June 17, 2008 - A former Air Force Captain,
former instructor at the
Air Force Academy and
the author of
a book detailing technical strategies for combating e-mail spam
created two companies in 2005 and 2007 which subsequently obtained
control of two large "legacy"
IP address blocks (so-called "Class B" or "/16" IP address blocks)
from the American Registry for Internet Numbers
(ARIN) via means that remain
murky, if not to say downright suspicious.
Both blocks have since been found to be in active use by
commercial mass e-mailers.
As shown in
this document obtained from the
Colorado Secretary of State's web site, on February 23, 2005
of Colorado Springs, Colorado, a former Air Force Captain
and author of the book
Removing The Spam,
created a new Colorado Limited Liability Company (LLC) called
Gold Hill Computers, LLC. Later, Mr. Mulligan's new Colorado
LLC gained official ARIN-sanctioned
control over the
220.127.116.11/16 IP address block.
Prior to the creation of Colorado-based
Gold Hill Computers, LLC,
the 18.104.22.168/16 IP address block had been
assigned to company known as Gold Hill Computers, Inc. of
Gold Hill Computers, Inc. of Cambridge, Massachusetts is a small
software company that has existed since the mid 1980's. It specializes
in selling Lisp interpreters, as it has done since its inception over
two decades ago. As documented in the
stone tablets of the Internet, the so-called Internet RFCs,
RFC 1020, and
the 22.214.171.124/16 IP address was originally allocated to
some entity named GoldHill that existed at
the time these RFCs were originally issued, i.e. November 1986, March 1987,
November 1987, and July 1990, respectively.
The first three of
those RFCs show GoldHill's
official contact person as one
So how do we know
that the particular GoldHill that was
allocated the 126.96.36.199/16 block way back on
October 2nd of 1986 is the same as
the company that today resides in Cambridge, Massachusetts, that still
calls itself Gold Hill Computers, Inc. and that still sells
implementations of the Lisp Programming Language? It's possible, even
if highly unlikely, that a different company also named
Gold Hill Computers might have been the original registrant of
the 188.8.131.52/16 IP address block.
A quick check of the
Secretary of State's web site turns up
this corporate registration document
which clearly shows Gold Hill Computers, Inc. as a
Massachusetts-based company, and one that was originally
registered with the Commonwealth of
Massachusetts on July 19th, 1982. So this
Massachusetts-based Gold Hill Computers, Inc. has certainly
been around long enough to qualify, based on age, as the
specific GoldHill to which the 184.108.40.206/16 block was
initially allocated way back in October, 1986.
More importantly however
this historical account
of the early development of TCP/IP protocol software
on early IBM PCs specifically mentions
both Gaylord Miyata, whose name, you will remember, appears in
RFC 997, and
in conjunction with the 220.127.116.11/16 IP address block allocation,
and also Mr. Miyata's affiliation with
"...Gold Hill, whose product was a LISP implementation
that ran in protected mode on a 286".
Lastly, there is also
this historical document,
obtained from the
Massachusetts Institute of Technology's
that clearly shows the 18.104.22.168/16
IP address block allocated to an entity located in
Fast forward now a few years past the initial 1986 allocation of the
22.214.171.124/16 IP address block, specifically to the 1989-1990 time
Gold Hill Computers, the Cambridge
Massachusetts software company, hit with slowing sales and the
associated economic hardship, is forced to lay off the majority of its
former staff. The company changes locations
(still within the greater Boston area) and somewhere along the
way, records of the company's
rights to use the 126.96.36.199/16 IP address block are
mislaid or accidentally discarded. Due to the company's fading
business prospects, it isn't using its
188.8.131.52/16 IP address block, and the block isn't even
anywhere. Memories of the company's rights to
the 184.108.40.206/16 block fade within the company.
Fast forward again, another fifteen years, to 2005.
The 220.127.116.11/16 block looks to
be basically abandoned. It's not being routed, and unless you're an
amateur Internet sleuth, you'd be hard-pressed to find the
original registrant of this block. In short, the block itself
looks ripe for the picking,
at least if you are unscrupulous and willing to
engage in a bit of
block hijacking (aka network identity theft)
on other people's unused and intangible (but nonetheless valuable) assets.
