This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/
[anti-abuse-wg] [routing-wg] AS12679 -- 206.195.224.0/19
- Previous message (by thread): [anti-abuse-wg] [routing-wg] AS12679 -- 206.195.224.0/19
- Next message (by thread): [anti-abuse-wg] [routing-wg] AS12679 -- 206.195.224.0/19
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Ronald F. Guilmette
rfg at tristatelogic.com
Mon Jan 27 08:36:43 CET 2020
In message <20200127071712.GN36653 at vurt.meerval.net>, Job Snijders <job at ntt.net> wrote: >Hold on a second, are you sure there ever *was* a request to change who >controls this legacy block? I am not so sure. > >I suspect what happened is that the 'thriftdrug.org' domain name >registration expired, and the alleged thief registered thriftdrug.org... Nope. I have already looked at the ARIN WhoWas report. Here are the relevant records, with date stamps: https://pastebin.com/raw/M3fDR7nh >> But from where I am sitting it does appear that there was exactly and >> only -zero- review of this take-over request. > >There was no take-over request, I'd call this impersonation or a >compromised account. I agree that "impersonation" occurred. I *do not* agree that this was enabled by any kind of account compromise. Furthermore, I have no reason to believe that suddenly, after a couple of decades of utter dormancy, someone just guessed the acocunt password needed to take control over this ARIN WHOIS record. (And in this instance I apply Occam's razor.) >> I mean that it appears that absolutely *nothing* was done in the way >> of vetting in this case. The age of the new contact domain... which >> would have been a BIG red flag... quite apparentkly wasn't checked. > >Have you considered asking ARIN to take the 'domain name creation' date >into consideration when usernames are retrieved or passwords are reset? >Perhaps there are some simple heuristics that can be applied to improve >the password reset process. Thank you for a nice laugh Job! No, I have not suggested to ARIN how to do their jobs in this kind of a context. And no, I *do not* think that I should even have to suggest that such factors should be considered when giving someone control over a nice juicy legacy block that has sat dormant for a couple of decades. Nor do I think that -I- should have to suggest such a step to the ARIN folks for the simple reason that it is JUST TOO EFFING OBVIOUS... a fact which this present case renderes even more bloody obvious than it already was. >ARIN has a fine working process to publicly log enhancement requests >called the 'ACSP' https://www.arin.net/participate/community/acsp/ Gee. Thanks Job. I just love to spend time jumping through mindless bureaucratic hoops, just so that I can claim the privilege of informing some folks of what should have been bloody obvious to those same folks from the get-go anyway. >ARIN would not be unique in having trouble preventing account >compromises when the control over the domain name falls in the wrong >hands. See above. That's not what happened in this case. Regards, rfg
- Previous message (by thread): [anti-abuse-wg] [routing-wg] AS12679 -- 206.195.224.0/19
- Next message (by thread): [anti-abuse-wg] [routing-wg] AS12679 -- 206.195.224.0/19
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]