[130320] in North American Network Operators' Group
Re: ARIN Fraud Reporting Form ... Don't waste your time
daemon@ATHENA.MIT.EDU (Owen DeLong)
Fri Oct 1 06:48:58 2010
From: Owen DeLong <owen@delong.com>
In-Reply-To: <7865.1285924930@tristatelogic.com>
Date: Fri, 1 Oct 2010 03:45:10 -0700
To: "Ronald F. Guilmette" <rfg@tristatelogic.com>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Ronald,
It's not so much a matter of whether ARIN cares or whether ARIN wants
to do something about your issue. It's more a matter of whether ARIN
is empowered to do anything at all about your issue.
ARIN is a registry. They don't run routers (outside of a small handfull
of them that provide certain ARIN infrastructure). They have no control
over BGP, the routing table, or anything that would be able to do =
anything
about your particular brand of issue.
What they can do something about is, indeed, things that got into the
registry data through fraud, deceit, error, omission, or other =
unintended
mechanism.
I'm sorry you're not satisfied with that fact. I'm sorry that you are =
obviously
clearly very upset by this experience. However, I think your issue stems
from a fundamental misunderstanding of the role ARIN plays in the
community vs. that of the ISPs.
It's kind of like asking a DMV representative to arrest an auto thief.
ARIN does registrations. They aren't the internet police.
Owen
On Oct 1, 2010, at 2:22 AM, Ronald F. Guilmette wrote:
>=20
> So ARIN put up on their web site this fancy schmancy web form that =
allows
> a person to report fraud relating to ARIN number resources. Here's =
what
> the introduction to that page says, exactly as it appears on ARIN's =
web
> site:
>=20
> This reporting process is to be used to notify ARIN of suspected
> Internet number resource abuse including the submission of =
falsified
> utilization or organization information, unauthorized changes to =
data
> in ARIN's WHOIS, hijacking of number resources in ARIN's database, =
or
> fraudulent transfers.
>=20
> Well, that's what it says anyway. And being naive, I actually =
believed that
> the folks at ARIN might actually give a rat's ass about all these =
kinds of
> fraud that they have enumerated above. Boy was I wrong!
>=20
> I just received the response attached below to one of my earlier =
reports using
> that form. And I gotta tell you, its an eye opener.
>=20
> Apparently the fine folks at ARIN, clever bureaucrats that they are, =
have
> subtly but substantially redefined the specific kinds of ``fraud'' =
they
> care to hear about and/or investigate, so that contrary to the above, =
mere
> hijacking of ASes or IP blocks isn't actually something that they want
> to hear about, much less DO anything about.
>=20
> Nope! Apparently, ARIN's fraud reporting form is only to be used for
> reporting cases where somebody has fiddled one of ARIN's whois records
> in a fradulent way. If somebody just waltzes in and starts announcing =
a
> bunch of routes to a bunch of hijacked IP space from a hijacked ASN
> (or two, or three) ARIN doesn't want to hear about it. In those rare
> cases where the perp is considerate enough to ALSO fiddle the relevant
> WHOIS records in some fradulent way, THEN (apparently) ARIN will get
> involved, but only to the extent of re-jiggering the WHOIS record(s).
> Once that's been done, they will happily leave the perp to announce
> all of the fradulent routes and hijacked space he wants, in =
perpetuity.
>=20
> Apparently, they consider the hijacking itself as being totally out of
> their charter to even look at or investigate. ONLY if a WHOIS record
> has been fiddled will they give a damn, and then the only one thing =
they
> will give a damn about will be the WHOIS record... and the rest of the
> net can go to hell, because hay! Not our problem man!
>=20
> Now I _know_ full well that by posting this rant here, the usual =
assortment
> of knuckle-walker throwbacks who still yearn for the wonderful =
rule-less
> frontier every-man-for-himself-and-no-sherrifs fun filled days of the
> old 20th Century Internet, will pipe up immediately and say `Good!
> Goddammit we don't want no steekin' ARIN to be ``policing'' anything
> at all. F**k that! Total anarchy is the best of all possible =
systems.'
>=20
> You know what? I don't care. Let them come. Let them lumber around =
and
> scream and pound their fists and try to tell me that because *I* =
didn't
> get onto the Internet until 1983 (or because their router can beat up
> my router) that they somehow magically outrank me, and that their =
opinions
> are God and mine are worthless. That's quite obviously horse shit. =
How
> do you have a pecking order anyway in a self-avowed anarchy? Sorry, =
no.
