I -think- what you are really after is the (fairly) new rPKI pilot - where there are crypto-keys tied to each delegated prefix. If the keys are valid, then ARIN (or other RIR) has "sanctioned" thier use. No or Bad crypto, then the RIR has some concerns about the resource.
the downside to this is that the RIR can effectivey cut off someone who would otherwise be in good standing. Sort of removes a level of independence in network operations. Think of what happens when (due to backhoe-fade, for instance) you -can't- get to the RIR CA to validate your prefix crypto? Do you drop the routes? Or would you prefer a more resilient and robust solution? YMMV here, depending on whom you are willing to trust as both a reputation broker -AND- as the prefix police.
The idea is that the crypto is harder to forge. DNS forging is almost as easy as prefix "borrowing".
--bill
I am not referring to DNS forging or crypto DNS validation or route announcement validation - which are certainly good topics that are worthy of further discussion. I am merely refuting the statement, which I have heard many times in many different forums, that ARIN (or any RIR) makes address allocations and then walks away with no further active involvement in the use of these allocations. This statement is simply not true. These sorts of statements about an RIR having no ability to affect prior allocations are normally formed like: 1) RIRs have no control over the routing table or anything operationally in the path of evil people using IPs. 2) An RIR just makes allocations and then has nothing to do with IPs on a daily basis. 3) An RIR is powerless to affect anything operationally (other than reclaiming allocations) for allocations that have been made in the past. These are all untrue statements. The RIR's reverse DNS servers are queried all day every day for the reverse DNS delegations for every netblock that they allocate. This means that RIRs are, in at least this way, actively operationally involved in the use of the allocations that they make. This also means that an RIR has the technical vector to affect the active present use of the allocations that they have made in the past. From ARIN's Number Resource Policy Manual [ https://www.arin.net/policy/nrpm.html ]: ... 3.6 Annual Whois POC Validation 3.6.1 Method of Annual Verification During ARINs annual Whois POC validation, an e-mail will be sent to every POC in the Whois database. Each POC will have a maximum of 60 days to respond with an affirmative that their Whois contact information is correct and complete. Unresponsive POC email addresses shall be marked as such in the database. If ARIN staff deems a POC to be completely and permanently abandoned or otherwise illegitimate, the POC record shall be marked invalid. ARIN will maintain, and make readily available to the community, a current list of number resources with no valid POC; this data will be subject to the current bulk Whois policy. ... 7. Reverse Mapping 7.1 Maintaining IN-ADDRs All ISPs receiving one or more distinct /16 CIDR blocks of IP addresses from ARIN will be responsible for maintaining all IN-ADDR.ARPA domain records for their respective customers. For blocks smaller than /16, and for the segment of larger blocks smaller than /16, ARIN can maintain IN-ADDRs. 7.2 Lame Delegations in IN-ADDR.ARPA ARIN will actively identify lame DNS name server(s) for reverse address delegations associated with address blocks allocated, assigned or administered by ARIN. Upon identification of a lame delegation, ARIN shall attempt to contact the POC for that resource and resolve the issue. If, following due diligence, ARIN is unable to resolve the lame delegation, ARIN will update the Whois database records resulting in the removal of lame servers. So... ARIN has some 'investigation' power and responsibility for actively removing lame POC contacts and Reverse DNS delegations. What isn't clear to me from ARIN's policies is what happens when all POC contacts or all Reverse DNS delegations for an allocation have been removed because they are lame... This is not to single ARIN out particularly. All of the above is true for every RIR (ARIN, RIPE, APNIC, AFRINIC, LACNIC), though I haven't dug into any policies except ARIN's. -DM
On Fri, Oct 1, 2010 at 10:32 AM, David Miller <dmiller@tiggee.com> wrote:
I am merely refuting the statement, which I have heard many times in many different forums, that ARIN (or any RIR) makes address allocations and then walks away with no further active involvement in the use of these allocations. This statement is simply not true.
David, What *is* true is that ARIN's further involvement in the use of those allocations is regulated by the policies that you and I wrote and instructed ARIN to follow. Those policies include no actions to be taken when a hijacker announces routes contrary to ARIN's registry information. So long as ARIN's information has not been falsified, forcing or not forcing folks to obey it is left for the ISPs to resolve for themselves. Do you think ARIN should should act as a clearinghouse for action with respect to hijacked BGP announcements? Draft a policy proposal and post it on the PPML. If your colleagues agree with you, that will become one of ARIN's roles. Until then, you criticize ARIN unfairly for doing what you and I have told it to do. Regards, Bill Herrin -- William D. Herrin ................ herrin@dirtside.com bill@herrin.us 3005 Crane Dr. ...................... Web: <http://bill.herrin.us/> Falls Church, VA 22042-3004
On 10/1/2010 2:17 PM, William Herrin wrote:
On Fri, Oct 1, 2010 at 10:32 AM, David Miller<dmiller@tiggee.com> wrote:
I am merely refuting the statement, which I have heard many times in many different forums, that ARIN (or any RIR) makes address allocations and then walks away with no further active involvement in the use of these allocations. This statement is simply not true. David,
What *is* true is that ARIN's further involvement in the use of those allocations is regulated by the policies that you and I wrote and instructed ARIN to follow. Those policies include no actions to be taken when a hijacker announces routes contrary to ARIN's registry information. So long as ARIN's information has not been falsified, forcing or not forcing folks to obey it is left for the ISPs to resolve for themselves.
Do you think ARIN should should act as a clearinghouse for action with respect to hijacked BGP announcements? Draft a policy proposal and post it on the PPML. If your colleagues agree with you, that will become one of ARIN's roles.
Until then, you criticize ARIN unfairly for doing what you and I have told it to do.
Regards, Bill Herrin
I apologize if I was unclear. I stated in my first message regarding the possibility that RIRs could delegate abandoned/hijacked space to provide reverse DNS answers - "This is something that ARIN *could* easily do technically. Admittedly, this would require reporting and investigation that I am uncertain whether or not ARIN is empowered/funded to do. This would also require a process be put in place for removing allocations from the delegation to the unused/abandoned reverse DNS servers... " The word 'could' was chosen by me instead of the word 'should' for a reason. In my second message on this topic I in fact quoted the parts of ARIN's Number Resource Policy Manual regarding POC and reverse DNS delegation validation / removal. I am well aware of ARIN's policies and the process for changing them. To be clear, my point is merely that RIRs do not make address allocations and then walk away with no day to day involvement with these addresses on some technical level. To reiterate: "The RIR's reverse DNS servers are queried all day every day for the reverse DNS delegations for every netblock that they allocate. This means that RIRs are, in at least this way, actively operationally involved in the use of the allocations that they make. This also means that an RIR has the technical vector to affect the active present use of the allocations that they have made in the past." This was meant in no way to criticize RIRs (or any RIR in particular) or proscribe actions that I believe RIRs should take. This was meant to correct anyone that incorrectly states that RIRs allocate addresses and then walk away or do nothing but maintain whois records. Reverse DNS delegation is a technical vector that could be used by RIRs to affect the active present use of the allocations that they have made in the past. I understand that reverse DNS would not affect route announcements/hijacks, but it would/could/might affect spam coming from these abandoned address spaces - which was the original topic for this discussion. I agree that little/nothing is proscribed for RIRs at a policy level. The policies and procedures regarding this could be written. I agree that these policies and procedures do not exist now. -DM
On Fri, Oct 1, 2010 at 9:07 AM, <bmanning@vacation.karoshi.com> wrote: \> I -think- what you are really after is the (fairly) new rPKI
pilot - where there are crypto-keys tied to each delegated prefix. If the keys are valid, then ARIN (or other RIR) has "sanctioned" thier use. No or Bad crypto, then the RIR has
'or anyone else in the heirarchy of certificates' (nominally: IANA -> ARIN -> LIR (uunet/701) -> bmanning-inc -> bait&sushi (endsite) )
some concerns about the resource.
or someone in the chain forgot to re-gen their cert, do the dance with resigning and such. (there are a few failure modes, but in general sure)
the downside to this is that the RIR can effectivey cut off someone who would otherwise be in good standing. Sort of
this depends entirely on the model that the network operators choose to use when accepting routes. Presuming they can, on-router, decide with policy what to do if a route origin (later hopefully route-path as well as origin) is seen as invalid/non-validated/uncool/etc, there could be many outcomes (local-pref change, community marking, route-reject...) chosen.
removes a level of independence in network operations. Think of what happens when (due to backhoe-fade, for instance) you -can't- get to the RIR CA to validate your prefix crypto? Do you drop the routes? Or would you prefer a more resilient and robust solution? YMMV here, depending on whom you are willing to trust as both a reputation broker -AND- as the prefix police.
hopefully the cache's you run are redundant (or the cache service you pay for is redundant enough), as well the cache view is not necessarily consistent (timing issues with updates and such), so some flexibility is required in the end system policy. (end-system here is the router, hopefully it is similar across an asn) I think so far the models proposed in SIDR-wg include: o more than one cert tree (trust anchor) o the provision of the main cert heirarchy NOT necessarily be the one I outlined above (iana->rir->lir->you) o operators have the ability to influence route marking based on certificate validation outcomes o low on-router crypto work o local and supportable systems to do the crypto heavy lifting, kept in sync with what seems like a reasonably well understood methodology o publication of the certification information for objects (asn's, netblocks, subnets) via existing processes (plus some crypto marking of course)
The idea is that the crypto is harder to forge. DNS forging is almost as easy as prefix "borrowing".
and that the crypto/certificates will help us all better automate validation of the routing information... sort of adding certificate checking to rpsl? or, for whatever process you use to generate prefix-lists today for customers, add some openssl certificate validation as well. The end state I hope is NOT just prefix-lists, but certificate checking essentially in realtime with route acceptance in to Adj-RIB-in... I believe Randy Bush has presented some of this fodder at a previous nanog meeting actually? -chris
On 2010-10-01 17:04, Christopher Morrow wrote: [..]
