Here's a thought. Would it be possible to set up a process where ARIN, as
part of reselling IP addresses, either issues a certificate of transfer that
the new owner can use to prove to the ISPs that he's a new owner and not the
old evil spammer, or ARIN publishes a list of IP assignments that can be
used by ISPs to provisionally remove them from blocked lists?
I sympathize with the original poster, it's sort of like buying a used car,
only to find out the previous owner was the drunk driver who ran over your
next door neighbor's dog.
That sounds like a great idea! We should make it an electronic certificate, though, so that anyone who wants to know can look it up online. And it should show the contact info of the new owner and the date the record was created/updated. It would be a great way to find out WHOIS using a particular address block.
(replying to list with Tammy's permission)
This is pathetic. ARIN is supposed to be working as a steward of this IP space. When you have policies that make it more difficult to use the IP space this isn't even remotely close to stewardship. It's pathetic, with the policy making a quick turn around of releasing old IP space when you get an allocation, that ARIN is leaving innocent third parties who have paid ARIN large sums of money for this space.
ARIN, frankly you can suck it. It's time to grow up and behave how you were intended to.
The lines for IPv4 look like:
apnic>AU>ipv4|1.0.0.0|256|20110811|assigned|A9173591|e-stats
apnic>CN>ipv4|1.0.1.0|256|20110414|assigned|A92E1062|e-stats
apnic>CN>ipv4|1.0.2.0|512|20110414|assigned|A92E1062|e-stats
4th field is start IP
5th field is number of IPs in block
6th field is date of allocation/assignment
I would think that file might be parsed, compared to RBL listings, and
if listing date (or last bad behavior date) < allocation/assignment date
- then remove listing.
This is pathetic. ARIN is supposed to be working as a steward of this
IP space. When you have policies that make it more difficult to use the
IP space this isn't even remotely close to stewardship. It's pathetic,
Unfortunately, a surprising number of "new" IP space owners turn out
to be the sleazy old IP space owners under a differnt fake name.
Which is irrelevent to removing a address block on the basis of a
RIR recording that the block has been reallocated. A reallocation
already goes through a quarantine period though that may get shorter
as time goes on.
A transfer on the other hand doesn't.
There may be some use in recording whether a address block is
transfered or allocated. Note I'm not sure if the allocation
date gets updated on a transfer or not.
There may be some use in recording when a address block is
quarantined.
Which is irrelevent to removing a address block on the basis of a
RIR recording that the block has been reallocated. A reallocation
already goes through a quarantine period though that may get shorter
as time goes on.
A transfer on the other hand doesn't.
Correct. A transfer is not an issuance of space, and could very easily
be to a recipient related to the original party that caused the current
reputation.
Whereas the issuance of address space to a qualified requestor (even if
previously issued and now returned to ARIN) is far more likely to an
unrelated new party than anyone related to the original block holder.
There may be some use in recording whether a address block is
transfered or allocated. Note I'm not sure if the allocation
date gets updated on a transfer or not.
It is highly recommended that folks running reputation systems monitor
this feed and avoid penalizing parties being issued resources, as those
requesting have no control over the prior history of these blocks before
their return to ARIN.
We are going to see quite a bit more of reissued blocks as we get down
towards the bottom of the available pool in this region (i.e. over the
next 6 to 12 months)
Okay, my apologies for supplying one piece of information which was not
quite correct with respect to the above -
A transfer which occurs due to merger or acquisition is simply the updating
of the organization and/or contacts, and does not result in a new issue date,
nor does it show up in the arin-issued feed as noted above.
A sale (aka specified transfer) has a new issued date, and thus does appear
in the arin-issued feed. It is still likely that these are to new parties
but if an party operating a reputation service is concerned about the risk
of "reputation washing via transfer", then they should monitor the list of
specified transferred address blocks which is here:
<https://www.arin.net/knowledge/statistics/transfers.html>
Note also, there is more useful aspect of the arin-issued feed for those
operating reputation services, and that is with respect to blocks returned
to ARIN -
Any blocks that come back to ARIN (whether reclaimed/revoked/recovered)
are placed in hold status upon receipt. This hold period used to be one
year, then was reduced to 6 months, is presently 3 months, and at ARIN
IPv4 depletion will be just 1 one month per the ARIN IPv4 countdown plan:
<https://www.arin.net/resources/request/ipv4_countdown.html. As blocks
come out of held status, they are removed from assigned status and show
up in the arin-issued report with the "Remove" keyword. At that point,
these blocks are definitely safe to remove from any reputation history,
as they are completely disassociated with the past resource holder and
will be shortly issued anew to the next organization in queue.
Looks like they post a "remove" message when a block is returned to
the registry and then an "add' when it's reassigned. For example,
Derrick's block (74.112.96.0/22) was "removed" in November:
Basically correct; one small note is that the "Remove" message is
actually not when the block is returned to ARIN, but after the end
of the hold-down period (it may be several months later that a block
in the available pool is actually issued, depending on the already
existing inventory and rate of demand for any given block size.)