We got a subpoena awhile back for an IP that wasn't in use at the times they were asking about... it was in a dynamic pool and had been used, but not within several weeks of the date on the subpoena. We just told them that it was one of our IPs, but it wasn't in use at that time, and that seemed to satisfy them (this was just a semi-local PD though). Is there any way we would know if somebody was spoofing our unused IPs?
On Wed, Apr 12, 2017 at 2:39 PM, Chuck McCown <ch...@wbmfg.com> wrote: > Since they are inactive IP’s doesn’t really matter who is asking, even > they are not legit what harm is done in saying those are unused reserved > IPs? > > *From:* Sterling Jacobson > *Sent:* Wednesday, April 12, 2017 1:36 PM > *To:* af@afmug.com > *Subject:* Re: [AFMUG] subpoena for non used IP > > > Interesting. > > > > I don’t know that any external agency has any power to do anything if you > as the ISP just claim it is unused/never used. > > > > Never thought of that before. > > > > Not sure how you would ‘prove’ that either way. > > > > *From:* Af [mailto:af-boun...@afmug.com] *On Behalf Of *Steve Jones > *Sent:* Wednesday, April 12, 2017 9:25 AM > *To:* af@afmug.com > *Subject:* [AFMUG] subpoena for non used IP > > > > We got a subpeona for one of our IPs, it is in our ARIN allocation, but > has never been assigned or live that I can tell. > > I assume malicious actors have a tool to look at IP space for dormant > numbers, if it historically has not been active its better for spoofing? Is > this the case or is this an instance of watching too much NCIS? > > > > On a side note, this request was not from FBI or DHS, it was a different > .gov entity, They initiated contact, we verified externally they were > actually government and who they say they are. Ran it past our Lawyer. The > odd thing was, they wanted our Tax ID before they proceeded since we can > generate a bill for our time on the issue. This completely red flagged it > for me, but apparently this is not uncommon? >
