ARIN Fraud Reporting Results - 2023 [Archived]

OUT OF DATE?

Here in the Vault, information is published in its final form and then not changed or updated. As a result, some content, specifically links to other pages and other references, may be out-of-date or no longer available.

First Quarter Investigation Results

ARIN received 43 fraud reports in the first quarter of 2023. Of the reports received:

  • 36 involved matters such as abusive activity that are outside the scope of ARIN’s fraud reporting process. No action was necessary.
  • 1 report involved multiple Org IDs with IPv4 waiting list requests by a single entity. Our investigation of this report is ongoing.
    • Ticket number: 20230116-F3707
  • 2 reports involved unauthorized changes to records. The records were locked.
    • Ticket numbers: 20230118-F3708, 20230303-F3736
  • 1 report involved a request to remove a stale reassignment record. We confirmed and removed the record.
    • Ticket number: 20230118-F3709
  • 1 report involved fraudulently obtained IPv4 addresses. We were unable to confirm; no action was taken.
    • Ticket number: 20230121-F3710
  • 1 report involved a report of multiple Org IDs created to bypass the IPv6 transition block policy’s six month waiting period. Our investigation is ongoing.
    • Ticket number: 20230122-F3711
  • 1 report involved a hijacked ASN. We were unable to confirm; the records were locked.
    • Ticket number: 20230302-F3735

Second Quarter Investigation Results

ARIN received 76 fraud reports in the second quarter of 2023. Of the reports received:

  • 2 reports involved the sale of Internet Number Resources. No action was taken since the resources are eligible for need-based transfer.
    • Ticket numbers: 20230425-F3753, 20230412-F3744
  • 1 report involved a falsified LOA used for unauthorized routing. The routes were withdrawn.
    • Ticket number: 20230623-F3816
  • 1 report involved potential out of region use in violation of ARIN policy. The routing was discovered to be anycasting with announcements in the ARIN region.
    • Ticket number: 20230530-F3788
  • 1 report involved a report of a hijacked legacy block. We confirmed the hijack, confirmed the registrant no longer exists and has no legal successor, and placed the block in hold status.
    • Ticket: 20230526-F3772
  • 1 report involved a Letter of Authorization (LOA) used to induce unauthorized creation of a ROA. The ROA was removed and RPKI information was provided to help thwart future attacks.
    • Ticket: 20230411-F3743
  • 2 reports involved unauthorized routing. All unauthorized routes were withdrawn.
    • Ticket numbers: 20230509-F3758, 20230509-F3758

Third Quarter Investigation Results

ARIN received 38 fraud reports in the third quarter of 2023. Of the reports received:

  • 33 involved matters such as abusive activity that are outside the scope of ARIN’s fraud reporting process. No action was necessary.
  • 1 report involved falsified utilization data. We were unable to verify the report.
    • Ticket number: 20230718-F3827
  • 2 reports involved unauthorized routing. In both cases, the unauthorized routes were withdrawn.
    • Ticket numbers: 20230719-F3828, 20230918-F3852
  • 1 report involved unjustified IPv6 transition space. This investigation is ongoing.
    • Ticket number: 20230813-F3838
  • 1 report involved invalid contact information. This investigation is ongoing.
    • Ticket number: 20230917-F3851

Fourth Quarter Investigation Results

ARIN received 88 fraud reports in the fourth quarter of 2023. Of the reports received:

  • 79 involved matters such as abusive activity that are outside the scope of ARIN’s fraud reporting process. No action was necessary.
  • 3 reports involved unjustified use of IPv6 transition (NRPM 4.10) address space. We were unable to confirm; however, the reports were logged and will be further investigated should the organizations requests additional resources.
    • Ticket numbers: 20231204-F3931, 20231211-F3934, 20231214-F3936
  • 1 reports involved unauthorized routing. The unauthorized routes were withdrawn.
    • Ticket number: 20231129-F3928
  • 1 report involved a falsified letter of authorization (LoA). We confirmed the LoA was invalid and provided information on better methods of authentication.
    • Ticket number: 20231116-F3911
  • 1 report involved a question about address portability and renumbering requirements. We provided information along with the option to request portable IP addresses from ARIN.
    • Ticket number: 20231116-F3910
  • 1 report involved out of region use of ARIN resources. We were unable to confirm any policy violations; however, the report was logged and will be further investigated should the organization request additional resources.
    • Ticket number: 20231006-F3875
  • 1 report involved a suspicious POC validation email. We notified the reporter it was legitimate.
    • Ticket number: 20231015-F3887
  • 1 report involved registration of resources using another org’s information without authorization. This investigation is ongoing.
    • Ticket number: 20231101-F3900

OUT OF DATE?

Here in the Vault, information is published in its final form and then not changed or updated. As a result, some content, specifically links to other pages and other references, may be out-of-date or no longer available.