[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Proof of ownership; when someone demands you remove a prefix
- Subject: Proof of ownership; when someone demands you remove a prefix
- From: matt at netfire.net (Matt Harris)
- Date: Mon, 12 Mar 2018 13:57:26 -0500
- In-reply-to: <[email protected]>
- References: <[email protected]>
On Mon, Mar 12, 2018 at 1:46 PM, Sean Pedersen <spedersen.lists at gmail.com>
> We recently received a demand to stop announcing a "fraudulent" prefix. Is
> there an industry best practice when handling these kind of requests? Do
> have personal or company-specific preferences or requirements? To the best
> of my knowledge, we've rarely, if ever, received such a request. This is
> relatively new territory.
This could definitely be an attempt at a DoS attack, and wouldn't be the
first time I've heard of something like this being done as such.
I thought about requesting they make changes to their RIR database objects
> to confirm ownership, but all that does is verify that person has access to
> the account tied to the ORG/resource, not ownership. Current entries in the
> database list the same ORG and contact that signed the LOA. When do you get
> to the point where things look "good enough" to believe someone?
They may also be leasing one chunk of space from an organization without
actually having access to the RIR db too - in that case, they could ask the
org they are leasing from to put in a SWIP with the RIR, but if they don't
choose to, then that's not a hard requirement.
On the same token, having access to the org account at the RIR pretty much
makes you as legitimate as you're going to be as far as any of us can
really tell. If there's an issue where the RIR account has been
compromised, then that issue lies between the RIR and their customer, and
isn't really your business because you have no way to know whatsoever.
> Has anyone gone so far as to make the requestor provide something like a
> notarized copy stating ownership? Have you ever gotten legal departments
> involved? The RIR?
A notarized copy stating *ownership* seems overboard. Lots of
organizations lease IPv4 space, and lots more now since depletion in many
regions, and their use of it is entirely legitimate in accordance with
their contractual rights established in the lease agreement with the
owner. I'd probably think about looking at the contact info in the RIR
whois and ask them, if I had a situation like this myself. Ultimately, the
RIR's contact which would be in their whois db should be authoritative more
so than anyone else. I doubt the RIR would be able to say much if you
contacted them beyond that everything that isn't in whois isn't something
they'd share publicly.