ARIN Fraud Reporting Form ... Don't waste your time

Owen DeLong owen at delong.com
Fri Oct 1 10:45:10 UTC 2010


Ronald,

It's not so much a matter of whether ARIN cares or whether ARIN wants
to do something about your issue. It's more a matter of whether ARIN
is empowered to do anything at all about your issue.

ARIN is a registry. They don't run routers (outside of a small handfull
of them that provide certain ARIN infrastructure). They have no control
over BGP, the routing table, or anything that would be able to do anything
about your particular brand of issue.

What they can do something about is, indeed, things that got into the
registry data through fraud, deceit, error, omission, or other unintended
mechanism.

I'm sorry you're not satisfied with that fact. I'm sorry that you are obviously
clearly very upset by this experience. However, I think your issue stems
from a fundamental misunderstanding of the role ARIN plays in the
community vs. that of the ISPs.

It's kind of like asking a DMV representative to arrest an auto thief.
ARIN does registrations. They aren't the internet police.

Owen

On Oct 1, 2010, at 2:22 AM, Ronald F. Guilmette wrote:

> 
> So ARIN put up on their web site this fancy schmancy web form that allows
> a person to report fraud relating to ARIN number resources.  Here's what
> the introduction to that page says, exactly as it appears on ARIN's web
> site:
> 
>     This reporting process is to be used to notify ARIN of suspected
>     Internet number resource abuse including the submission of falsified
>     utilization or organization information, unauthorized changes to data
>     in ARIN's WHOIS, hijacking of number resources in ARIN's database, or
>     fraudulent transfers.
> 
> Well, that's what it says anyway.  And being naive, I actually believed that
> the folks at ARIN might actually give a rat's ass about all these kinds of
> fraud that they have enumerated above.  Boy was I wrong!
> 
> I just received the response attached below to one of my earlier reports using
> that form.  And I gotta tell you, its an eye opener.
> 
> Apparently the fine folks at ARIN, clever bureaucrats that they are, have
> subtly but substantially redefined the specific kinds of ``fraud'' they
> care to hear about and/or investigate, so that contrary to the above, mere
> hijacking of ASes or IP blocks isn't actually something that they want
> to hear about, much less DO anything about.
> 
> Nope!  Apparently, ARIN's fraud reporting form is only to be used for
> reporting cases where somebody has fiddled one of ARIN's whois records
> in a fradulent way.  If somebody just waltzes in and starts announcing a
> bunch of routes to a bunch of hijacked IP space from a hijacked ASN
> (or two, or three) ARIN doesn't want to hear about it.  In those rare
> cases where the perp is considerate enough to ALSO fiddle the relevant
> WHOIS records in some fradulent way, THEN (apparently) ARIN will get
> involved, but only to the extent of re-jiggering the WHOIS record(s).
> Once that's been done, they will happily leave the perp to announce
> all of the fradulent routes and hijacked space he wants, in perpetuity.
> 
> Apparently, they consider the hijacking itself as being totally out of
> their charter to even look at or investigate.  ONLY if a WHOIS record
> has been fiddled will they give a damn, and then the only one thing they
> will give a damn about will be the WHOIS record... and the rest of the
> net can go to hell, because hay!  Not our problem man!
> 
> Now I _know_ full well that by posting this rant here, the usual assortment
> of knuckle-walker throwbacks who still yearn for the wonderful rule-less
> frontier every-man-for-himself-and-no-sherrifs fun filled days of the
> old 20th Century Internet, will pipe up immediately and say `Good!
> Goddammit we don't want no steekin' ARIN to be ``policing'' anything
> at all.  F**k that!  Total anarchy is the best of all possible systems.'
> 
> You know what?  I don't care.  Let them come.  Let them lumber around and
> scream and pound their fists and try to tell me that because *I* didn't
> get onto the Internet until 1983 (or because their router can beat up
