Re: ARIN Fraud Reporting Form ... Don't waste your time

[John Curran <jcurran () arin net>]

On Oct 1, 2010, at 5:22 AM, Ronald F. Guilmette wrote:
> Nope!  Apparently, ARIN's fraud reporting form is only to be used for
> reporting cases where somebody has fiddled one of ARIN's whois records
> in a fradulent way.  If somebody just waltzes in and starts announcing a
> bunch of routes to a bunch of hijacked IP space from a hijacked ASN
> (or two, or three) ARIN doesn't want to hear about it.  

Ron - 
 
You note the following:

> They could say, to everyone involved, and to the community as a whole, 
> ``This ain't right.  *We* maintain the official allocation records.  
> In most cases, *we* made the allocations, and that guy should NOT be 
> announcing routes to that IP space, and he shouldn't be announcing 
> anything at all via that AS number, because these things ain't his.''

At present, ARIN doesn't review the routing of address space to see 
if an allocation made to party is being announced by another party. 
> From your emails, I'm guess that you'd like ARIN to do so.

I've run several several ISPs and a hosting firm, and I'm not quite 
sure how ARIN can definitively know that any of the AS#'s involved 
should or should not be routing a given network block.  There are 
some heuristics that will suggest something is "fishy" about use of 
a network block, but are you actually suggesting that ARIN would 
revoke resources as a result of that?

> In those rare
> cases where the perp is considerate enough to ALSO fiddle the relevant
> WHOIS records in some fradulent way, THEN (apparently) ARIN will get
> involved, but only to the extent of re-jiggering the WHOIS record(s).
> Once that's been done, they will happily leave the perp to announce
> all of the fradulent routes and hijacked space he wants, in perpetuity.

Correct.  We will revoke the address space, but I'm uncertain what else
you suggest we do... could you elaborate here?

/John

John Curran
President and CEO
ARIN