The 18.104.22.168/16 block is cost-free, i.e. you won't
have to pay ARIN any
annual rent for using it,
and you won't even have to justify your
continuing use of the block to
ARIN because it is a so-called
"legacy" block, allocated before ARIN even existed, which is thus
exempt from the ordinary justification requirements that apply
to all post-ARIN allocated blocks.
As shown in
this document, obtained from the
Colorado Secretary of State's web site,
on February 23rd, 2005, a new
Limited Liability Company (LLC) was formed in the state of Colorado.
The name of the new company, which subsequently came to exercise
dominion over the 22.214.171.124/16 IP address block,
was remarkably convenient...
Gold Hill Computers, LLC.
With a name like that, there was no need to make any
change to the name of the "registrant" of the
126.96.36.199/16 block when the block was acquired, somehow, by the new company.
Gold Hill Computers, LLC, headquartered in Colorado Springs, Colorado,
currently has control over more than 65,000 separate IP addresses... a
fairly substantial piece of Internet real estate... the company
doesn't even seem to have its own web site at the present time,
or even so much as its own e-mail address.
The one and only IP address block that public ARIN records say is
currently under control of this company is the 188.8.131.52/16 IP address
block, i.e. the very same block that all of the documents cited above
indicate was actually and originally allocated to the
much older company known as
Gold Hill Computers, Inc. of Cambridge, Massachusetts.
So what happened here? How did control
over an entire block of more that 65,000 IP addresses...
a valuable asset to anyone doing business on the Internet...
end up being transferred out of the hands of
Gold Hill Computers, Inc. of Cambridge, Massachusetts
and into the hands of the recently-formed and interestingly-named
Gold Hill Computers, LLC of Colorado Springs, Colorado?
A Tale of Two IP Blocks
I have spent more than a little time over the past several weeks
looking into that very interesting question. I was motivated to do so
primarily by my realization that the creator and current owner of
the Colorado-based Gold Hill Computers, LLC was one
Geoff Mulligan... the same Mr. Geoff Mulligan
who, not long ago (March 2007), created and then rapidly...
within 11 months... sold off
another Colorado LLC,
together with its asset(s)... which, by a rather amazing
coincidence, apparently included yet another
valuable "legacy" /16 IP address block.
The name of the other
Colorado LLC that Mr. Mulligan created in March of 2007,
and then rapidly sold was
SF Bay Packet Radio, LLC and its major asset... perhaps
its only truly meaningful asset... was its control over the
184.108.40.206/16 IP address block.
As diligent readers of this web site already know (because it was
first revealed here more than seven weeks ago),
the 220.127.116.11/16 IP address block, formerly allocated to NASA,
an agency of the United States government,
somehow ended up in the hands of one of
the most notorious mass e-mailing companies in the U.S., and did so
via means that remain more than a little mysterious.
That questionable transfer of a valuable,
although intangible U.S. government asset, like the transfer of
the 18.104.22.168/16 block before it, also involved a large block of IP addresses
passing to or through one of Mr. Mulligan's multiplicity of Colorado
To find out exactly how the
22.214.171.124/16 IP address block somehow made its way from
Gold Hill Computers, Inc. of Massachusetts to
Gold Hill Computers, LLC of Colorado
the Cambridge-based Gold Hill Computers, Inc. at the number
given on its
web site. I spoke at
length, and on several occasions, to a gentleman who identified himself as
Vince McGugan. (Mr. McGugan's business card,
with his official company title, is shown
company's web site.)
Mr. McGugan identified himself as the
current owner of the company, although his official title would
seem to be "Chairman".
Mr. McGugan also confirmed for me
that his company, Gold Hill Computers, Inc.,
has indeed been selling Lisp implementations since the 1980's.
Separately, and in repeated questioning, Mr. McGugan assured me in no
uncertain terms that his company had neither any knowledge of nor any
business with Gold Hill Computers, LLC of Colorado Springs,
and also, that his company has never
made any agreements, or entered into any contracts to sell, lease,
or rent any of his company's IP address space to any other party.
(When I first made contact with him, Mr. McGugan stated that he was aware
that the company had rights to some IP address block, but he had
no clear idea what had happened to that IP address block over the years.
As a result of my phone conversations with him however,
Mr. McGugan does now have an understanding
of what what happened to his company's IP address block.)
