In article <SG2PR03MB40538264B8C2976CF33B5161F51D0@SG2PR03MB4053.apcprd03.prod.outlook.com> you write:

-=-=-=-=-=-

I do get some results from an online whois or two - https://ipinfo.io/AS19111

I believe you, but isn't ARIN's list of North American ASNs supposed to be authoritiative? Other than the funky ASN there doesn't seem anything particularly naughty about the site. -- Regards, John Levine, johnl@taugh.com, Primary Perpetrator of "The Internet for Dummies", Please consider the environment before reading this e-mail. https://jl.ly

On 5 Feb 2020, at 8:45 PM, Jon Lewis <jlewis@lewis.org<mailto:jlewis@lewis.org>> wrote: On Wed, 5 Feb 2020, John Levine wrote: I believe you, but isn't ARIN's list of North American ASNs supposed to be authoritiative? Other than the funky ASN there doesn't seem anything particularly naughty about the site. If POCs are unresponsive, and the bill goes unpaid, does ARIN note this in whois or just delete data from the db? If POCs are unresponsive, the lack of response is noted in Whois per NRPM 3.6 <https://www.arin.net/participate/policy/nrpm/#3-6-annual-validation-of-arin-s-public-whois-point-of-contact-data> If the bill goes unpaid, then the resources will eventually be subject to being revoked per the RSA - https://www.arin.net/resources/fees/returns/ Does the answer to that change if the ASN was under an RSA, but allocated pre-ARIN? Makes no difference whatsoever. FYI, /John John Curran President and CEO American Registry for Internet Numbers

P.S. Remember, out of all of the networking engineers in the entire world, by definition, half of them are of below average intelligence.

Unfortunately there is no basis for that claim as networking engineers are not uniformly randomly selected from the population as a whole. -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org

For all of the people who have elected to pick on me for my less that diplomatic assertion(s), I can only suggest that your time and effort would be more well spent by looking at the hard data that I suggested that everyone look at, and then looking to see if any of the bogus ASNs being used, day in and day out, are being peered with by your own upstreams, and if so, composing an appropriately diplomatic email to said upstreams, asking them why they are peering with bogon ASN(s). I do not feel that it is a stretch to say that all of this use of bogon ASNs is arguably even more shameful than the widespread lack of adherence to BCP 38, owing to the ease with which it may be seen and documented. It represents yet another, and equally or perhaps even more egregious violation of Internet norms which endangers us all, and all of our customers, every bit as much as the widespread and inexcusable failures to conform to BCP 38. The Internet needs to grow up. This isn't a little government funded science experiment anymore. We have a whole planet's full of end users watching now, and history will not be kind to those who continue to shirk their responsibilities to the common man in the interests of lining their own pockets in the short term. Regards, rfg

...

...

...

...

"Ronald" == Ronald F Guilmette <rfg@tristatelogic.com> writes:

Ronald> Try to think of a word that is the absolute antonym of "hygiene" and Ronald> that's the global routing table. Ronald> This stuff would be funny if only it wasn't so sick and pathetic. Ronald> Even if we forget about all of the morons who are -using- these invalid Ronald> ASNs for actually routing bits to their IPs, you have to ask yourself: Ronald> Who are all of the morons who are -peering- with these invalid ASNs? Ronald> Regards, Ronald> rfg Ronald> P.S. Remember, out of all of the networking engineers in the entire world, Ronald> by definition, half of them are of below average intelligence. You would sound much more credible if you'd step down the high horse and stop insulting the very same people you're supposed to work with. plonk --

According to ARIN Who-Was they've had this ASN assigned and removed multiple times. Created 11-20-2000 19111 NATURES-BOUN AS19111 NATURE-24 Registration Removed 12-12-2006 Created 01-04-2007 19111 NATURES-BOUN AS19111 NATURE-24 Registration Removed 07-14-2009 Created 07-22-2009 19111 NATURES-BOUN AS19111 NATURE-24 Modified 01-09-2012 19111 NATURES-BOUN AS19111 NATURE-24 Registration Removed 04-07-2015 Created 02-01-2016 19111 NBTY19111 AS19111 NATURE-24 Registration Removed 04-11-2017 I'm assuming this is due to non-payment each time. On Thu, Feb 6, 2020 at 7:22 AM Rich Kulawiec <rsk@gsp.org> wrote:

On Thu, Feb 06, 2020 at 09:08:35AM +0100, Pierfrancesco Caci wrote:

...

You would sound much more credible if you'd step down the high horse and stop insulting the very same people you're supposed to work with.

You're concerned with policing his tone instead of dealing with the massive security failure -- on the part of *many* of us -- that this represents?

If I have something horrible going on with a service/server/network/etc. that I'm responsible for and I don't catch it, then I'm grateful to anyone who reports it -- because they've caught my mistake, which is helpful to me and to everyone impacted by it. I'll worry about my bruised ego later, it won't be the first time. Or the last.

