[arin-ppml] Hijackings

Ronald F. Guilmette rfg at tristatelogic.com
Mon Apr 25 19:04:06 EDT 2011 

Eleven days ago, I reported a set of apparent IP and ASN block hijackings
to the NANOG mailing list:

  http://mailman.nanog.org/pipermail/nanog/2011-April/035235.html

At the time, I had what now appears to have been a naive belief that
since John Curran reads the traffic on that list, that the self-evidenly
no-longer-valid ARIN WHOIS records for the relevant IP blocks and ASNs
would be withdrawn or corrected in short order.

Well, as I say, that appears to have been naive on my part.

So anyway, just to make sure that the message gets through, I am reposting
here a list of the stuff that has been hijacked, and for which ARIN's WHOIS
data base currently (still) contains invalid records which to not reflect
current reality:

S8143
AS29987
AS11756
AS47024
AS27906 (LACNIC)

198.23.32.0/20 - NET-198-23-32-0-1
198.57.64.0/20 - NET-198-57-64-0-1
199.88.32.0/20 - NET-199-88-32-0-1
199.192.16.0/20 - NET-199-192-16-0-1
199.196.192.0/19 - NET-199-196-192-0-1
200.107.216.0/21 - (LACNIC)
204.147.240.0/20 - NET-204-147-240-0-1
207.22.224.0/19 - (NET-207-22-192-0-1

It is my hope that the various records indicated above will be withdrawn
from ARIN's WHOIS data base in the near future.


Regards,
rfg


P.S.  I am sort-of wondering if it would help to get things moving if I
were to call the legal department for St. Vincent's Medical Center
(198.23.32.0/20) and let them know that one particular low-life spamming
company... already well known to ARIN... has invaded space that used to
belong to them, thus besmirching THEIR reputation and standing in the
community, and that apparently, nothing is currently being done about
that by anybody.

P.P.S.  For the benefit of everyone who will carp if I do not propose
some new policy in each and every posting I make to this list, here is
a proposed new policy:

     If any legal entity (person, LLC, corporation, or whatever) is caught
     red-handed on two or more different occasions hijacking either ASNs
     or IP space which has not been assigned to the entity in question, then
     ARIN shall immediately revoke any and all number assignments it has
     made to said entity, and said entity will henceforth be forever and
     permanently banned from obtaining, from ARIN, any new number resources
     whatsoever.

That's my proposal and I'm sticking to it.

Note that the above proposal, if adopted, would still not result in ARIN
becoming in any sense the "router police".

More information about the ARIN-PPML mailing list