[arin-ppml] How bad is it really?

Ted Mittelstaedt tedm at ipinc.net
Wed Jul 14 13:24:38 EDT 2010



On 7/14/2010 9:49 AM, Dave Feuer wrote:
>
>
> ---------- Original Message ---------------------------------- From:
> John Curran<jcurran at arin.net> Date:  Mon, 12 Jul 2010 18:02:14 -0400
>
>> On Jul 12, 2010, at 2:38 PM, Ted Mittelstaedt wrote:
>>
>>> Keep in mind that Section 3.6.1 requires ARIN to publish a list
>>> of invalid POCS, so we should have in a year or two a list of
>>> subnets that are "ripe for mining" as they say.
>>
>> Ted is right on target here, and we're proceeding with POC
>> validation at an aggressive rate.  (For more information, see
>> <https://www.arin.net/resources/services/poc_validation.html>)
>>
>> We're presently sending out 7500 validation requests each week, and
>> getting just over a 33% update rate on those requests. It's too
>> early to draw conclusions, but there's obviously ample space which
>> presently lacks a responsive contact.  We'll provide a more
>> detailed update on POC validation during the October PPML meeting.
>
> Drifting from the original question which was how much space like
> this is out there... But, how is that being checked? Here is what I
> see as the issue, and feel free to call me out if I am way off base.
> We had IP space from UUnet (remember them) back in the late 90’s till
> early 2001, we shut it down more than 9 years ago range was
> 280.236.182.0 /23. If I query the WhoIs now I see the following:
>
> CustName:   Systems&  Software Address:    One Ames Ct. suite 108
> City:       Plainview StateProv:  NY PostalCode: 11803 Country:
> US RegDate:    1998-02-09 Updated:    2003-05-30
>
> NetRange:   208.236.182.0 - 208.236.183.255 CIDR:
> 208.236.182.0/23 NetName:    UU-208-236-182 NetHandle:
> NET-208-236-182-0-1 Parent:     NET-208-192-0-0-1 NetType:
> Reassigned Comment: RegDate:    1998-02-09 Updated:    2003-05-30
>
> RTechHandle: OA12-ARIN RTechName:   UUnet Technologies, Inc.,
> Technologies RTechPhone:  +1-800-900-0241 RTechEmail:
> help4u at verizonbusiness.com
>
> OrgAbuseHandle: ABUSE3-ARIN OrgAbuseName:   abuse OrgAbusePhone:
> +1-800-900-0241 OrgAbuseEmail:  abuse-mail at verizonbusiness.com
>
> OrgNOCHandle: OA12-ARIN OrgNOCName:   UUnet Technologies, Inc.,
> Technologies OrgNOCPhone:  +1-800-900-0241 OrgNOCEmail:
> help4u at verizonbusiness.com
>
> OrgTechHandle: JHU140-ARIN OrgTechName:   Huffines, Jody
> OrgTechPhone:  +1-703-886-6093 OrgTechEmail:
> Jody.Huffines at verizonbusiness.com
>
> OrgTechHandle: SWIPP-ARIN OrgTechName:   swipper OrgTechPhone:
> +1-800-900-0241 OrgTechEmail:  swipper at verizonbusiness.com
>
> <snip>
>
>
> That’s us, so as far as the world knows we have that space. So the
> IPs went from UUnet to MCI to Verizon through the M&A’s. Last year
> when we were getting our own allocation I saw this and sent 2 emails
> to them and then promptly forgot about it. But technically it’s still
> pointing to us and VZ can use it as a justification to get more IP
> space.

Technically this is fraud and should be reported to hostmaster at arin.net

One big red flag here is that the netblock owner (Verizon) has set
the POC e-mail address to themselves, instead of the customer.

Technically this is also a violation of the NRPM because Verizon is
NOT supplying the customer contact data for the SWIP as required by the 
NRPM  (supplying most of it ain't good enough, either all the
data is accurate or the whole POC is trash)

I would presume that as the years pass and ARIN gets past the
initial group of non-responders during their yearly POC check, that
they will become more sophisticated in the POC checks and
start comparing the e-mail addresses on the POCs

As you might imagine, it would be childs play to write a program
that would analyze all SWIP POCs in an allocated subnet and if
most of them were set to the same e-mail address as the main
"parent" POC used on the aggregate allocation, that this would
trigger a review by ARIN.  It might be something that a graduate
student could take up for their Senior's thesis.  I'd title it
"Increasing the accuracy of IPv4 utilization reporting" or some
such.

This is why it is so important to shoot down any attempt to
allow SWIPS to contain "proxy" information.  Some of those have
come up as proposals in the past under the guise of "protecting
privacy" and recieved a surprising amount of support.

In the case of Verizon, at one of the last meetings a Verizon rep
did admit that the POC cleanup had caused them to do a whole lot
of unexpected work, cleaning up POC entries.  I would not say that
this is deliberate misreporting on their part, but I would say that
based on the assumption that within a few months of you reporting
this to ARIN (and posting it here on the mailing list isn't a
formal report) that it would be corrected.

Also keep in mind Verizon just sold a whole chunk of their Pacific 
Northwest territory to Frontier Cmmunications, and there's going to be a 
LOT of innacurate SWIPS in WHOIS for all of the DSL/FIOS/etc. that got
transferred to Frontier.

> If you query the main netblock you get the same info. So if
> you do send out an email to them for the 1000’s of subnets do you
> really think they are going to check each one or just blindly say
> “yes we are using it”.
>

If they respond at all that would be great!  Right now the important
thing is to get all the e-mail addresses in the POCs to even exist.
The big problem IMHO is rogues like crackers and spammers who are BGP
advertising abandoned resources that have bogus e-mail addresses and
old, invalid business street addresses in them, and using them to
spam and crack with.

> I have, since Monday when I brought this up called some other people
> I know who have had different providers through the years and found
> as of now about a dozen /24’s or larger blocks still pointing to
> places that don’t use them or are not in business anymore. One of
> which is actually a pile of rubble in Veags, but that’s another
> story. As a side note on human nature, nobody else wanted me to put
> up their IP info for fear or “rocking the boat”.
>

All of that should be reported to hostmaster at arin.net   ARIN may elect 
to do nothing about it at this time espically if history shows that
the providers are regularly requesting new allocations, they just may 
wait until another request comes through from that provider then force
them to clean it up.

Ultimately the failure to fulfill IPv4 allocations by the RIR's is going
to force all the providers with bogus/old/abandoned SWIPS to clean them
up.  I would ask you, does it really matter if Verizon gets more IPv4
post-IPv4 runout by internal housecleaning, or by buying it on the 
transfer market?

Ted

> -Dave
>
>
>
>
>
>
>
>
>
>> /John
>>
>> John Curran President and CEO ARIN
>>
>> _______________________________________________ PPML You are
>> receiving this message because you are subscribed to the ARIN
>> Public Policy Mailing List (ARIN-PPML at arin.net). Unsubscribe or
>> manage your mailing list subscription at:
>> http://lists.arin.net/mailman/listinfo/arin-ppml Please contact
>> info at arin.net if you experience any issues.
>>
>
>
>
>
>
> ________________________________________________________________ Sent
> via the WebMail system at connetrix.com
>
>
>
>
>
> _______________________________________________ PPML You are
> receiving this message because you are subscribed to the ARIN Public
> Policy Mailing List (ARIN-PPML at arin.net). Unsubscribe or manage your
> mailing list subscription at:
> http://lists.arin.net/mailman/listinfo/arin-ppml Please contact
> info at arin.net if you experience any issues.
>



More information about the ARIN-PPML mailing list