ARIN whois contact abuse from ipv4depot aka Silicon Desert International Inc
Is anyone else receiving spam from this organization? Based on the contents of the cold solicitations they are sending us, and the addresses being sent to, they have scraped ARIN WHOIS data for noc and abuse POC contact info and recent ipv4 block transfers. It's trivially easy to block their entire domain at the mail server level, of course...
Definitely have received this same spam multiple times and so have a few others I know. It's ridiculous that they resort to scraping public lists and DBs to try and achieve what they're attempting to do. Regards, Peter Potvin | Executive Director ------------------------------------------------------------------------------ *Accuris Technologies Ltd.* On Wed, Oct 11, 2023 at 7:52 PM Eric Kuhnke <eric.kuhnke@gmail.com> wrote:
Is anyone else receiving spam from this organization? Based on the contents of the cold solicitations they are sending us, and the addresses being sent to, they have scraped ARIN WHOIS data for noc and abuse POC contact info and recent ipv4 block transfers.
It's trivially easy to block their entire domain at the mail server level, of course...
Our organization has also received cold contact emails from this company, and their unsubscribe link doesn’t appear to have slowed them down. They now hit my junk folder. John Stitt HES Energynet On Oct 11, 2023, at 6:56 PM, Peter Potvin via NANOG <nanog@nanog.org> wrote: Definitely have received this same spam multiple times and so have a few others I know. It's ridiculous that they resort to scraping public lists and DBs to try and achieve what they're attempting to do. Regards, Peter Potvin | Executive Director ------------------------------------------------------------------------------ Accuris Technologies Ltd. On Wed, Oct 11, 2023 at 7:52 PM Eric Kuhnke <eric.kuhnke@gmail.com<mailto:eric.kuhnke@gmail.com>> wrote: Is anyone else receiving spam from this organization? Based on the contents of the cold solicitations they are sending us, and the addresses being sent to, they have scraped ARIN WHOIS data for noc and abuse POC contact info and recent ipv4 block transfers. It's trivially easy to block their entire domain at the mail server level, of course... CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe. If you are not expecting this message contact the sender directly via phone/text to verify.
It's ridiculous that they resort to scraping public lists and DBs to try and achieve what they're attempting to do.
Everyone is always looking for information they can use to advance some agenda or purpose. The internet is fertile ground for that. Always has been, always will be. Not taking shots at anyone here, but I am boggled why this is a common public complaint. Block the sender and move on. On Wed, Oct 11, 2023 at 7:56 PM Peter Potvin via NANOG <nanog@nanog.org> wrote:
Definitely have received this same spam multiple times and so have a few others I know. It's ridiculous that they resort to scraping public lists and DBs to try and achieve what they're attempting to do.
Regards, Peter Potvin | Executive Director
------------------------------------------------------------------------------ *Accuris Technologies Ltd.*
On Wed, Oct 11, 2023 at 7:52 PM Eric Kuhnke <eric.kuhnke@gmail.com> wrote:
Is anyone else receiving spam from this organization? Based on the contents of the cold solicitations they are sending us, and the addresses being sent to, they have scraped ARIN WHOIS data for noc and abuse POC contact info and recent ipv4 block transfers.
It's trivially easy to block their entire domain at the mail server level, of course...
Tom, When an ARIN member violates their agreement and spams from ARIN’s databases, it’s not just an “Internet is fertile ground” deal. It’s a betrayal of a legal trust, one that demands accountability. I’m quite happy that ARIN promptly responds to these abuses, and gets results. That only works if victims report spam and compare notes. Let the “fertile ground” be elsewhere! -mel beckman On Oct 12, 2023, at 8:49 AM, Tom Beecher <beecher@beecher.cc> wrote: It's ridiculous that they resort to scraping public lists and DBs to try and achieve what they're attempting to do. Everyone is always looking for information they can use to advance some agenda or purpose. The internet is fertile ground for that. Always has been, always will be. Not taking shots at anyone here, but I am boggled why this is a common public complaint. Block the sender and move on. On Wed, Oct 11, 2023 at 7:56 PM Peter Potvin via NANOG <nanog@nanog.org<mailto:nanog@nanog.org>> wrote: Definitely have received this same spam multiple times and so have a few others I know. It's ridiculous that they resort to scraping public lists and DBs to try and achieve what they're attempting to do. Regards, Peter Potvin | Executive Director ------------------------------------------------------------------------------ Accuris Technologies Ltd. On Wed, Oct 11, 2023 at 7:52 PM Eric Kuhnke <eric.kuhnke@gmail.com<mailto:eric.kuhnke@gmail.com>> wrote: Is anyone else receiving spam from this organization? Based on the contents of the cold solicitations they are sending us, and the addresses being sent to, they have scraped ARIN WHOIS data for noc and abuse POC contact info and recent ipv4 block transfers. It's trivially easy to block their entire domain at the mail server level, of course...
