Why are paper LOAs still used?

• Previous message (by thread): Why are paper LOAs still used?
• Next message (by thread): Why are paper LOAs still used?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

  There is one purpose:  to facilitate IP fraud, and maintain currently fraudulently routed IPs.

  Anyone can dummy up a LOA.  And there is still quite a lot of unrouted IP space.  VPS providers know this, and know their customers are submitting fake LOAs.  But it is sort of the business VPS providers are in.

  Is it some sort of serious crime in the US though?  Well, just submit the LOA from outside the US.  Plus, the entity being defrauded is the IP holder, not the VPS provider or their customer.  If you are an IP holder, good luck getting the VPS provider to give you a copy of the fake LOA.  It is not in their interest to throw their customers under the bus.  You would have to give them a court order.  So if you look for unrouted IP space, registered to a non-US organization (ex. Canada), and submit a fake LOA from another country (London, UK for instance), you are unlikely to get tracked down for wire fraud.

  And you might ask, well, why would a VPS provider accept an LOA from the UK for an IP block registered to a Canadian organization?  Well, clearly it isn’t in the VPS provider’s interest to look into the LOAs too much.  As long as the IP space is unrouted, they will approve it.  The LOA is basically just a liability shield for the VPS provider.  It is not a crime to be deceived, though the due diligence beggars belief.

  So I had this happen.  There was a /24 being hijacked by a VPS provider.  I told them this was fraud, and they asked me if I wanted to “rescind the LOA”.  I told them I never gave them a LOA.  They dropped the /24 immediately.  They refused to provide a copy of the LOA.  So pretty hard to pursue any sort of wire fraud charges.

  So a VPS provider asking for a paper LOA is basically asking you to lie to them, to protect them from liability.  They will just drop the IP prefix if there is any contact from the actual IP holder.



Tom



> On Feb 26, 2024, at 10:57 AM, Seth Mattinen via NANOG <nanog at nanog.org> wrote:
> 
> Why do companies still insist on, or deploy new systems that rely on paper LOA for IP and ASN resources? How can this be considered more trustworthy than RIR based IRR records?
> 
> And I'm not even talking about old companies, I have a situation right now where a VPS provider I'm using will no longer use IRR and only accepts new paper LOAs. In the year 2024. I don't understand how anyone can go backwards like that.
> 
> ~Seth

• Previous message (by thread): Why are paper LOAs still used?
• Next message (by thread): Why are paper LOAs still used?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]