[arin-ppml] Fraud reporting and self-incrimination

Ted Mittelstaedt tedm at ipinc.net
Fri Nov 5 23:21:25 EDT 2010 

On 11/5/2010 6:58 PM, Hannigan, Martin wrote:
>
>
>
> On 11/5/10 4:30 PM, "Ted Mittelstaedt"<tedm at ipinc.net>  wrote:
>
>>
>> It occurs to me that if a network manager at an org that fraudulently
>> obtained IP addressing from ARIN were to be, lets say, fired, and if
>> in revenge he were to contact ARIN and be willing to provide testimony
>> under deposition that he knowingly fraudulently obtained said resources,
>> that any decent attorney would tell him before he opened his mouth
>> to ARIN that he secure a guarantee from ARIN that he would NOT be
>> prosecuted for breaking the law. (ie: a whistle-blower clause)  Said
>> attorney might also advise that the org might obtain his name through
>> legal discovery and proceed to file a civil lawsuit for NDA or trade
>> secret violations, would they not?
>
>
> Do you think we could get another year or two our of v4 if we are able to
> recover any addresses that are being utilized fraudulently?
>
> Ron? Ted? Leo?
>

I don't see this as a "find lots of IPv4 fraudulently used" issue.

I see this as something more important.  We have those people out there
who feel they are entitled to obtain a public resource without following
the rules, and the rules state that any IPv4 OR IPv6 obtained must be
publically identified as to who has it.

Orgs that submit fraudulent names and contact info for their IPv6 so 
they can spam the world or attack the world and allow their upstreams to 
suffer the consequences of dealing with the complaints are the problem. 
  Orgs that submit real names then immediately change them to
bogus names once they get the resources are also the problem.  And orgs
that submit dozens of different names under paper companies to get
dozens of different IPv6 blocks so they can burp out their spams like
a wack-a-mole game without the public realizing it is the same spammer 
are also a problem.

All we have is a bunch of RIR's who are overly cautious of dropping the 
boom on misusers of IP addressing, and overly relying on the notion that 
the users must be legitimate if they are coughing the yearly
registration renewals.  And I mean all RIR's all over the world.  I'll 
leave you to argue if this is good or not, but the fact is that this 
means the only way we can protect ourselves is to build our own defenses 
and those won't be worth a poop if the bad guys are allowed to use fake 
names to hide behind.

I feel that the minimum that ARIN and the other RIR's should be doing is
insuring the legitimacy of the data in the global WHOIS databases.  I
don't feel this is too much to be asking.  Registering addressing with
multiple fake names is a contractual breech of the RSA and it boggles my
mind that there are people on this list who would argue what is plain
contract language right in the RSA.

Whether your doing it to gain IPv4 or IPv6 it is fraud, and if a network 
admin can document an instance of this to the RIR I don't think it's too 
much to ask the RIR to protect their informants and to come down on the 
bad guys and pull allocations.

Ted

More information about the ARIN-PPML mailing list