On Thu, May 28, 1998 at 10:40:03AM -0400, Jay R. Ashworth wrote:
On Wed, May 27, 1998 at 08:08:57PM -0500, Karl Denninger wrote: [ Karl asks a bunch of cogent questions and then scares the shit out of me by following up with: ]
[This is a request as an ARIN AC member, who has tried to get a lot of these kinds of questions answered from officers and trustees of ARIN]
Would it be out of line for me to ask why you are having so much difficulty _getting_ answers to these questions that you need to ask them here? This whole ARIN thing is starting to smell somewhat like the InterNIC does...
ARIN has asserted that individual members (and in fact individual AC members) don't have a right to have these types of questions answered. It is my counter-assertion that IF ARIN is going to act as a custodian of an essential facility (which it is), in the public interest (which is currently open and in debate), that not only do the AC and membership have these rights, but the general public has the right to full transparency within ARIN's operation. IMHO the network operators within ARIN's "sphere of influence" should consider "waking up" and making their opinions known about this and related sets of issues having to do with IPv4 allocation. If there is a set of "affected organizations" which should be fully aware of and involved in this, its the NANOG group. Two places to do so are "arin-members@arin.net", and "arin-council@arin.net", which are the mailing lists for the membership and AC, respectively. Those who find themselves embargoed from posting to either are welcome to ask me to forward material for them; as both an AC member, and an ARIN member, I have the right to post to both. The only way the questions will be resolved is if the debate is deemed important by those who are impacted by ARIN - which is, virtually without exception, an intersecting set within the NANOG community. It would also be a good idea to read the ARIN bylaws (available on their web site) and note carefully the lack of any real, functional oversight by the membership (ie: the membership cannot recall an AC member, a board member, or a corporate officer, either directly or indirectly). Then surf over to the CIX web site and read THEIR bylaws. Compare the two, and draw your own conclusions. Both are, by the way, 501c(6) organizations. -- -- Karl Denninger (karl@MCS.Net)| MCSNet - Serving Chicagoland and Wisconsin http://www.mcFrom owner-nanog@merit.edu Thu May 28 14:53:42 1998 Received: from merit.edu (merit.edu [198.108.1.42]) by nic.merit.edu (8.8.7/8.8.7) with ESMTP id OAA26458 for <hyper_nanog@nic.merit.net>; Thu, 28 May 1998 14:53:42 -0400 (EDT) Received: from localhost (daemon@localhost) by merit.edu (8.8.7/8.8.5) with SMTP id OAA26731; Thu, 28 May 1998 14:42:54 -0400 (EDT) Received: by merit.edu (bulk_mailer v1.5); Thu, 28 May 1998 14:12:21 -0400 Received: (from majordom@localhost) by merit.edu (8.8.7/8.8.5) id OAA25214 for nanog-outgoing; Thu, 28 May 1998 14:12:14 -0400 (EDT) Received: from netra.graphnet.com (netra.graphnet.com [192.206.112.2]) by merit.edu (8.8.7/8.8.5) with ESMTP id OAA25189 for <nanog@merit.edu>; Thu, 28 May 1998 14:11:38 -0400 (EDT) Received: from graphnet.com (dana.graphnet.com [192.206.112.98]) by netra.graphnet.com (8.8.8/8.8.6) with ESMTP id OAA04793 for <nanog@merit.edu>; Thu, 28 May 1998 14:11:25 -0400 (EDT) Message-ID: <356DA8DD.85E5030C@graphnet.com> Date: Thu, 28 May 1998 14:11:41 -0400 From: "Mr. Dana Hudes" <dhudes@graphnet.com> Organization: Graphnet Inc. X-Mailer: Mozilla 4.04 [en] (WinNT; U) MIME-Version: 1.0 To: nanog@merit.edu Subject: Re: ingress filtering References: <Pine.GSO.3.96.980528134840.18837P-100000@nsa.ecosoft.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-nanog@merit.edu I have more than 2 routers and less than 100. One thing I've found with some source addresses of mine coming from the upstream is packets in a piece of PA space. For example, I have some addresses from my own PA /19 and some in /20 from UUNET. My UUNET /20 is part of a /11 of theirs. So if packets of mine come into my router but have no more-specific route from my IGP then off they go to UUNET. UUNET throws them back at me. The solution is a static blackhole for the announcement. somehow all this was easier with GateD, which made the blackhole for me automatically -- or maybe its fond but hazily wrong memories. In any case, the blackhole routes for ones own allocations help block wayward packets. Now if I could make those blackholes properly propagate in OSPF.... Dana Brian Horvitz wrote:
I have the luxury of being able to filter for source address at my ingress points on only two routers. That makes it relatively easy to do. I find a surprising number of packets with source addresses from inside my network or from the private IP space.
Brian
On Thu, 28 May 1998, Mr. Dana Hudes wrote:
Who *does* do ingress filtering? I have it on our border routers and customer connect ports. We have transit from MCI and UUNET. Neither has ingress filters -- see below message from MCI on this. The result of course is that spammers and other bad guys can try to attack your systems with forged source IP addresses. Random strange people in the 'net send "NETBIOS name service" (port 137) packets to my unix mail relay, which of course ignores them. Other such fun things continue to be seen in the logs.
Subject: Re: RFC1918 addresses from MCI Date: Thu, 28 May 1998 08:16:23 -0700 From: security@mci.net To: dhudes@graphnet.com CC: security@mci.net
Mr. Hudes,
Thank you for your note. MCI does not currently source filter address space at it's ingress points. Addresses sourced from non-routable or invalid addresses are not blocked or filtered. Addresses destined to non-routable addresses spaced are not routed.
If you think it is a security issue and it is on-going then please contact us with the target address so we can investigate.
Regards,
-Julian Min
s.net/ | T1's from $600 monthly / All Lines K56Flex/DOV | NEW! Corporate ISDN Prices dropped by up to 50%! Voice: [+1 312 803-MCS1 x219]| EXCLUSIVE NEW FEATURE ON ALL PERSONAL ACCOUNTS Fax: [+1 312 803-4929] | *SPAMBLOCK* Technology now included at no cost