I think so far the models proposed in SIDR-wg include: o more than one cert tree (trust anchor)
Why not in a similar vain as RBLs: white and black lists. One can then subscribe to the white & black lists that one trust and give positive/negative points when an entry appears on one of those lists, based on the points that a prefix/asnpath combo gets it is either accepted, rejected or operator-warned. And the good one of course is that you can setup your own repository and give that out to your own systems or to other people's, then you just score your system above the other lists and presto you can overrule decisions which would be made otherwise. If you have multiple sources you trust, you are effectively just adding redundancy to your system, all problems solved. Works for spam, should also work for this. Greets, Jeroen
On Fri, Oct 1, 2010 at 11:12 AM, Jeroen Massar <jeroen@unfix.org> wrote:
On 2010-10-01 17:04, Christopher Morrow wrote: [..]
I think so far the models proposed in SIDR-wg include: o more than one cert tree (trust anchor)
Why not in a similar vain as RBLs: white and black lists.
I'm sure someone will think it's a fine plan to set up a TA and sign down ROA's that indicate 'badness' or 'invalid' or something similar. There's nothing stopping that, similarly today you COULD subscribe to a BGP feed of subnets of actually seen routes rewriting the next-hop to dsc0/Null0/honeypot... I don't think this sort of thing is in the SIDR-wg's charter though... much like RBL's are not in DNS-EXT's charter? -chris
On Fri, Oct 01, 2010 at 04:10:12AM -0700, Ronald F. Guilmette wrote:
No, it's kind of like asking the DMV whether the car belongs to the thief or to someone else. They keep the records for Christ's sake! They *can* take a position on that rudumentary, simple, and basic question, and they should. And that is all I ask or expect them to do. But they don't even want to do that miniscule amount of work, apparently. They want to be the Keeper of the Records, but then they want to roll over and play dead, or ignorant, or agnostic, whenever somebody has the temerrity to simply ask them what the f**king records they are keeping *mean* about who actually owns what.
I already said it, but I'll say it again for the benefit of those with low reading comprehension. Nobody is asking ARIN to go out, with guns drawn, and pull the plug themselves. But they can and should take a position on who owns what. That is a judicial function, not a police function. If you don't understand the distinction, then you are dumber than you think I think you are.
Regards, rfg
R, I have a couple of questions for you... perhaps I am unclear here. are you asserting that [natural/legal] persons OWN address space? Last I checked, ARIN records a binding between a person and a "Right to Use" agreement that is reflected in the ARIN database. e.g. Bills Bait & Sushi has the right to use 168.254.0.0/16 from 01oct1999 - current(*) * registration fees are current. ARIN publishes reports from its database in two basic forms, the WHOIS (et.al.) format and the [ip6/in-addr].arpa DNS format. Are you suggesting that ARIN does _NOT_ publish data or that ARIN doesn't keep the data current, or something else? --bill
In message <20101001123356.GA10880@vacation.karoshi.com.>, bmanning@vacation.karoshi.com wrote:
On Fri, Oct 01, 2010 at 04:10:12AM -0700, Ronald F. Guilmette wrote:
No, it's kind of like asking the DMV whether the car belongs to the thief or to someone else. They keep the records for Christ's sake! They *can* take a position on that rudumentary, simple, and basic question, and they should. And that is all I ask or expect them to do. But they don't even want to do that miniscule amount of work, apparently. They want to be the Keeper of the Records, but then they want to roll over and play dead, or ignorant, or agnostic, whenever somebody has the temerrity to simply ask them what the f**king records they are keeping *mean* about who actually owns what.
I already said it, but I'll say it again for the benefit of those with low reading comprehension. Nobody is asking ARIN to go out, with guns drawn, and pull the plug themselves. But they can and should take a position on who owns what. That is a judicial function, not a police function. If you don't understand the distinction, then you are dumber than you think I think you are.
...
Are you suggesting that ARIN does _NOT_ publish data or that ARIN doesn't keep the data current, or something else?
I already said what I meant, twice, and quite clearly, I think. If you don't get it after two repetitions, then I doubt that me trying to rephrase it yet a third time is going to help your comprehension any. Regards, rfg
On Fri, Oct 01, 2010 at 11:07:58AM -0700, Ronald F. Guilmette wrote:
In message <20101001123356.GA10880@vacation.karoshi.com.>, bmanning@vacation.karoshi.com wrote:
On Fri, Oct 01, 2010 at 04:10:12AM -0700, Ronald F. Guilmette wrote:
No, it's kind of like asking the DMV whether the car belongs to the thief or to someone else. They keep the records for Christ's sake! They *can* take a position on that rudumentary, simple, and basic question, and they should. And that is all I ask or expect them to do. But they don't even want to do that miniscule amount of work, apparently. They want to be the Keeper of the Records, but then they want to roll over and play dead, or ignorant, or agnostic, whenever somebody has the temerrity to simply ask them what the f**king records they are keeping *mean* about who actually owns what.
I already said it, but I'll say it again for the benefit of those with low reading comprehension. Nobody is asking ARIN to go out, with guns drawn, and pull the plug themselves. But they can and should take a position on who owns what. That is a judicial function, not a police function. If you don't understand the distinction, then you are dumber than you think I think you are.
...
Are you suggesting that ARIN does _NOT_ publish data or that ARIN doesn't keep the data current, or something else?
I already said what I meant, twice, and quite clearly, I think.
If you don't get it after two repetitions, then I doubt that me trying to rephrase it yet a third time is going to help your comprehension any.
Regards, rfg
Ok... thanks for the favor of your reply. --bill
On Fri, 1 Oct 2010, Ronald F. Guilmette wrote:
Are you suggesting that ARIN does _NOT_ publish data or that ARIN doesn't keep the data current, or something else?
I already said what I meant, twice, and quite clearly, I think.
If you don't get it after two repetitions, then I doubt that me trying to rephrase it yet a third time is going to help your comprehension any.
Ok, it's clear that you're pretty upset about your recent dealings with ARIN. I think you've made that abundantly clear. Having said that, responding to people with snarky insults is not going to advance your position or motivate people to try to help you. This is my first and only contribution to this thread. jms
On Fri, 01 Oct 2010 06:45:10 -0400, Owen DeLong <owen@delong.com> wrote:
It's not so much a matter of whether ARIN cares or whether ARIN wants to do something about your issue. It's more a matter of whether ARIN is empowered to do anything at all about your issue.
EXACTLY. Ron, what exactly do you expect ARIN to do? Where is the magic wand one would wave to erase routes from the internet? ARIN (in fact NO ONE) has no actual means to block or recend any route announcement. Do you suggest they sue whomever is involved? That won't be very fast, or even an option outside the US. The only reason this sort of shit happens is because of bad network operators who allow it and participate in it. Responsible operators ask for and verify one's rights to address space before accepting it. (AS path and prefix filtering can only go so far.) --Ricky
-----Original Message----- From: Ricky Beam Sent: Friday, October 01, 2010 1:00 PM To: nanog@nanog.org Subject: Re: ARIN Fraud Reporting Form ... Don't waste your time
On Fri, 01 Oct 2010 06:45:10 -0400, Owen DeLong <owen@delong.com> wrote:
It's not so much a matter of whether ARIN cares or whether ARIN wants to do something about your issue. It's more a matter of whether ARIN is empowered to do anything at all about your issue.
EXACTLY.
Ron, what exactly do you expect ARIN to do? Where is the magic wand one would wave to erase routes from the internet? ARIN (in fact NO ONE) has no actual means to block or recend any route announcement. Do you suggest they sue whomever is involved? That won't be very fast, or even an option outside the US.
The problem as I see it is that ARIN is responsible for issuing number resources but is not responsible for any maintenance of the number space. It seems they have no requirement/method/need to revoke assignments once the assigned entity no longer exists. I am not looking for perfection but there should be some sort of diligence requirement that the most obvious of the low hanging fruit (or fruit that falls right off the tree into their lap) be dealt with in some way. If an entity liquidates, then their resources should be reclaimed. How many entities does ARIN have who have not made a payment for 2 or more consecutive years but still have resources assigned? It is my personal opinion that ARIN (and the other registrars) must have the authority and the mechanism to reclaim community resources when the entity they were issued to disappears. That seems like a fairly easy concept. Note I am not talking about misuse here, just the fact that if a community resource is issued to an entity and that entity no longer exists, those resources should be reclaimed by the community within some reasonable amount of time. G
On Oct 1, 2010, at 5:27 PM, George Bonser <gbonser@seven.com> wrote:
The problem as I see it is that ARIN is responsible for issuing number resources but is not responsible for any maintenance of the number space. It seems they have no requirement/method/need to revoke assignments once the assigned entity no longer exists. I am not looking for perfection but there should be some sort of diligence requirement that the most obvious of the low hanging fruit (or fruit that falls right off the tree into their lap) be dealt with in some way. If an entity liquidates, then their resources should be reclaimed.
Resources being used by actual defunct organizations we will reclaim if reported.
How many entities does ARIN have who have not made a payment for 2 or more consecutive years but still have resources assigned? It is my personal opinion that ARIN (and the other registrars) must have the authority and the mechanism to reclaim community resources when the entity they were issued to disappears.
We already do this type of reclamation.
That seems like a fairly easy concept. Note I am not talking about misuse here, just the fact that if a community resource is issued to an entity and that entity no longer exists, those resources should be reclaimed by the community within some reasonable amount of time
Agreed, /John John Curran President and CEO ARIN
On Oct 1, 2010, at 5:43 PM, John Curran wrote:
Resources being used by actual defunct organizations we will reclaim if reported.
