[ppml] Proposal: make Abuse Handle *REQUIRED* for AS Registration
william at elan.net
william at elan.net
Thu Jul 24 19:23:52 EDT 2003
Erie Forge & Steel 22.214.171.124/16 is one of the hijacked ip blocks, so
hijacker had previously swipped ips there to other companies and they have
not yet stopped using it (their upstreams are all notified). As some of
the people here know I've been keeping track of ip hijacking activities at
Most of the hijacked ip blocks end up being changed by ARIN to say its
information is invalid (eventhough I have identified likely proper owners
for over 90% of ip blocks and have made contacts with around 40% of them,
very few have yet provided arin necessary documentation to delete ip block
or transfer it. ARIN itself is not doing much to directly contact these
companies based on the information I provide, though they may try to use
their/internic original whois data and having failed to make contact based
on that list ip block as invalid)
In the future (likely by September 1st) I will also have list of these
"invalid" ip blocks made available as part of bogons project
(http://www.completewhois.com/bogons/ is where this will be available)
and I'll most likely in the future provide this list in radb-like whois
format as well. However I fully support having it done more officially
directly by ARIN (I'm afraid some may consider it as having arin getting
directly involved in routing and this idea will get blocked because of
that, but we have to talk about this more though at the very least).
On Thu, 24 Jul 2003, Joe Provo wrote:
> On Thu, Jul 24, 2003 at 04:15:44AM -0700, bmanning at karoshi.com wrote:
> > > If every AS and IP Whois record had an abuse@ or security@ mailbox the
> > > Internet would be a MUCH safer place.
> > why do you think that these contacts would be kept any more
> > current/correct than the already -REQUIRED- contacts, e.g.
> > root and postmaster contacts/accounts are -REQUIRED-
> > so why not use those instead?
> > your presumption that adding more required email role accounts
> > will make things safer does not appear to me to be well grounded.
> What's required is some form of enforcement process for outright
> bogus/stale data. Merely noting "goshg this is stale" Doesn't Cut
> It. At the very least, why are there not entries in the ARIN IRR
> registry for ALL the data over which they have responsibility?
> The base /8s, the as-yet unallocated blocks, and the known
> stale/bogus blocks could be trivially represnted iby the
> authoritative party in a way that can help stem the abuse.
> Yes, people who want to believe RobT's definition of bogon can
> use his server, but when the authoritative registry doesn't do
> all they can to note the abuse, what motivation is there for the
> rest of us paying and non-abusing members supposed to both
> continue to pay and not abuse the system? The registries must
> police that over which they have registration authority and when
> something is called into question flag it and jump up and down
> in *every* possible way such that it will be squashed.
> % whois -h whois.arin.net 126.96.36.199
> OrgName: Erie Forge and Steel
> OrgID: EFS
> Address: 1341 West 16th Street
> Address: P.O. Box 180
> Address: Erie, PA, 16512
> Country: US
> NetRange: 188.8.131.52 - 184.108.40.206
> CIDR: 220.127.116.11/16
> NetName: IWAVE
> NetHandle: NET-146-20-0-0-1
> Parent: NET-146-0-0-0-0
> NetType: Direct Allocation
> Comment: The information for this network has been reported to
> Comment: be invalid. ARIN has attempted to obtain updated data, but
> Comment: been unsuccessful. To provide current contact information,
> Comment: please e-mail hostmaster at arin.net.
> RegDate: 1991-01-18
> Updated: 2003-06-30
> % whois -h whois.ra.net 18.104.22.168/16
> % No entries found for the selected source(s).
> % whois -h rr.arin.net 22.214.171.124/16
> % ARIN Internet Routing Registry Whois Interface
> % No entries found in ANS, ARCSTAR, ARIN, BCONNEX,
> % BELL, CANET, CW, FGC, KOREN, LEVEL3, POC, RADB, RIPE and VERIO database.
> route-views.oregon-ix.net>sho ip bgp 126.96.36.199/16 lo | inc /
> * 188.8.131.52/22 184.108.40.206 0 16150 8434 3549 10910 10910 10910 20473 i
> * 220.127.116.11/21 18.104.22.168 0 16150 8434 3549 10910 10910 10910 20473 i
> * 22.214.171.124/20 126.96.36.199 0 16150 8434 3549 10910 10910 10910 20473 23131 i
> * 188.8.131.52/19 184.108.40.206 0 16150 8434 3257 8001 3638 12277 i
> * 220.127.116.11/21 18.104.22.168 2 0 267 2914 4474 3638 12277 i
> * 22.214.171.124/22 126.96.36.199 2 0 267 2914 4474
> 3638 12277 i
> joe "forge and steal?" how many origin ASns for the single allocation (not
> deaggregated)? Hrmmmm.....
More information about the ARIN-PPML