[arin-ppml] Incorrect POC on resource records
tedm at ipinc.net
Wed Sep 26 01:55:45 EDT 2012
On 9/25/2012 2:28 PM, Andrew Koch wrote:
> On Thu, Sep 20, 2012 at 10:32 PM, Ted Mittelstaedt <tedm at ipinc.net
> <mailto:tedm at ipinc.net>> wrote:
> Heather (and John),
> I frankly believe that ARIN is HOPING that in the case of the
> abandoned legacy resources out there that someone will indeed come
> along and hack them to make a change.
> ARIN views this issue from a birds eye view not a micro eye view.
> To you or I, an abandoned /24 legacy space these days is enough
> addressing to run a webhosting business that could generate enough
> money to support someone as a full time job.
> But from ARIN's point of view, a /24 is a microscopic amount
> of the entire IPv4 space they are in charge of, and they don't give
> a rat's ass that some smart cracker may come along and take advantage
> of a loophole to change the POC on it.
> I have approached ARIN before, through channels, with documented
> proof that once such legacy block is abandoned. They know it's
> abandoned because they have assigned a No, Contact Known NIC handle
> to at least the tech contact. The Abuse contact on it is going to an
> obvious domain name speculator.
> But, the organization name on it is a legitimate and existing org.
> My guess is ARIN has no guidelines on what to do in this case - the
> org exists, the street address on it is correct, but none of the POCs
> on it are valid, and the subnet hasn't appeared in the BGP table for
> the past 8 years.
> So, the addressing sits idle, and unused - and in the meantime there
> are new orgs out there desperate for any amount of IPv4 who cannot take
> advantage of it.
> While the addresses may not appear in a BGP table that you can see, that
> does not necessarily indicate that they are abandoned, idle or unused.
I didn't say that presence or absence of a BGP table entry should be
used as the determining factor. You are simply trying to make a straw
man argument here.
> ARIN seems to have properly judged your report - they cannot know if the
> ORG, still a functional business, is utilizing these for any number of
> other legitimate non-big-I Internet uses - and therefore has not removed
> the registration from the database.
Baloney. As I said the ORGs street address is valid and 1 minutes work
would get ARIN a website with a telephone number. How difficult is it
to make a phone call? How difficult is it for ARIN to send a paper
letter to the POC's address saying that they need to completely update
all fields in their POC?
ARIN can find out if it's functional or not with a letter sent return
receipt requested in conjunction with all the other items I cited.
> It may be difficult that some organizations may no longer appear to be
> using their address space, where others are going to be out-of-luck, but
> ARIN policies are very clear in this case - take no action unless
> directed by an appropriate POC.
And if the POC is bogus - and ARIN's policies also have a mechanism to
detect this and they are detecting it and marking them as such - then what?
How can you take no action when directed by the appropriate POC when
there are no valid POCs on the resource? You are simply advocating that
abandoned resources NEVER get cleaned up.
More information about the ARIN-PPML