Folks - It occurred to me that I could have been clearer, so here I am replying to myself... When we at ARIN can readily determine that an organization is defunct and has no apparent successor, we will reclaim resources. This generally happens because someone attempts a fraudulent transfer of those resources but can also be a result of other investigations. We give a report of returned, revoked, and reclaimed number resources at each member meeting - last April's report can be found here: https://www.arin.net/participate/meetings/reports/ARIN_XXV/PDF/Wednesday/Nob... Obviously, we'll be presenting updated statistics this upcoming week in Atlanta; there's been a bit of a surge of activity in this area. /John John Curran President and CEO ARIN
Thanks John, On Fri, 1 Oct 2010, John Curran wrote:
On Oct 1, 2010, at 5:43 PM, John Curran wrote:
Resources being used by actual defunct organizations we will reclaim if reported.
Folks -
It occurred to me that I could have been clearer, so here I am replying to myself...
When we at ARIN can readily determine that an organization is defunct and has no apparent successor, we will reclaim resources. This generally happens because someone attempts a fraudulent transfer of those resources but can also be a result of other investigations.
We give a report of returned, revoked, and reclaimed number resources at each member meeting - last April's report can be found here: https://www.arin.net/participate/meetings/reports/ARIN_XXV/PDF/Wednesday/Nob...
Is the information on Leslie's slide 5 at the above link available broken down by year? It might be informative to see any trends. Thanks again, John Springer
Obviously, we'll be presenting updated statistics this upcoming week in Atlanta; there's been a bit of a surge of activity in this area.
/John
John Curran President and CEO ARIN
In message <67EF8EE2-8B1E-45F9-892E-9E6B88ADB727@arin.net>, John Curran <jcurran@arin.net> wrote:
Resources being used by actual defunct organizations we will reclaim if reported.
Well, fortunately, Joytel and some of their fellow travelers have just recently gone 'round and identified a whole pantload of these for you: 24.230.0.0/19 NET-24-230-0-0-1 hijacked - empty 68.67.64.0/20 NET-68-67-64-0-1 legit -- GoRack, LLC (Jacksonville, FL) 192.100.5.0/24 NET-192-100-5-0-1 hijacked - empty 192.100.88.0/24 NET-192-100-88-0-1 hijacked - empty 192.100.134.0/24 NET-192-100-134-0-1 hijacked - empty 192.100.143.0/24 NET-192-100-143-0-1 hijacked - empty 192.101.177.0/24 NET-192-101-177-0-1 hijacked - empty 192.101.187.0/24 NET-192-101-187-0-1 hijacked - empty ... Do you want me to repost the whole list, or have you seen it already? Do I need to do something else to turn this into whatever qualifies at your place as a formal report? (Note: The whole list is too long to fit into the tiny little window you provide for fraud reporting on your web site. Should I print it all out as hardcopy and FedEx it to you in a shoebox?) Regards, rfg
On Oct 1, 2010, at 2:27 PM, George Bonser wrote:
-----Original Message----- From: Ricky Beam Sent: Friday, October 01, 2010 1:00 PM To: nanog@nanog.org Subject: Re: ARIN Fraud Reporting Form ... Don't waste your time
On Fri, 01 Oct 2010 06:45:10 -0400, Owen DeLong <owen@delong.com> wrote:
It's not so much a matter of whether ARIN cares or whether ARIN wants to do something about your issue. It's more a matter of whether ARIN is empowered to do anything at all about your issue.
EXACTLY.
Ron, what exactly do you expect ARIN to do? Where is the magic wand one would wave to erase routes from the internet? ARIN (in fact NO ONE) has no actual means to block or recend any route announcement. Do you suggest they sue whomever is involved? That won't be very fast, or even an option outside the US.
The problem as I see it is that ARIN is responsible for issuing number resources but is not responsible for any maintenance of the number space. It seems they have no requirement/method/need to revoke assignments once the assigned entity no longer exists. I am not looking
They do, indeed, for space that is/was issued by ARIN. That space is subject to annual fees and there is a clear and consistent method for doing so. The bigger problem is with legacy space (most of the space listed in the complaint we are discussing, if not all). In the case of legacy space, it's actually very hard for ARIN to even identify the status of the organization in question, let alone take any sort of action with respect to said space.
for perfection but there should be some sort of diligence requirement that the most obvious of the low hanging fruit (or fruit that falls right off the tree into their lap) be dealt with in some way. If an entity liquidates, then their resources should be reclaimed.
Again, for space issued by ARIN, yes. For legacy space, this is a much more complicated problem. The good news is that this is limited to IPv4. Since there are no Pre-RIR IPv6 allocations or assignments, it is a non-issue in IPv6.
How many entities does ARIN have who have not made a payment for 2 or more consecutive years but still have resources assigned? It is my
I suspect not many. (Unless you are including those organizations that do not pay fees because of their legacy status). Owen
A yearly challenge response for legacy space contacts, could be useful. I think there is a plan like this in some RIRs ----- Original Message ----- From: "Owen DeLong" <owen@delong.com> To: "George Bonser" <gbonser@seven.com> Cc: nanog@nanog.org Sent: Friday, 1 October, 2010 4:03:56 PM Subject: Re: ARIN Fraud Reporting Form ... Don't waste your time On Oct 1, 2010, at 2:27 PM, George Bonser wrote:
-----Original Message----- From: Ricky Beam Sent: Friday, October 01, 2010 1:00 PM To: nanog@nanog.org Subject: Re: ARIN Fraud Reporting Form ... Don't waste your time
In the case of legacy space, it's actually very hard for ARIN to even identify the status of the organization in question, let alone take any sort of action with respect to said space. Owen
I refer you to NRPM section 12 and the current draft policy 2010-11 Required Resource Reviews. Owen On Oct 1, 2010, at 4:39 PM, Franck Martin wrote:
A yearly challenge response for legacy space contacts, could be useful. I think there is a plan like this in some RIRs
----- Original Message ----- From: "Owen DeLong" <owen@delong.com> To: "George Bonser" <gbonser@seven.com> Cc: nanog@nanog.org Sent: Friday, 1 October, 2010 4:03:56 PM Subject: Re: ARIN Fraud Reporting Form ... Don't waste your time
On Oct 1, 2010, at 2:27 PM, George Bonser wrote:
-----Original Message----- From: Ricky Beam Sent: Friday, October 01, 2010 1:00 PM To: nanog@nanog.org Subject: Re: ARIN Fraud Reporting Form ... Don't waste your time
In the case of legacy space, it's actually very hard for ARIN to even identify the status of the organization in question, let alone take any sort of action with respect to said space.
Owen
Yearly? I say every 30 days. mailing lists do the c-r every 30 days. surely correct arin registration data is more important than a single email address on a mailing list. -Dan On Fri, 1 Oct 2010, Franck Martin wrote:
A yearly challenge response for legacy space contacts, could be useful. I think there is a plan like this in some RIRs
----- Original Message ----- From: "Owen DeLong" <owen@delong.com> To: "George Bonser" <gbonser@seven.com> Cc: nanog@nanog.org Sent: Friday, 1 October, 2010 4:03:56 PM Subject: Re: ARIN Fraud Reporting Form ... Don't waste your time
On Oct 1, 2010, at 2:27 PM, George Bonser wrote:
-----Original Message----- From: Ricky Beam Sent: Friday, October 01, 2010 1:00 PM To: nanog@nanog.org Subject: Re: ARIN Fraud Reporting Form ... Don't waste your time
In the case of legacy space, it's actually very hard for ARIN to even identify the status of the organization in question, let alone take any sort of action with respect to said space.
Owen
-----Original Message----- From: Owen DeLong Sent: Friday, October 01, 2010 4:04 PM To: George Bonser Cc: Ricky Beam; nanog@nanog.org Subject: Re: ARIN Fraud Reporting Form ... Don't waste your time
On Oct 1, 2010, at 2:27 PM, George Bonser wrote:
They do, indeed, for space that is/was issued by ARIN. That space is subject to annual fees and there is a clear and consistent method for doing so. The bigger problem is with legacy space (most of the space listed in the complaint we are discussing, if not all).
In the case of legacy space, it's actually very hard for ARIN to even identify the status of the organization in question, let alone take any sort of action with respect to said space.
Maybe this is a teachable moment for me. According to my reading of the Legacy RSA: " For purposes of this Legacy Agreement, the term "Services" may include, without limitation, the inclusion of the legacy IP address space, and/or Autonomous System numbers ("ASNs") previously issued to Legacy Applicant in the ARIN "WHOIS" database, inverse addressing on network blocks, maintenance of resource records, and administration of IP address space related to Included Number Resources issued prior to ARIN's inception on December 22, 1997 in its service area. IP address space and ASNs shall be defined as "number resources." " ... " If Legacy Applicant does not pay the Annual Legacy Maintenance Fee or other fees that may be owed ARIN hereunder, ARIN shall provide written notification to the Legacy Applicant approximately thirty (30) days following the date on which the payment is not made. If Legacy Applicant fails to make payment in response to the notice of delinquency, ARIN shall provide Legacy Applicant with an additional written notice, by certified or registered mail, return receipt requested, (as appropriate in each country), and, when possible, by e-mail and telephone. If the Legacy Applicant has not made payment within 12 months of the due date and/or ARIN is unable to contact the Legacy Applicant during those 12 months, ARIN has the right to: (i) stop providing Services, or (ii) terminate this Legacy Agreement and revoke the Included Number Resources." Or is this some other sort of "legacy" thing?
They do, indeed, for space that is/was issued by ARIN. That space is subject to annual fees and there is a clear and consistent method for doing so. The bigger problem is with legacy space (most of the space listed in the complaint we are discussing, if not all).
