On 4/28/2003 at 9:32 AM, billmojo at wrote:

> Our client wants to purchase a number of IPv4 addresses.  Yes we know ARIN
> allocates them but many people have had problems routing the new addresses
> and we don't have the time for those sort of problems.

<sarcasm on>

Why settle for a few /24's, when you can have the whole enchilada
for pennys on the dollar!

Like many of our convicted felons^W^Wfriends in the criminal
trespassing^Wemail business, the new strategy to help yourself to a
few /16's without stupid questions being asked is now:

- scan the routing tables for /16-size holes in space that has been
  assigned in the timeframe 1989 through 1995.
- determine if said "hole" is registered with any relevant address space
  registry (ARIN,RIPE,APNIC, but LACNIC need not apply), and the space
  is not routed.
- determine if all registered POCs for the space are dead by way of
  the domains having expired
- spend less than $10 to re-register the "missing" domains, using the
  original contact details (and persons) still listed in the IP space
- eventually change the POCs for the address space to your liking
- voila. substantially more IP space than you wanted in the first place.
- slice & dice, and sell the space in /20 chunks to those highest-bidding
  Florida state-prison buddies of yours, many of which have found new ways
  of making a living without tipping the hands of their parole officers
  (in way too obvious ways). Gee, don't you love Florida: all you can
  expect there for, say: a cocaine trafficking charge is parole after
  14 months served out of your 3-year-sentence. And carrying drivers
  licenses is optional, the same seems to be true for gun permits.
- find yourself some nice, conspiring providers like AS 6453, 14551, 6939
  or 10910 who will find nothing (or hardly anything, given the lack
  of abuse complaints implicating the space) wrong by you (for example)
  announcing IP space belonging to a german steel mill from some god-
  forgotten swamp in Panama. Like: that steel mill must have moved, yeah.


Makes you wonder how some providers' (paging AS 10910!) business due
diligence process works: they do a credit check, pull the D&B report,
they confirm the service address (occasionally with a visit by a sales
person), but then fail to notice that the prefix filter installed for
the customer has a few /16's and more /19's from a few other /16's in
it, where the address space registration bears no resemblance with reality,
following the pattern in the point list above, and has little if any
legitimacy that you and I could possibly see.

I am sure you can figure out the likely operational impact resulting from
appearance of hijacked/stolen IP space just about now. AS 16506 is routing
VPN tunnel endpoints for Al-Qaeda, you said? you surely must be joking, or
it's a really bad rumor not reflecting reality, Sir...


