DDOS-Guard is only hosting a temporary static page for Parler, they are not hosting the full Parler application. (Source : Quote from Parler's CEO, NYT, 1/19/21, https://www.nytimes.com/2021/01/19/technology/parler-russian-company.html) On Thu, Jan 21, 2021 at 12:55 PM Matt Erculiani <merculiani@gmail.com> wrote:

I'll add that after reading the article, it doesn't appear that Parler was specifically targeted, just DDoS-Guard prior to becoming their new host. Deplatforming of Parler wasn't really on anyone's radar back in November when the complaint with LACNIC was filed and I'm not under the impression they had lined DDoS-Guard up as a backup host at this point, or their downtime would have been much less after Amazon gave them the boot; still, they almost certainly would have been very tight lipped about who that provider would be.

It just seemed like a convenient coincidence that Parler has since become a customer and will be inconvenienced by this, the extent to which is not likely to be very high as they've probably re-written any modules of their backend that weren't portable, and now have some experience with finding and deploying on a new host.

-Matt

On Thu, Jan 21, 2021 at 10:39 AM Jean St-Laurent via NANOG < nanog@nanog.org> wrote:

...

I should have probably add more content or a comment.

I feel this is a good example that a pen is mightier than a sword.

I am impress by what I read in this article and would definitely like to hear/read more, maybe coming from Ronald Guilmette?

Thanks all

Jean

*From:* NANOG <nanog-bounces+jean=ddostest.me@nanog.org> *On Behalf Of *Jean St-Laurent via NANOG *Sent:* January 21, 2021 12:17 PM *To:* 'NANOG' <nanog@nanog.org> *Subject:* Nice work Ron

https://krebsonsecurity.com/2021/01/ddos-guard-to-forfeit-internet-space-occ...

[image: Image removed by sender. ddosTest me Security inc]

Jean St-Laurent

CISSP #634103

ddosTest me security inc

tel: 438 806-9800 <+14388069800>

site: https://ddostest.me

email: jean@ddostest.me

-- Matt Erculiani ERCUL-ARIN

Peace, On Thu, Jan 21, 2021, 9:29 PM Tom Beecher <beecher@beecher.cc> wrote:

am I the only one to believe that (given that LACNIC had allocated an IP

...

block to a company that doesn't conform to the LACNIC policies) what we urgently need to see next is the complete audit of the LACNIC operations, so that this doesn't look like selective enforcement?

LACNIC received a complaint, they investigated that complaint, found it warranted, and took appropriate action. "Selective enforcement" would imply there have been other complaints filed with LACNIC that have been ignored.

I've got a strong feeling though that Ronald Guilmette had been doing the job LACNIC should've done, possibly long ago. Once you define a policy, you shouldn't depend on independent investigators to figure out the violations. You need to ensure the execution. -- Töma

Peace, On Thu, Jan 21, 2021, 9:57 PM Tom Beecher <beecher@beecher.cc> wrote:

fraudulent business records are used all over the world for things like this all the time. Calling for a complete audit of LACNIC feels quite extreme absent a pattern of issues, which doesn't seem to have been presented.

Listen, here, we basically cherry-picked an arbitrary AS and immediately found a policy violation. Yes, this one hosted a Web site for a terrorist organization, but there are plenty such orgs in the world. This one was just outta luck with this. This is what makes me worry. -- Töma

Peace, On Thu, Jan 21, 2021, 10:20 PM Fredrik Holmqvist / I2B <fredrik@i2b.se> wrote:

Just a question "this one hosted a Web site for a terrorist organization", which terrorist organizations web site did they host ?

"Hamas", until November. That was discussed before on the mailing list. -- Töma

Eric Kuhnke wrote:

Based on my cursory knowledge of offshore corporate registrations in Belize, Panama and the Cayman Islands, identifying those locations which are only mailboxes versus actual business office addresses should not be overly complicated or difficult.

A problem, however, is that, these days, one can perform real business at remote locations without actual business offices there. Moreover, as page 28 of: https://www.lacnic.net/innovaportal/file/1016/3/lacnic-fasciculo-infraestruc... says: REQUIREMENTS FOR OBTAINING AN IP ADDRESS BLOCK AND AN ASN The organization must be legally incorporated in the LACNIC service region. incorporation is enough and physical presence is *NOT* required by LACNIC. Though there may be other reasons, the article explains: https://krebsonsecurity.com/2021/01/ddos-guard-to-forfeit-internet-space-occ... that are supposed to be given only to entities with a physical presence in the region Masataka Ohta PS I'm, anyway, glad that Ron now understand that "stealing" of IP addresses through AFRINIC for money is a crime of fraud.