In my telephone conversations with him, I informed Mr. McGugan of the
existence of the Colorado Springs based Gold Hill Computers, LLC,
and its apparent current control of the 126.96.36.199/16 IP address
block... a block which at least four different historical Internet RFCs
suggest should rightfully be under the
control of Mr. McGugan's company.
Mr. McGugan repeatedly expressed
sincere gratitude that I had called and alerted him
to this situation.
Prior to my multiple phone conversations with
Mr. McGugan, I had already telephoned and spoken at
length with Geoff Mulligan at his Colorado
Springs residence in reference to his creation, in March 2007, of
the curiously named Colorado
SF Bay Packet Radio, LLC and in reference to how
its "asset", the 188.8.131.52/16
IP address block,
ended up in the hands of the notorious Colorado-based mass e-mailing
Media Breakaway, LLC.
In that earlier phone conversation, Mr. Mulligan had confirmed for me that,
just as the publicly-available Colorado state records indicate,
Mr. Mulligan was... and currently is... in fact the owner and creator of
Gold Hill Computers, LLC and also, as indicated in
publicly-available ARIN records,
that Gold Hill Computers, LLC was... and currently is...
in fact exercising control over
the 184.108.40.206/16 IP address block.
(Note however that Gold Hill Computers, LLC is currently
allowing another company, Colorado-based
Optimum Network Services, LLC
to use the 220.127.116.11/16 block... a fact we'll return to shortly.)
So who cares if some aggressive
Internet entrepreneur out in Colorado may have
developed some creative new strategies for obtaining multiple
large blocks of valuable apparently abandoned legacy
IP address space?
Well, if you receive e-mail via the Internet, and if you've ever received
unsolicited junk e-mail, then you might.
As noted above, the 18.104.22.168/16 IP address block, which formerly belonged
to NASA, somehow fell under the control of
Mr. Mulligan's recently formed Colorado-based SF Bay Packet Radio, LLC.
Shortly thereafter, that same IP block was sold, along with
SF Bay Packet Radio, LLC's other assets, if any,
to some undisclosed
chain of persons and/or business entities with the end result being that
within only 11 months the 22.214.171.124/16 IP address block wound up as the
virtual property of the mass e-mailers at Media Breakaway, LLC.
How this all happened has yet to be adequately explained, and the specific
NASA official to whom the 126.96.36.199/16 IP address block had been
originally assigned, way back in 1989... a gentleman named
Milo Medin... has denied knowledge of any
transfer of this block to any other entity, whether it be
governmental, public, private, or otherwise. (See below.)
Separately, with respect to the 188.8.131.52/16 block, which Mr. Mulligan's
2005-vintage Colorado-based Gold Hill Computers, LLC somehow
acquired, publicly available evidence suggests that
this IP block may also be in use by commercial mass e-mailers.
As indicated in
this public Spamhaus.Org record, and also
this one, and also
this one, the
anti-spam blocking service believes (or has believed, in the very recent past)
that the 184.108.40.206/16 block is being actively used to send out
mass unsolicited commercial e-mails.
While researching this story, I've had phone conversations with many people,
trying to get to the bottom of what actually happened here, and how two
separate /16 IP address blocks... one originally registered to a private
Massachusetts company and another
to NASA... ended up in the hands of
two of Mr. Mulligan's curiously named businesses.
As noted above, I talked by phone with Mr. Mulligan himself... once initially,
when I was researching the rather inexplicable transfer of
NASA's SF Bay Packet Radio block (220.127.116.11/16) to one of
Mr. Mulligan's like-named companies,
and then again, recently, while researching the equally
inexplicable transfer of the
Gold Hill Computers IP address block (18.104.22.168/16) to another
one of Mr. Mulligan's conveniently-named companies. In the
latter conversation, I arranged for Vince McGugan. CEO if the
Massachusetts-based Gold Hill Computers, to actually be on the
line so that he and I and Mr. Mulligan could have a three way
discussion about how Mr. Mulligan had come to possess the
Gold Hill IP address block.
During this second phone conversation, Mr.
Mulligan made a number of
specific assertions about how his companies had
come to control both the NASA block and the Gold Hill block...
assertions which have proven rather remarkably
difficult to substantiate.