In the case of legacy space, it's actually very hard for ARIN to even identify the status of the organization in question, let alone take any sort of action with respect to said space.
Ok, I think I have a solution that is workable. A second database ... call it "whoisnt" ... of number resources and their points of contact that have not signed the legacy RSA and allow the community members to decide individually if they wish to continue to provide unfettered access from those resources. It might also provide maybe even some small amount of community pressure on the holders of those resources to place them under the legacy RSA.
On 10/1/2010 5:22 AM, Ronald F. Guilmette wrote:
really too much to ask? They could say, to everyone involved, and to the community as a whole, ``This ain't right. *We* maintain the official allocation records. In most cases, *we* made the allocations, and that guy should NOT be announcing routes to that IP space, and he shouldn't be announcing anything at all via that AS number, because these things ain't his.''
So what you're saying is that ARIN should publish data on the rightful users of the number resources in some online database? (maybe they could call it WHOIS) -- Dave
So what you're saying is that ARIN should publish data on the rightful users of the number resources in some online database?
(maybe they could call it WHOIS)
-- Dave
So ARIN is in the process of verifying their contacts database. Organizations with an unreachable contact might be a good place to plant a "dig here" sign. Maybe when one of us retires, we could engage in a little research project as a community service or something. A first step might be matching ASN resources to unreachable contacts. Then to collect the low hanging fruit, find the ASNs found above that are NOT in the routing table and attempt to match those up with organizations and see if those organizations even still exist. For the ones that obviously no longer exist, create a report of the ASNs and any other number resources associated with that organization and provide that information to the registrar. Then you go through the ones that ARE in the routing table. Any of those organizations that are obviously defunct would be the next higher level of fruit. This would be particularly true if a historical look at routing information shows the AS was in the table at some point, disappeared after the organization went defunct, and then suddenly appeared again in a completely different region of the planet with name resources pointing to a completely different organization than the number resources. Then if a suspicious operator is discovered, it must be reported to their upstream, the registrar with involved with the number resources, and the community. See how this goes? It takes someone working on this that has access to a lot of information and has the time to do it. It also has to be someone that isn't a "loose cannon" and can dig through it in a methodical fashion and whether or not "spam" has come from the address space really has no bearing on the process. At least it has no bearing on the process up to that point. All that is being done is to "weed" the database of defunct resources. So while the DMV doesn't go after car theft, this is more along the lines of stealing a neighbor's license plate from that old car in the back field, making a sticker to put on it, and driving around as if it is a legitimate plate. The DMV records would show who that license plate belongs to and a police officer in a traffic stop would find out in short order that the plate is defunct but the database available to internet operators is so poor that there really is no way to be sure if the data being returned is actionable or not. G
In message <5A6D953473350C4B9995546AFE9939EE0A52B07A@RWC-EX1.corp.seven.com>, "George Bonser" <gbonser@seven.com> wrote:
So ARIN is in the process of verifying their contacts database. Organizations with an unreachable contact might be a good place to plant a "dig here" sign.
Fyi -- They (ARIN) already _are_ putting up ``dig here'' signs... in the POC records. Unfortunately, it would now appear that the folks doing the digging in those exact spots, are the hijackers, like Joytel. (Unless I'm mistaken, every last one of the blocks that Joytel grabbed had one of those little annotations on the associated POC record(s)). Talk about the Law of Unintended Conseqences! Oh well. It all comes out in the wash. Those POC annotations may perhaps have helped Joytel to identify easy takeover targets, but then they also helped _me_ to find the specific blocks that Joytel had jacked. On balance, I say it is better to have them than to not have them. Even if they might occasionally give those with sinister intent a small leg up. Regards, rfg P.S. I hope that everybody knows that the jerk behind Joytel also, apparently, tried to screw the taxpayers out of about $11+ million of ``stimulus'' money... undoubtedly for yet another useless make-work ``shovel ready'' project. http://jacksonville.bizjournals.com/jacksonville/stories/2009/11/30/story1.h... No word on whether he ever actually got his hoped-for $11.8 million payoff. Knowing how ga-ga the Obama administration is over anything that has the word ``broadband'' in it however, I wouldn't put it past them, and they probably did give this schmuck the cash. (They also really like the words ``young entrepreneur''. Sounds great to the unwashed masses in a press release.) If companies want to move here, they have a great labor force, great quality of life and affordable office space, said Mark Anthony Marques, Joytel president and CEO. What we lack is a good enough connection to the Internet infrastructure. The company expects to know by mid-December whether it will receive funding for the project, which has the support of key players including Mayor John Peyton, U.S. Sen. Bill Nelson and U.S. Reps. Corrine Brown and Ander Crenshaw. About 400 gigabytes of high-speed Internet capacity will be available to providers by mid-2010 if funding is received. That is enough capacity to transfer the entire contents of the Library of Congress within five minutes. ... or alternatively, to spam every person on the planet, twice, in under twenty minutes.
On Oct 1, 2010, at 5:22 AM, Ronald F. Guilmette wrote:
Nope! Apparently, ARIN's fraud reporting form is only to be used for reporting cases where somebody has fiddled one of ARIN's whois records in a fradulent way. If somebody just waltzes in and starts announcing a bunch of routes to a bunch of hijacked IP space from a hijacked ASN (or two, or three) ARIN doesn't want to hear about it.
Ron - You note the following:
They could say, to everyone involved, and to the community as a whole, ``This ain't right. *We* maintain the official allocation records. In most cases, *we* made the allocations, and that guy should NOT be announcing routes to that IP space, and he shouldn't be announcing anything at all via that AS number, because these things ain't his.''
At present, ARIN doesn't review the routing of address space to see if an allocation made to party is being announced by another party.
From your emails, I'm guess that you'd like ARIN to do so.
I've run several several ISPs and a hosting firm, and I'm not quite sure how ARIN can definitively know that any of the AS#'s involved should or should not be routing a given network block. There are some heuristics that will suggest something is "fishy" about use of a network block, but are you actually suggesting that ARIN would revoke resources as a result of that?
In those rare cases where the perp is considerate enough to ALSO fiddle the relevant WHOIS records in some fradulent way, THEN (apparently) ARIN will get involved, but only to the extent of re-jiggering the WHOIS record(s). Once that's been done, they will happily leave the perp to announce all of the fradulent routes and hijacked space he wants, in perpetuity.
Correct. We will revoke the address space, but I'm uncertain what else you suggest we do... could you elaborate here? /John John Curran President and CEO ARIN
In message <608B18DB-6E75-4B5E-BA42-D1F69ECE4881@arin.net>, John Curran wrote:
You note the following:
They could say, to everyone involved, and to the community as a whole, ``This ain't right. *We* maintain the official allocation records. In most cases, *we* made the allocations, and that guy should NOT be announcing routes to that IP space, and he shouldn't be announcing anything at all via that AS number, because these things ain't his.''
At present, ARIN doesn't review the routing of address space to see if an allocation made to party is being announced by another party. From your emails, I'm guess that you'd like ARIN to do so.
John, First, let me say thanks for your personal response. Second let me also say that I am pleased to know, at least, that my serious efforts to express myself clearly were not lost on everyone. You have grasped my meaning clearly. (But not everyone here has done likewise.)
I've run several several ISPs and a hosting firm, and I'm not quite sure how ARIN can definitively know that any of the AS#'s involved should or should not be routing a given network block.
