[arin-ppml] Conflict of Interest rules ?

Ronald F. Guilmette rfg at tristatelogic.com
Fri Dec 6 07:32:45 EST 2019 

In message <3D2A4C39-D362-49AF-AFC2-4F26BCF4E4FE at pch.net>, 
Bill Woodcock <woody at pch.net> wrote:

>> and set up shop selling addresses out the side door, to those entities
>>who were officially denied address space?
>
>Correct.

This is actually somewhat of an over-simplification of the totality of
what has gone on.

As my extensive rants on the NANOG mailing list of a couple of months
ago attempted to illustrate, a great deal of the stolen AFRINIC space,
but quite certainly not all of it, ended up, one way or another, in
the hands of a gentleman by the name of Elad Cohen, who has a business
(netstyle.co.il, netstyleservers.com) in Israel.  It apparently came to
him via an intermediary, i.e. someone between him and the original
thief.

Mr. Cohen subsequently arranged to obtain routing for most or all of that
from FDCServers in Chicago, which in turn arranged for their own upstream,
Cogent, to actually announce the routes to the space.  Mr. Cohen also had
the audacity to squat on a number of unrelated abanadoned legacy /16
blocks drawn from the the APNIC region, which were likewise then routed,
by Cogent, to various FDCServers data centers around the world.

Finally, Mr. Cohen utilized the verification-free services of the RADB
data base in order to create a multitude of route object for all of his
stolen AFRINIC space and all of his squatted APNIC space as part of his
overall scheme to induce Cogent to announce the routes and to induce
others to accept the announcements as valid.

This, as it turned out, was quite helpful, as it allowed me to download
a fresh daily copy of the entire RADB data base from which I was then,
with some minimal programming, able to extract a full list of all of the
route objects that Mr. Cohen had installed there, using his own email
address as the contact point for each of those.  If not for this, it
would have been difficult or impossible for me to have reliably
identified all of the legacy AFRINIC blocks that had been stolen.  But
as it was, the task was quite trivial, thanks to Mr. Cohen's remarkably
brazen operations and his essentially non-existant operational security.

It is important to note in all of this that I have some time ago ceased
using the term "hijack" as it is too imprecise and too subject to easy
misinterpretation.  Instead, these days I now prefer to use only the
terms "squatted" or "stolen", where the former is just a matter of routing
space to which one has no legitimate rights, whereas the later term I
reserve for references to instances in which the relevant WHOIS records,
as stored at and by the relevant RIR, have been, by hook or by crook,
altered by the party or parties who illicitly covet the space in question.
impfroper alteration of the relevant WHOIS records may be carried out
either by social engineering of RIR staff or else, as in this whole
AFRINIC mess, by some malevolent RIR insider having direct and arbitrary
read/write access to the data base.  I consider these cases of "stolen"
IP space to be far more serious and distrubing than your everyday run-of-
the-mill squatting event.

Here is one write up I did some time back regarding a case that I would
characterize as exemplifying a "stolen" block and one that was apparently
stolen via social engineering of RIR staff:

    https://mailman.nanog.org/pipermail/nanog/2019-August/102791.html

Coming back now to the AFRINIC mess, whereas, as I have said, a great deal
of the relevant stolen IPv4 space ended up in the hands of Mr. Cohen, who
then used or resold it for purposes that remain a bit murky, and although
my persistant public haranguing of Cogent eventually brought all that to
an end, much of the stolen AFRINIC space remains to this day routed by a
variety of networks around the world, most notably two networks in Pakistan,
which are routing a great deal of it, and also a couple of U.S. networks
that are also continuing to do likewise even as we speak.

My hope is to that I will live to see all of the relevant non-legacy stolen
AFRINIC IPv4 blocks eventually de-registered and reclaimed by the RIR,
but I have been holding out some dim hope in that regard also with respect
to the blatantly stolen 143.95.0.0/16 block, and so far, as least, I wait
in vain for any proper or fair resolution of that matter.  Meanwhile, a
rather blatantly crooked company in Massachusetts continues to enjoy a
fee-free /16 legacy block that it has no rights to whatsoever, while all
honest ARIN members continue to duitfully pay their annual fees.  For an
explanation of why this annoys me personally, I refer you all to the
following short but enlightening video:

https://www.youtube.com/watch?v=meiU6TxysCg


Regards,
rfg

More information about the ARIN-PPML mailing list