Botnets buying up IPv4 address space

Owen DeLong owen at
Sat Oct 8 01:15:30 UTC 2011

On Oct 7, 2011, at 4:47 PM, Benson Schliesser wrote:

> The important outcome is that transfers are documented. Making it easier for sellers to update Whois (so it points to the buyer) will encourage documentation.  If "needs justification" is ever a disincentive to update Whois, then it will discourage documentation.
> Granted, a seller that doesn't update Whois should be more worried about the reputation of the buyer. But regardless, it is incorrect to assume that "needs justification" will prevent bad actors from acquiring address blocks. Even bad actors can justify their need, and some of them might even (*gasp*) lie about it in order to get what they want. The result would look like a normal transfer (with justified need, a Whois update, etc) and yet would result in a bad actor becoming an address holder.

True, however, the existence of bad actors encourages documentation even
if one needs to comply with needs basis, which has many other benefits to the

Documentation is NOT the highest single purpose of ARIN and eliminating
community developed policy in favor of some mythical incentive towards

Indeed, there is actually no evidence to support the theory that organizations
that transfer outside of needs basis would choose to document those transfers
through ARIN even if that requirement were removed.

Likely if we removed needs basis, we would see the same level of undocumented
transfers, but, with the added detriments of speculative address hoarding, higher
artificial valuations of integers, etc.


> Cheers,
> -Benson
> On Oct 7, 2011, at 6:08 PM, Jimmy Hess wrote:
>> On Fri, Oct 7, 2011 at 1:11 PM, Joly MacFie <joly at> wrote:
>>> I'd welcome comments as to solutions to this. Or is it just scaremongering?
>> Probably scaremongering... but it does raise an interesting thought.
>> It provides another argument why RIRs don't need to abandon justified
>> need as a mandatory
>> criteria for transferring addresses to specified recipients out of
>> fear that  legacy and other
>> holders will engage in "unofficial" sales and transfers that they
>> intentionally fail to record via WHOIS.
>> The legacy holder/unofficial transferror would be putting the
>> reputation of their entire address block,
>> and their other allocations at risk;  if the buyer eventually hands
>> some of the unofficial allocation
>> to a spammer, either by accident, or intentionally, doesn't matter.
>> The holder of addresses that unofficially transferred them, could have
>> some major headaches,
>> including service-affecting headaches to their network...  just to
>> sell  spare IP addresses faster for
>> a few extra bucks;   when there is a legitimate process available
>> that doesn't have that risk?
>>> j
>> --
>> -JH

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2105 bytes
Desc: not available
URL: <>

More information about the NANOG mailing list