On Tue, Jan 7, 2020 at 8:50 AM John Curran <jcurran@arin.net> wrote:
On 7 Jan 2020, at 5:01 AM, Martijn Schmidt via NANOG <nanog@nanog.org> wrote:
Out of curiosity, since we aren't affected by this ourselves, I know of
cases where Cogent has sub-allocated IP space to its customers but which those customers originate from their own ASN and then announce to multiple upstream providers.
So while the IP space is registered to Cogent and allocated to its
customer, the AS-path might be something like ^174_456$ but it's entirely possible that ARIN would observe it as ^123_456$ instead. Are such IP address blocks affected by the suspension?
As noted earlier, ARIN has suspended service for all Cogent-registered IP address blocks - this is being done as a discrete IP block access list applied to relevant ARIN Whois services, so the routing of the blocks are immaterial - a customer using a suballocation of Cogent space could be affected but customers with their own IP blocks blocks that are simply being routed by Cogent are not affected.
From your response, it sounds like it's just an ACL to filter inbound p43
"suspended service for all Cogent-registered IP address blocks" may be causing a bit of confusion since ARIN offers many services. traffic to ARIN's whois service, from Cogent allocated prefixes. ARIN is in the best position to tell who is directly scraping their db and whether this is an effective counter measure. Recent changes would show up easiest in bulk whois data. It's not clear from your message whether they had a bulk whois agreement in place and the status of that type of access. If so, revoking the API key would be a better restriction mechanism than filtering prefixes from reaching accountws.arin.net I haven't look at where ARIN's TAL data is hosted, again depending on how/where it's hosted and how a filter is implemented, it may or may not impact access to the data. deny $TOU_Violator any port 43 deny $TOU_Violator accountws.arin.net deny $TOU_Violator any These all have varying levels of impact. On the one hand I can understand not wanting to disclose the specific action taken, on the other hand it would be interesting to know what the scope of responses are for different types of abuse.
FYI, /John
John Curran President and CEO American Registry for Internet Numbers