First, with respect to the NASA block, Geoff Mulligan asserted
that he had known, and had been friends with Milo Medin,
the former NASA official to whom
the 22.214.171.124/16 block has been initially allocated, "for twenty years".
Mr. Mulligan further asserted that Milo Medin had in fact given him
(Mulligan) the 126.96.36.199/16 block. Why Mr. Medin would do such a thing,
or how any such give-away of a U.S. government asset to a private individual
could be either proper or legitimate was not a
point on which Mr. Mulligan elected to elaborate.
Second, with respect to the Gold Hill IP address block (188.8.131.52/16),
Mr. Mulligan claimed that he had been explicitly granted control over
that block by some member of the staff of Gold Hill Computers, Inc.
at some time during 1994 or 1995. When pressed however, Mr. Mulligan
could neither remember the name of the alleged staff member, nor could
he produce any documentation to substantiate this claim.
Since the date of that last
phone conversation with Mr. Mulligan,
I have earnestly and diligently attempted to
verify Mr. Mulligan's two stories about his acquisition of the two
IP blocks in question, but I have been unable to do so.
With respect to NASA's 1184.108.40.206/16 block, I had a second follow-up
phone conversation with Mr. Milo Medin...who is
nowadays one of the principals of
M2Z Networks. During that
call, I asked Mr. Medin
pointedly, specifically, and directly about Geoff Mulligan's claim
that Mr. Medin had given him (Mulligan) the 220.127.116.11/16 block.
Mr. Medin's response was unambiguous... "I have no recollection of
that." (That assertion on Mr. Medin's part was consistent with
the essence of my earlier phone conversation with him about NASA's
18.104.22.168/16 block, during which Mr. Medin referred me not
to Mr. Mulligan, but rather to Ms. Grace De Leon, a network
manager at NASA Ames Research Center for further information
about possible transfers of the block in question.)
Mr. Medin did admit to knowing Mr. Mulligan for quite a number of years,
but noted also that he had not spoken to Mr. Mulligan "...for the past
six or seven years."
With respect to the Gold Hill Computers IP
address block (22.214.171.124/16), Mr. McGugan,
CEO of the Massachusetts-based Gold Hill Computers, Inc. since
indicated to me, repeatedly and in writing,
that since 1990, he would have been the only person in his company
with the authority to transfer control of his company's
IP address block to any other party, and also, that he
has never done so. Thus, even if Mr. Mulligan's account of how
he came to have control over the 126.96.36.199/16 address block is true
(i.e. that some unspecified
employee of Gold Hill Computers, Inc., other
than Mr. McGugan, granted Mr. Mulligan control over the Gold Hill
block) that IP block reassignment was both invalid and unauthorized,
given that it was neither approved nor even known about by the company's
management, specifically Mr. McGugan, who has been the company's CEO
since 1990, well before the alleged transfer of the Gold Hill block to
Mr. Mulligan (allegedly in the 1994/1995 time frame) took place.
Despite my best efforts
to research and investigate the transfers of the
NASA and Gold Hill IP address blocks to Mr. Mulligan and/or his various
Colorado LLC's, I have been unable to find any substantiating evidence
that either of these transfers were actually authorized by the rightful
and legitimate owners of the blocks in question, i.e. NASA on the
one hand, and Massachusetts-based Gold Hill Computers, Inc. on
the other. Nor has Mr. Mulligan presented me with any hard
(i.e. written) evidence relating to these transfers despite my
repeated invitations for him to do so. On the other hand, statements
made by the two most relevant
witnesses, Mr. McGugan (for Gold Hill) and Mr. Medin (for NASA), in my
various phone conversations with each of them, while perhaps not outright
refuting Mr. Mulligan's accounts of how he acquired the two IP blocks
in question, certainly fail to support Mr. Mulligan's recollections
of these IP block transfers and/or the legitimacy thereof.
Whether Mr. Mulligan or
his various Colorado LLC's obtained control of the 188.8.131.52/16 and
184.108.40.206/16 IP address blocks legitimately
or otherwise may perhaps be a question that can never be fully or completely
Mr. Mulligan's choices for the names of his various LLC's,
specifically SF Bay Packet Radio and Gold Hill Computers...
both remarkably similar to the names of entities to which
sizable abandoned legacy IP address blocks had previously
are more than enough, I think,
to raise some serious questions about Mr. Mulligan's
business modus operandi. That both of these two IP address blocks were
subsequently found to be in use by mass e-mailers is
yet another remarkable coincidence that only Mr. Mulligan himself is in
a position to fully explain.