Do we know if the organizations with key Internet resources (ARIN, RIPE, PeeringDB, etc.) have any honeypots in their arsenal? Obviously, publicly knowing about it kind of defeats the purpose of it, but that might be a way to help be proactive - make fake entries with unique contact information to catch those harvesting. ----- Mike Hammett Intelligent Computing Solutions http://www.ics-il.com Midwest-IX http://www.midwest-ix.com ----- Original Message ----- From: "Mel Beckman" <mel@beckman.org> To: "Tom Beecher" <beecher@beecher.cc> Cc: "nanog@nanog.org list" <nanog@nanog.org> Sent: Thursday, October 12, 2023 11:01:20 AM Subject: Re: ARIN whois contact abuse from ipv4depot aka Silicon Desert International Inc Tom, When an ARIN member violates their agreement and spams from ARIN’s databases, it’s not just an “Internet is fertile ground” deal. It’s a betrayal of a legal trust, one that demands accountability. I’m quite happy that ARIN promptly responds to these abuses, and gets results. That only works if victims report spam and compare notes. Let the “fertile ground” be elsewhere! -mel beckman On Oct 12, 2023, at 8:49 AM, Tom Beecher <beecher@beecher.cc> wrote: <blockquote> <blockquote> It's ridiculous that they resort to scraping public lists and DBs to try and achieve what they're attempting to do. </blockquote> Everyone is always looking for information they can use to advance some agenda or purpose. The internet is fertile ground for that. Always has been, always will be. Not taking shots at anyone here, but I am boggled why this is a common public complaint. Block the sender and move on. On Wed, Oct 11, 2023 at 7:56 PM Peter Potvin via NANOG < nanog@nanog.org > wrote: <blockquote> Definitely have received this same spam multiple times and so have a few others I know. It's ridiculous that they resort to scraping public lists and DBs to try and achieve what they're attempting to do. Regards, Peter Potvin | Executive Director ------------------------------------------------------------------------------ Accuris Technologies Ltd. On Wed, Oct 11, 2023 at 7:52 PM Eric Kuhnke < eric.kuhnke@gmail.com > wrote: <blockquote> Is anyone else receiving spam from this organization? Based on the contents of the cold solicitations they are sending us, and the addresses being sent to, they have scraped ARIN WHOIS data for noc and abuse POC contact info and recent ipv4 block transfers. It's trivially easy to block their entire domain at the mail server level, of course... </blockquote> </blockquote> </blockquote>
Honestly Mike I don't think they care. I mean, most (all ?) of the registries still can't be bothered to validate the information the resource holders post to the database. Last time I asked, e.g. RIPE about it, they basically said "not my problem guv" , pointed me to some policy document that said members should provide correct details and well, that was about it. So if they don't do that, then what hope is there for them doing something about the harvesters ? ------- Original Message ------- On Thursday, October 12th, 2023 at 17:08, Mike Hammett <nanog@ics-il.net> wrote:
Do we know if the organizations with key Internet resources (ARIN, RIPE, PeeringDB, etc.) have any honeypots in their arsenal? Obviously, publicly knowing about it kind of defeats the purpose of it, but that might be a way to help be proactive - make fake entries with unique contact information to catch those harvesting.
----- Mike Hammett Intelligent Computing Solutions http://www.ics-il.com
Midwest-IX http://www.midwest-ix.com
From: "Mel Beckman" <mel@beckman.org> To: "Tom Beecher" <beecher@beecher.cc> Cc: "nanog@nanog.org list" <nanog@nanog.org> Sent: Thursday, October 12, 2023 11:01:20 AM Subject: Re: ARIN whois contact abuse from ipv4depot aka Silicon Desert International Inc
Tom, When an ARIN member violates their agreement and spams from ARIN’s databases, it’s not just an “Internet is fertile ground” deal. It’s a betrayal of a legal trust, one that demands accountability. I’m quite happy that ARIN promptly responds to these abuses, and gets results. That only works if victims report spam and compare notes. Let the “fertile ground” be elsewhere!
