Reply to Sean Donelan (was: Yet more hijacked space? - deru.net)
But it doesn't answer the basic questions. How do you tell the difference between a legitimate change and an illegitmate change? If ARIN makes it extremely difficult to update registry records, the records will get even more out of date. On the other hand if ARIN makes it too easy to update registry records, the wrong people can make unauthorized changes.
That's a good question, Sean. However there is another way. ARIN and the other RIRs need to stop publishing the whois directories as they stand today. There is no good reason for publishing most of the information that they do publish. All of this garbage information clogs up the system and makes it easier for spammers and outlaws to hide. The Internet is no longer a collegial project where we can request that all people with a directory on an ARPANET host who is capable of passing traffic across the ARPANET should be registered in the whois directory. (Ref RFC 812) In fact, we haven't done this for at least 10 years. We already have a two-tiered system in place where the bulk of users with directories on an Internet-connected system capable of initiating Internet traffic are only registered with their service provider. Only network operators are expected to register in the whois directory. I think that it is time to tighten up on these requirements even further. The published whois directory should only contain the up-to-date contact information of people responsible for enforcing network AUPs and rooting out network abuse. If an organization is allocated or assigned IP space from their upstream then their info should not be published in the whois directory unless they agree to be directly responsible for AUPs and abuse mitigation. This contact information should be checked more than once per year (twice yearly or quarterly) and if it becomes stale, then it should be immediately updated to indicate that it is stale. The incorrect phone numbers and email domains should be removed from the published directory. If there is an upstream then the address contact info should revert to the upstream since it is not possible for a non-contactible entity to be responsible for AUP enforcement and abuse mitigation. In the case of address blocks allocated directly by a registry, this means they must virtually disappear from the whois. The only information left will be "Previously allocated, no current contact info". In one fell swoop, this will enable people to block just about every possible source of spam. If anyone is actually still using their addresses, this will also bring them out of the woodwork to update their contact info and get with the program. There will be zero impact on anyone who gets their addresses from an upstream since the contact info will revert to the upstream until such time as the upstream fomrally delegates the abuse handling responsibility to the customer by submitting correct contact info. Of course, none of this will happen unless network operators stop chasing symptoms and start thinking more deeply about the roots of the problem. One of these roots is the lack of a web of accountability for IP address space. --Michael Dillon
On Tue, May 06, 2003 at 10:20:24AM +0100, Michael.Dillon@radianz.com wrote:
But it doesn't answer the basic questions. How do you tell the difference between a legitimate change and an illegitmate change? If ARIN makes it extremely difficult to update registry records, the records will get even more out of date. On the other hand if ARIN makes it too easy to update registry records, the wrong people can make unauthorized changes.
That's a good question, Sean. However there is another way. ARIN and the other RIRs need to stop publishing the whois directories as they stand today. There is no good reason for publishing most of the information that they do publish.
Well, I was a bit amased by the latest ARIN whois debate here. As far as I can tell, the RIPE db is much more up to date, and (and this is important) lists the date and emailaddress of all the changes to the objects ... So where your comments might be a GoodThing(tm) for ARIN, I don't think many Europeans have such issues with the RIPE db. Kind Regards, Frank Louwers -- Openminds bvba www.openminds.be Tweebruggenstraat 16 - 9000 Gent - Belgium
Perhaps it is the water here in America, or bovine growth hormones in the milk. The state of the RIPE db may have more to do with the cooperation of the RIPE membership rather than the RIPE management. ARIN has the unenviable task of dealing with American ISPs. Most ISPs in land of cowboys are run by ultra cowboys. They don't cotton well to people in charge of resource management. Of course ARIN is an organization made of of the vary ISPs that complain about it. So, don't complain and not participate in ARIN meetings. Go to the next meeting. IMHO - The back to back NANOG/ARIN meeting are great opportunity for participation by this community. I am glad that ARIN and the Merit folks have the vision to bring these meetings together. Most any problem can be resolved if we make an effort to work together toward a solution. On Tuesday, May 6, 2003, at 04:26 AM, Frank Louwers wrote:
On Tue, May 06, 2003 at 10:20:24AM +0100, Michael.Dillon@radianz.com wrote:
But it doesn't answer the basic questions. How do you tell the difference between a legitimate change and an illegitmate change? If ARIN makes it extremely difficult to update registry records, the records will get even more out of date. On the other hand if ARIN makes it too easy to update registry records, the wrong people can make unauthorized changes.
That's a good question, Sean. However there is another way. ARIN and the other RIRs need to stop publishing the whois directories as they stand today. There is no good reason for publishing most of the information that they do publish.
Well, I was a bit amased by the latest ARIN whois debate here. As far as I can tell, the RIPE db is much more up to date, and (and this is important) lists the date and emailaddress of all the changes to the objects ... So where your comments might be a GoodThing(tm) for ARIN, I don't think many Europeans have such issues with the RIPE db.
