Lightly used IP addresses

bmanning at bmanning at
Sat Aug 14 20:40:53 UTC 2010

On Sat, Aug 14, 2010 at 12:32:50PM -0700, David Conrad wrote:
> Bill,
> On Aug 14, 2010, at 8:51 AM, bmanning at wrote:
> > 	In the formal ARIN context, there is a distiction between abuse and fraud.
> > 
> > 	abuse::
> This is a FAQ for folks who are accusing ARIN of abuse of network. With the possible exception of the last item in that FQA, it has nothing to do with the topic at hand.
> > 	fraud::
> This is the mechanism by which one reports fraud.  
> > 	It would be helpful in clarifing the discussion if folks used the proper
> > 	terminology.
> Can you point to where ARIN defines exactly what they consider "abuse" and/or "fraud"?
> Thanks,
> -drc

	The AC accepted draft proposal below has a definition of abuse in #b

Draft Policy 2010-11
Required Resource Reviews

Version/Date: 20 July 2010

Policy statement:

Replace the text "under sections 4-6" in section 12, paragraph 7 with
"under paragraphs 12.4 through 12.6"

Add to section 12 the following text:

10. Except as provided below, resource reviews are conducted at the
discretion of the ARIN staff. In any of the circumstances mentioned
below, a resource review must be initiated by ARIN staff:

a. Report or discovery of an acquisition, merger, transfer, trade or
sale in which the infrastructure and customer base of a network move
from one organization to another organization, but, the applicable IP
resources are not transferred. In this case, the organization retaining
the IP resources must be reviewed. The organization receiving the
customers may also be reviewed at the discretion of the ARIN staff.

b. Upon receipt by ARIN of one or more credible reports of fraud or
abuse of an IP address block. Abuse shall be defined as use of the block
in violation of the RSA or other ARIN policies and shall not extend to
include general reports of host conduct which are not within ARIN's scope.

	While fraud is outlined here:

Version 1.2 - 18 November 2009

This reporting process is to be used to notify ARIN of suspected Internet number resource abuse  including the submission of falsified utilization or organization information, unauthorized changes to data in ARIN's WHOIS, hijacking of number resources in ARIN's database, or fraudulent transfers.

This reporting process is NOT for reporting illegal or fraudulent Internet activity like network abuse, phishing, spam, identity theft, hacking, scams, or any other activity unrelated to the scope of ARIN's mission.


	so fraud, from ARINs perspective seems to be:

	- submitting falsified untilization or org info
	- unauthorized changes to the data in ARINs whois
	- hijacking number resources in ARINs database
	- fraudulent transfers

a kewpie doll for the first one to point out the circular dependencies!  :)


More information about the NANOG mailing list