security by obscurity you mean? --srs (iPad) On 13-Dec-2011, at 16:22, Shane Kerr <shane@time-travellers.org> wrote:
Joe,
It's a bit of a tangent, but...
On Mon, 2011-12-12 at 11:22 -0800, Joe St Sauver wrote:
If nothing else, that FAQ answer should *at least* be updated to correct factual inaccuracies because at least *some* other RIRs *DO* check and/or correct inaccuracies in their databases, e.g., see, in the case of ARIN, APNIC and LACNIC, see:
-- https://www.arin.net/policy/nrpm.html#three6
"3.6 Annual Whois POC Validation
"3.6.1 Method of Annual Verification
"During ARINs annual Whois POC validation, an email will be sent to every POC in the Whois database. Each POC will have a maximum of 60 days to respond with an affirmative that their Whois contact information is correct and complete. Unresponsive POC email addresses shall be marked as such in the database. If ARIN staff deems a POC to be completely and permanently abandoned or otherwise illegitimate, the POC record shall be marked invalid. ARIN will maintain, and make readily available to the community, a current list of number resources with no valid POC; this data will be subject to the current bulk Whois policy."
What a great method for finding networks that are poorly monitored and maintained! Simply check ARIN's Whois database until you find networks with POC that are marked as invalid!
I hope that RIPE does not adopt this address-hijacking-friendly technique. :(
-- Shane