This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/anti-abuse-wg@ripe.net/
[anti-abuse-wg] Notice: Fradulent RIPE ASNs
- Previous message (by thread): [anti-abuse-wg] Notice: Fradulent RIPE ASNs
- Next message (by thread): [anti-abuse-wg] Notice: Fradulent RIPE ASNs
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Ronald F. Guilmette
rfg at tristatelogic.com
Sun Jan 20 02:37:12 CET 2013
In message <CAD77+gTo_ZQW2oJmCmQLPiRiqguTMgSLp9LrYut=GN5w+zCzkQ at mail.gmail.com> Richard Hartmann <richih.mailinglist at gmail.com> wrote: >Assuming a phone-in system was introduced and ignoring the obvious issues >with recognizing voices that any hostmaster may or may not have heard at >some time before, I would introduce myself as tech-c, tell the hostmaster >that I would hand over to admin-c who is not very deep into understanding >the matter at hand, and they would basically confirm everything I said. > >Exactly the same process and outward appearance for valid and fraudulent >requests. First, allow me to be clear that I was not suggeting any long-term or generally applicable "system" for verifying/validating RIPE resource registrants. My simple "phone contact" suggestion was only put forward with reference to this one rather entirely unusual situation where the true ownership of numerous resources is now in doubt. Leaving that point aside however, I gather you are trying to say that my simple phone validation idea/suggestion would not work, however I'm not at all sure that I see your reasoning. I guess that the admin-c person is supposed to represent the true registrant of the resource. If so, and if all of the admin-c persons reached by phone had exactly the same voice (e.g baratone), exactly the same manner of speech, and exactly the same accent, wouldn't that tend to strongly confirm that something is amiss? >Even though I may disagree with your proposed solution, talking about >specific concerns and/or suggestions as per above is vastly preferable >over what amounts to grandstanding and refusing to fill out a simple form, >and quite vocally so. I hereby apologize for any grandstanding that I may have engaged in. Please put it down to my fervent desire that the matter I reported on should be investigated, throughly and promptly. As regards my reluntance to engage with RIPE NCC on any kind of a formal basis, although that too may be unforgivable, allow me to point out what I feel is a relevant point, specifically that the free flow of information is, as we here in the states would say, a two-way street... or should be anyway. Since my original post on this matter, a RIPE NCC staff member has reached out to me, and in an informal manner I have appraised her throughly of the various lines of evidence that formed the basis of my suspicions about these specific 18 ASNs. In a follow-up to this, I inquired as to how much I might be told, and when, with regards to RIPE NCC's investigation of this matter, stating up-front that I understood that RIPR NCC staff might possibly labor under some of the same con- straints as ARIN staff do with regards to this kind of investigation, and their ability for be forthcoming, either publically or privately, about either investigation results, or actions taken. I was then politely informed that yes indeed, RIPE secrecy rules are not materially different from those of ARIN with respect to these kinds of investigations. In short, it appears that none of us will ever know anything, either about how this happened, why it happened, who was responsible (within Romania) for causing it to happen, or what actions, if any, RIPE NCC will take in response to this matter. (I sort of feel like I want to use the term "this incident" rather than "this matter", but it appears that this has not been so much an "event" as it has been a process. The data seem to indicate that the fraudlent scheme I reported on has been ongoing for over two years now.) Anyway, it may come as no surprise when I say that this information flow "one way street" is less than satisfying. In fact that would be an understatement. And if one thinks about it, this cloak of secrecy that hides all... all noble actions and all skullduggery, without discrimination... may be a part of the reason that other people of generosity and good intent, unlike me, do not waste their time on looking to deeply into funny stuff on this Internet, let alone reporting any such. Why bother when it is a forgone conclusion that the whole thing will be hushed up in the end anyway, and, as far as anyone of the outside knows, neither any drop of justice nor any dollop of disipline is ever dispensed. Thinking about it, just in the last day or two I've realized that RIPE, ARIN, IANA, ICANN, and all such authorities are in many ways quite analogous to our Federal Reserve here in the United States. In both cases, the entities have much authority and are widely perceived as having charters that somehow commit them to pursuit of the public good. But in both cases, the reality is rather different... these entities are in fact merely commercial associations of business interests that are pledged, if not by law then by contract, to never reveal even a smidgeon of their commercial member's dirty laundry to any "outsider", and their iron-clad commitment to this goal always takes precedence over any other consideration. In the United States, and because of our Freedom of Information Act, Bloomberg News was ultimately able to extract from the Feredal Reserve the various dirty secrets of the largess that the Fed had doled out to its members during the financial crisis. The airing of this dirty laundry shocked the nation, and led to many aspects of the final Dodd-Frank financial reform act aimed at disallowing any future screwings of the Amercian public for the benefit of the various large Federal Reserve member banks (and in particular the ones that were most directly responsible for having created the crisis in the first place). All I can say is that I wish that I had as much money as Bloomberg News. If I did, I would most definitely seek the juducious application of our federal FOIA, both to the Commerce Department generated entity known as ICANN, and thence also to the lower level entities that it has spawed or sponsored, namely IANA, ARIN, RIPE, APNIC, LACNIC, and AFRINIC. (Although I'm sure that even the mere suggestion will likely outrage all of you europeans, it is my contention that ultimately, and for anyone with enough money to pursue it, all of these entities would ultimately be found to be subject to U.S. law generally, and to FOIA, specifically.) I think this is the only way the counterproductive shroud of secrecy will ever be lifted, and by extension, I think that this is the only way that any of these entities might ever actually be called upon to serve the public good, in preference to the private commercial good of their respective memberships, unlike the present situation where the private commercial interests trump the public's need to know at every turn. My apologies for the length of this posting. Regards, rfg
- Previous message (by thread): [anti-abuse-wg] Notice: Fradulent RIPE ASNs
- Next message (by thread): [anti-abuse-wg] Notice: Fradulent RIPE ASNs
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]