Please allow me to attempt to refute what you just said. I think that I can do so, briefly, in (at least) two different ways. 1) You folks _are_ already (apparently) making some efforts... at least as of this last summer, but perhaps also earlier... to ``validate'' (is that the word you would use?) POC contacts. I know because I've lately seen quite a number of your POC contact records (from the WHOIS data base) that have a very helpful annotation attached to them, saying quite directly and explicitly, that ARIN has been unable to verify or make contact with this POC or that POC. So you are already passing judgement on the validity and/or probable invalidity of things in your data base. And more, you are making your determinations public, via the data base itself. I'm not quite sure how it constitutes such a big leap to merely extend what you are already doing in the way of validating POCs and just impute the exact same level of confidence, or lack thereof, to IP block and/or AS records which are associated with unverifiable/uncontactable POCs... a set which you are already making serious efforts to delineate anyway. If you can put an annotation into a whois records for a POC, saying explicity that you can't get ahold of this person, then it would seem to me to be a rather trivial matter of programming to transplant a very similar sort of annotation into each and every IP block or AS record that has that same specific POC record as one of its associated POC records, either Admin, or Technical, or whatever. You could just say, you know, something like ``We have been tring to contact the Technical POC for this since XX-XX-2010, and we've been unable to do so.'' Well, not those words exactly, but I hope you get the general idea. Just take the determinations that you folks are _already_ making, for the POC records, and just impute them to, and include them in, also, to the relevant block and/or AS records. Or alternatively, you could stop using verbage altogether and just switch over to a system based on simple, universally understood icons: http://farm2.static.flickr.com/1082/820306671_6a0520fe17_m.jpg http://farm2.static.flickr.com/1382/1263977902_d0e9a43821_o.jpg Now, you may perhaps be tempted to quibble with my point here, and repeat again what you said above, I.e. that ARIN cannot make ``definitive'' determinations. Please don't yield to any such temptation. Quite frankly, to the best of my knowledge, no living human can reliably make any truly ``definitive'' determinations about anything at all. Only God can do that. (And frankly, I harbor lingering suspicions that even He gets it wrong a fair percentage of the time.) Nobody expects you to have the infallibility of God... or even of the Pope. And nobody is asking you to display such a level of infinite perfection, least of all me. But ya know, even in the abundant absence of certainty in our day-to-day lives, we all still drag ourselves out of bed in the morning and do the best that we can. And that's all that either I or anybody else has any right to ask of you/ARIN or to expect of you/ARIN. Just do the best you can. Are your deteminations that this POC or that POC cannot be contacted, or cannot currently be verified ``definitive''? No, that's probably too stong a word. But you/ARIN have the good sense and the courtesy to publish the information you have gathered regarding the contactability of POCs anyway, and it's appreciated. It helps. Please just do more of it. This is not an all-or-nothing ``We can't say anything definitively so we can't say anything at all, ever'' kind of situation, I think. 2) You are already (apparently) processing _some_ certain flavors of ``fraud reports'' that come in to you via that nice fancy web form you folks built and put up on the ARIN web site... you know... the one with the nice (and misleading) introduction that entices people like me to take the time to use it enter reports about incidents that have traditionally been called around these parts ``hijacking''. (Note: That's the word that _you_ used on your web site to say what should be reported via the form. Was I a fool to take you at your word? Let me be clear... I am *not* *not* *not* encouraging you to simply redact/delete that word from your web site. No no! Rather I hope to encourage you/ARIN to actually accept and at least investigate reports of _all_ flavors of what we around here used to call good old fashioned ``hijacking'', regardless of whether the perp was gracious enough to also make your choice clearer by dicking with the relevant WHOIS records or not.) So anyway, you are already, obviously, geared up to do ``investigations''. And you _are_ already doing them. Yes? And you are not doing these investigatons just for your health, as the saying goes, correct? I mean you have a goal when you do these investigations... an end goal. Right? And what is that goal? What comes out the other end when you feed the raw facts into the top of this process and then turn the crank? What do you have at the end of the day, eh? Do you have a... ahhh.. conclusion? Might one even say that at the end of the process, ARIN reaches a ``determination''? Would you characterize these determinations... which you obviously use as a basis for further action... as ``definitive detrminations''? (If not, why not? And if you use these determinations as a basis for further action, and yet you claim that they are not actually ``defininite determinations'', then aren't you placing ARIN at great risk of a lawsuit by so doing?) I think you can see where I'm going with this. You have, I think, tried to demur (is that the right word?) on ARIN's behalf, from _either_ investigating or, subsequently, from issuing any kind of ``determination'' as regards to whether a given block is being routed by the party or parties who ought to be routing it, or by some uninvited interloper. And you have done so on that basis of your very reasonable sounding claim that ARIN cannot make ``definitive'' determinations about such things. I would argue that this claim simply does not wash for two reasons: 1) ARIN is _already_, apparently, conducting investigations and thence making ``definitive'' determinations, presumably on a routine and ongoing basis, about things relating to the allocations that it, and it alone, is the official Keeper of Records for. And ARIN is already doing this, even in the absence of God-like certainty about the conclusions it reaches, and which it subsequently uses as a basis for further action. 2) If you (ARIN) claim to be utterly unable to make definitive determina- tions about what blocks belong to who, or who should be routing what, then (a) what exactly are we paying you for?? ... just kidding... *I* am not personally paying you... but more importantly (b) if even *you guys* cannot make definitive determinations about these things, then God help the rest of us! Because we mere mortals out here have a lot less data, knowledge, expertise, and experience than you ARIN folks have, and if you folks say you can't ``definitively'' figure out what belongs to who, then it sounds from where I'm sitting like you're saying that things inside of ARIN are just as bad as they were inside AIG the day _it_ went belly up... papers scattered all over the floors, and nobody even knows what all they actually own. Do I think that this is what you are trying to tell me? No. Do I even for a moment imagine that the inside of your shop... ARIN... is a confused and tangled mess like AIG was in its last days? No. No way. Not at all. Quiet the opposite. I think you folks... as the official Keepers of the Records... can... and apparently _do_ routinely make ``definitive'' determinations about the proper interpretation of the records that you yourselves keep. I'd just like to see you get on with it. Just saying that you can't ever know anything, definitively, because you're not God, is not a compelling argument to support the view that you should never do anything, or say anything, because you are not omniscient. None of us are. But we still get up in the morning and go to work. One does one's best, and leave the rest to history.
There are some heuristics that will suggest something is "fishy" about use of a network block...
SOME??? Try a lot. (I'll be more than happy to share with you folks anything and everything that I, bloodhound-like, manage to gleen. All I ask is that you at least accept it... which the response I received earlier seemed to indicate that you were not even willing to do. The teeny little one-inch by two-inch data entry window you have on your fraud reporting form doesn't help much either, and is very off-putting in a way that makes it seem like it was intended to be that way.)
but are you actually suggesting that ARIN would revoke resources as a result of that?
Did I say that? Again, I have tried to be clear, but in this case it seems that I may have failed. No, I *do not* expect ARIN to go out, guns drawn, and start choping people's wires. No, I *do not* expect ARIN do do whatever might be implied by this terminology you are using now, which is entirely foreign to me. I have no real idea what sorts of hot-pokers-up-the-backside you may be implying by your use of this terminology "revoke resources", but whatever it means, it certainly sounds terribly ominous and foreboding, and rather like something that I wouldn't wish on my worst enemy... especially given the context and the way you phrased your question. So no, please *do not* go around ``revoking resources''... whatever the hell that means. Certainly, if some half-dead, left-for-dead dot-bomb company has a /18, and if your records still say that they have a /18, then they still have a /18. Period. And if then, some hijacker punk criminal comes along and starts routing that /18... well... he's a shmuck, and ought to be dealt with. But the old Dot-Bomb semi-defunct company still does ``own'' (please excuse my use of that terminology, which I'm sure you won't approve) that block. So you shouldn't be ``revoking'' anything. That's not what any of this is about. All I want from ARIN, and all I expect from ARIN, in cases like these are (a) at least some willingness and effort expended to investigate and (2) at least *some sort* of (perhaps minimalist) public statement to the effect of ``Look folks, we've looked at this, and in our opinion, what's going on here just doesn't look kosher.'' I would be satisfied if that ``minimalist public statement'' would be in the form of a discrete little annotation within the relevant WHOIS record(s)... you know... rather like what you folks are _already_ attaching to POC records, only maybe worded a little stronger than that, when you can see some really clear hanky panky going on... as in the cases I have publicised here recently. Of course, that said, that's kind-of my minimum request. If it were entirely up to me, you guys would call a big press conference, with CNN, MSNBC (and of course, Comedy Central, BUT NOT FIXED NEWS!) every time you caught another one of these fly-by-night hijacker jokers red-handed... as it would appear I just have, in at least two of the cases I've reported on. (I infer that, with a high level of certainty, from the fact that these nitwits already stopped announcing routes to the space they had so obviously stolen. If it was really your's in the first place, then you wouldn't just give it back the minute somebody yelled ``thief'', now would you?) And after the press conference, everyone would be invited to come out by the pool for free beer and sandwiches, and a good time would be had by all, as we collectively burned the hijacker in effigy. But you know, I'm not really expecting all of that, so just however much of it you can manage to put together would be just fine by me. (Hell! I'll even volunteer to spring for, and bring, the beer and the sandwiches. Did I mention I was from California? I guess it's kind-of obvious now, huh?) So anyway, have I managed, successfully, to make my desires more clear and apparent now? I hope so. No, I neither want nor expect ARIN to be pulling plugs out of sockets, or to be diddling the global routing table, or to be ``revoking'' anything... least of all any allocations previously made to some perfectly legit company who, through only the minor sin of inattention, got their stuff hijacked out from under them. Revoking _their_ right-to-use would simply be adding insult to injury. Don't you agree? I'd just like to see investigations and some form of public statement(s) at the ends of those. And I won't even mind if you have corporate counsel water down the public statement so much that it ends up looking like the verbal equivalent of barely raising an eyebrow. I do understand that ARIN, like the rest of us, has to somehow survive and get by in this litigous environ- ment. So I don't even care what the public statements say, or even what subtle or un-subtle forms they take. Just so long as it is understood, within the community, that (wink wink nod nod) whenever ARIN says that ``Some evidence suggests that the routing for this block may be non-normative, as per Paragraph B, Subsection F, of the Addendum to the Bylaws of the Regulations, updated, (c)1947, (c)1972, revised Sept 27th, 2007, with respect to E.12 in sum and overview, as pertaining to all parts or to the sum of the parts, together, when viewed as a unit.'' we all know and understand that this really means ``hijacked''. (Ask your corporate counsel. I'm sure that he'll be able to suggest some equally obscure and convoluted way of saying ``hijacked'' without ever actually using that word itself. That's what they are best at, after all... making simple English statements utterly imponderable.[1]) Whatever doesn't get you sued is fine by me. As long as you investigate and then say _something_ about these kinds of cases.
In those rare cases where the perp is considerate enough to ALSO fiddle the relevant WHOIS records in some fradulent way, THEN (apparently) ARIN will get involved, but only to the extent of re-jiggering the WHOIS record(s). Once that's been done, they will happily leave the perp to announce all of the fradulent routes and hijacked space he wants, in perpetuity.
Correct. We will revoke the address space, but I'm uncertain what else you suggest we do... could you elaborate here?
