Corporate Identity Theft: Azuki, LLC -- AS13389, 216.179.128.0/17

Wed Aug 14 01:28:44 UTC 2019

In message <CAB69EHiWkmEACduS2U1WaDQRfk03Xmvd9S0DGro9FcgxUyXKeQ at mail.gmail.com>,
Eric Kuhnke <eric.kuhnke at gmail.com> wrote:

rfg>>   4)  Filing a "fraud request" with ARIN is a serious step and one that
rfg>        could quite conceivably end up with the party filing such a formal
rfg>        report being on the business end of lawsuit, just for having filed
rfg>        such a report.
rfg>
>What makes you think that the sort of persons who would hijack a /17 sized
>piece of space, for spam generation purposes, would sue you over some
>formal submission you might make to ARIN, but would not already have sued
>you over your already exhaustively detailed posts to the public NANOG list?

Let me see if I understand this.  You don't have any argument with the
other three reasons I gave for sending my alert to the NANOG list, but you
-would- like to quible with reason #4.  Have I understood you clearly?

Assuming so, let me answer your question with a question (or two).

Is my fear of the potential for lawsuits actually LESS reasonable than
ARIN's use of the same vague and non-specific bogeyman to thwart and
impede, on a global scale, the more widespread adoption of RPKI...
adoption which would, if it ever became universal, put an end to most
or all of these nefarious and malevolent IP block hanky panky games?

The last time I looked, RPKI adoption was sitting at around a grand total
of 15% worldwide.  Ah yes, here it is...

   https://rpki-monitor.antd.nist.gov/

I've asked many people and many companies why adoption remains so low, and
why their own companies aren't doing RPKI.  I've gotten the usual assortment
of utterly lame excuses, but the one that I have had the hardest time
trying to counter is the one where a network engineer says to me "Well,
ya know, we were GOING to do that, but then ARIN... unlike the other four
regional authorities... demanded that we sign some silly thing indemnifying
them in case of.... something.  We're not even sure what ``something''
actually is in this case, other than some demented lawsuit from some
deranged ``lone wolf'' individual, but since ARIN demanded that we sign
it, the thing had to go to -our- lawyers, and they took one look at it and
said, in effect, ``F that!  We are NOT going to accept any new potential
liability if we don't have to'', so that was the end of that."

As I have often said, if we all only did things that had been pre-cleared
as being ``utterly safe'' by our respective lawyers, then none of us would
ever even get out of bed in the morning.

Regadless of whether ARIN was in any way indemnified against such an event,
the Micfo guy elected to name ARIN in a lawsuit.  This is a matter of
public record.  It's ludicrous and laughable, obviously, but he apparently
sued ARIN when they woudn't just roll over and allow him to continue to
play his ridiculous little fraud games.  Like I say, in this country, at
least (USA), you run the risk of getting sued if you even so much as get
out a bed in the morning.  BUT SO BLOODY WHAT?  Neither we as individuals
nor ARIN as an organization should cower in fear in our caves because of a
bogeyman that may never come to pass, or that may be totally inconsequential 
even if it does, as in the case of Mr. Micfo's joke of a lawsuit. 

So I put it to everyone here... Are ARIN policies and its over-hyped fear
of the vague bogeyman of lawsuits materially impeding the adoption of
RPKI, and if so, what should be done about this?

In the meantime, I decline to accept criticism of -my- perhaps misplaced
fears of lawsuits.  Mine have essentially no real world consequences.
ARIN's, on the other hand, appear to be keeping some finite non-zero
fraction of 85% of the world's route announcements unchecked, at least
for any meaningful sense of the word "checked".

Regards,
rfg