Corporate Identity Theft: Azuki, LLC -- AS13389,

Christopher Morrow morrowc.lists at
Fri Aug 16 03:38:37 UTC 2019

(I hate to step into the pond, but...)

On Thu, Aug 15, 2019 at 8:02 AM John Curran <jcurran at> wrote:
> On 14 Aug 2019, at 11:16 PM, Ronald F. Guilmette <rfg at> wrote:
> Report it on some webpage and call it "Internet
> Resources stolen", document every incident as you do via email, send a
> copy to the appropriate RIR and upstream ISP allowing the hijack in
> question to show that you did the appropriate effort and we can then
> move on.
> I can and will stop posting here, and go off an blog about this stuff
> instead, if the consensus is that I'm utterly off-topic or utterly
> uninteresting and useless.  But a few folks have told me they find
> this stuff interesting, and it has operational significance, I think.
> So for now, at least, I'd like to continue to share here.
> As regards to reporting to RIRs or upstreams, what makes you think that
> either of those would care one wit?  The RIRs are not the Internet
> Police, or so I am told.
> Good morning Ron –
> The RIRs are not the Internet Police, but we do care very much about the integrity of the Internet number registry system.
> Please report to ARIN any instances of number resource records in the ARIN registry whose organization you believe to be incorrect – while such records are updated only based on appropriate documentation, that doesn’t preclude the use of fraudulent documentation that goes undetected.

There seem to be 2 different (at least) classes of thing Ron's noting here:
  1) an aggregate (an ALLOCATION in RIR resource divying-up parlance)
with (perhaps) bad data showing in WHOIS:

  2) a subnet (an ASSIGNMENT in IR resource divying-up parlance) with
bad data showing in WHOIS:

How data gets into the WHOIS system here is mechanically the same, but
the control ARIN (or any RIR) can exert is drastically different.
During the process of ALLOCATION from the RIR to an LIR (or end-site)
there is some process which includes validating "who" and "where" and
such, which John (and a few others) have outlined.
During the ASSIGNMENT from LIR -> customer / end-site the LIR is
solely (well.. mostly, yes the LIR can create and ORG and permit the
Customer the ability to send SWIP updates....)  in control of what
data ends up in the WHOIS. ARIN (for example) has no real say in the
records for ASSIGNMENTS. They could, I suppose, do something ... but
that seems a lot like drinking from a firehose without any real
ability on the part of ARIN (for instance) to validate anything in the
inbound data :(


More information about the NANOG mailing list