[arin-ppml] Hijackings

Ronald F. Guilmette rfg at tristatelogic.com
Sat Apr 30 15:02:10 EDT 2011 

In message <4DBB2390.3000009 at ipinc.net>, 
Ted Mittelstaedt <tedm at ipinc.net> wrote:

>On 4/28/2011 5:34 PM, Ronald F. Guilmette wrote:
>> Quite obviously, the primary responsibility for maintaining a working,
>> staffed contact e-mail address and phone number belongs to to the individual
>> organizations in question.
>>
>> I bemoan the fact that so many are falling down on the job with respect to
>> this, but I sure as hell don't blame ARIN for that.
>>
>>> ARIN may need prodding to get the abandoned resources reallocated...
>>
>> Well, yes.  But that is a different issue.
>>
>> There are plenty of NON-abandoned resources for which trying to make con-
>> tact with someone... anyone... who will take some responsibility for the
>> resource is about as fruitful as trying to raise the dead... and at times
>> seems roughly equivalent thereto.
>>
>
>Well, do you have any suggestions?

Always.

>Because if the POC's are 
>communicating with ARIN - which is what the POC verification program
>insures - but aren't communicating with you - then maybe they
>just don't like you. ;-)

Well, yes. There _is_ quite a bit of that, no doubt.

>The problem as I see it isn't orgs who are paying fees on addresses
>they are rightfully assigned, and just decide to use those to hose
>you down.  That may be a problem but ARIN should not be involved in it.

There is more than one problem.  That also was part of my point.

One problem is that there exist abandoned blocks.  These are frequently
hijacked for various less-than-savory purposes (but mostly for spamming),
and even in the absence of hijacking, these blocks could be put to better
use.

A separate problem is that non-abandoned blocks have POC e-mail addresses
that ignore anything and everything that doesn't arrive from ARIN.  (And
for the record, I see no evidence that ARIN has even been trying to validate
POC telephone numbers.  Maybe I am wrong about that.  If I am I would be
very happy to be corrected.)

Contact phone numbers _could_ be validated in an automated fashion.  That
ARIN and other RiRs have elected not to invest resources in this is a
decision that I personally disagree with.  (So there you have one suggestion...
ARIN should forthwith set up an automated systenm to validate POC phone
numbers, and should begin doing that en mass, just as it has already for
POC e-mail addresses.)

>The problem is orgs who are using addresses they DON'T own to hose
>you down.  And if they don't own an IP block then how would VALID
>and responding POC's on that block (granted, responding to ARIN)
>tolerate some 3rd party org using their numbers without their permission?
>
>It would seem the usual thing would be that the hijacked blocks
>have invalid POC's on them, not valid ones.  And if that is the case
>then ARIN should be able to designate the IP block as abandoned,
>and reallocate it for assignment to someone who needs numbers.

That would be Good, yes.

>Then once that new entity was assigned the abandoned block, and updated
>the whois with their correct contact info, it would seem that if the
>hijacker was still operating on their block that they would institute
>proceedings to stop the problem.

Correct.  And this goes in to the whole current discussion relating to
IP addresses as property.  Free market advocates like Milton Friedman
would say that if you give people (and companies) clear title to the
things they use, then _they_ will naturally start to act as responsible
stewards over that stuff (whereas if they have no clear title to the
property, they won't).  And if squatters arrive, the property owners will
tend to take it upon themselves to work to get the squatters kicked
out, because squatters quite obviously reduce the value of one's
property.

For this and other reasons, I'm in the camp that says that we should
stop, immediately if not sooner, futzing around with this "each according
to his need" socialist approach to IP address allocation.  Although that
approach had a clear populist/egalitarian allure back 20 years ago or
so, back when IP addresses were seemingly limitless, it is, I think,
altogether obvious that this egalitarial ideal breaks down rather badly
in the face of scarcity and/or selfish actors whose first consideration
is their own enrichment, even at the expense of the Public Good, i.e.
Joe Typical.  (The dysfunctional nature of top-down socialist resource
allocation systems was, I thought, already amply evident, even back at
the time of the fall of the Berlin Wall, some 20+ years ago.  But some
folks are either unaware of history or else choose to ignore it's clear
lessons.[1])

Having said that, I should also say that I am _not_ an ``anything goes''
Friedmanite.  Rather, I am of the opinion that free markets do need _some_
regulation, in particular to prevent or deal with intentionally-generated
market distortions such as what happened to silver back in the 80's (when
the Hunt Brothers notoriously tried to corner the market) or as happened
more recently in the case of Volkswagen stock:

   http://www.businessweek.com/globalbiz/content/oct2008/gb20081028_451571.htm
   http://gawker.com/#!5124449/ruined-after-betting-on-volkswagen-stock-german-billionaire-commits-suicide

I do think that, like it or not, the era of top-down "each according to his
need" socialist allocation of IP addresses _is_ coming to an end, and now,
ARIN will either ride the wave or else be dragged along behind.  If it
prefers the former to the latter, then it should continue, enhance, and
extend the (meager?) efforts it has already made to begin to evolve a
system of reasonable regulation for the inevitable free market in IP
addresses which, it seems, has already begun.


Regards,
rfg


=====
[1]  As I like to say "Those who fail to learn from history are doomed to
repeat it... usually in the Spring semester." :-)

More information about the ARIN-PPML mailing list