Re: AS11296 -- Hijacked?

[Robert Bonomi <bonomi () mail r-bonomi com>]

> From nanog-bounces+bonomi=mail.r-bonomi.com () nanog org  Fri Oct  1 16:33:09 2010
> From: John Curran <jcurran () arin net>
> To: George Bonser <gbonser () seven com>
> Date: Fri, 1 Oct 2010 17:32:47 -0400
> Subject: Re: AS11296 -- Hijacked?
> Cc: "nanog () nanog org" <nanog () nanog org>
>
> George -
>    Full agreement; the next step is defining a deterministic process for id=
> entifying these specific resources which are hijacked,

That _seems_ fairly simple -- can you trace a 'continuity of ownership from
the party that they were -originally- allocatd to to the party presently using
them.  If yes, legiitmate, if no, hijacked.  With most States corporation
records on-line, tracing corporate continuity is fairly straight foruard.
As long as you recognize that a corpoation 'abadoned', 'dissolved' (or 
similar) in one state is *NOT* the 'parent' of a same-/similarly-named 
corporation established in another state.  And that "documents" surfacing
'long after' a resource-holder has 'disappeared', puporting to show a transfer
of those resources 'at the time of disappearance', are "highly suspect", and
really require confirmation from someone who can be -independantly- verified
as part of the 'old' organization at the time of the transfer.

This isn't rocket science, it's straightforward corporate forensics, and the
establishment of "provenence", or the equivalent of an 'abstract of title' for
real-estate.

"Somebody", either IANA, or the RIRs _should_ have been keeping track of 
what prefixes are announced, and _by_whom_, as a minimal check on utilization
when an existing AS submits a request for additional space.

A netblock (meaing an entire allocation, not just some sub-set thereof) that's
been 'missing' for an extended period, and then shows up in an geographically 
distant locale is 'suspicious' to start with.  All the more so it it was 
multi-homed, and now has only a single upstream.