See above. Investigate. Then somehow... in watered-down words, and burried in the WHOIS records, if necessary... tell us what you found out. As I've said, I really don't think I'm asking for much. And I'll say again too, you guys are the Keepers of the Records. If even you guys can't say what they mean or how that meaning might or might not comport with current existing objective reality (as known to us all via looking glass servers) they God help us all! Because in that case, I think we are REALLY screwed, and nobody knows anything, and the next stop is canibalism. Regards, rfg P.S. I meant to also inquire about those POC unable-to-contact annotations. What should be infered frm those, exactly? Could you please enumerate the ways in which your staff try (and sometimes, apparently, fail) to make contact with these POCs? Is it all sytrictly done via e-mail? Do your people ever try to _telephone_ any of these folks at the numbers you force them to give ou as part of establishing a POC record in the first place? Do your people ever try contacting the POCs via snail-mail? I hope you see where I'm headed. If some poor fool with too much time on his hands... you know... like me... submits something via your fraud reporting form... I mean... you know...after you fix it so that the amount of info that can be sent to you folks via the form is somewhat bigger than this: http://www.active-robots.com/products/intelligent-displays/lcd/16x2lcd-750.j... ...then my hope is that you would *not* just ``investigate'' by sending off an e-mail to the purported POC e-mail address, and then waiting a week to see if anything comes back. There's this wonderful new invention... you may have heard of it, although in my experience, an awful lot of Internet geeks refuse to use it. Why, I don't really know. Actually, here is a rare photo of a geek actually using one: http://farm1.static.flickr.com/5/5040260_a2c426a753.jpg So, you know, if you get a hijacking report, maybe, just maybe, could you please, please, please pick up the phone and make a call and just even try to see if the POC is alive or dead? http://farm4.static.flickr.com/3433/3176717757_20515698bf.jpg ======= [1] See also: "Sir Humphrey Appleby"
On Oct 1, 2010, at 8:08 PM, Ronald F. Guilmette wrote:
1) You folks _are_ already (apparently) making some efforts... at least as of this last summer, but perhaps also earlier... to ``validate'' (is that the word you would use?) POC contacts. I know because I've lately seen quite a number of your POC contact records (from the WHOIS data base) that have a very helpful annotation attached to them, saying quite directly and explicitly, that ARIN has been unable to verify or make contact with this POC or that POC. So you are already passing judgement on the validity and/or probable invalidity of things in your data base.
Yes, we're attempting to validate contacts per the policy which the community set (ARIN Network Resource Policy Manual, section 3.6 - https://www.arin.net/policy/nrpm.html#three6)
And more, you are making your determinations public, via the data base itself. I'm not quite sure how it constitutes such a big leap to merely extend what you are already doing in the way of validating POCs and just impute the exact same level of confidence, or lack thereof, to IP block and/or AS records which are associated with unverifiable/uncontactable POCs... a set which you are already making serious efforts to delineate anyway.
We will shortly be providing a "list of number resources with no valid POC" for those who desire it (per the current bulk Whois policy.)
If you can put an annotation into a whois records for a POC, saying explicity that you can't get ahold of this person, then it would seem to me to be a rather trivial matter of programming to transplant a very similar sort of annotation into each and every IP block or AS record that has that same specific POC record as one of its associated POC records, either Admin, or Technical, or whatever.
Also a nice idea, and one that I've taken as a formal suggestion for improvement.
...
2) You are already (apparently) processing _some_ certain flavors of ``fraud reports'' that come in to you via that nice fancy web form you folks built and put up on the ARIN web site... you know... the one with the nice (and misleading) introduction that entices people like me to take the time to use it enter reports about incidents that have traditionally been called around these parts ``hijacking''.
(Note: That's the word that _you_ used on your web site to say what should be reported via the form. Was I a fool to take you at your word? Let me be clear... I am *not* *not* *not* encouraging you to simply redact/delete that word from your web site. No no! Rather I hope to encourage you/ARIN to actually accept and at least investigate reports of _all_ flavors of what we around here used to call good old fashioned ``hijacking'', regardless of whether the perp was gracious enough to also make your choice clearer by dicking with the relevant WHOIS records or not.)
Your understanding of our fraud process is correct, and presently the only form of "hijacking" which we have the ability to correct is address blocks where the organization have been changed contrary to policy. To address your follow-on question, our determinations are indeed definitive and we correct the WHOIS database accordingly.
I think you can see where I'm going with this. You have, I think, tried to demur (is that the right word?) on ARIN's behalf, from _either_ investigating or, subsequently, from issuing any kind of ``determination'' as regards to whether a given block is being routed by the party or parties who ought to be routing it, or by some uninvited interloper.
Incorrect. We determine whether an entry for an address block in WHOIS has been changed contrary to community-adopted policy. This means carefully reviewing the information supplied on the associated change requests and various corresponding public records. *None of it related to whether a given party should be routing a given address block*
... So no, please *do not* go around ``revoking resources''... whatever the hell that means. Certainly, if some half-dead, left-for-dead dot-bomb company has a /18, and if your records still say that they have a /18, then they still have a /18. Period. And if then, some hijacker punk criminal comes along and starts routing that /18... well... he's a shmuck, and ought to be dealt with. But the old Dot-Bomb semi-defunct company still does ``own'' (please excuse my use of that terminology, which I'm sure you won't approve) that block. So you shouldn't be ``revoking'' anything. That's not what any of this is about.
Semi-defunct firms may hold address blocks, but address blocks assigned to fully defunct organizations are returned to the free pool per community policy.
All I want from ARIN, and all I expect from ARIN, in cases like these are (a) at least some willingness and effort expended to investigate and (2) at least *some sort* of (perhaps minimalist) public statement to the effect of ``Look folks, we've looked at this, and in our opinion, what's going on here just doesn't look kosher.''
The good news is that if you're referring to investigation of errant entries in WHOIS, we currently do expend effort to investigate and correct. In order for ARIN to investigate and annotate address blocks according to their state in the routing tables, it would take a very clear mandate from the community. You can suggest such a policy if you feel strongly about this; the process to to so is shown here: https://www.arin.net/policy/pdp_appendix_b.html /John John Curran President and CEO ARIN
We will shortly be providing a "list of number resources with no valid POC" for those who desire it (per the current bulk Whois policy.)
If you can put an annotation into a whois records for a POC, saying explicity that you can't get ahold of this person, then it would seem to me to be a rather trivial matter of programming to
transplant
a very similar sort of annotation into each and every IP block or AS record that has that same specific POC record as one of its associated POC records, either Admin, or Technical, or whatever.
Also a nice idea, and one that I've taken as a formal suggestion for improvement.
Those two things would be enough for me for the numbers covered by agreement, the legacy issue is a tougher nut. There should be some sort of requirement that any network being announced have a valid point of contact. Whose jurisdiction that would fall under for a global Internet beats me.
On Oct 1, 2010, at 8:20 PM, George Bonser wrote:
We will shortly be providing a "list of number resources with no valid POC" for those who desire it (per the current bulk Whois policy.)
If you can put an annotation into a whois records for a POC, saying explicity that you can't get ahold of this person, then it would seem to me to be a rather trivial matter of programming to transplant a very similar sort of annotation into each and every IP block or AS record that has that same specific POC record as one of its associated POC records, either Admin, or Technical, or whatever.
Also a nice idea, and one that I've taken as a formal suggestion for improvement.
Those two things would be enough for me for the numbers covered by agreement, the legacy issue is a tougher nut. There should be some sort of requirement that any network being announced have a valid point of contact. Whose jurisdiction that would fall under for a global Internet beats me.
It's an individual decision of each organization choosing to accept and further pass along the route. Like it or not, there is not "THE INTERNET" there is a set of independent networks operating under a commonly agreed framework of protocols. Each network operator is free to accept, deny, or otherwise handle any traffic they wish on any basis they choose. This is the greatest strength of the internet. It is also it's most exploitable weakness in some ways. However, changing it would fundamentally destroy much of it's usefulness and resilience as a tool for the democratization of communication. As such, I must oppose any such move to apply greater central authority. Owen
It's an individual decision of each organization choosing to accept
and
further pass along the route.
Like it or not, there is not "THE INTERNET" there is a set of independent networks operating under a commonly agreed framework of protocols. Each network operator is free to accept, deny, or otherwise handle any traffic they wish on any basis they choose.
This is the greatest strength of the internet. It is also it's most exploitable weakness in some ways. However, changing it would fundamentally destroy much of it's usefulness and resilience as a tool for the democratization of communication. As such, I must oppose any such move to apply greater central authority.
Owen
Of course, and I absolutely agree with that so long as the individual operators have the information they need to make those individual decisions. And that is the goal. Having information as to which resource have no valid points of contact and what other resources are associated with that invalid POC might be useful to some when some traffic crosses their net or reaches their other resources that causes problems.
John, Let me thank you yet again for devoting your personal time (on a Friday night no less) to responding to me concerns. I may not always agree with you, but I appreciate the effort, and the consideration. In message <4DB05053-FCD4-4459-B226-991435E90C65@arin.net>, John Curran <jcurran@arin.net> wrote:
We will shortly be providing a "list of number resources with no valid POC" for those who desire it (per the current bulk Whois policy.)
But I think you understand that I was suggesting something that's readily accessible, even to the Great Unwashed Masses, within the individual WHOIS records... not exclusive to just your ordained bulk whois clientel. You did get that, right?
If you can put an annotation into a whois records for a POC, saying explicity that you can't get ahold of this person, then it would seem to me to be a rather trivial matter of programming to transplant a very similar sort of annotation into each and every IP block or AS record that has that same specific POC record as one of its associated POC records, either Admin, or Technical, or whatever.
Also a nice idea, and one that I've taken as a formal suggestion for improvement.
Thank you.
Your understanding of our fraud process is correct, and presently the only form of "hijacking" which we have the ability to correct...
