nanog mailing list archives
Re: Why are paper LOAs still used?
From: Tom Samplonius <tom () samplonius org>
Date: Mon, 26 Feb 2024 12:13:49 -0800
There is one purpose: to facilitate IP fraud, and maintain currently fraudulently routed IPs. Anyone can dummy up a LOA. And there is still quite a lot of unrouted IP space. VPS providers know this, and know their customers are submitting fake LOAs. But it is sort of the business VPS providers are in. Is it some sort of serious crime in the US though? Well, just submit the LOA from outside the US. Plus, the entity being defrauded is the IP holder, not the VPS provider or their customer. If you are an IP holder, good luck getting the VPS provider to give you a copy of the fake LOA. It is not in their interest to throw their customers under the bus. You would have to give them a court order. So if you look for unrouted IP space, registered to a non-US organization (ex. Canada), and submit a fake LOA from another country (London, UK for instance), you are unlikely to get tracked down for wire fraud. And you might ask, well, why would a VPS provider accept an LOA from the UK for an IP block registered to a Canadian organization? Well, clearly it isn’t in the VPS provider’s interest to look into the LOAs too much. As long as the IP space is unrouted, they will approve it. The LOA is basically just a liability shield for the VPS provider. It is not a crime to be deceived, though the due diligence beggars belief. So I had this happen. There was a /24 being hijacked by a VPS provider. I told them this was fraud, and they asked me if I wanted to “rescind the LOA”. I told them I never gave them a LOA. They dropped the /24 immediately. They refused to provide a copy of the LOA. So pretty hard to pursue any sort of wire fraud charges. So a VPS provider asking for a paper LOA is basically asking you to lie to them, to protect them from liability. They will just drop the IP prefix if there is any contact from the actual IP holder. Tom
On Feb 26, 2024, at 10:57 AM, Seth Mattinen via NANOG <nanog () nanog org> wrote: Why do companies still insist on, or deploy new systems that rely on paper LOA for IP and ASN resources? How can this be considered more trustworthy than RIR based IRR records? And I'm not even talking about old companies, I have a situation right now where a VPS provider I'm using will no longer use IRR and only accepts new paper LOAs. In the year 2024. I don't understand how anyone can go backwards like that. ~Seth
Current thread:
- Re: Why are paper LOAs still used?, (continued)
- Re: Why are paper LOAs still used? Tom Beecher (Feb 26)
- Re: Why are paper LOAs still used? Peter Potvin via NANOG (Feb 26)
- Re: Why are paper LOAs still used? John Kristoff (Feb 26)
- Re: Why are paper LOAs still used? Matt Erculiani (Feb 26)
- Re: Why are paper LOAs still used? Sean Donelan (Feb 26)
- Re: Why are paper LOAs still used? Ren Provo (Feb 26)
- Re: Why are paper LOAs still used? Sean Donelan (Feb 26)
- Re: Why are paper LOAs still used? Sean Donelan (Feb 26)
- Re: Why are paper LOAs still used? Tom Beecher (Feb 26)
- Re: Why are paper LOAs still used? Joe via NANOG (Feb 26)
- Re: Why are paper LOAs still used? Jay Acuna (Feb 27)
- Re: Why are paper LOAs still used? Daniel Marks via NANOG (Feb 26)
- Re: Why are paper LOAs still used? Tom Samplonius (Feb 26)
- Re: Why are paper LOAs still used? Carlos Friaças via NANOG (Feb 27)
- Re: Why are paper LOAs still used? Aaron Wendel (Feb 26)
- Re: Why are paper LOAs still used? Jason Canady (Feb 26)
- Re: Why are paper LOAs still used? Jay Hennigan (Feb 26)
- Re: Why are paper LOAs still used? Christopher Hawker (Feb 26)
- Re: Why are paper LOAs still used? Carlos Friaças via NANOG (Feb 27)