-mel beckman
On Oct 12, 2023, at 8:49 AM, Tom Beecher <beecher@beecher.cc> wrote:
It's ridiculous that they resort to scraping public lists and DBs to try and achieve what they're attempting to do.
Everyone is always looking for information they can use to advance some agenda or purpose. The internet is fertile ground for that. Always has been, always will be.
Not taking shots at anyone here, but I am boggled why this is a common public complaint. Block the sender and move on.
On Wed, Oct 11, 2023 at 7:56 PM Peter Potvin via NANOG <nanog@nanog.org> wrote:
Definitely have received this same spam multiple times and so have a few others I know. It's ridiculous that they resort to scraping public lists and DBs to try and achieve what they're attempting to do. Regards,Peter Potvin | Executive Director ------------------------------------------------------------------------------ Accuris Technologies Ltd.
On Wed, Oct 11, 2023 at 7:52 PM Eric Kuhnke <eric.kuhnke@gmail.com> wrote:
Is anyone else receiving spam from this organization? Based on the contents of the cold solicitations they are sending us, and the addresses being sent to, they have scraped ARIN WHOIS data for noc and abuse POC contact info and recent ipv4 block transfers. It's trivially easy to block their entire domain at the mail server level, of course...
Laura, just a couple of weeks ago, I reported and ARIN abuse here on NANOG, and ARIN responded immediately, contacting the offender and getting them to stop. The system works, and ARIN has the power to deter repeat offenders. -mel
On Oct 12, 2023, at 10:01 AM, Laura Smith via NANOG <nanog@nanog.org> wrote:
Honestly Mike I don't think they care.
I mean, most (all ?) of the registries still can't be bothered to validate the information the resource holders post to the database. Last time I asked, e.g. RIPE about it, they basically said "not my problem guv" , pointed me to some policy document that said members should provide correct details and well, that was about it.
So if they don't do that, then what hope is there for them doing something about the harvesters ?
------- Original Message -------
On Thursday, October 12th, 2023 at 17:08, Mike Hammett <nanog@ics-il.net> wrote:
Do we know if the organizations with key Internet resources (ARIN, RIPE, PeeringDB, etc.) have any honeypots in their arsenal? Obviously, publicly knowing about it kind of defeats the purpose of it, but that might be a way to help be proactive - make fake entries with unique contact information to catch those harvesting.
----- Mike Hammett Intelligent Computing Solutions http://www.ics-il.com
Midwest-IX http://www.midwest-ix.com
From: "Mel Beckman" <mel@beckman.org> To: "Tom Beecher" <beecher@beecher.cc> Cc: "nanog@nanog.org list" <nanog@nanog.org> Sent: Thursday, October 12, 2023 11:01:20 AM Subject: Re: ARIN whois contact abuse from ipv4depot aka Silicon Desert International Inc
Tom, When an ARIN member violates their agreement and spams from ARIN’s databases, it’s not just an “Internet is fertile ground” deal. It’s a betrayal of a legal trust, one that demands accountability. I’m quite happy that ARIN promptly responds to these abuses, and gets results. That only works if victims report spam and compare notes. Let the “fertile ground” be elsewhere!
-mel beckman
On Oct 12, 2023, at 8:49 AM, Tom Beecher <beecher@beecher.cc> wrote:
It's ridiculous that they resort to scraping public lists and DBs to try and achieve what they're attempting to do.
Everyone is always looking for information they can use to advance some agenda or purpose. The internet is fertile ground for that. Always has been, always will be.
Not taking shots at anyone here, but I am boggled why this is a common public complaint. Block the sender and move on.
On Wed, Oct 11, 2023 at 7:56 PM Peter Potvin via NANOG <nanog@nanog.org> wrote:
Definitely have received this same spam multiple times and so have a few others I know. It's ridiculous that they resort to scraping public lists and DBs to try and achieve what they're attempting to do. Regards,Peter Potvin | Executive Director ------------------------------------------------------------------------------ Accuris Technologies Ltd.
On Wed, Oct 11, 2023 at 7:52 PM Eric Kuhnke <eric.kuhnke@gmail.com> wrote:
Is anyone else receiving spam from this organization? Based on the contents of the cold solicitations they are sending us, and the addresses being sent to, they have scraped ARIN WHOIS data for noc and abuse POC contact info and recent ipv4 block transfers. It's trivially easy to block their entire domain at the mail server level, of course...
