Guardian for ARIN
Mike Leber
mleber at he.net
Fri May 2 05:44:30 UTC 2003
On Fri, 2 May 2003, Sean Donelan wrote:
> ARIN was formed, and the duties associated with IP numbers (AS and IP
> addresses) were transfered to the new ARIN. However, Guardian or some
> alternative didn't seem to get transferred. So we're back to anyone
> who can spoof the point of contacts e-mail address can make changes
> to the ARIN records.
>
> Is it time for ARIN to re-add security to their database update
> procedures?
That won't fix the immediate problem of hijacking legacy prefixes with
expired domains for contacts.
The most simplest, quickest, and easiest fix for this would be for ARIN to
strip or mark as unusuable the email address of any contact in their
database with an expired domain.
Even in the case where the expired domain is a mistake, marking the
contact invalid doesn't have adverse affect because it doesn't change the
status of the allocation, and ARIN can provide a way to resubstantiate the
email address by providing proof (i.e. documentation that is the same as
the original documentation provided for the initial allocation).
Also it would make it really obvious that there was a problem if a
customer requests to announce a prefix with a marked invalid contact.
Mike.
+----------------- H U R R I C A N E - E L E C T R I C -----------------+
| Mike Leber Direct Internet Connections Voice 510 580 4100 |
| Hurricane Electric Web Hosting Colocation Fax 510 580 4151 |
| mleber at he.net http://www.he.net |
+-----------------------------------------------------------------------+
More information about the NANOG
mailing list