JORDI PALET MARTINEZ via NANOG wrote:

No, this is not correct. LACNIC policies, state:

that LACNIC has contradicting statements is a problem of LACNIC and you can not say others that the statement of your choice is the one others must follow.

(look at the Spanish version, English seems not updated)

If there is a reservation statement such as "English version is just informational and not authentic" or "Certain restrictions may apply. See xxxxx for details." in PDF I quoted, your point could have been valid. Moreover,

The numbering resources under the stewardship of LACNIC must be distributed among organizations legally constituted within its service region [COBERTURA] and mainly *serving networks and services operating in this region. External clients connected directly to main infrastructure located in the region are allowed.

*“Mainly” is understood to mean more than 50%. requirement of such locality is, these days, seemingly badly impractical and attempt to enforce it will likely to be considered invalid.

For example, what if someone sells part of IP addresses assigned from LACNIC to someone else performing business outside of LACNIC region? If there is no restriction, it means locality requirement is effectively invalidated. Masataka Ohta

JORDI PALET MARTINEZ via NANOG wrote:

Not at all.

The "top" mandate of any RIR, in terms or resource allocation, is what the policies say. Within LACNIC, yes, of course. LACNIC can specify some document specifies the policy to be followed by all the employees of LACNIC.

However, that is a convention only valid locally within LACNIC. That is, LACNIC can not enforce it to people who have looked at and followed LACNIC statements stating otherwise. So? It should also be noted that you can't expect a Russian company having some business in LACNIC region read document of LACNIC not in English or Russian, which is why some reservation statements I mentioned could have been essentially important. Masataka Ohta

JORDI PALET MARTINEZ via NANOG wrote:

Policies in each RIR are developed by the (global) community. I live in Madrid, EU, my RIR is RIPE NCC, RIPE community, however, I contribute to policy making process in all the regions (all the RIRs), even if I've no resources in any of them.

I acknowledge your statement that even yellows like me can and should contribute to the *GLOBAL* community. I really thank you very much. Masataka Ohta

On Fri, Jan 22, 2021 at 08:18:08PM +0900, Masataka Ohta wrote: [snip]

It should also be noted that you can't expect a Russian company having some business in LACNIC region read document of LACNIC not in English or Russian, which is why some reservation statements I mentioned could have been essentially important.

The onus is on the entity that agreed to abide by policies to .... abide by policies. If they decide to rely upon RIR-provided translations, use any of the several automated translations, hire staff that are fluent in the language, etc are their choices based upon their tolerance of risk. If someone chooses to operate in a region without backing that choice with sufficient resources, perhaps it isn't a wise choice? Cheers, Joe -- Posted from my personal account - see X-Disclaimer header. Joe Provo / Gweep / Earthling

Joe Provo wrote:

If someone chooses to operate in a region without backing that choice with sufficient resources, perhaps it isn't a wise choice?

Within LACNIC region, the official language is English in "South Georgia and the South Sandwich Islands" (and, though there is disputes, "Falkland Islands"). So, it is likely that English is one of a formal language of LACNIC. A theoretical (perhaps not practical) problem is that French is the official language in "French Guiana". Masataka Ohta