RIPE != ARIN RIPE has a very lessez faire attitude towards network abuse and always has. It’s rather unfortunate. ARIN, OTOH, has a clear understanding of their mandate, and they won’t pursue abuse outside of that mandate (e.g. general SPAM complaints, DDOS, etc.), but they will pursue complaints within their mandate pretty effectively (e.g. abuse of WHOIS data beyond the AUP, fraudulent address acquisition, incorrect WHOIS data, etc.) YMMV. Owen
On Oct 12, 2023, at 09:59, Laura Smith via NANOG <nanog@nanog.org> wrote:
Honestly Mike I don't think they care.
I mean, most (all ?) of the registries still can't be bothered to validate the information the resource holders post to the database. Last time I asked, e.g. RIPE about it, they basically said "not my problem guv" , pointed me to some policy document that said members should provide correct details and well, that was about it.
So if they don't do that, then what hope is there for them doing something about the harvesters ?
------- Original Message ------- On Thursday, October 12th, 2023 at 17:08, Mike Hammett <nanog@ics-il.net> wrote:
Do we know if the organizations with key Internet resources (ARIN, RIPE, PeeringDB, etc.) have any honeypots in their arsenal? Obviously, publicly knowing about it kind of defeats the purpose of it, but that might be a way to help be proactive - make fake entries with unique contact information to catch those harvesting.
----- Mike Hammett Intelligent Computing Solutions http://www.ics-il.com
Midwest-IX http://www.midwest-ix.com
From: "Mel Beckman" <mel@beckman.org> To: "Tom Beecher" <beecher@beecher.cc> Cc: "nanog@nanog.org list" <nanog@nanog.org> Sent: Thursday, October 12, 2023 11:01:20 AM Subject: Re: ARIN whois contact abuse from ipv4depot aka Silicon Desert International Inc
Tom, When an ARIN member violates their agreement and spams from ARIN’s databases, it’s not just an “Internet is fertile ground” deal. It’s a betrayal of a legal trust, one that demands accountability. I’m quite happy that ARIN promptly responds to these abuses, and gets results. That only works if victims report spam and compare notes. Let the “fertile ground” be elsewhere!
-mel beckman
On Oct 12, 2023, at 8:49 AM, Tom Beecher <beecher@beecher.cc> wrote:
It's ridiculous that they resort to scraping public lists and DBs to try and achieve what they're attempting to do.
Everyone is always looking for information they can use to advance some agenda or purpose. The internet is fertile ground for that. Always has been, always will be.
Not taking shots at anyone here, but I am boggled why this is a common public complaint. Block the sender and move on.
On Wed, Oct 11, 2023 at 7:56 PM Peter Potvin via NANOG <nanog@nanog.org> wrote:
Definitely have received this same spam multiple times and so have a few others I know. It's ridiculous that they resort to scraping public lists and DBs to try and achieve what they're attempting to do. Regards,Peter Potvin | Executive Director ------------------------------------------------------------------------------ Accuris Technologies Ltd.
On Wed, Oct 11, 2023 at 7:52 PM Eric Kuhnke <eric.kuhnke@gmail.com> wrote:
Is anyone else receiving spam from this organization? Based on the contents of the cold solicitations they are sending us, and the addresses being sent to, they have scraped ARIN WHOIS data for noc and abuse POC contact info and recent ipv4 block transfers. It's trivially easy to block their entire domain at the mail server level, of course...
* Laura Smith [Thu 12 Oct 2023, 19:01 CEST]:
I mean, most (all ?) of the registries still can't be bothered to validate the information the resource holders post to the database. Last time I asked, e.g. RIPE about it, they basically said "not my problem guv" , pointed me to some policy document that said members should provide correct details and well, that was about it.
So if they don't do that, then what hope is there for them doing something about the harvesters ?
RIPE have a policy that states members should submit correct contact details. Having spammers harvest the database discourages people from submitting correct contact details. Ergo, RIPE have a vested interest in ensuring the database doesn't get abused by spammers. Literally everybody hates spam and spammers so it's an easy choice. How an RIR would validate information, how often that should be done, and what would constitute valid information anyway is a very long discussion that has no bearing on abuse of said information. -- Niels.
