ARIN Fraud Reporting Form ... Don't waste your time

Ronald F. Guilmette rfg at tristatelogic.com
Fri Oct 1 09:22:10 UTC 2010


So ARIN put up on their web site this fancy schmancy web form that allows
a person to report fraud relating to ARIN number resources.  Here's what
the introduction to that page says, exactly as it appears on ARIN's web
site:

     This reporting process is to be used to notify ARIN of suspected
     Internet number resource abuse including the submission of falsified
     utilization or organization information, unauthorized changes to data
     in ARIN's WHOIS, hijacking of number resources in ARIN's database, or
     fraudulent transfers.

Well, that's what it says anyway.  And being naive, I actually believed that
the folks at ARIN might actually give a rat's ass about all these kinds of
fraud that they have enumerated above.  Boy was I wrong!

I just received the response attached below to one of my earlier reports using
that form.  And I gotta tell you, its an eye opener.

Apparently the fine folks at ARIN, clever bureaucrats that they are, have
subtly but substantially redefined the specific kinds of ``fraud'' they
care to hear about and/or investigate, so that contrary to the above, mere
hijacking of ASes or IP blocks isn't actually something that they want
to hear about, much less DO anything about.

Nope!  Apparently, ARIN's fraud reporting form is only to be used for
reporting cases where somebody has fiddled one of ARIN's whois records
in a fradulent way.  If somebody just waltzes in and starts announcing a
bunch of routes to a bunch of hijacked IP space from a hijacked ASN
(or two, or three) ARIN doesn't want to hear about it.  In those rare
cases where the perp is considerate enough to ALSO fiddle the relevant
WHOIS records in some fradulent way, THEN (apparently) ARIN will get
involved, but only to the extent of re-jiggering the WHOIS record(s).
Once that's been done, they will happily leave the perp to announce
all of the fradulent routes and hijacked space he wants, in perpetuity.

Apparently, they consider the hijacking itself as being totally out of
their charter to even look at or investigate.  ONLY if a WHOIS record
has been fiddled will they give a damn, and then the only one thing they
will give a damn about will be the WHOIS record... and the rest of the
net can go to hell, because hay!  Not our problem man!

Now I _know_ full well that by posting this rant here, the usual assortment
of knuckle-walker throwbacks who still yearn for the wonderful rule-less
frontier every-man-for-himself-and-no-sherrifs fun filled days of the
old 20th Century Internet, will pipe up immediately and say `Good!
Goddammit we don't want no steekin' ARIN to be ``policing'' anything
at all.  F**k that!  Total anarchy is the best of all possible systems.'

You know what?  I don't care.  Let them come.  Let them lumber around and
scream and pound their fists and try to tell me that because *I* didn't
get onto the Internet until 1983 (or because their router can beat up
my router) that they somehow magically outrank me, and that their opinions
are God and mine are worthless.  That's quite obviously horse shit.  How
do you have a pecking order anyway in a self-avowed anarchy?  Sorry, no.
The two are not compatible.  I've got as much right to an opinion as you
do.  And until proved otherwise, mine is as valid as your's.  And my
opinion is that this sucks.  ARIN's attitude sucks.  And they are apparently
redefining the word ``fraud'' in a way that will insure that they will
have to do minimal work, and that they'll never ever have to do anything
that might be ``hard'' in the sense of possibly being the lest bit contro-
versial, you know, like telling some hijacker ``Stop doing that.''

Yes, I'm sure that there are a lot of people here who will pipe up and say
that it's just wonderful that ARIN is useless and that ARIN will do nothing.
Their anachronistic anarchist philosophy is not a philosophy.  It's merely
an abdication of responsibility, and should be seen as such.  It is just
a lazy man's way of avoiding having to think about how a society should
be organized.  It is the coward's way of avoiding making rules that some
members of the group might find controversial.

On the net, hijacking of IP space is just about the deepest kind of
violation of the commonly accepted rules of how to behave in this shared
space that I can imagine.  And now, the people who _issue_ the IP space
assignments say that they don't care to _police_ the very assignments
that they themselves have made!  Well then what's the bleeping point of
even having them or their whole bloody allocation system then?  I say
let's disband the Federal Reserve *and* ARIN, because they are all just
a bunch of useless bureaucrats at this point who are serving nobody other
than themselves.  If we are going to have anarchy, then bring it on!
Let's not have this half-assed sort of anarchy that we have now.  Let's
have the real thing!  I'm going out tomorrow and I'm going to buy me the
biggest router than I can afford.  Then I'm going to get it colocated
someplace, and then I'm going to start announcing all the routes I feel
like, and nobody will do shit about it... because its not their job man!

And some people still wonder why this planet is so f**ked up.  Geeezzz.


Regards,
rfg


P.S.  It ain't as if I'm either asking or expecting anybody from ARIN to
take a plane out to that place where the hunters shot down that cable, or
some exchange point in Bumf**k, Idaho, and with guns drawn, physically
pull the wire out of the socket.  No.  I'm *not* asking for that kind of
``policing''.  But Christ!  They could at least take a position, instead
of simply standing around with their hands in their pockets.  Is that
really too much to ask?  They could say, to everyone involved, and to
the community as a whole, ``This ain't right.  *We* maintain the official
allocation records.  In most cases, *we* made the allocations, and that
guy should NOT be announcing routes to that IP space, and he shouldn't be
announcing anything at all via that AS number, because these things ain't
his.''

