[Services-wg] ARIN Services WG - CKN23 materials for your consideration (case #2)

John Curran jcurran at arin.net
Tue Jun 14 19:00:38 EDT 2016

As noted in the document, a similar option would be
to restore the records to original state, and then lock
those which have not been updated recently (until the
contacts come in and refresh their information.)

Your proposal would also do the job.  It is also possible
that the current state is "a feature not a bug" and thus
should stay as-is.   What I do know is that additional
insight (beyond just the staff) is quite desirable...
(luckily, the Board agreed that I can use this cool
Services WG to tap for their wisdom...)

The goal is a recommendation to bring to the ARIN
community; it can be one in the document or something
created by this group, whatever you prefer.


On Jun 14, 2016, at 5:31 PM, Matt Peterson <matt at peterson.org<mailto:matt at peterson.org>> wrote:

Maybe I'm missing something here, why not have whois present a flag if the POC record has been validated recently or not. In the case of this, clearly that field would be null or a very old date.

On Tue, Jun 14, 2016 at 4:37 PM, John Curran <jcurran at arin.net<mailto:jcurran at arin.net>> wrote:
On Jun 14, 2016, at 3:40 PM, John Curran <jcurran at arin.net<mailto:jcurran at arin.net>> wrote:
Jim Smith gets an /24 for his networking company "Sprockets" in 1994,
so that he can connect to the Internet.  He gets  /24) and connects to
the Internet via one the early commercial ISPs.

The netblock reads as follows:

4131 El Camino Real, Palo Alta CA
Jim Smith
jim at well.com<mailto:jim at well.com>

Apparently, Jim left Sprockets sometime in the late 90's...

Twenty years later, Jim has called and is very upset with ARIN for having
"munged it" all up - ...

Jim's not a happy camper, and wants to know why ARIN disassociated him
with his address block randomly sometime after 2010.   Jim says that he's
been been using the address block for his house since leaving Sprockets
(no public IP, but he just uses NAT and connects via his public cable modem
IP address.) ...Because we no longer allow him
as a abuse contact to update the DNS servers, he can't even use "his" IP
block now that he's getting a nice new Internet connection.

Now on to the more dangerous variation of this story - it starts the same, sounds
the same to ARIN, and it is only in a few (unknown to us) details that it differs -

    - Spockets was sold to Widgets, Inc sometime in late '90s
    - Widgets renumbered the servers when they moved them to Widgets
      HQ  and promptly forgot about the X.Y.Z/24 IP address block...

It's highly likely (absent a transaction to the contrary) that the rights to the
X.Y.Z/24 IP address block are held by Widgets Inc.

This hasn't prevented technical contacts for long-lost companies from trying
to hijack unused address blocks and monetize them (i.e. if ARIN would just
play along...)

The change of tech contact to abuse significantly reduces the risk of hijack,
although it could be argued that it excessively impacts legacy address holders
(those who have not been updating their IP address records over time.)


Services-wg mailing list
Services-wg at arin.net<mailto:Services-wg at arin.net>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.arin.net/pipermail/services-wg/attachments/20160614/dd0caa80/attachment.html>

More information about the Services-wg mailing list