What about contacting ARIN? Does the customer have their own ASN? ETC ETC On Mon, Mar 12, 2018 at 2:52 PM, Naslund, Steve <snasl...@medline.com> wrote:
> I would personally reach out to the technical POC for the customer. > Perhaps have your sales rep for the account resolve the issue. > > Steven Naslund > Chicago IL > > -----Original Message----- > From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Sean Pedersen > Sent: Monday, March 12, 2018 1:47 PM > To: nanog@nanog.org > Subject: Proof of ownership; when someone demands you remove a prefix > > We recently received a demand to stop announcing a "fraudulent" prefix. Is > there an industry best practice when handling these kind of requests? Do > you have personal or company-specific preferences or requirements? To the > best of my knowledge, we've rarely, if ever, received such a request. This > is relatively new territory. > > > > In this case we have a signed LOA on file for that prefix and I've reached > out to our customer to verify the validity of the sender's request. The > sender claims to have proof that they are authorized to speak on behalf of > the owner. I will wait until I hear from our customer before I consider a > response to the sender. I don't get a real sense of legitimacy from the > sender making the request. No one else announces the prefix. Nothing about > the request appears to be legitimate, especially considering the sender. > > > > I thought about requesting they make changes to their RIR database objects > to confirm ownership, but all that does is verify that person has access to > the account tied to the ORG/resource, not ownership. Current entries in the > database list the same ORG and contact that signed the LOA. When do you get > to the point where things look "good enough" to believe someone? > > > > Has anyone gone so far as to make the requestor provide something like a > notarized copy stating ownership? Have you ever gotten legal departments > involved? The RIR? > > > >