Hi Toma, First think to clarify: In the Spanish version, the text is (mayoría) "majority" (that's why I said the translation as mainly, to me -not a native English-, is wrong). Note also that the original text, before my policy proposal already said the same, but didn't stated if majority is 50% or what, but in general majority is well interpreted as more than half, right? The decision of having the resources used in one region or another depends on the RIR communities, which set the policies. I think that multinationals are more often located in ARIN, RIPE or APNIC regions, so it is more "usual" that they get the resources from those regions, which I recall don't have that restriction. In AFRINIC is even worst (all the recourses need to be used in the region). Last but not least, nothing excludes that a company having business in different RIR coverage areas, obtain resources from several (all) of them. This allows a company having 40% of their business in a given region and needing 40% of the resources in that region, asking in that RIR that amount, so they will have actually 100% of the requested resources in that region. Right? Note also that at any point, the policies can change. If you/anyone really believes that's broken, a policy proposal can be sent for discussion. El 22/1/21 12:09, "Töma Gavrichenkov" <ximaera@gmail.com> escribió: Peace, On Fri, Jan 22, 2021, 12:27 PM JORDI PALET MARTINEZ via NANOG: The numbering resources under the stewardship of LACNIC must be distributed among organizations legally constituted within its service region [COBERTURA] and mainly *serving networks and services operating in this region. External clients connected directly to main infrastructure located in the region are allowed. *“Mainly” is understood to mean more than 50%. Just out of curiosity, I wonder what would happen if all the RIRs implemented the same policy. What if a company does business across the globe and any particular ICANN ASO region is only responsible e.g. of 40% of revenue at most? -- Töma ********************************************** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.

No, what I'm saying is that the original text of the policy *BEFORE* I send my proposal to amend it was: "majority" (not clarifying what is majority) My proposal added the clarification that "majority" is understood as "over 50%". The staff was already interpreting the policy like that, because usually when you say majority, you mean more than half. Do you agree on that? The community decided that my proposal to add the explicit "footnote" to clarify "majority" is understood as more than 50%, agreed on that, so consensus was declared and the policy was amended to add that footnote. Again, if you (or anyone) think this is wrong, you need to come to the LACNIC policy mailing list and discuss it there and even submit a policy proposal. I think I've provided sufficient clarifications here about that and responding again and again on the same will not be useful for the NANOG community. El 22/1/21 12:41, "NANOG en nombre de Masataka Ohta" <nanog-bounces+jordi.palet=consulintel.es@nanog.org en nombre de mohta@necom830.hpcl.titech.ac.jp> escribió: Sorry to have sent uneditted text. JORDI PALET MARTINEZ via NANOG wrote: > First think to clarify: In the Spanish version, the text is (mayoría) > "majority" (that's why I said the translation as mainly, to me -not a > native English-, is wrong). I'm afraid you have already stated: > *“Mainly” is understood to mean more than 50%. So, do you mean "majority" can mean 50% or 40% according to your discretion? > Note also that the original text, before my policy proposal already > said the same, but didn't stated if majority is 50% or what, but in > general majority is well interpreted as more than half, right? Are you, now, saying unreasonable request of "50%" is the requirement and "40%" is not enough? Masataka Ohta ********************************************** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.

El 22/1/21 13:25, "NANOG en nombre de Masataka Ohta" <nanog-bounces+jordi.palet=consulintel.es@nanog.org en nombre de mohta@necom830.hpcl.titech.ac.jp> escribió: JORDI PALET MARTINEZ via NANOG wrote: > My proposal added the clarification that "majority" is understood as "over 50%". And the proposal is denied to be unreasonable by Toma and, more aggressively, by me. So? [Jordi] The proposal, on this specific point, only made a "clarification", didn't mean an actual policy change. The existing policy already had "majority", so unless you believe that majority means something different than more than 50% (in the context of the full text), the change was "neutral". If anyone disagree with a policy in any region, MUST DO SOMETHING ABOUT THAT: "bring the problem to the policy list, discuss it with the community, and if needed make a policy proposal". In Spain we say "barking dogs seldom bite" and in this context means "if you complain, but don't act, then you have nothing to do". > The staff was already interpreting the policy like that, because > usually when you say majority, you mean more than half. Do you > agree on that? How can you ask such a question. already opposed by Toma and, more aggressively, by me, to me? [Jordi] I think if we don't agree what means majority, then it is difficult to get us understanding among ourselves, so that's why I'm asking if you agree that in English, majority means more than half. In Spanish it means that. My point is that locality requirement, whether it is 50% or 40%, is impractical and, with operational practices today, is not and can not be enforced. [Jordi] Then you need to come to the right mailing list and discuss that with the community. It is not me who decides that! >> The community decided that my proposal to add the explicit "footnote" Then, the "footnote" might be applicable to *SOME* part of "the community" but definitely not beyond it. [Jordi] A footnote in the policy manual is a clarification to the manual text, and of course *applies* to anyone who signs a contract with the RIR to obtain resources. Masataka Ohta ********************************************** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.

On Fri, Jan 22, 2021 at 9:07 PM Mark Andrews <marka@isc.org> wrote:

Majority only means >50% when there are 2 parties.