---rsk

-- <http://www.bcarlsonmedia.com/> http://www.bcarlsonmedia.com @brendancarlson <http://www.twitter.com/brendancarlson> +1 (626) 921-6503

Given events including the IPv4 runout etc perhaps it's long overdue that the RIRs should hire a professional big-name (we used to call them Big 5) accounting firm to audit or at least review IP address, ASN, etc. allocation. I am not talking about money, I am talking about resource allocation. That would be a step towards accountability. It would likely be a lot better than "someone on NANOG noticed a discrepancy let's shout at each other about it for a few days." The "rules" really aren't that difficult even if the details of technical management can be. A modern accounting firm could find the talent to grasp how it all should work and review how it has worked and is working. I've worked with accountants, they know things like what we'd call in a phrase "game theory" (you cut, I choose, etc) regarding resource allocation, memorialization (is the record-keeping broken?), "forcing" organizations to fix outright bugs in rules and record-keeping, internal accountability (e.g., who has access to critical records? what's the process when an error or fraud occurs?), proper reporting, etc. It wouldn't be cheap. But as an easy suggestion I'd recommend that ISOC help with the funding for such a project. There could be other sources. Or possibly, I haven't a clue how the numbers might work, a $10 or $20 new annual resource allocation surcharge to underwrite such auditing. It would be a new and potentially valuable service so, within reason, justified. -- -Barry Shein Software Tool & Die | bzs@TheWorld.com | http://www.TheWorld.com Purveyors to the Trade | Voice: +1 617-STD-WRLD | 800-THE-WRLD The World: Since 1989 | A Public Information Utility | *oo*

It could measure the extent of the problem and would be within what I suggested. For example if there were only one AS being abused that would make it a different priority than 1,000 or 10,000 (some seem to be implying a number like that) being abused. Do we have that number? And tracking the trend. On February 6, 2020 at 14:50 sandy@tislabs.com (Sandra Murphy) wrote:

...

On Feb 6, 2020, at 2:38 PM, bzs@theworld.com wrote:

It would likely be a lot better than "someone on NANOG noticed a discrepancy let's shout at each other about it for a few days."

Did I miss something? I thought the discrepancy being pointed out was that resources that were not currently allocated/assigned were still being actively used and actively accepted by people who should have rejected them. Private address space and private ASNs are one case, resources that have not yet been allocated or were once allocated and have been reclaimed are another.

An accounting audit of ARIN resource management process is not going to help the fact that people are accepting routes they should not be accepting.

I suspect I did miss something.

—Sandy

-- -Barry Shein Software Tool & Die | bzs@TheWorld.com | http://www.TheWorld.com Purveyors to the Trade | Voice: +1 617-STD-WRLD | 800-THE-WRLD The World: Since 1989 | A Public Information Utility | *oo*

+1 I fully agree, not to mention, but probably a bit more tricky to manage, so many resources holder, eg universities or similar, using just a /24 out of a /16, legacy of course  ! Funny enough bumped last week into a computing uni that was in the above exemple...and no IPv6... grrr On 06/02/2020 20:38, bzs@theworld.com wrote:

to audit or at least review IP address, ASN, etc. allocation.

-- Thomas BRENAC https://www.brenac.eu +33686263575 Registered IPv4 Broker by RIPE NCC, ARIN, APNIC and LACNIC . The content of this email is confidential and intended for the recipient specified in message only. It is strictly forbidden to share any part of this message with any third party, without a written consent of the sender. If you received this message by mistake, please reply to this message and follow with its deletion, so that we can ensure such a mistake does not occur in the future. This message has been sent as a part of discussion between BRENAC EURL and the addressee whose name is specified above. Should you receive this message by mistake, we would be most grateful if you informed us that the message has been sent to you. In this case, we also ask that you delete this message from your mailbox, and do not forward it or any part of it to anyone else. Thank you for your cooperation and understanding. We puts the security of the client at a high priority. Therefore, we have put efforts into ensuring that the message is error and virus-free. Unfortunately, full security of the email cannot be ensured as, despite our efforts, the data included in emails could be infected, intercepted, or corrupted. Therefore, the recipient should check the email for threats with proper software, as the sender does not accept liability for any damage inflicted by viewing the content of this email. The views and opinions included in this email belong to their author and do not necessarily mirror the views and opinions of the company. Our employees are obliged not to make any defamatory clauses, infringe, or authorize infringement of any legal right. Therefore, the company will not take any liability for such statements included in emails. In case of any damages or other liabilities arising, employees are fully responsible for the content of their emails.