That's all.  I'd just like to see them maybe take a postion.  I'm quite
sure that ARIN corporate counsel has advised them to never take a
position on anything... kind-of like Minister Hacker in "Yes, Minister",
who often hoped that the government could have NO position on anything
the least bit controversial...except with respect to things that might
erode their own power, you know, like the position that IP addresses
are not property, which they try desperately to maintain (against all
obvious facts to the contrary) as a way of keeping courts out of the
business of saying who gets what, so that they can maintain their own
total and absolute sovereignty over this shit, with no annoying judges
to get in their way.  But you know, if they won't even take a position
on a bloody blatant hijacking by low life spammer slugs and/or by others
who the spammers have paid Big Bucks to, to steal the space for them,
they really, like I said, what's the point of even having an allocation
``authority''?  (And obviously, I am using that term very very loosely
here, because they clearly only care to use their ``authority'' when it
makes everybody happy, and won't use it at all when it might make even
one lone spammer/hijacker sad.  If there is a better definition of
cowardice and abdication, I don't know what it is.)


------- Forwarded Message

Replied: Fri, 01 Oct 2010 00:49:08 -0700
Replied: hostmaster at arin.net
Return-Path: hostmaster at arin.net
Delivery-Date: Thu Sep 30 08:30:13 2010
Return-Path: <hostmaster at arin.net>
X-Original-To: rfg at tristatelogic.com
Delivered-To: rfg at tristatelogic.com
Received: from smtp1.arin.net (smtp1.arin.net [192.149.252.33])
	by segfault.tristatelogic.com (Postfix) with ESMTP id 389DDBDC34
	for <rfg at tristatelogic.com>; Thu, 30 Sep 2010 08:30:13 -0700 (PDT)
Received: by smtp1.arin.net (Postfix, from userid 323)
	id 89AD4165331; Thu, 30 Sep 2010 11:30:07 -0400 (EDT)
X-Spam-Checker-Version: SpamAssassin 3.2.5-arin1 (2008-06-10) on smtp1.arin.net
X-Spam-Level: 
X-Spam-Status: No, score=-144.2 required=5.0 tests=AWL,BAYES_00,
	FH_DATE_PAST_20XX,USER_IN_WHITELIST autolearn=no version=3.2.5-arin1
Received: from pgp.arin.net (pgp.arin.net [192.136.136.159])
	by smtp1.arin.net (Postfix) with ESMTP id 5F592165324
	for <rfg at tristatelogic.com>; Thu, 30 Sep 2010 11:30:07 -0400 (EDT)
Received: by pgp.arin.net (Postfix, from userid 688)
	id 37E9F1A8069; Thu, 30 Sep 2010 11:30:07 -0400 (EDT)
Received: from shell.arin.net (shell.arin.net [192.136.136.149])	by
 pgp.arin.net (Postfix) with ESMTP id AD3C81A8103	for
 <rfg at tristatelogic.com>; Thu, 30 Sep 2010 11:30:06 -0400 (EDT)
Received: by shell.arin.net (Postfix, from userid 2006)	id C6F5D8059;
 Thu, 30 Sep 2010 11:30:06 -0400 (EDT)
Received: from localhost (localhost [127.0.0.1])	by shell.arin.net
 (Postfix) with ESMTP id C5B0A8058;	Thu, 30 Sep 2010 11:30:06 -0400 (EDT)
Date: Thu, 30 Sep 2010 11:30:06 -0400 (EDT)
From: hostmaster at arin.net
X-X-Sender: jonw at shell.arin.net
To: rfg at tristatelogic.com
Subject: Re: [ARIN-20100928-F683] Fraud Report Confirmed
In-Reply-To: <mailbox-17204-1285704731-754558 at shell.arin.net>
Message-ID: <Pine.LNX.4.64.1009301126150.20077 at shell.arin.net>
References: <mailbox-17204-1285704731-754558 at shell.arin.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello,

Thanks for your report.

> AS11296 appears to have been hijacked.
>
> Separately and additionally, all of the IPv4 blocks currently being 
> announced by AS11296 appear to have been hijacked also:
>
> 63.247.160.0/19
> 199.241.64.0/19
> 206.226.64.0/24
> 206.226.65.0/24
> 206.226.66.0/24
> 206.226.67.0/24
> 206.226.68.0/24
> 206.226.69.0/24
> 206.226.70.0/24
> 206.226.71.0/24
> 206.226.72.0/24
> 206.226.73.0/24
> 206.226.74.0/24
> 206.226.75.0/24
> 206.226.76.0/24
> 206.226.77.0/24
> 206.226.78.0/24
> 206.226.79.0/24
> 206.226.96.0/19

We've looked through these records and can't find any unauthorized 
changes.  Do you have any further details regarding unauthorized changes 
to ARIN's Whois data?  If not, we can't take action.  We can investigate 
fraudulent changes to registration data, but we can't investigate 
fraudulent activity related to use of numbering resources (e.g. routing of 
resources by someone other than the registrant).

If you have any further questions, comments, or concerns please respond to 
this message or contact me directly.

Regards,

Jon Worley
Senior Resource Analyst
ARIN Registration Services
https://www.arin.net/
hostmaster at arin.net
703.227.0660

Are you ready for IPv6?  For information on transitioning to IPv6, see:

      https://www.arin.net/knowledge/about_resources/v6/v6.html
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)

iD8DBQFMpKz/ZKymzxl/LaURAvVuAJsFT6DZxoZ5O13SDRKWK6Lkz1yusgCdFt01
aMTBE0O/ucnRx+8rk8+QbEE=
=qqf5
- -----END PGP SIGNATURE-----

------- End of Forwarded Message





More information about the NANOG mailing list