When there is more than 2 parties the majority can be less than 50%. When there is more than 2 parties, one uses the term “absolute majority” to indicate >50%.

At least in American English, less than 50% is not a "majority". The option getting the most votes, but less than 50%, among more than 2 is said to have a "plurality" of the votes. See https://en.wikipedia.org/wiki/Plurality Thanks, Donald =============================== Donald E. Eastlake 3rd +1-508-333-2270 (cell) 2386 Panoramic Circle, Apopka, FL 32703 USA d3e3e3@gmail.com

There are more than 2 RIRs.

If 40% of address are used in LACNIC, 30% in APNIC and 30% in RIPE then the majority of addresses by region are in the LACNIC region.

-- Mark Andrews

...

On 22 Jan 2021, at 23:48, JORDI PALET MARTINEZ via NANOG <nanog@nanog.org> wrote:



El 22/1/21 13:25, "NANOG en nombre de Masataka Ohta" <nanog-bounces+jordi.palet=consulintel.es@nanog.org en nombre de mohta@necom830.hpcl.titech.ac.jp> escribió:

JORDI PALET MARTINEZ via NANOG wrote:

...

My proposal added the clarification that "majority" is understood as "over 50%".

And the proposal is denied to be unreasonable by Toma and, more aggressively, by me.

So?

[Jordi] The proposal, on this specific point, only made a "clarification", didn't mean an actual policy change. The existing policy already had "majority", so unless you believe that majority means something different than more than 50% (in the context of the full text), the change was "neutral". If anyone disagree with a policy in any region, MUST DO SOMETHING ABOUT THAT: "bring the problem to the policy list, discuss it with the community, and if needed make a policy proposal". In Spain we say "barking dogs seldom bite" and in this context means "if you complain, but don't act, then you have nothing to do".

...

The staff was already interpreting the policy like that, because usually when you say majority, you mean more than half. Do you agree on that?

How can you ask such a question. already opposed by Toma and, more aggressively, by me, to me?

[Jordi] I think if we don't agree what means majority, then it is difficult to get us understanding among ourselves, so that's why I'm asking if you agree that in English, majority means more than half. In Spanish it means that.

My point is that locality requirement, whether it is 50% or 40%, is impractical and, with operational practices today, is not and can not be enforced.

[Jordi] Then you need to come to the right mailing list and discuss that with the community. It is not me who decides that!

...

...

The community decided that my proposal to add the explicit "footnote"

Then, the "footnote" might be applicable to *SOME* part of "the community" but definitely not beyond it.

[Jordi] A footnote in the policy manual is a clarification to the manual text, and of course *applies* to anyone who signs a contract with the RIR to obtain resources.

Masataka Ohta

Mark Andrews wrote:

Majority only means >50%

But actual word used by LACNIC is "mainly" as Jordi wrote: : *“Mainly” is understood to mean more than 50%. : (https://www.lacnic.net/681/2/lacnic/) : The 50% was not there before, so I submitted a "recent" : policy proposal that reached consensus, and that is "recent" change. Moreover, corresponding word in Spanish page is "mayoritariamente", English translation of which is "mostly", "mainly", "chiefly" or "by majority" according to: https://www.spanishdict.com/dictionary Masataka Ohta

JORDI PALET MARTINEZ via NANOG wrote:

To summarize several responses:

You don't.

In the case of LACNIC it is spanish, it is clearly indicated in the web site,

I can't see it clearly indicated in LACNIC web site, at all. Where is it? How does it stated?

I've already informed LACNIC that "mainly", in my opinion, is a wrong translation for "mayoria", and should be majority, but in any case, the spanish version is the relevant one.

Could you explain why google translation says "mayoria" in English means (sorted by frequency) "most", "majority", "many", "bulk" and "plurality"? Masataka Ohta

JORDI PALET MARTINEZ wrote:

...

In the case of LACNIC it is spanish, it is clearly indicated in the web site,

I can't see it clearly indicated in LACNIC web site, at all.

Where is it? How does it stated?