> The two are not compatible. I've got as much right to an opinion as =
you
> do. And until proved otherwise, mine is as valid as your's. And my
> opinion is that this sucks. ARIN's attitude sucks. And they are =
apparently
> redefining the word ``fraud'' in a way that will insure that they will
> have to do minimal work, and that they'll never ever have to do =
anything
> that might be ``hard'' in the sense of possibly being the lest bit =
contro-
> versial, you know, like telling some hijacker ``Stop doing that.''
>=20
> Yes, I'm sure that there are a lot of people here who will pipe up and =
say
> that it's just wonderful that ARIN is useless and that ARIN will do =
nothing.
> Their anachronistic anarchist philosophy is not a philosophy. It's =
merely
> an abdication of responsibility, and should be seen as such. It is =
just
> a lazy man's way of avoiding having to think about how a society =
should
> be organized. It is the coward's way of avoiding making rules that =
some
> members of the group might find controversial.
>=20
> On the net, hijacking of IP space is just about the deepest kind of
> violation of the commonly accepted rules of how to behave in this =
shared
> space that I can imagine. And now, the people who _issue_ the IP =
space
> assignments say that they don't care to _police_ the very assignments
> that they themselves have made! Well then what's the bleeping point =
of
> even having them or their whole bloody allocation system then? I say
> let's disband the Federal Reserve *and* ARIN, because they are all =
just
> a bunch of useless bureaucrats at this point who are serving nobody =
other
> than themselves. If we are going to have anarchy, then bring it on!
> Let's not have this half-assed sort of anarchy that we have now. =
Let's
> have the real thing! I'm going out tomorrow and I'm going to buy me =
the
> biggest router than I can afford. Then I'm going to get it colocated
> someplace, and then I'm going to start announcing all the routes I =
feel
> like, and nobody will do shit about it... because its not their job =
man!
>=20
> And some people still wonder why this planet is so f**ked up. =
Geeezzz.
>=20
>=20
> Regards,
> rfg
>=20
>=20
> P.S. It ain't as if I'm either asking or expecting anybody from ARIN =
to
> take a plane out to that place where the hunters shot down that cable, =
or
> some exchange point in Bumf**k, Idaho, and with guns drawn, physically
> pull the wire out of the socket. No. I'm *not* asking for that kind =
of
> ``policing''. But Christ! They could at least take a position, =
instead
> of simply standing around with their hands in their pockets. Is that
> really too much to ask? They could say, to everyone involved, and to
> the community as a whole, ``This ain't right. *We* maintain the =
official
> allocation records. In most cases, *we* made the allocations, and =
that
> guy should NOT be announcing routes to that IP space, and he shouldn't =
be
> announcing anything at all via that AS number, because these things =
ain't
> his.''
>=20
> That's all. I'd just like to see them maybe take a postion. I'm =
quite
> sure that ARIN corporate counsel has advised them to never take a
> position on anything... kind-of like Minister Hacker in "Yes, =
Minister",
> who often hoped that the government could have NO position on anything
> the least bit controversial...except with respect to things that might
> erode their own power, you know, like the position that IP addresses
> are not property, which they try desperately to maintain (against all
> obvious facts to the contrary) as a way of keeping courts out of the
> business of saying who gets what, so that they can maintain their own
> total and absolute sovereignty over this shit, with no annoying judges
> to get in their way. But you know, if they won't even take a position
> on a bloody blatant hijacking by low life spammer slugs and/or by =
others
> who the spammers have paid Big Bucks to, to steal the space for them,
> they really, like I said, what's the point of even having an =
allocation
> ``authority''? (And obviously, I am using that term very very loosely
> here, because they clearly only care to use their ``authority'' when =
it
> makes everybody happy, and won't use it at all when it might make even
> one lone spammer/hijacker sad. If there is a better definition of
> cowardice and abdication, I don't know what it is.)
