Proof of ownership; when someone demands you remove a prefix
james jones
james.voip at gmail.com
Mon Mar 12 18:56:44 UTC 2018
What about contacting ARIN? Does the customer have their own ASN? ETC ETC
On Mon, Mar 12, 2018 at 2:52 PM, Naslund, Steve <SNaslund at medline.com>
wrote:
> I would personally reach out to the technical POC for the customer.
> Perhaps have your sales rep for the account resolve the issue.
>
> Steven Naslund
> Chicago IL
>
> -----Original Message-----
> From: NANOG [mailto:nanog-bounces at nanog.org] On Behalf Of Sean Pedersen
> Sent: Monday, March 12, 2018 1:47 PM
> To: nanog at nanog.org
> Subject: Proof of ownership; when someone demands you remove a prefix
>
> We recently received a demand to stop announcing a "fraudulent" prefix. Is
> there an industry best practice when handling these kind of requests? Do
> you have personal or company-specific preferences or requirements? To the
> best of my knowledge, we've rarely, if ever, received such a request. This
> is relatively new territory.
>
>
>
> In this case we have a signed LOA on file for that prefix and I've reached
> out to our customer to verify the validity of the sender's request. The
> sender claims to have proof that they are authorized to speak on behalf of
> the owner. I will wait until I hear from our customer before I consider a
> response to the sender. I don't get a real sense of legitimacy from the
> sender making the request. No one else announces the prefix. Nothing about
> the request appears to be legitimate, especially considering the sender.
>
>
>
> I thought about requesting they make changes to their RIR database objects
> to confirm ownership, but all that does is verify that person has access to
> the account tied to the ORG/resource, not ownership. Current entries in the
> database list the same ORG and contact that signed the LOA. When do you get
> to the point where things look "good enough" to believe someone?
>
>
>
> Has anyone gone so far as to make the requestor provide something like a
> notarized copy stating ownership? Have you ever gotten legal departments
> involved? The RIR?
>
>
>
>
More information about the NANOG
mailing list