Guardian for ARIN

Mike Leber mleber at
Fri May 2 05:44:30 UTC 2003

On Fri, 2 May 2003, Sean Donelan wrote:
> ARIN was formed, and the duties associated with IP numbers (AS and IP
> addresses) were transfered to the new ARIN.  However, Guardian or some
> alternative didn't seem to get transferred.  So we're back to anyone
> who can spoof the point of contacts e-mail address can make changes
> to the ARIN records.
> Is it time for ARIN to re-add security to their database update
> procedures?

That won't fix the immediate problem of hijacking legacy prefixes with
expired domains for contacts.

The most simplest, quickest, and easiest fix for this would be for ARIN to
strip or mark as unusuable the email address of any contact in their
database with an expired domain.

Even in the case where the expired domain is a mistake, marking the
contact invalid doesn't have adverse affect because it doesn't change the
status of the allocation, and ARIN can provide a way to resubstantiate the
email address by providing proof (i.e. documentation that is the same as
the original documentation provided for the initial allocation).

Also it would make it really obvious that there was a problem if a
customer requests to announce a prefix with a marked invalid contact.


+----------------- H U R R I C A N E - E L E C T R I C -----------------+
| Mike Leber           Direct Internet Connections   Voice 510 580 4100 |
| Hurricane Electric     Web Hosting  Colocation       Fax 510 580 4151 |
| mleber at                              |

More information about the NANOG mailing list