In message <MWHPR09MB1504F1CDEEB104E38F66501AA4D60@MWHPR09MB1504.namprd09.prod.
<snip>
1) On or about 02-17-2010 HHSI, Inc. (California) transfered the
registration of the 216.179.128.0/17 block from itself to the
2009 vintage Delaware entity Azuki, LLC. If this is what happened,
then it is likely that the transfer was performed in violation
of the applicable ARIN trasfer policy that was in force at the time.
(Azuki, LLC did not simply buy-out HHSI, Inc., lock, stock, and
barrel in 2010. California records show that HHSI, Inc. continued
to be an active California corporation until at least 02/12/2014,
and probably well beyond that date.)The Arin policy in affect at the time of the transfer would absolutely allow
this as an 8.2 mergers and acquisitions sale. There is no policy requirement
for a "lock, stock, and barrel" buy-out as you say.From the 2010.1 version published 13 JAN 2010, ref: https://www.arin.net/va=
ult/policy/archive/nrpm_20100113.pdf
"ARIN will consider requests for the transfer of number resources
in the case of mergers and acquisitions upon receipt of
evidence that the new entity has acquired the assets which
had, as of the date of the acquisition or proposed
reorganization, justified the current entity's use of the number
resource. Examples of assets that justify use of the number
resource include, but are not limited to:
* Existing customer base
* Qualified hardware inventory"So they bought the customers and routers that were using that /17. What's
the big deal?
Firstly, there is no clear evidence that I am aware of that there are any
"customers" per se in this case. Spamhaus has, in effect, judged the
entire 216.179.128.0/17 block as being just one big spamming operation,
and I personally have no reason at this instant to take issue with that
judgement. (Please note also that a generally reliable source informs
me that Spamhaus has had this SBL listing for the entire 216.179.128.0/17
block active and in place since circa 2010-03-02, i.e. a full 9 years now.)
So anyway, in this case we are really only talking about equipment and not
"customers" per se. If I am wrong about that, please post the evidence.
Second and more to the point, I think that you and I have dramatically
different understandings of the plain meanings of the terms "merger" and
"aquisition".
The evidence indicates that HHSI, Inc. neither merged with nor was aquired
by Azuki, LLC. Rather, HHSI continued to have, and to actively maintain
its own separate legal existance through at least 2014... several years
*after* the moment in time, on or about 02-17-2010, when the -apparent-
ownership of the 216.179.128.0/17 block (going by the WHOIS records)
somehow magically passed from HHSI, Inc. to Azuki, LLC.
It is not my understanding of mergers and/or aquisitions that the merged
(or acquired) entity continues to have and maintain a separate legal
existance from the other merged (or acquiring) entity following the
merger or acquisition. You, it seems, may have a different conception.
Theoretically, HHSI, Inc may have been acquired by Azuki, LLC and may have
then become a wholly owned subsidiary of Azuki, LLC. This would explain
it's continued, simultaneous, and parallel legal existance in the years
2010 through 2014, along with Azuki, LLC. But even if this rather remote
possibility applied, it would still not serve to explain the apparent
2010 transfer of the 216.179.128.0/17 block from the wholly owned subsidary
to the parent entity. Why would such a transfer be either necessary or
even desirable? And how would such a transfer comport with the ARIN
transfer regulations in place at the time? Those regulations, as you
have quoted them, DO NOT obviously sanction transfers from subsidiaries
to parent entities in cases where both survive as separate legal entities.
And it is not even in the least bit clear that there even was any such
parent/subsididiary relationship between these two corporate entities at
the time of the transfer.
But in answer to your larger question, "What's the big deal?", the answer
is that -all- WHOIS records for -all- IP address blocks adminstered by
-all- RIRs are fundementally unvetted and thus untrustworthy. This one
case is a clear and blatant example of that fundemental problem with the
way all RIRs are behaving.
As far as I am aware, no RIR makes any effort whatsoever to vet changes
to WHOIS records, either for IP blocks or ASNs or ORG records. (And this
fact was abundantly evident in the Micfo fraud case, where the man behind
that fiddled the majority of the street address and other contact information
appearing in the public-facing WHOIS records for the blocks assigned to his
various phony baloney shell companies in a now-obvious attempt to mislead
both the public and also anti-abuse investigators.)
Someday soon, because of policies in place at all of the RIRs, you're
going to get some spam, or a hack attempt from a specific IP address,
and when you go to look up the registrant of the containing IP address
block you're going to find out that it is registered to Bozo the Clown,
whose mailing address is 1600 Pennsylvania Ave., Washington D.C. and
whose contact office phone number is 1-734-930-3030. (Google it.)
Worse, that utterly bogus information may appear in the WHOIS record
for the ASN that is currently announcing more specifics for parts of
YOUR address space.
If you don't see any of this as an actual problem. then please just forget
I mentioned it.
Regards,
rfg