[arin-ppml] Hijackings on the increase?

Richard Jimmerson richardj at arin.net
Wed Mar 23 10:14:40 EDT 2016

Hello David,

There has been an increase in organization and point of contact recovery requests in the past six months. These recovery requests are increasingly targeted at organizations and/or points of contact that have not been maintained in ARIN’s database for up to ten years or more.

ARIN staff uses internal practices developed over the last several years to verify the legitimacy of these requests. Their processing is very similar to the chain of custody and verification work conducted for transfers. We are finding a larger than usual number of these requests either being denied by ARIN staff or abandoned by the individual who submitted them. An increasing number of these requests appear to be hijacking attempts of legacy IPv4 registrations.

One thing that might help would be if organizations that have performed acquisitions over the years would be more proactive in updating their registrations at ARIN.  This reduces the number of resources that have outdated information and thus reduces the potential target area in the registry for hijacking attacks.

We will be reporting on this and other registration trends we are experiencing at the upcoming ARIN meeting that takes place in April.


Richard Jimmerson
CIO & Acting Director of Registration Services
American Registry for Internet Numbers

From: <arin-ppml-bounces at arin.net<mailto:arin-ppml-bounces at arin.net>> on behalf of David Huberman <David_Huberman at outlook.com<mailto:David_Huberman at outlook.com>>
Date: Tuesday, March 22, 2016 at 12:03 PM
To: "arin-ppml at arin.net<mailto:arin-ppml at arin.net>" <arin-ppml at arin.net<mailto:arin-ppml at arin.net>>
Subject: [arin-ppml] Hijackings on the increase?


I'm at the ARIN On the Road event in Austin, TX today.  Eddie Diego from the ARIN staff is giving an excellent talk on registration services. He has pointed out in his slides, however, that hijackings of address blocks in Whois is on the rise.

Can someone at ARIN please discuss this a little on PPML -- data, things we can do to minimize risk, etc.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.arin.net/pipermail/arin-ppml/attachments/20160323/4e0e679d/attachment-0001.html>

More information about the ARIN-PPML mailing list