Internet2 Network Security SIG

[Michael Scarpellino <>]

There was a presentation by ARIN at NANOG this afternoon on post-depletion trends for IPv4 addressing.
One of the more disconcerting trends is that incidents of address range hijacking are on the rise.  Incidents of route hijacking are also on the rise. The latter is when an attacker fraudulently advertises address space they don't own on public networks. It is distinct from ARIN's observation on the former, where an attacker fraudulently changes the POC and handle information in the ARIN database and uses the new credentials to transfer the asset to third parties. ARIN notes this is more common among legacy allocations which are typically held by academics. The attackers apparently watch the legacy networks and look for records whose POC information has not been updated in several years.

While there are a number of other preventive measures that can be used to protect your assets in the ARIN database, keeping the POC data up to date by responding to the annual requests they send out is easy and effective. There is concern that the academic community is not keeping our records up to date, which may expose us to this new trend. 

I was not able to catch the presenter after the talk to discuss what we could do as a community, but I thought I would at least pass along this information along. I believe someone suggested ARIN reach out to Educause, so we will probably be hearing more about this in the future. In the meantime, awe all might at least review and update our POC data.