Kind Regards, Frank Louwers
-- Openminds bvba www.openminds.be Tweebruggenstraat 16 - 9000 Gent - Belgium
-- Joseph T. Klein VP/CTO and bottle washer Titania Corporation, Inc. PSTN: +1 415 462 1534 Mobile: +1 414 628 3380
On Tue, 6 May 2003 Michael.Dillon@radianz.com wrote:
I think that it is time to tighten up on these requirements even further. The published whois directory should only contain the up-to-date contact information of people responsible for enforcing network AUPs and rooting out network abuse. If an organization is allocated or assigned IP space from their upstream then their info should not be published in the whois directory unless they agree to be directly responsible for AUPs and abuse mitigation.
This has got to be one of the worst ideas you've come up with recently. The crack pipe must be pretty warm. This would make every provider like Level3 and Cogent...hosters of spammers camouflaged by a lack of publicly available reassignment data. At least with the current system, most providers publish reassignment data, so when you get spammed by discountdeals or ultimate savings, or the like, you can usually look up their address space and block them. Too many providers just don't care about spam as long as the spammers pay.
In one fell swoop, this will enable people to block just about every possible source of spam.
I assume you mean it would make blocking bogons and unused blocks easier, but I think the net result would be to make it much harder to block most sources of spam.
Of course, none of this will happen unless network operators stop chasing symptoms and start thinking more deeply about the roots of the problem. One of these roots is the lack of a web of accountability for IP address space.
So you want to fix this by making it even harder to find out who's using an IP block? ---------------------------------------------------------------------- Jon Lewis *jlewis@lewis.org*| I route System Administrator | therefore you are Atlantic Net | _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
This has got to be one of the worst ideas you've come up with recently. The crack pipe must be pretty warm. This would make every provider like Level3 and Cogent...hosters of spammers camouflaged by a lack of publicly available reassignment data. At least with the current system, most providers publish reassignment data, so when you get spammed by discountdeals or ultimate savings, or the like, you can usually look up their address space and block them. Too many providers just don't care about spam as long as the spammers pay.
BS. Cogent provides publically available reassignment info in its rwhois database. Comment: ******************************************** Comment: Reassignment information for this block is Comment: available at rwhois.cogentco.com port 4321 Comment: ********************************************
On Tue, 6 May 2003 alex@pilosoft.com wrote:
BS. Cogent provides publically available reassignment info in its rwhois database.
Comment: ******************************************** Comment: Reassignment information for this block is Comment: available at rwhois.cogentco.com port 4321 Comment: ********************************************
Not for all of their blocks...at the very least, not for ones acquired via PSI. $ whois 38.144.198.0@rwhois.cogentco.com:4321 [rwhois.cogentco.com] %rwhois V-1.5:0010b0:00 rwhois.cogentco.com %Error 230 No objects found. There are multiple systems in 38.144.198.0/24 spewing spam. How do you tell who they belong to and how much address space they have? Fortunately, in this case, reverse DNS and traceroutes make it pretty clear this is a single (entire) /24 of spammer systems. Query: 38.144.198.0 Registry: whois.arin.net Results: OrgName: Performance Systems International Inc. OrgID: PSI Address: 1015 31st Street, NW City: Washington StateProv: DC PostalCode: 20007 Country: US NetRange: 38.0.0.0 - 38.255.255.255 CIDR: 38.0.0.0/8 NetName: PSINETA NetHandle: NET-38-0-0-0-1 Parent: NetType: Direct Allocation NameServer: NS.PSI.NET NameServer: NS2.PSI.NET Comment: RegDate: 1991-04-16 Updated: 2003-03-14 TechHandle: PSI-NISC-ARIN TechName: PSINet, Inc. TechPhone: +1-518-283-8860 TechEmail: hostinfo@psi.com OrgAbuseHandle: COGEN-ARIN OrgAbuseName: Cogent Abuse OrgAbusePhone: +1-877-875-4311 OrgAbuseEmail: abuse@cogentco.com OrgNOCHandle: ZC108-ARIN OrgNOCName: Cogent Communications OrgNOCPhone: +1-877-875-4311 OrgNOCEmail: noc@cogentco.com OrgTechHandle: IPALL-ARIN OrgTechName: IP Allocation OrgTechPhone: +1-877-875-4311 OrgTechEmail: ipalloc@cogentco.com ---------------------------------------------------------------------- Jon Lewis *jlewis@lewis.org*| I route System Administrator | therefore you are Atlantic Net | _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
participants (5)
-
alex@pilosoft.com -
Frank Louwers -
jlewis@lewis.org -
Joseph T. Klein -
Michael.Dillon@radianz.com