> my router) that they somehow magically outrank me, and that their opinions
> are God and mine are worthless.  That's quite obviously horse shit.  How
> do you have a pecking order anyway in a self-avowed anarchy?  Sorry, no.
> The two are not compatible.  I've got as much right to an opinion as you
> do.  And until proved otherwise, mine is as valid as your's.  And my
> opinion is that this sucks.  ARIN's attitude sucks.  And they are apparently
> redefining the word ``fraud'' in a way that will insure that they will
> have to do minimal work, and that they'll never ever have to do anything
> that might be ``hard'' in the sense of possibly being the lest bit contro-
> versial, you know, like telling some hijacker ``Stop doing that.''
> 
> Yes, I'm sure that there are a lot of people here who will pipe up and say
> that it's just wonderful that ARIN is useless and that ARIN will do nothing.
> Their anachronistic anarchist philosophy is not a philosophy.  It's merely
> an abdication of responsibility, and should be seen as such.  It is just
> a lazy man's way of avoiding having to think about how a society should
> be organized.  It is the coward's way of avoiding making rules that some
> members of the group might find controversial.
> 
> On the net, hijacking of IP space is just about the deepest kind of
> violation of the commonly accepted rules of how to behave in this shared
> space that I can imagine.  And now, the people who _issue_ the IP space
> assignments say that they don't care to _police_ the very assignments
> that they themselves have made!  Well then what's the bleeping point of
> even having them or their whole bloody allocation system then?  I say
> let's disband the Federal Reserve *and* ARIN, because they are all just
> a bunch of useless bureaucrats at this point who are serving nobody other
> than themselves.  If we are going to have anarchy, then bring it on!
> Let's not have this half-assed sort of anarchy that we have now.  Let's
> have the real thing!  I'm going out tomorrow and I'm going to buy me the
> biggest router than I can afford.  Then I'm going to get it colocated
> someplace, and then I'm going to start announcing all the routes I feel
> like, and nobody will do shit about it... because its not their job man!
> 
> And some people still wonder why this planet is so f**ked up.  Geeezzz.
> 
> 
> Regards,
> rfg
> 
> 
> P.S.  It ain't as if I'm either asking or expecting anybody from ARIN to
> take a plane out to that place where the hunters shot down that cable, or
> some exchange point in Bumf**k, Idaho, and with guns drawn, physically
> pull the wire out of the socket.  No.  I'm *not* asking for that kind of
> ``policing''.  But Christ!  They could at least take a position, instead
> of simply standing around with their hands in their pockets.  Is that
> really too much to ask?  They could say, to everyone involved, and to
> the community as a whole, ``This ain't right.  *We* maintain the official
> allocation records.  In most cases, *we* made the allocations, and that
> guy should NOT be announcing routes to that IP space, and he shouldn't be
> announcing anything at all via that AS number, because these things ain't
> his.''
> 
> That's all.  I'd just like to see them maybe take a postion.  I'm quite
> sure that ARIN corporate counsel has advised them to never take a
> position on anything... kind-of like Minister Hacker in "Yes, Minister",
> who often hoped that the government could have NO position on anything
> the least bit controversial...except with respect to things that might
> erode their own power, you know, like the position that IP addresses
> are not property, which they try desperately to maintain (against all
> obvious facts to the contrary) as a way of keeping courts out of the
> business of saying who gets what, so that they can maintain their own
> total and absolute sovereignty over this shit, with no annoying judges
> to get in their way.  But you know, if they won't even take a position
> on a bloody blatant hijacking by low life spammer slugs and/or by others
> who the spammers have paid Big Bucks to, to steal the space for them,
> they really, like I said, what's the point of even having an allocation
