[130360] in North American Network Operators' Group
Re: ARIN Fraud Reporting Form ... Don't waste your time
daemon@ATHENA.MIT.EDU (John Curran)
Fri Oct 1 14:22:36 2010
From: John Curran <jcurran@arin.net>
To: "Ronald F. Guilmette" <rfg@tristatelogic.com>
Date: Fri, 1 Oct 2010 14:21:48 -0400
In-Reply-To: <7865.1285924930@tristatelogic.com>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Oct 1, 2010, at 5:22 AM, Ronald F. Guilmette wrote:
>=20
> Nope! Apparently, ARIN's fraud reporting form is only to be used for
> reporting cases where somebody has fiddled one of ARIN's whois records
> in a fradulent way. If somebody just waltzes in and starts announcing a
> bunch of routes to a bunch of hijacked IP space from a hijacked ASN
> (or two, or three) ARIN doesn't want to hear about it. =20
Ron -=20
=20
You note the following:
> They could say, to everyone involved, and to the community as a whole,=20
> ``This ain't right. *We* maintain the official allocation records. =20
> In most cases, *we* made the allocations, and that guy should NOT be=20
> announcing routes to that IP space, and he shouldn't be announcing=20
> anything at all via that AS number, because these things ain't his.''
At present, ARIN doesn't review the routing of address space to see=20
if an allocation made to party is being announced by another party.=20
>From your emails, I'm guess that you'd like ARIN to do so.
I've run several several ISPs and a hosting firm, and I'm not quite=20
sure how ARIN can definitively know that any of the AS#'s involved=20
should or should not be routing a given network block. There are=20
some heuristics that will suggest something is "fishy" about use of=20
a network block, but are you actually suggesting that ARIN would=20
revoke resources as a result of that?
> In those rare
> cases where the perp is considerate enough to ALSO fiddle the relevant
> WHOIS records in some fradulent way, THEN (apparently) ARIN will get
> involved, but only to the extent of re-jiggering the WHOIS record(s).
> Once that's been done, they will happily leave the perp to announce
> all of the fradulent routes and hijacked space he wants, in perpetuity.
Correct. We will revoke the address space, but I'm uncertain what else
you suggest we do... could you elaborate here?
/John
John Curran
President and CEO
ARIN
