Home page logo

nanog logo nanog mailing list archives

Re: Ettiquette and rules regarding Hijacked ASN's or IP space?
From: Sean Donelan <sean () donelan com>
Date: Mon, 9 Jun 2003 02:52:15 -0400 (EDT)

On Mon, 9 Jun 2003, Christopher L. Morrow wrote:
Sorry for the latenight not-completely-operational question :) but it
seems as though there is some abmiguity in the current
process/procedure/rules and I'd like to atleast start some discussion on
the topic.

I'm not as interested in proving something was "stolen," but how do
you prove you have a "legitimate" claim? To me, the difference is
important, because the record keeping is so iffy you can question almost
everything.  For example, NSI messed up the creation date on my domain,
changing to 2002 instead of the original date.  How do I prove NSI screwed
up (again)?


What is the role of IANA and the regional registries?

IANA/RIR are the recordkeepers.  You should be able to get a "certified"
history of the records for an ASN, IP address, etc.  Not just the "last"
owner of record, but the equivalent of a transcript of the history of an
ASN, IP address, etc. showing all the changes to the records since their
original allocation.

"Certified" doesn't mean IANA/RIR guarantees the "ownership" or that the
person is who they claim to be.  Like a college transcript, the user must
authorize IANA/RIR to send the transcript directly to the ISP.  I would
expect IANA/RIR to charge a fee for the service.

What about fraudlent transfers?

This is difficult, because the crooks know all the loopholes.  And often
make bogus legal threats to keep their operation going. They share
information about ISPs, but ISPs don't share information about bad
customers.  Eventually I think we are going to have to do something like
banks, and report when accounts are closed for cause.  And I don't mean
vigilante black lists, but something that follows the law like Equifax or

If IANA/RIR recinds a transfer, as a recordkeeper, they would notify
all the ISPs which had received a "transcript" involving the individual,
ASN or IP address.  As we've seen, most of these people are repeat

What about mistakes?

Mistakes happen.  That's why I would prefer more information to make
a decision rather than a binary accept/reject.  It may be a legitimate
transaction, but IANA/ARIN/RIPE/APNIC/LACNIC's records are out of date.
With a complete transcript, I may contact the previous registrant and
verify the information pending the update of the registry records.

What proof should IANA/RIRs accept for a transfer?

History is against us.  The "rules" have changed over the years.  Its
difficult to say what is really legitimate.  How do we reclaim abandoned
space before a squatter moves in?  What is acceptable legal proof of
transfer of "ownership" of something some people say isn't an asset?
How much detective work is IANA/RIR expected to do?  How much should you
have to pay for IANA/RIR to do that work?

When is someone going to get prosecuted?

Fraud, theft, conversion, etc.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]