(Mr. Mulligan declined my invitation to identity the
party or parties to whom he had sold his SF Bay Packet Radio
company, together with its asset(s), citing privacy concerns.)
Who's Minding The Store?
This story has been primarily about Mr. Geoff Mulligan and the
so-called "legacy" IP blocks that his various Colorado LLC's
have come to possess.
But it wouldn't be complete unless I also mentioned the disappointingly high
apathy, with respect to these IP address blocks and their questionable
that I encountered during my investigation for this report.
The disappointing apathy I encountered was evident both within
ARIN and also within
Neither organization seemed to be particularly interested in
seriously investigating the questions of exactly how
these large legacy IP address blocks
had made their way into in the hands of mass e-mailers.
With respect to NASA, one would hope that
this agency of the U.S. government might actually want to get their
/16 IP address block back, or at the very least to make some serious
effort to determine how it had slipped out of their control. (With
the pool of free IPv4 addresses slowly but surely dwindling down to
zero, an entire /16 block is more valuable now than ever, and NASA could
certainly put this IP address block to some good use... or at least
to some better use than it is currently being put to.)
Although former NASA network manager Milo Medin and current NASA Ames
network manager Ms. Grace De Leon were both quite
helpful as I
researched this story, and although both of them expressed a sincere
desire that any NASA property which might have gone
astray would, in the end,
be returned to NASA, that was where the cooperation and
enthusiasm for knowing the truth about the 220.127.116.11/16 block ended.
Other current NASA employees and contractors
were rather entirely unhelpful as I tried to find out
what really happened here.
During my investigation, I also spoke multiple times
with Ralph F. Bischof, Jr.,
a contract network administrator at NASA's Marshall Space Flight Center,
where all administration of NASA's far-flung networks is now centered.
is currently the primary and highest-level administrator of
NASA's DNS... at least "on the contractor side", as he informed me.
(Apparently, there is a separate set of people who are regular NASA employees
who also have a hand in managing NASA's DNS.)
Mr. Bischof was asked by Sean Zadig,
an official within
NASA's Office of the Inspector General (OIG) to look into
the status of the 134.17/0/0/16 block. In response to this request
he apparently consulted only the meager documentation that he had on
hand which, as far as I can make out,
only covered IP address blocks that NASA was in fact
currently and actively using. Needless to say, this did not include
the 18.104.22.168/16 block, which as readers of
Chapter 2 already know, is currently in
active use by the mass e-mailers at Media Breakaway, LLC.
The first time that I talked to Mr. Bischof on the phone he indicated to
me that he wasn't even aware of RFC 1166, or of the information contained
therein that says fairly clearly that the 22.214.171.124/16 block had
in fact been a NASA asset in the early 1990's... just as former NASA network
administrator Milo Medin had already confirmed for me. Under the
circumstances, I asked Mr. Bischof to look over RFC 1166, and he agreed to
do so. Recently, I made a follow-up call to Mr. Bischof during which
he acknowledged that he'd looked at RFC 1166, but he discounted it's contents
as "outdated". In my most recent
telephone conversation with Mr. Bischof, he declined all
further comment, referring me instead to NASA's office of Public Affairs...
which he did, "at the request of my client" (i.e. NASA).
I also spoke on multiple occasions to Mr. Sean Zadig of
NASA's Office of the Inspector General. This is the organization
within NASA which is tasked with investigating waste, fraud and abuse
within NASA. Although Mr. Zadig initially expressed earnest enthusiasm
for investigating the rather mysterious circumstances by which a NASA
IP address block (and arguably also a U.S. government asset)
made its way into the hands of a private-sector Colorado
mass e-mailing company
(Media Breakaway, LLC), in subsequent calls Mr. Zadig informed
me that his superiors had instructed him that recovery of this particular
NASA asset was of sufficiently low priority within the OIG's office
that he should simply not investigate this matter. (If a
brick of gold had gone missing on some NASA project, then one would
hope that the NASA OIG's
office would take an interest, but mere IP addresses don't appear to
be sufficiently valuable for NASA's Office of the Inspector General
to waste time on. Nevermind
that an entire /16 IPv4 address block is easily worth
as much as several
bricks of gold at the present time.)