Sorry to follow up on myself, but it seems that one figure I gave here regarding the value of the IPv4 space that was gifted to AFRINIC at its inception was off by roughly an order of magnitude. I said that at its inception, AFRINIC had been gifted with two /8 IPv4 blocks with a current open market value in excess of $250 million USD. Checking now, I see that the following blocks are all assigned to ORG-AFNC1-AFRINIC, which is AFRINIC itself: 41.0.0.0/8 45.192.0.0/12 45.208.0.0/13 45.216.0.0/14 45.220.0.0/15 45.222.0.0/16 102.0.0.0/8 105.0.0.0/8 154.0.0.0/8 196.0.0.0/7 Note: This isn't even counting certain other legacy blocks that AFRINIC also inherited, back in February of 2005, from other regions, specifically ARIN and RIPE. Anyway, the above blocks represent a total of 102,694,912 unique IPv4 addresses. Assuming a current average market value of $25 USD per address, that works out to a total value of some $2,567,372,800 USD, or in round numbers, $2.6 billion USD. Just wanted to correct the record. My apologies for my earlier error. Regards, rfg

Once again I predict the past! It's amazing! Thanks John. On February 7, 2020 at 14:48 jcurran@arin.net (John Curran) wrote:

Barry -

FYI – In addition to a regular financial audit, ARIN periodically has a third-party operational audit conducted of the registry, including random sampling of transactions and detailed review of same.

The results of the audit are used to both reaffirm registry integrity and have led to improvements in our processes in multiple areas including internal review/signoff practices, transaction logging, and fraud investigation.

Thanks, /John

John Curran President and CEO American Registry for Internet Numbers

On 6 Feb 2020, at 1:38 PM, bzs@theworld.com wrote:

Given events including the IPv4 runout etc perhaps it's long overdue that the RIRs should hire a professional big-name (we used to call them Big 5) accounting firm to audit or at least review IP address, ASN, etc. allocation.

I am not talking about money, I am talking about resource allocation.

That would be a step towards accountability.

It would likely be a lot better than "someone on NANOG noticed a discrepancy let's shout at each other about it for a few days."

The "rules" really aren't that difficult even if the details of technical management can be.

A modern accounting firm could find the talent to grasp how it all should work and review how it has worked and is working.

I've worked with accountants, they know things like what we'd call in a phrase "game theory" (you cut, I choose, etc) regarding resource allocation, memorialization (is the record-keeping broken?), "forcing" organizations to fix outright bugs in rules and record-keeping, internal accountability (e.g., who has access to critical records? what's the process when an error or fraud occurs?), proper reporting, etc.

It wouldn't be cheap.

But as an easy suggestion I'd recommend that ISOC help with the funding for such a project. There could be other sources.

Or possibly, I haven't a clue how the numbers might work, a $10 or $20 new annual resource allocation surcharge to underwrite such auditing.

It would be a new and potentially valuable service so, within reason, justified.

-- -Barry Shein

Software Tool & Die | bzs@TheWorld.com | http:// www.TheWorld.com Purveyors to the Trade | Voice: +1 617-STD-WRLD | 800-THE-WRLD The World: Since 1989 | A Public Information Utility | *oo*

-- -Barry Shein Software Tool & Die | bzs@TheWorld.com | http://www.TheWorld.com Purveyors to the Trade | Voice: +1 617-STD-WRLD | 800-THE-WRLD The World: Since 1989 | A Public Information Utility | *oo*

In message <CAJ_LqoEjvu3F02aNVrtsXStJumjiwK4UtX4v4n0RNf-rEmCjog@mail.gmail.com>, Shane Ronan <shane@ronan-online.com> wrote:

It's not clear to me that HE having reserved AS numbers in THEIR routing table is actually a problem. These AS numbers are actually reserved for private use. Perhaps they have a customer who wants to do BGP but doesn't want to register their own AS number and is single-homed to HE. In this case, HE can assign them a reserved AS number to use for the session and as long as HE strips that AS number when it leaves THEIR network, things are working as intended.

It is not in the least bit clear that such stripping is in fact occuring, and if anything the available evidence seems to suggest that it may not be. The key point is accountability. In the case of bogon ASNs, no one is responsible, and an aggreived or offended party cannot easily find out even who to discuss the matter with if they are being hacked, attacked, or spammed from a range of IPs being routed by a bogon ASN. Regards, rfg P.S. It does not seem to be the case that only HE internal sensors are the only ones seeing some of these routes. Here is what RIPEstat is telling me right now about routes being announced by AS65000, just to name one bogon ASN out of many: 46.102.148.0/22 212.93.181.0/24 168.205.156.0/24 93.118.40.0/22 2806:288:800::/40 190.15.126.0/23 197.6.0.0/16 31.207.16.0/20 188.240.32.0/22 89.36.232.0/22 89.42.48.0/23 89.40.108.0/23 188.210.94.0/23 197.5.0.0/18 31.207.8.0/21 82.97.196.0/23 84.247.32.0/22 82.97.192.0/23 213.150.187.0/24 193.124.240.0/22 89.35.164.0/22 197.9.0.0/16 197.4.0.0/16 194.58.24.0/22 93.115.102.0/23 212.93.182.0/24 185.125.64.0/22 81.91.16.0/21 197.7.0.0/16 89.38.106.0/23 186.32.9.0/24 109.232.251.0/24 93.115.48.0/22 31.219.177.0/24 194.135.48.0/22 86.105.160.0/22 89.46.132.0/22 195.122.244.0/24 89.43.68.0/23 2803:ea80::/36 80.240.108.0/23 197.8.0.0/16 188.214.40.0/21 194.58.216.0/22 213.150.185.0/24