>=20
>=20
> ------- Forwarded Message
>=20
> Replied: Fri, 01 Oct 2010 00:49:08 -0700
> Replied: hostmaster@arin.net
> Return-Path: hostmaster@arin.net
> Delivery-Date: Thu Sep 30 08:30:13 2010
> Return-Path: <hostmaster@arin.net>
> X-Original-To: rfg@tristatelogic.com
> Delivered-To: rfg@tristatelogic.com
> Received: from smtp1.arin.net (smtp1.arin.net [192.149.252.33])
> by segfault.tristatelogic.com (Postfix) with ESMTP id 389DDBDC34
> for <rfg@tristatelogic.com>; Thu, 30 Sep 2010 08:30:13 -0700 =
(PDT)
> Received: by smtp1.arin.net (Postfix, from userid 323)
> id 89AD4165331; Thu, 30 Sep 2010 11:30:07 -0400 (EDT)
> X-Spam-Checker-Version: SpamAssassin 3.2.5-arin1 (2008-06-10) on =
smtp1.arin.net
> X-Spam-Level:=20
> X-Spam-Status: No, score=3D-144.2 required=3D5.0 tests=3DAWL,BAYES_00,
> FH_DATE_PAST_20XX,USER_IN_WHITELIST autolearn=3Dno =
version=3D3.2.5-arin1
> Received: from pgp.arin.net (pgp.arin.net [192.136.136.159])
> by smtp1.arin.net (Postfix) with ESMTP id 5F592165324
> for <rfg@tristatelogic.com>; Thu, 30 Sep 2010 11:30:07 -0400 =
(EDT)
> Received: by pgp.arin.net (Postfix, from userid 688)
> id 37E9F1A8069; Thu, 30 Sep 2010 11:30:07 -0400 (EDT)
> Received: from shell.arin.net (shell.arin.net [192.136.136.149]) =
by
> pgp.arin.net (Postfix) with ESMTP id AD3C81A8103 for
> <rfg@tristatelogic.com>; Thu, 30 Sep 2010 11:30:06 -0400 (EDT)
> Received: by shell.arin.net (Postfix, from userid 2006) id =
C6F5D8059;
> Thu, 30 Sep 2010 11:30:06 -0400 (EDT)
> Received: from localhost (localhost [127.0.0.1]) by =
shell.arin.net
> (Postfix) with ESMTP id C5B0A8058; Thu, 30 Sep 2010 11:30:06 -0400 =
(EDT)
> Date: Thu, 30 Sep 2010 11:30:06 -0400 (EDT)
> From: hostmaster@arin.net
> X-X-Sender: jonw@shell.arin.net
> To: rfg@tristatelogic.com
> Subject: Re: [ARIN-20100928-F683] Fraud Report Confirmed
> In-Reply-To: <mailbox-17204-1285704731-754558@shell.arin.net>
> Message-ID: <Pine.LNX.4.64.1009301126150.20077@shell.arin.net>
> References: <mailbox-17204-1285704731-754558@shell.arin.net>
> MIME-Version: 1.0
> Content-Type: TEXT/PLAIN; charset=3DUS-ASCII; format=3Dflowed
>=20
> - -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>=20
> Hello,
>=20
> Thanks for your report.
>=20
>> AS11296 appears to have been hijacked.
>>=20
>> Separately and additionally, all of the IPv4 blocks currently being=20=
>> announced by AS11296 appear to have been hijacked also:
>>=20
>> 63.247.160.0/19
>> 199.241.64.0/19
>> 206.226.64.0/24
>> 206.226.65.0/24
>> 206.226.66.0/24
>> 206.226.67.0/24
>> 206.226.68.0/24
>> 206.226.69.0/24
>> 206.226.70.0/24
>> 206.226.71.0/24
>> 206.226.72.0/24
>> 206.226.73.0/24
>> 206.226.74.0/24
>> 206.226.75.0/24
>> 206.226.76.0/24
>> 206.226.77.0/24
>> 206.226.78.0/24
>> 206.226.79.0/24
>> 206.226.96.0/19
>=20
> We've looked through these records and can't find any unauthorized=20
> changes. Do you have any further details regarding unauthorized =
changes=20
> to ARIN's Whois data? If not, we can't take action. We can =
investigate=20
> fraudulent changes to registration data, but we can't investigate=20
> fraudulent activity related to use of numbering resources (e.g. =
routing of=20
> resources by someone other than the registrant).
>=20
> If you have any further questions, comments, or concerns please =
respond to=20
> this message or contact me directly.
>=20
> Regards,
>=20
> Jon Worley
> Senior Resource Analyst
> ARIN Registration Services
> https://www.arin.net/
> hostmaster@arin.net
> 703.227.0660
>=20
> Are you ready for IPv6? For information on transitioning to IPv6, =
see:
>=20
> https://www.arin.net/knowledge/about_resources/v6/v6.html
> - -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.6 (GNU/Linux)
>=20
> iD8DBQFMpKz/ZKymzxl/LaURAvVuAJsFT6DZxoZ5O13SDRKWK6Lkz1yusgCdFt01
> aMTBE0O/ucnRx+8rk8+QbEE=3D
> =3Dqqf5
> - -----END PGP SIGNATURE-----
>=20
> ------- End of Forwarded Message
>=20