In summary, NASA's current official position appears to be
that they just simply
aren't particularly interested in finding out whether
an entire /16 IP address block was or was not purloined from NASA's
Whether NASA management should take an interest in the
possible misappropriation of such an asset is a question that
legislators and taxpayers may wish to ponder.
With respect to the entity that is specifically
chartered to keep order in and
among the various allocations of IP address space within North America,
i.e. ARIN, I can only report that for this organization also,
the possible misappropriation of large legacy IP address blocks
does not appear to be something that they have any significant
interest in looking into.
More than seven weeks ago, I had a phone conversation with both
Nate Davis, Director of Operations of ARIN,
and also Steve Ryan, in-house legal counsel for ARIN. Our conversation
was all about the 126.96.36.199/16 block, the
SF Bay Packet Radio block that my
earlier story had raised
At that time, I was assured that "Within two to four weeks, this matter
will be resolved in a way that will satisfy the community." That was
the official line of ARIN at that time.
Now, more than
seven weeks after I received those assurances from
nothing whatsoever has changed with respect to the ARIN-published
official WHOIS record
for the 188.8.131.52/16 block. Thus, at present, this block, which was
originally allocated to NASA, is
still under the control of the notorious mass e-mailing company
Media Breakaway, LLC.
Furthermore, to the best of my knowledge, since the
story about the SF Bay Packet Radio IP address block first
appeared on this web site, more than seven weeks ago, there has been no public
comment whatsoever from any ARIN official regarding the status or
rightful allocation of the block in question. I and readers of this
web site have been left to wonder which
"community" this utter silence on ARIN's part is intended to "satisfy".
(Seven weeks ago, during my phone conversation with ARIN officials
relating to the SF Bay Packet Radio IP address block,
I requested from ARIN a copy of their archived WHOIS record for the
184.108.40.206/16 IP address block, as it existed
on any date prior to the formation of
Mr. Mulligan's SF Bay Packet Radio, LLC. ARIN declined my request
on the basis of their lack of a "policy" under which such archival and
formerly publicly available WHOIS data could be provided by ARIN to
members of the media or other interested parties.)
It is perhaps not surprising
that ARIN might find it easy... and perhaps even expedient... to
ignore questions about a dubious transfer of
a large "legacy"
North American IP address block within
their region of responsibility in a case where
the original... and arguably rightful... registrant of the block (NASA)
didn't know and, apparently, didn't even care that the block had been
taken over by mass e-mailers.
Squeaky wheels get the
grease, and NASA isn't squeaking at all about the 220.127.116.11/16
(SF Bay Packet Radio) block. What readers of this web site
may find more interesting now, going forward,
is whether or not ARIN will likewise elect to ignore the questions
raised here regarding the 18.104.22.168/16
(Gold Hill Computers) block. In this case, unlike the case of
the SF Bay Packet Radio block,
There actually is someone (i.e. Mr. Vince McGugan, CEO
of the original Gold Hill Computers) who seems ready, willing, and able
to stand up and assert in no uncertain terms that the /16 block in
question is an asset of his company, as opposed to being an asset
of one of Mr. Mulligan's companies.
Regardless of the future
action or inaction of ARIN with respect to either of
the two potentially misappropriated IP address blocks discussed in this
story, this web site will continue to report, not only on these stories,
but also on other sizable IP address blocks within both ARIN and RIPE space
that available evidence suggests may have been purloined by mass e-mailers.
More such blocks are quite definitely out there, some of which are
already known to me,
and the public has a right to know about these, even if the entities,
organizations, and officials who should
be keeping an eye on such things
would prefer, for their own reasons, to simply sweep these matters under
the proverbial rug.
My meager efforts in this regard will definitely prove to be of
only limited effect and value however if... as now seems to be the case...
we are entering an era where
information in the official ARIN and RIPE WHOIS data bases...
covering the majority of the IP addresses in use worldwide...
is as unreliable and untrustworthy as the WHOIS records
that are created and published by various well known
Chinese Domain Name Registrars whose
primary business, it seems, is to aid and abet criminals in their
efforts to conceal their identities on the Internet.
Nate Davis, Director of
Operations of ARIN, did not return phone calls seeking comment on this