On Oct 12, 2023, at 10:59, Niels Bakker <niels=nanog@bakker.net> wrote:
* Laura Smith [Thu 12 Oct 2023, 19:01 CEST]:
I mean, most (all ?) of the registries still can't be bothered to validate the information the resource holders post to the database. Last time I asked, e.g. RIPE about it, they basically said "not my problem guv" , pointed me to some policy document that said members should provide correct details and well, that was about it.
So if they don't do that, then what hope is there for them doing something about the harvesters ?
RIPE have a policy that states members should submit correct contact details. Having spammers harvest the database discourages people from submitting correct contact details. Ergo, RIPE have a vested interest in ensuring the database doesn't get abused by spammers.
And yet, at least so far, RIPE refuses to take action on such reports, ergo, apparently they don’t really care as much as you say they should. Owen
------- Original Message ------- On Thursday, October 12th, 2023 at 18:59, Niels Bakker <niels=nanog@bakker.net> wrote:
RIPE have a policy that states
Which is exactly what I said Neils. When I asked about it, they pointed me at a policy. Well hell, theoretically my company has a policy that describes zero-tolerance to spam. And yet if I published such a policy on the website, do you think spammers would adhere to it ? As for you implying it is impossible for a RIR to validate such information, just ask anyone who is a Nominet (.uk registry) member. Every year, Nominet do an audit of every member. They pull a random-sample of domains from each member and attempt to perform an automated check of end-user name and address details. If Nominet are unable to perform the automated check, then you receive an email from the Nominet compliance department asking for your assistance with a manual check (this happens rarely, Nominet's automated checks normally work). Nominet do not expect 100% perfection, there is a tolerance percentage. RIPE could do the same. And some might argue that it is easier for RIPE because all we are asking is for a valid abuse contact, so its not like Nominet who have to verify e.g. registrant company ID numbers.
Sure. I have no issues ARIN handling what is reported to them. That only works if victims report spam and compare notes.
I don't agree with the 'compare notes' part. That's ARIN's job in the processing of reports. On Thu, Oct 12, 2023 at 12:01 PM Mel Beckman <mel@beckman.org> wrote:
Tom,
When an ARIN member violates their agreement and spams from ARIN’s databases, it’s not just an “Internet is fertile ground” deal. It’s a betrayal of a legal trust, one that demands accountability. I’m quite happy that ARIN promptly responds to these abuses, and gets results. That only works if victims report spam and compare notes. Let the “fertile ground” be elsewhere!
-mel beckman
On Oct 12, 2023, at 8:49 AM, Tom Beecher <beecher@beecher.cc> wrote:
It's ridiculous that they resort to scraping public lists and DBs to try and achieve what they're attempting to do.
Everyone is always looking for information they can use to advance some agenda or purpose. The internet is fertile ground for that. Always has been, always will be.
Not taking shots at anyone here, but I am boggled why this is a common public complaint. Block the sender and move on.
On Wed, Oct 11, 2023 at 7:56 PM Peter Potvin via NANOG <nanog@nanog.org> wrote:
Definitely have received this same spam multiple times and so have a few others I know. It's ridiculous that they resort to scraping public lists and DBs to try and achieve what they're attempting to do.
Regards, Peter Potvin | Executive Director
------------------------------------------------------------------------------ *Accuris Technologies Ltd.*
On Wed, Oct 11, 2023 at 7:52 PM Eric Kuhnke <eric.kuhnke@gmail.com> wrote:
Is anyone else receiving spam from this organization? Based on the contents of the cold solicitations they are sending us, and the addresses being sent to, they have scraped ARIN WHOIS data for noc and abuse POC contact info and recent ipv4 block transfers.
It's trivially easy to block their entire domain at the mail server level, of course...
As mentioned weekly email compliance@arin.net with details. On Wed, Oct 11, 2023 at 8:58 PM Eric Kuhnke <eric.kuhnke@gmail.com> wrote:
Is anyone else receiving spam from this organization? Based on the contents of the cold solicitations they are sending us, and the addresses being sent to, they have scraped ARIN WHOIS data for noc and abuse POC contact info and recent ipv4 block transfers.
It's trivially easy to block their entire domain at the mail server level, of course...
-- - Andrew "lathama" Latham -
participants (11)
-
Andrew Latham -
Delong.com -
Eric Kuhnke -
John Stitt -
Laura Smith -
Mel Beckman -
Mike Hammett -
Niels Bakker -
Owen DeLong
-
Peter Potvin -
Tom Beecher