<html><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; ">Well, that's sort of what I told the customer. Instead of insinuating that these are "stolen" IPs, I basically said that the block they plan on using MUST be properly reassigned within Arin's whois before I would accept them through my BGP filter. i.e. If I do a whois query on X.X.0.0/23, it has to return info that exactly matches the customer - not some defunct 1993 Org.<div><br></div><div>The logic, like yours, is that if they are legit - there should be no difficulty with this request. If they drag their feet and protest a lot, that indicates to me that something fishy is going on. Though if they were legit, you'd think that they would have cleaned all of this up a long time ago - but they didn't. Thats why I am suspect.</div><div><br></div><div>I made this request yesterday, haven't heard back yet.</div><div><br></div><div>-John</div><div><br><div><div>On May 3, 2012, at 2:12 PM, Scott Leibrand wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite">As I understand it, any paying RADB customer can register route objects for any route they like, as long as no one else has already done so. So I don't think RADB tells you much about the proper holder of a block whose original registrant is now defunct.<div> <br></div><div>Probably the best thing for organization FOO to do would be to contact ARIN and arrange to update ARIN's records. That may require documenting their chain of custody of X.X.0.0/16 from AAA. It sounds like they've already done so with the Tech POC, so if it was a legitimate transfer they shouldn't have too much trouble demonstrating that to ARIN and getting all the records updated (and preferably getting the block transferred over to FOO).</div> <div><br></div><div>-Scott<br><br><div class="gmail_quote">On Thu, May 3, 2012 at 10:33 AM, John Von Essen <span dir="ltr"><<a href="mailto:john@quonix.net" target="_blank">john@quonix.net</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> Not sure if this is the right forum, but something came up with a potential new BGP customer regarding a legacy IP block (1993, pre-Arin) they want to advertise. This new customer is planning to buy internet from us, a 100MB pipe.<br> <br> Whenever a customer is advertising a subnet that is not directly issued to them via Arin, we have a process to verify authority before we allow that block to propagate out to our BGP upstreams.<br> <br> Since I dont want to get in trouble with the client, the info here is fictitious but represents the situation we need help with. Names/IPs have been replaced.<br> <br> Here is the situation:<br> <br> 1. The IP block (say X.X.0.0/16) our new BGP customer wants to advertise is a 1993 IP block, pre-Arin, it is in the Arin whois database, as well as RA DB.<br> 2. The OrgID (say AAA) for X.X.0.0/16 is defunct, does not exist at all anymore.<br> 3. There are 4 POCs listed for OrgID AAA, 3 of which are defunct and even labeled as bad within Arin whois, the 4th (Tech POC) is valid, and the email address for this POC is completely unrelated to OrgID AAA. This "4th POC" is clearly not associated with OrgID AAA, but another Organization will call FOO.<br> <br> At first glance, when I look at this, I think its a legacy hijacked IP range. Somebody got a hold of the 4th POC in some way and changed it. We DO NOT work with people remotely connected to hijacked IP space, in fact, we use the SpamHaus DROP list and wont route any of those suspicious IP ranges. This range is not in SpamHaus's DROP list.<br> <br> Problem is I am not entirely certain if my assumption is correct because Merits RA DB shows a different story. If I lookup X.X.0.0/16 in Merit's RA DB, the resource looks 100% legit. You dont see any mention of OrgID AAA, no bad POCs, everything in Merit's DB is related to Org FOO.<br> <br> Now, our upstreams all use different mechanisms to verify who has the right to announce certain blocks. Level3 for example uses RA DB, so in Level3's eye's there is nothing wrong here. But if Cogent uses Arin's whois database, then Cogent might refuse it because it cant be verified or if it is verified its very suspect.<br> <br> I dont know what to do here.... All of our other BGP customers have been easy since they all use post-Arin IP space which is very easy to verify, this is the first time we've had a customer try to announce "old" space.<br> <br> Any input would be appreciated.<br> <br> Thanks<br> John Von Essen<br> <br> ______________________________<u></u>_________________<br> ARIN-Discuss<br> You are receiving this message because you are subscribed to<br> the ARIN Discussion Mailing List (<a href="mailto:ARIN-discuss@arin.net" target="_blank">ARIN-discuss@arin.net</a>).<br> Unsubscribe or manage your mailing list subscription at:<br> <a href="http://lists.arin.net/mailman/listinfo/arin-discuss" target="_blank">http://lists.arin.net/mailman/<u></u>listinfo/arin-discuss</a><br> Please contact <a href="mailto:info@arin.net" target="_blank">info@arin.net</a> if you experience any issues.<br> </blockquote></div><br></div></blockquote></div><br></div></body></html>