[arin-ppml] Incorrect POC on resource records
Martin Hannigan
hannigan at gmail.com
Wed Sep 26 08:05:45 EDT 2012
On Fri, Sep 21, 2012 at 5:32 AM, Ted Mittelstaedt <tedm at ipinc.net> wrote:
> On 9/20/2012 6:50 PM, Heather Schiller wrote:
>>
>> On Thu, Sep 20, 2012 at 6:18 PM, John Curran <jcurran at arin.net> wrote:
>>>
>>> Bill -
>>>
>>> What you suggest is quite reasonable when a transfer is performed,
>>> and ARIN is vigilant for potential fraud in such cases.
>>>
>>> That does not apply when no transfer was ever performed with a
>>> resource.
>>>
>>> Thanks!
>>> /John
>>>
>>> John Curran
>>> President and CEO
>>> ARIN
>>>
>>
>> Precisely the point. Why bother with a transfer if it's cheaper and
>> easier to hack the POC and make a change? Stronger Auth is needed
>> because you don't have to effect a transfer in ARIN in order to change
>> registration details (address and POC) to something convincing enough
>> to get an ISP to route it.
>
>
> Heather (and John),
>
> I frankly believe that ARIN is HOPING that in the case of the abandoned
> legacy resources out there that someone will indeed come along and hack them
> to make a change.
>
> ARIN views this issue from a birds eye view not a micro eye view.
> To you or I, an abandoned /24 legacy space these days is enough addressing
> to run a webhosting business that could generate enough
> money to support someone as a full time job.
>
> But from ARIN's point of view, a /24 is a microscopic amount
> of the entire IPv4 space they are in charge of, and they don't give
> a rat's ass that some smart cracker may come along and take advantage
> of a loophole to change the POC on it.
Small problem. I'm not making any judgements, just stating facts.
Legacy addresses have value. Many believe that they are property.
There is law around abandoned property. ARIN has a responsibility to
make sure that this does not happen. Think of it like the equivalent
to a bank deposit. Banks have a responsibility to insure the safety of
your assets and so does ARIN. It's called stewardship. ARIN has a
responsibility to re-unite legacy block owners with their block or
ASN, not the other way around. And if they can't, then the State will
be the final arbiter.
Best,
-M<
More information about the ARIN-PPML
mailing list