ARIN Fraud Reporting Form ... Don't waste your time
John Curran
jcurran at arin.net
Fri Oct 1 18:21:48 UTC 2010
On Oct 1, 2010, at 5:22 AM, Ronald F. Guilmette wrote:
>
> Nope! Apparently, ARIN's fraud reporting form is only to be used for
> reporting cases where somebody has fiddled one of ARIN's whois records
> in a fradulent way. If somebody just waltzes in and starts announcing a
> bunch of routes to a bunch of hijacked IP space from a hijacked ASN
> (or two, or three) ARIN doesn't want to hear about it.
Ron -
You note the following:
> They could say, to everyone involved, and to the community as a whole,
> ``This ain't right. *We* maintain the official allocation records.
> In most cases, *we* made the allocations, and that guy should NOT be
> announcing routes to that IP space, and he shouldn't be announcing
> anything at all via that AS number, because these things ain't his.''
At present, ARIN doesn't review the routing of address space to see
if an allocation made to party is being announced by another party.
>From your emails, I'm guess that you'd like ARIN to do so.
I've run several several ISPs and a hosting firm, and I'm not quite
sure how ARIN can definitively know that any of the AS#'s involved
should or should not be routing a given network block. There are
some heuristics that will suggest something is "fishy" about use of
a network block, but are you actually suggesting that ARIN would
revoke resources as a result of that?
> In those rare
> cases where the perp is considerate enough to ALSO fiddle the relevant
> WHOIS records in some fradulent way, THEN (apparently) ARIN will get
> involved, but only to the extent of re-jiggering the WHOIS record(s).
> Once that's been done, they will happily leave the perp to announce
> all of the fradulent routes and hijacked space he wants, in perpetuity.
Correct. We will revoke the address space, but I'm uncertain what else
you suggest we do... could you elaborate here?
/John
John Curran
President and CEO
ARIN
More information about the NANOG
mailing list