[Jordi] There may be some problem with your browser or Internet connectivity that is missing some parts of the web site, as I can see it in many places, and especially those more relevant (bylaws and policy manual):

https://www.lacnic.net/76/2/lacnic/bylaws

https://www.lacnic.net/680/2/lacnic/policy-manual-[v214---24_07_2020]

That it is stated some random pages deep within LACNIC website does not mean "clearly indicated in LACNIC web site". As such, LACNIC can't expect English-using people see the pages, which means it is fault of LACNIC if they believe policy in English is a formal one.

Could you explain why google translation says "mayoria" in English means (sorted by frequency) "most", "majority", "many", "bulk" and "plurality"?

[Jordi] I'm not native English speaker, so I'm not the best one to explain that.

I'm afraid you are saying you have no say on the meaning of "mainly".

As I said, several times, the official documents are the Spanish version, and in the Spanish version the right word being used is "mayoría", which I believe, in *this context* it is better translated to "majority".

which is not compatible with translation by google. Masataka Ohta

When you sign a contract with a RIR (whatever RIR), is always 2 parties, so majority of resources operated in the region (so to have the complete context) clearly means that you are using in the region >50% of the provided IPs. El 23/1/21 3:06, "Mark Andrews" <marka@isc.org> escribió: Majority only means >50% when there are 2 parties. When there is more than 2 parties the majority can be less than 50%. When there is more than 2 parties, one uses the term “absolute majority” to indicate >50%. There are more than 2 RIRs. If 40% of address are used in LACNIC, 30% in APNIC and 30% in RIPE then the majority of addresses by region are in the LACNIC region. -- Mark Andrews > On 22 Jan 2021, at 23:48, JORDI PALET MARTINEZ via NANOG <nanog@nanog.org> wrote: > >  > > El 22/1/21 13:25, "NANOG en nombre de Masataka Ohta" <nanog-bounces+jordi.palet=consulintel.es@nanog.org en nombre de mohta@necom830.hpcl.titech.ac.jp> escribió: > > JORDI PALET MARTINEZ via NANOG wrote: > >> My proposal added the clarification that "majority" is understood as "over 50%". > > And the proposal is denied to be unreasonable by Toma and, more > aggressively, by me. > > So? > > [Jordi] The proposal, on this specific point, only made a "clarification", didn't mean an actual policy change. The existing policy already had "majority", so unless you believe that majority means something different than more than 50% (in the context of the full text), the change was "neutral". If anyone disagree with a policy in any region, MUST DO SOMETHING ABOUT THAT: "bring the problem to the policy list, discuss it with the community, and if needed make a policy proposal". In Spain we say "barking dogs seldom bite" and in this context means "if you complain, but don't act, then you have nothing to do". > >> The staff was already interpreting the policy like that, because >> usually when you say majority, you mean more than half. Do you >> agree on that? > > How can you ask such a question. already opposed by Toma and, > more aggressively, by me, to me? > > [Jordi] I think if we don't agree what means majority, then it is difficult to get us understanding among ourselves, so that's why I'm asking if you agree that in English, majority means more than half. In Spanish it means that. > > My point is that locality requirement, whether it is 50% or 40%, is > impractical and, with operational practices today, is not and can > not be enforced. > > [Jordi] Then you need to come to the right mailing list and discuss that with the community. It is not me who decides that! > >>> The community decided that my proposal to add the explicit "footnote" > > Then, the "footnote" might be applicable to *SOME* part of "the > community" but definitely not beyond it. > > [Jordi] A footnote in the policy manual is a clarification to the manual text, and of course *applies* to anyone who signs a contract with the RIR to obtain resources. > > Masataka Ohta > > > > ********************************************** > IPv4 is over > Are you ready for the new Internet ? > http://www.theipv6company.com > The IPv6 Company > > This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it. > > > ********************************************** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.

