In message <MWHPR09MB1504F1CDEEB104E38F66501AA4D60@MWHPR09MB1504.namprd09.prod. outlook.com>, Brandon Price <PriceB@SherwoodOregon.gov> wrote:

<snip>

1) On or about 02-17-2010 HHSI, Inc. (California) transfered the registration of the 216.179.128.0/17 block from itself to the 2009 vintage Delaware entity Azuki, LLC. If this is what happened, then it is likely that the transfer was performed in violation of the applicable ARIN trasfer policy that was in force at the time. (Azuki, LLC did not simply buy-out HHSI, Inc., lock, stock, and barrel in 2010. California records show that HHSI, Inc. continued to be an active California corporation until at least 02/12/2014, and probably well beyond that date.)

The Arin policy in affect at the time of the transfer would absolutely allow this as an 8.2 mergers and acquisitions sale. There is no policy requirement for a "lock, stock, and barrel" buy-out as you say.

...

From the 2010.1 version published 13 JAN 2010, ref: https://www.arin.net/va= ult/policy/archive/nrpm_20100113.pdf

"ARIN will consider requests for the transfer of number resources in the case of mergers and acquisitions upon receipt of evidence that the new entity has acquired the assets which had, as of the date of the acquisition or proposed reorganization, justified the current entity's use of the number resource. Examples of assets that justify use of the number resource include, but are not limited to: * Existing customer base * Qualified hardware inventory"

So they bought the customers and routers that were using that /17. What's the big deal?

Firstly, there is no clear evidence that I am aware of that there are any "customers" per se in this case. Spamhaus has, in effect, judged the entire 216.179.128.0/17 block as being just one big spamming operation, and I personally have no reason at this instant to take issue with that judgement. (Please note also that a generally reliable source informs me that Spamhaus has had this SBL listing for the entire 216.179.128.0/17 block active and in place since circa 2010-03-02, i.e. a full 9 years now.) So anyway, in this case we are really only talking about equipment and not "customers" per se. If I am wrong about that, please post the evidence. Second and more to the point, I think that you and I have dramatically different understandings of the plain meanings of the terms "merger" and "aquisition". The evidence indicates that HHSI, Inc. neither merged with nor was aquired by Azuki, LLC. Rather, HHSI continued to have, and to actively maintain its own separate legal existance through at least 2014... several years *after* the moment in time, on or about 02-17-2010, when the -apparent- ownership of the 216.179.128.0/17 block (going by the WHOIS records) somehow magically passed from HHSI, Inc. to Azuki, LLC. It is not my understanding of mergers and/or aquisitions that the merged (or acquired) entity continues to have and maintain a separate legal existance from the other merged (or acquiring) entity following the merger or acquisition. You, it seems, may have a different conception. Theoretically, HHSI, Inc may have been acquired by Azuki, LLC and may have then become a wholly owned subsidiary of Azuki, LLC. This would explain it's continued, simultaneous, and parallel legal existance in the years 2010 through 2014, along with Azuki, LLC. But even if this rather remote possibility applied, it would still not serve to explain the apparent 2010 transfer of the 216.179.128.0/17 block from the wholly owned subsidary to the parent entity. Why would such a transfer be either necessary or even desirable? And how would such a transfer comport with the ARIN transfer regulations in place at the time? Those regulations, as you have quoted them, DO NOT obviously sanction transfers from subsidiaries to parent entities in cases where both survive as separate legal entities. And it is not even in the least bit clear that there even was any such parent/subsididiary relationship between these two corporate entities at the time of the transfer. But in answer to your larger question, "What's the big deal?", the answer is that -all- WHOIS records for -all- IP address blocks adminstered by -all- RIRs are fundementally unvetted and thus untrustworthy. This one case is a clear and blatant example of that fundemental problem with the way all RIRs are behaving. As far as I am aware, no RIR makes any effort whatsoever to vet changes to WHOIS records, either for IP blocks or ASNs or ORG records. (And this fact was abundantly evident in the Micfo fraud case, where the man behind that fiddled the majority of the street address and other contact information appearing in the public-facing WHOIS records for the blocks assigned to his various phony baloney shell companies in a now-obvious attempt to mislead both the public and also anti-abuse investigators.) Someday soon, because of policies in place at all of the RIRs, you're going to get some spam, or a hack attempt from a specific IP address, and when you go to look up the registrant of the containing IP address block you're going to find out that it is registered to Bozo the Clown, whose mailing address is 1600 Pennsylvania Ave., Washington D.C. and whose contact office phone number is 1-734-930-3030. (Google it.) Worse, that utterly bogus information may appear in the WHOIS record for the ASN that is currently announcing more specifics for parts of YOUR address space. If you don't see any of this as an actual problem. then please just forget I mentioned it. Regards, rfg