Notice: Fradulent RIPE ASNs

Ronald F. Guilmette rfg at tristatelogic.com
Tue Jan 15 12:35:43 UTC 2013


In message <CALKLF0-g2Ni7tZ5toUZi9Ss_VWXOBL7BAeDUBmRo1TpCSJDuYg at mail.gmail.com>
Alex Brooks <askoorb+nanog at gmail.com> you wrote:

>I notice that you
>have been cross posting this message (though not responding on list to
>replies), for example to the RIPE NCC Anti-Abuse Working Group
>(http://www.ripe.net/ripe/groups/wg/anti-abuse)

I did post (singular) the message there also, and have seen no replies
on that list that warrant any type of further follow up from me.

>Although you have already been told this elsewhere, your best step
>after contacting the Romanian CIRT

I personally have no intention of contacting the Romanian CERT (or CIRT)
for reasons I previously elaborated upon.  But by all means, please feel
free to do so yourself it you think it worthwhile.

I have done the hard work to find, flesh out, document, and verify the
problem/issue I reported on.  I have tried to warn the people who matter,
network operators and people in the RIPE area interested in network abuse
issues.  If other people feel that the message needs to be relayed to
yet more parties, then that is up to them to effectuate.  I have done
all that I plan to do on this.  (However I am willing to answer questions
put to me, e.g. from people wanting to know the specific facts that led
me to my conclusions.  That is only fair, after all.)

> is likely to be following the
>reporting procedure for the provision of untruthful information to the
>RIPE NCC at http://www.ripe.net/contact/reporting-procedure, which is
>a well defined procedure.  RIPE NCC will investigate any report
>submitted though this procedure; there is a flowchart at this web
>address that clearly explains what will happen.

See above. I have done a great deal of work on this already.  I leave
it to other interested parties to file wharever additional reports they
might feel are warranted or appropriate.

I may be able to clear tall buildings with a single bound, but I can't
do _everything_.  (Besides which, why should _I_ have all the fun?)

Separately however, I should perhaps also clarify that I have less than
zero faith in _any_ process undertaken by _any_ RiR which has as its
purported goal the un-doing of fradulent number resource registrations.

I was not born yesterday.  I have seen such processes in action, and it
has been my experience that all such make molasses in January look fast
by comparison... when they work at all.  Furthermore, RiRs are not the
Internet Police.  Thus, whenever they find (or, more often, are told
about) some number resource which has been registered or used via fraud,
deceit, or artifice they have universally self-defined the limits of
their own authority to simply taking back what was stolen.  Never more.
Thus, the most theives risk when they steal or defraud to obtain number
resources is that somebody _might_ someday ask them to give what they
stole back... and thus it may be easily demonstrated that the RiRs
are effectively all castrated eunics with gigantic "kick me" signs on
their backs. (When and if RIPE kicks JUMP.RO entirely off the net as
a penalty for its part in these shenanigans... and others that have
previously been documented..., then please do let me know and then I
may change my mind and start believeing that RiRs are no longer acting
like helpless hapless morons each time they have been clearly defrauded.)

And of course, some (perhaps all) RiRs are more than happy to have the
final remaining bits of IPv4 space defrauded out from under them so that
they can press on with the business of selling us all IPv6.

It is rather pointless to report something as stolen to an owner who
doesn't seriously want it back anyway.

But it's a free country.  You can do whatever you like.

>If you ever need to find the contact details for a European CSIRT,

Why would I ever need THAT??

Until convinced otherwise, I'm going to continue to view those folks
as being more likely to be a part of the problem rather than part of
the solution.

>As this list is the North America Network Operators Group, it's
>unlikely that much in they way of action by RIPE NCC, Romanian
>authorities or other relevant authorities within the EU will happen as
>a result of a post here.

I know that.

However I am also of the opinion that it is unlikely that much in the
way of action by RIPE NCC, Romanian authorities or other relevant
authorities within the EU will happen with respect to an issue like
this NO MATTER WHAT because all of these organizations are far more
adept at explaining why nothing can be done than they are at actually
doing anything.

By posting here, at least North American network operators can decide
on their own to block routes from the relevant ASNs... or not, if they
don't feel like it.  That's something at least.

I'm not an Internet Policeman.  I'm not even an Internet Police informant.
I'm an investigative journalist.  As the old saying goes, if you don't
like the news, then go out and make some of your own.

>I hope this helps get you in touch with the right people to help.

I don't need any help. I posted here to try to help others, and I believe
that I did.  I don't feel any pressing need or desire to contact anyone else.

>Best wishes,

Thank you.  And to you!


Regards,
rfg



More information about the NANOG mailing list