Well, now, as Ronald Regan used to say ``There you go again!'' I've tried to be clear. I'll try again. Many many many people have told me, off-list, and even before this conver- sation, that you folks can't change the routing table, and that even if you could, most probably would never want you to exercise that authority. So I do fully understand where the weight of public opinion falls along that particular axis. Believe me, I do. But please do try to understand me. I was not asking you to ``correct'' any hijacking incident. You can't. So let's just agree on that, and also agree that that is not what we are even talking about. What I said was ``annotate'' and/or ``announce'' and/or ``make _some_ sort of public statement or comment''. This, I think, would not be straying so substantially outside of your charter than anybody would ever beat you up over it, especially if you folks exercised the kind of caution and careful investigation which I believe you are more than capable of, and if you thence only made public ``This is really fishy looking'' type comments when your internal investigations have shown that yes, indeed, this one really looks, smells, and tastes pretty darn awful. (And frankly, I think this would apply to all four of the cases I have written about here recently.) So have I been unambiguously clear now? I neither want nor expect you to ``correct'' anything. That sort of thing, I would agree, is not your job. But I don't think that fact implies that either you personally, or ARIN as an organization have any kind of formal responsibility to behave as blind deaf mutes with no opinions whatsoever, at any time, about anything. Some people would tell you that its a free country, and that you have a right to an opinion. I guess what I'm saying is that when it comes to ARIN, and allegations of hijacking of number resources that you have been chartered to administer, you have not merely a right, but actually a _responsibility_ to an opinion. And you should formulate it, and state it, publically, when the need arises, which is to say whenever you receive a credible allegation of the misappropriation of number resources that lie within your portfolio.
I think you can see where I'm going with this. You have, I think, tried to demur (is that the right word?) on ARIN's behalf, from _either_ investigating or, subsequently, from issuing any kind of ``determination'' as regards to whether a given block is being routed by the party or parties who ought to be routing it, or by some uninvited interloper.
Incorrect. We determine whether an entry for an address block in WHOIS has been changed contrary to community-adopted policy. This means carefully reviewing the information supplied on the associated change requests and various corresponding public records. *None of it related to whether a given party should be routing a given address block*
Right. You may perhaps not have realized it, but I do believe that you actually just _agreed_ completely with what I said just above. At present, you decline to even look at things that don't involve the fiddling of WHOIS records. Somebody could be murdered in the next room, and you would decline to investigate that too, because the community hasn't explicitly chartered you to do that. I understand your position, and I think I may even understand what motivates it... like maybe years and years of having your own constituency beat you about the head and neck whenever you try to do even the smallest, kindest, and most generous and well-meaning things if they... the herd of cats... haven't explicity approved of you doing it, themselves, in writing, and in triplicate. But to say I understand your position, and to say that I can even under- stand what I believe motivates it, is not to say that I agree with it. I don't in this case. I think you are perhaps not in quite such a tightly fitting straight-jacket... created for you by your primary constiuency, the ISPs... as you make out, and that you do actually have some freedom to Do The Right Thing, especially in cases like these blatant hijacking incidents. But I also believe that you have made a private personal and concious decision not to touch any of this with a ten foot pole, because years of surviving in the kind of highly politically contentious job you have has taught you to never stick your neck out, even a little bit, even for an unambiguously good cause, unless what you plan to do or say (or what you plan to eat for lunch, or when you plan to breath) has already been approved, in triplicate, by the whole of the ARIN membership. I'm quite sure that that is the only practical and viable way to survive, long term, in a highly political job like your's. However I am equally sure that it is unhealthy for any human being to live in a straight-jacket for years at time, with no let-up. So despite you protestations to the contrary, I will say again that I think you have not only a right, but a responsibility to express an opinion on matters critically affecting the number resources that you are tasked to shepard... matters such as blatant hijacking of those resources by crooks... and that the same goes for ARIN, as an organization, and that furthermore, you do a disservice to the community, to your office, and yes, even to yourself as an intelligent, concious, living, growing human being when you hold your tongue on important matters simply because you have not been officially and formally bidden to speak. And you _don't_ always do that, consistantly and always, anyway. In fact right now, within this very exchange you and I have been having, you have expressed yourself in ways that, I feel sure, were not explicitly or specifically sanctioned by your board or your membership, yes? But you have shown yourself to be fully fit and able to express these opinions of your's anyway, as part of your reasonable exercise of your executive discretion, in your pursuit of what you believe to be the community's best interests. That is correct, isn't it? That's why you are here, arguing with me on a Friday evening, when we both should probably be doing something else. You are expressing your opinion, about certain matters relating to your job, and you are doing so in ways that you feel are supportive of the community which you serve... not with every sylable you utter having to have been be pre-approved... not with your corporate counsel looking over your shoulder at every keystroke. You're a bright guy, and a leader among men. You have an opinion, and you are expressing it, for the good of the community. Marvlous! I say Bravo! Just please explain to me how you taking a public position here, tonite, in this conversation with me... a position which you take and speak about and defend as part of your executive discretion, as the leader of ARIN, in what you hope will be its best interests and those of the community... is really all that different from what _I_ have requested you to do? i.e. take a position... a public position... on matters affecting your job and the resources you oversee, in the best interests of the community. I think you get my drift, because it isn't really all that subtle a point I am making. I don't think that you can have it both ways. I don't think that you can express your opinions, forcefully and eloquently, here with me, on a Friday night... as I believe you are free to do, within the limits of your executive discretion... but then go in to work on Monday morning and claim that you have been obliged to check all of your opinions at the door on the way in, and that both your and your organization are likewise obliged by protocol to remain utterly mute until cocktail hour, when you are off the clock and on your own time, even when it comes to matters as serious as raw blatant theft and hijacking... acts which deface and besmirch the very community you are sworn to protect. (Well, ok. Please _do_ allow me just a tiny bit of literary license, alright? They have Richard III on the IFC channel just now, and Shakespere in my general vicinity always makes my prose rather prolix.) Sigh. I feel sure that I haven't convinced you to bite off even just this tiny additional bit of authority/responsibility and stake it out as part of the turf that goes quite naturally with your executive discretion... discretion which you must be afforded, like it or not, by your constituency, in order for you to do your job. I'm sure that you have thought too long and too hard about your job, and what it takes to survive in it, long term, to be beguiled at this point by even the most evocative of retorical flourishes. But I will count myself as having been successful if I have at least caused you to think a bit more... not about what freedom you have to ``do'', but about what freedom I believe you have to speak, and to speak and express opinions in ways that benefit the community far more than your silence would (or does).
``Look folks, we've looked at this, and in our opinion, what's going on here just doesn't look kosher.''
The good news is that if you're referring to investigation of errant entries in WHOIS, we currently do expend effort to investigate and correct. In order for ARIN to investigate and annotate address blocks according to their state in the routing tables, it would take a very clear mandate from the community.
So you have said. So you have repeated. I am still not buying that you are nearly as handcuffed as you say you are, because if nothing else, you would have found it impossible to type this e-mail that I am responding to if you had actually been wearing the kinds of handcuffs you claim, i.e. ones which prevent you from even just expressing opinions on important and relevant matters.
You can suggest such a policy if you feel strongly about this; the process to to so is shown here: https://www.arin.net/policy/pdp_appendix_b.html
Thank you. I may perhaps do so. But I am not at all heartened to believe that doing so would be likely to have any effect, given that you have not evinced even the slightest hint, during this exchange of any actual desire to have your portfolio enhanced in this specific way. (And I think that your vote would, quite rightly, outweigh any others when it comes to such questions, i.e. those affecting the scope of your authority and responsibility.) In short, I leave discouraged, but unbowed. At least I know who _not_ to expend time reporting certain very naughty things to now, and I guess that is a small step forward, as it will save me some time which I can better spend actually chasing more of these hijacking weasles to ground. Regards, rfg
In message <17104.1285997192@tristatelogic.com>, I wrote:
If you can put an annotation into a whois records for a POC, saying explicity that you can't get ahold of this person, then it would seem to me to be a rather trivial matter of programming to transplant a very similar sort of annotation into each and every IP block or AS record that has that same specific POC record as one of its associated POC records, either Admin, or Technical, or whatever.
Also a nice idea, and one that I've taken as a formal suggestion for improvement.
