Re: Operational Issues with 69.0.0.0/8...
My question is as follows - We are losing customers because of this problem. It is costing us reputation and money. It is out of our control. If you were us, what would you do? We have already asked ARIN to reassign us to a "friendlier" CIDR, and they refuse.
ARIN don't guarantee routability of the blocks they allocate, and it's difficult to see how they ever could.
If you want to discuss what ARIN could or could not do, then please join the ARIN ppml list.
Perhaps this is an issue of community education, or one of needing better tools or methods for managing martian filters. Those issues are arguably both technical and operational.
The original poster doesn't have a problem with the community. He has a problem with network operators who are not part of the community and that is a reality of today's Internet that cannot be dealt with by technical tools or operational methods. But there are non-technical and non-operational actions actions that ARIN could take to help. The details of those actions and whether or not ARIN members want to act are matters for the ppml list. --Michael Dillon
On Friday, Dec 6, 2002, at 12:18 Canada/Eastern, Michael.Dillon@radianz.com wrote:
ARIN don't guarantee routability of the blocks they allocate, and it's difficult to see how they ever could.
If you want to discuss what ARIN could or could not do, then please join the ARIN ppml list.
I don't, but thank you for the advice.
Perhaps this is an issue of community education, or one of needing better tools or methods for managing martian filters. Those issues are arguably both technical and operational.
The original poster doesn't have a problem with the community. He has a problem with network operators who are not part of the community and that is a reality of today's Internet that cannot be dealt with by technical tools or operational methods.
By "community" I meant "people who operate devices connected to the Internet". If there was definitively no way to educate this community, or to provide tools or methodologies which allowed members of it to cooperate, the Internet would not exist. Joe
On Fri, 06 Dec 2002 13:17:56 EST, Joe Abley said:
If there was definitively no way to educate this community, or to provide tools or methodologies which allowed members of it to cooperate, the Internet would not exist.
The problem is that there's a large trickle-down factor to deal with. Yes, after many years, we've *finally* gotten most sites to shut down their open SMTP relays. We now get to embark on another Five Year Plan to shut down open HTTP proxies. However, the people impacted by the 69.0.0.0/8 problem can't wait that long for people to fix their martian filters.
Hi, NANOGers. ] We now get to embark on another Five Year Plan to shut down ] open HTTP proxies. Indeed. The number of open (and openly abused) proxies in my hacked device database, just from this year, is 21255. That's just my own, small view of the problem. Imagine the total number. :/ Watch out for those TCP 1080, 3128, and 8080 flows. Thanks, Rob. -- Rob Thomas http://www.cymru.com ASSERT(coffee != empty);
On Fri, 6 Dec 2002, Rob Thomas wrote:
] We now get to embark on another Five Year Plan to shut down ] open HTTP proxies.
Indeed. The number of open (and openly abused) proxies in my hacked device database, just from this year, is 21255. That's just my own, small view of the problem. Imagine the total number. :/ Watch out for those TCP 1080, 3128, and 8080 flows.
And don't forget about the biggest of them all, open BIND proxies. After port 80, port 53 goes through almost as much. A lot of times you don't need to hack anything, software comes with relay/proxy/recursion enabled. How do we get software vendors (free, pay, virus) to distribute software with appropriate defaults? We blocked port 25, and the spammers used other ports. Should we block IP protocols 0-255, and ports 0-65535? Should we move to the cable TV model, you can watch only what we decide you can watch? Users should be receive-only?
participants (5)
-
Joe Abley
-
Michael.Dillon@radianz.com
-
Rob Thomas
-
Sean Donelan
-
Valdis.Kletnieks@vt.edu