> ``authority''?  (And obviously, I am using that term very very loosely
> here, because they clearly only care to use their ``authority'' when it
> makes everybody happy, and won't use it at all when it might make even
> one lone spammer/hijacker sad.  If there is a better definition of
> cowardice and abdication, I don't know what it is.)
> 
> 
> ------- Forwarded Message
> 
> Replied: Fri, 01 Oct 2010 00:49:08 -0700
> Replied: hostmaster at arin.net
> Return-Path: hostmaster at arin.net
> Delivery-Date: Thu Sep 30 08:30:13 2010
> Return-Path: <hostmaster at arin.net>
> X-Original-To: rfg at tristatelogic.com
> Delivered-To: rfg at tristatelogic.com
> Received: from smtp1.arin.net (smtp1.arin.net [192.149.252.33])
> 	by segfault.tristatelogic.com (Postfix) with ESMTP id 389DDBDC34
> 	for <rfg at tristatelogic.com>; Thu, 30 Sep 2010 08:30:13 -0700 (PDT)
> Received: by smtp1.arin.net (Postfix, from userid 323)
> 	id 89AD4165331; Thu, 30 Sep 2010 11:30:07 -0400 (EDT)
> X-Spam-Checker-Version: SpamAssassin 3.2.5-arin1 (2008-06-10) on smtp1.arin.net
> X-Spam-Level: 
> X-Spam-Status: No, score=-144.2 required=5.0 tests=AWL,BAYES_00,
> 	FH_DATE_PAST_20XX,USER_IN_WHITELIST autolearn=no version=3.2.5-arin1
> Received: from pgp.arin.net (pgp.arin.net [192.136.136.159])
> 	by smtp1.arin.net (Postfix) with ESMTP id 5F592165324
> 	for <rfg at tristatelogic.com>; Thu, 30 Sep 2010 11:30:07 -0400 (EDT)
> Received: by pgp.arin.net (Postfix, from userid 688)
> 	id 37E9F1A8069; Thu, 30 Sep 2010 11:30:07 -0400 (EDT)
> Received: from shell.arin.net (shell.arin.net [192.136.136.149])	by
> pgp.arin.net (Postfix) with ESMTP id AD3C81A8103	for
> <rfg at tristatelogic.com>; Thu, 30 Sep 2010 11:30:06 -0400 (EDT)
> Received: by shell.arin.net (Postfix, from userid 2006)	id C6F5D8059;
> Thu, 30 Sep 2010 11:30:06 -0400 (EDT)
> Received: from localhost (localhost [127.0.0.1])	by shell.arin.net
> (Postfix) with ESMTP id C5B0A8058;	Thu, 30 Sep 2010 11:30:06 -0400 (EDT)
> Date: Thu, 30 Sep 2010 11:30:06 -0400 (EDT)
> From: hostmaster at arin.net
> X-X-Sender: jonw at shell.arin.net
> To: rfg at tristatelogic.com
> Subject: Re: [ARIN-20100928-F683] Fraud Report Confirmed
> In-Reply-To: <mailbox-17204-1285704731-754558 at shell.arin.net>
> Message-ID: <Pine.LNX.4.64.1009301126150.20077 at shell.arin.net>
> References: <mailbox-17204-1285704731-754558 at shell.arin.net>
> MIME-Version: 1.0
> Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
> 
> - -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Hello,
> 
> Thanks for your report.
> 
>> AS11296 appears to have been hijacked.
>> 
>> Separately and additionally, all of the IPv4 blocks currently being 
>> announced by AS11296 appear to have been hijacked also:
>> 
>> 63.247.160.0/19
>> 199.241.64.0/19
>> 206.226.64.0/24
>> 206.226.65.0/24
>> 206.226.66.0/24
>> 206.226.67.0/24
>> 206.226.68.0/24
>> 206.226.69.0/24
>> 206.226.70.0/24
>> 206.226.71.0/24
>> 206.226.72.0/24
>> 206.226.73.0/24
>> 206.226.74.0/24
>> 206.226.75.0/24
>> 206.226.76.0/24
>> 206.226.77.0/24
>> 206.226.78.0/24
>> 206.226.79.0/24
>> 206.226.96.0/19
> 
> We've looked through these records and can't find any unauthorized 
> changes.  Do you have any further details regarding unauthorized changes 
> to ARIN's Whois data?  If not, we can't take action.  We can investigate 
> fraudulent changes to registration data, but we can't investigate 
> fraudulent activity related to use of numbering resources (e.g. routing of 
> resources by someone other than the registrant).
> 
> If you have any further questions, comments, or concerns please respond to 
> this message or contact me directly.
> 
> Regards,
> 
> Jon Worley
> Senior Resource Analyst
> ARIN Registration Services
> https://www.arin.net/
> hostmaster at arin.net
> 703.227.0660
> 
> Are you ready for IPv6?  For information on transitioning to IPv6, see:
> 
>      https://www.arin.net/knowledge/about_resources/v6/v6.html
> - -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.6 (GNU/Linux)
> 
> iD8DBQFMpKz/ZKymzxl/LaURAvVuAJsFT6DZxoZ5O13SDRKWK6Lkz1yusgCdFt01
> aMTBE0O/ucnRx+8rk8+QbEE=
> =qqf5
> - -----END PGP SIGNATURE-----
> 
> ------- End of Forwarded Message
> 





More information about the NANOG mailing list