I see now that I really need to back up a couple of steps here and ask John for something which is, in a way, entirely different from what I have asked for so far. (See above.) And in fact, this one ought to be as EASY AS PIE for ARIN to implement, since it would appear that they are ALREADY DOING IT. I asked John for a ``new'' kind of ``this is not quite right'' annotation within AS and IP block whois records. *And* I asked him to make these annotations public, right within the public WHOIS records... *not* just within some special, semi-secret feed of some special, semi-secret version of the WHOIS data base. So while I was looking at the WHOIS records for the set of blocks that were (apparently now past tense) being 'jacked by AS14202 earlier today (Saturday) I happened to come across the following annotation in one of the relevant IP block WHOIS records (but _only_ one): Comment: The information for this network has been reported to Comment: be invalid. ARIN has attempted to obtain updated data, but has Comment: been unsuccessful. To provide current contact information, Comment: please e-mail hostmaster@arin.net. YESSS! This is exactly the kind of thing I have been asking for! But more to the point, this is the exact kind of thing that (very bizzarely) John Curran just told me that he would accept as, in effect, and enhancement request... AS IF IT DIDN'T ALREADY EXIST, or as if ARIN wasn't already doing this exact thing. (See the WHOIS for NET-204-89-0-0-1, which, as we speak, contains the above helpful annotation.) So OK, John... Can you explain yourself... please? Why did you say you were accepting my request into your suggestion box, when it appears that ARIN has already been doing exactly the thing I asked for... even if only haphazardly, in a disorganized way, and only within a limited number of cases? I googled for some of the verbage in the above notice, and I got over 9,000 hits. So obviously, this notice that's present within the WHOIS record for NET-204-89-0-0-1... and many many many others... isn't a ``one off''. You ARIN folks have apparently already placed that same annotaion in lots and lots of AS and IP block records. Maybe you haven't been doing it _lately_ or perhaps maybe you haven't been doing it _consistantly_, but that's a hell of a different thing that just playing dumb and/or saying (or implying) that ARIN has never done it at all, don't you agree John? So let's get down to brass tacks here. John, you can see the annotation that's present within the WHOIS record for NET-204-89-0-0-1 just as well as I can. And you obviously don't have any trouble with understanding the English language, and the annotation is clear and straightforward. ARIN has been unable to verify the POC. And this annotation is _not_ just on the POC record itself. It is on an IP block WHOIS record. This is _exactly_ what I was asking for. ARIN has clearly already been doing it, so there's no need for a whole new study committee, an environmental impact statement, circulation of proposals, sub-committee delegation, advancement of the proposal back to the super-committee for re-review, recirculation, republication, balloting, re-balloting, amendment, etc., etc., etc., in other words all of the bullshit bureaucratic stumbling blocks that bureaucrats... like my favorite, Sir Humphrey Appleby... put up as road- blocks to even the smallest and simplest bit of forward movement. I'll say it again, because I don't want there to be any misunderstanding: Clearly, ARIN has already been doing this... putting in these WHOIS record annotations. I have LOTS of example of that. So now, John, did someone ever expressely *withdraw* ARIN's permission to create and attach these exact sorts of annotations? If so, who, and when? If not, then the ball's in your court John, and your choice is simple, I think: Do you want to do something simple... something that ARIN quite obviously already has permission to do... or do you want to be Sir Humphrey Appleby and smother this small simple idea in its crib with layer upon layer of bureaucracy? If the latter, then I have every confidence that you are skilled enough to succeed at erecting an impenetrable wall of bureaucracy. If the former however, then when should we expect to start seeing these annotations in _all_ of the IP block and AS WHOIS records that have uncontactable POCs... a set which ARIN has, apparently, already identified, in spades. (If your staff can't get this done in a week, then please do contact me off list, because I'm quite sure that _I_ can do it in a half an hour, in Perl... and I'd be only too happy to volunteer my time for this good cause.) You might well ask ``What would be the point of all this? What would be the use?'' The point and the usefulness is that if these kinds of annotations are present within AS and IP block WHOIS records, then guys like the poor overworked, well-meaning manager of Colosseum.com (AS19842) who I spoke to earlier today about his customer, AS14202, and all of the hijacked IP space it was announcing would be able to see at a glance that something isn't right. And who knows? Maybe even if those annotations were in there for all of the blocks that are _still_ being hijacked by AS6061 and AS10392, even as we speak, then maybe it would be just a little less easy for companies like Beyond The Network America to play dumb, and to act like they don't know exactly what's really going on here. And that would be helpful. Regards, rfg
On Oct 3, 2010, at 3:51 AM, Ronald F. Guilmette wrote:
So while I was looking at the WHOIS records for the set of blocks that were (apparently now past tense) being 'jacked by AS14202 earlier today (Saturday) I happened to come across the following annotation in one of the relevant IP block WHOIS records (but _only_ one):
Comment: The information for this network has been reported to Comment: be invalid. ARIN has attempted to obtain updated data, but has Comment: been unsuccessful. To provide current contact information, Comment: please e-mail hostmaster@arin.net.
YESSS! This is exactly the kind of thing I have been asking for!
But more to the point, this is the exact kind of thing that (very bizzarely) John Curran just told me that he would accept as, in effect, and enhancement request... AS IF IT DIDN'T ALREADY EXIST, or as if ARIN wasn't already doing this exact thing. (See the WHOIS for NET-204-89-0-0-1, which, as we speak, contains the above helpful annotation.)
While I knew that we were building the list (as required by policy) of netblocks without any valid contact info, I was not aware that the entries would also be nicely annotated in WHOIS as shown above. Congrats, Ron, whatever your favorite holiday is, it comes early this year. /John John Curran President and CEO ARIN
In message <3070D3C0-513D-4CB9-8EC2-EB22CA52AE59@arin.net>, John Curran <jcurran@arin.net> wrote:
On Oct 3, 2010, at 3:51 AM, Ronald F. Guilmette wrote:
Comment: The information for this network has been reported to Comment: be invalid. ARIN has attempted to obtain updated data, but has Comment: been unsuccessful. To provide current contact information, Comment: please e-mail hostmaster@arin.net.
... While I knew that we were building the list (as required by policy) of netblocks without any valid contact info, I was not aware that the entries would also be nicely annotated in WHOIS as shown above.
Congrats, Ron, whatever your favorite holiday is, it comes early this year.
Sorry to be so dense, but I need to ask this explicitly: So is that a "yes"? Is that a "Yes, ARIN will begin immeditely putting these annotations into all of the AS and IP records associated with POCs we already know are uncontactable" ? If so, can you provide a rough time estimate for completion? (Note that I said ``rough''. Whatever you might say, I won't hold you to it. I'd just sort-of like to know that this isn't going to be dead last on the priority list at your place... because, as I think you can tell, I certainly believe that it is important, and very very timely, because the recent evidence suggests that the hijacking epidemic is getting out of control, and this might help to staunch the bleeding a little bit.) Regards, rfg P.S. To be entirely honest, the only instances I have seen so far of the annotation above look to me to have been placed in the relevant WHOIS records perhaps six or more years ago. I'm just saying John that if what I posted makes you believe that your staff are creating/installing these annotations _today_ ... well... check with them before assuming that, because the only ones I've seen look to be kinda old. I certainly hope that if this is something that ARIN _was_ doing and then _stopped_ doing that you'll start up again, in a very big way. But like I say, I'm not really sure that your people have created any of these things _recently_, i.e. in the past several years (but if that's true, I sure hope you'll change that toot sweet). P.P.S. If you can get this one thing done, then I'll sing your praises and take back all of the bad things I said when I was in the mood to rant and rave. This isn't as good as having a cop sitting there watching the global routing table all day, but it would be a damn good second place prize, and something I could live with (and not bitch so much). And of course, it has the great advantage of being something that actually looks do-able, politically (which, as everybody and his brother has explained to me, having a ``cop'' to watch the global routing table isn't).
On Oct 3, 2010, at 5:15 AM, Ronald F. Guilmette wrote:
Is that a "Yes, ARIN will begin immeditely putting these annotations into all of the AS and IP records associated with POCs we already know are uncontactable" ?
That's a "No". I'd say "Yes" to "Is ARIN is implementing the policy at NRPM 3.6, Annual Whois POC Validation?"
If so, can you provide a rough time estimate for completion?
We will provide an update for implementation of policy NRPM 3.6 at Public Policy & Meeting on this week, and I'd be happy to email you same if you don't have a chance to participate onsite or remotely. /John John Curran President and CEO ARIN
In message <C62F9BEA-A1C0-449F-8A3F-585F51CAA8A1@arin.net>, John Curran <jcurran@arin.net> wrote:
On Oct 3, 2010, at 5:15 AM, Ronald F. Guilmette wrote:
Is that a "Yes, ARIN will begin immeditely putting these annotations into all of the AS and IP records associated with POCs we already know are uncontactable" ?
That's a "No".
I'd say "Yes" to "Is ARIN is implementing the policy at NRPM 3.6, Annual Whois POC Validation?"
Congratulations John. That's just about the best non-answer I've ever heard. I'm sitting here looking at your NRPM 3.6 and it says: Unresponsive POC email addresses shall be marked as such in the database. OK, Fine. So do you have a problem with ``marking those in the data base'' and specifically within the associated AS and IP block records? And if so why? And if you have a problem with that, they please explain when and why you suddenly developed a problem with it, because clearly ARIN _was_ doing this before, at some point. (And it sure looks like you are NOT doing it now.) I'd really like to know when and why ARIN stopped putting these annotations into the AS and IP block records associated with un-contactable POCs. Can you just answer me that? I mean, you know, without directing my attention to some document which also doesn't answer the question? Regards, rfg
So OK, John... Can you explain yourself... please? Why did you say you were accepting my request into your suggestion box, when it appears that ARIN has already been doing exactly the thing I asked for... even if only haphazardly, in a disorganized way, and only within a limited number of cases?
A) It is not John's suggestion box, it is ARIN's suggestion box. John is just one of the board of trustees of ARIN. B) You do not have to abuse the NANOG mailing list to make suggestions. Anyone can go to the ARIN website and make suggestions right here: https://www.arin.net/participate/acsp/index.html C) Speaking of haphazard and disorganized, you might want to review a few of your recent NANOG messages. D) ARIN runs by rules which are made in a transparent process and any member of the Internet community, can propose changes to those rules, or policies. Lots of info on the ARIN website and in the PPML mailing list where people discuss proposed policies.
ARIN has clearly already been doing it, so there's no need for a whole new study committee, an environmental impact statement, circulation of proposals, sub-committee delegation, advancement of the proposal back to the super-committee for re-review, recirculation, republication, balloting, re-balloting, amendment, etc., etc., etc., in other words all of the bullshit bureaucratic stumbling blocks that bureaucrats... like my favorite, Sir Humphrey Appleby... put up as road- blocks to even the smallest and simplest bit of forward movement.
Ah yes, forward movement. Wouldn't it be great if the powers that be just shut you up without any due process. You don't appear to know very much about how ARIN operates which is strange for someone who claims to be an expert in decoding IP address registrations.
If not, then the ball's in your court John, and your choice is simple,
Indeed it is. John should refuse to post any more messages on this list about this topic because it has absolutely nothing to do with network operations. By the way, if you try to post messages like this on the ARIN PPML list full of innuendo and character attacks, you will be booted out of there too. --Michael Dillon
participants (18)
-
bmanning@vacation.karoshi.com -
Christopher Morrow -
Dave Sparro -
David Miller -
Franck Martin -
George Bonser -
goemon@anime.net -
Heath Jones -
Jeffrey Lyon -
Jeroen Massar -
John Curran -
John Springer -
Justin M. Streiner -
Michael Dillon -
Owen DeLong -
Ricky Beam -
Ronald F. Guilmette -
William Herrin