ARIN Fraud Reporting Form ... Don't waste your time

Fri Oct 1 13:07:50 UTC 2010

On Fri, Oct 01, 2010 at 08:47:29AM -0400, David Miller wrote:
> 
> As to what ARIN can 'do' about addresses that are unused/abandoned and 
> later hijacked...
> 
> ARIN delegates Reverse DNS for every allocation that they make.  Address 
> blocks that are reported, investigated, and determined to be 
> unused/abandoned could be delegated to special ARIN name servers that 
> merely returned the following for any reverse DNS query:
> 
> z.y.x.w.in-addr.arpa.  172800  IN   PTR  
> do.not.accept.anything.from.this.abandoned.address.space
> 
> This is something that ARIN *could* easily do technically.  Admittedly, 
> this would require reporting and investigation that I am uncertain 
> whether or not ARIN is empowered/funded to do.  This would also require 
> a process be put in place for removing allocations from the delegation 
> to the unused/abandoned reverse DNS servers...
> 
> -DM
> 

	Goodness me - I've seen that trick before.  Worked for 
	about 15 minutes before I had legal camped out in the office.
	Pulled it shortly there after.

	I -think- what you are really after is the (fairly) new rPKI
	pilot - where there are crypto-keys tied to each delegated
	prefix.  If the keys are valid, then ARIN (or other RIR) has
	"sanctioned" thier use.  No or Bad crypto, then the RIR has
	some concerns about the resource.  

	the downside to this is that the RIR can effectivey cut off 
	someone who would otherwise be in good standing.  Sort of 
	removes a level of independence in network operations.  Think
	of what happens when (due to backhoe-fade, for instance) you
	-can't- get to the RIR CA to validate your prefix crypto?  Do
	you drop the routes?  Or would you prefer a more resilient
	and robust solution?  YMMV here, depending on whom you are
	willing to trust as both a reputation broker -AND- as the prefix
	police.

	The idea is that the crypto is harder to forge.  DNS forging
	is almost as easy as prefix "borrowing".


--bill