I fully understand what you mean, however, I don’t think this is a problem even if all the RIRs ask for “%50 or even 100%” of usage in the region. That will make your life more complex, as you will need to obtain addresses from each RIR. In the worst case, if all them ask for the same: If you need 2.000 addresses in LACNIC, 4.000 in ARIN, 3.000 in RIPE, 5.000 in APNIC and 1.000 in AFRINIC (just an example). This makes in total a global need for your network of 15.000 addresses. You will sign 5 contracts, and you will get a block from each RIR, that is a bit higher than your actual needs in that region. This means that you have more than 50% of the usage in that region and in the case of LACNIC, it means that you need to ensure that 1.000 addresses are used there. Probably you will not actually need to get addresses from every RIR, for example, the 1.000 addresses that you need for AFRINIC, are the excess of addresses from LACNIC, etc. So, you end up with 2-3 RIRs allocations, not 5. And the real situation is that 3 out of 5 RIRs communities, decided to be more relaxed on that requirement, so you don’t need actually more than 1 or may be 2 allocations. Of course, we are talking “in the past” because if we are referring to IPv4 addresses, you actually have a different problem trying to get them from the RIRs. It is the decision of the community if they don’t like this complexity and they don’t care if you get all the addresses from LANIC (for whatever reason you have that preference, or the corporation is sitting them, etc.), and actually only 20% of the addresses are being used in the region (for example) and the community can change that at any time. For that, you *don’t need to convince me*, you need to go to the LACNIC policy list and convince the community there. My policy proposal *didn’t change that*. The word “majority” was already there. It was already being interpreted “literally” as “you need to operate more than the half of the IPs *that you get from LACNIC* in the LACNIC region”. I just added a footnote (as part of a mayor set of policy changes), to make sure that everybody is clearly reading the same with >50% instead of coming to the list or to the staff to ask for clarity every other day. Note that you are interpreting the % from your “complete network”. LACNIC community that did the original policy and adopted the recent change, may have a more “regional” perspective, culture, or whatever you call it (may be because the lack of IPv4 addresses, the lack of business cases – in general – for organizations that are from that region but operate globally, etc., etc.). As I already mention, note that there is a similar case in AFRINIC policy. They require that *all* the resources you get, are used in the region. El 24/1/21 12:30, "Matthew Petach" <mpetach@netflight.com> escribió: On Sat, Jan 23, 2021 at 1:11 AM JORDI PALET MARTINEZ via NANOG <nanog@nanog.org> wrote: When you sign a contract with a RIR (whatever RIR), is always 2 parties, so majority of resources operated in the region (so to have the complete context) clearly means that you are using in the region >50% of the provided IPs. No. If you operate a global backbone on six continents, and obtain a block of addresses to use for building that backbone, you can easily end up in a situation where there is no continent with >50% utilization of resources; it can easily end up with the space being split 10%, 10%, 20%, 25%, 35%. Every time I have gone to an RIR for resources, and have described the need, explaining that the largest percentage of the addresses will be used within the primary region has been sufficient. No RIR has stated that a global backbone buildout can only be built in a region if > 50% of the addresses used on that backbone reside within their region. Otherwise, you end up at a stalemate with no RIR able to allocate addresses for your backbone in good faith, because no region holds more than 50% of the planet's regions. "Mainly" has been interpreted to be "the largest percentage" every time I have requested space. If RIRs start to put a >50% requirement in place, you're going to see global backbone providers put into the awkward position of having to lie about their buildout plans--so they're going to consistently vote against language that explicitly says ">50%" just so that nobody is put into the position of having to knowingly lie on an attestation. I understand where you're coming from; but as someone who has built global infrastructure in the past, I think it would be good to consider the view from the other side of the table, and realize why the language is kept a bit more loose, to allow for the creation of infrastructure that spans multiple regions. Thanks! Matt ********************************************** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.

Again, I'm not saying is the best way, is what the community *decided* before I added a clarification. The 50% was not a change, just to make it explicit, what was the actual interpretation. If you don't like it, stop complaining, and send a policy proposal, I could even support it, but I'm not convinced it will reach consensus. El 24/1/21 15:34, "NANOG en nombre de Masataka Ohta" <nanog-bounces+jordi.palet=consulintel.es@nanog.org en nombre de mohta@necom830.hpcl.titech.ac.jp> escribió: JORDI PALET MARTINEZ via NANOG wrote: > I fully understand what you mean, however, I don’t think this is a > problem even if all the RIRs ask for “%50 or even 100%” of usage in > the region. So, you don't know how most, if not all, ISPs are operating their network. > That will make your life more complex, as you will need to obtain It makes ISP's operations a lot more complex and a lot less profitable to be ignored by almost all, if not all, ISPs. Your theory that ISPs could have behaved otherwise is not helpful in the real world of business and not practically acceptable by RIRs mostly consisting of ISPs. Masataka Ohta ********************************************** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.

JORDI PALET MARTINEZ via NANOG wrote:

If you don't like it, stop complaining, and send a policy proposal,

It is wast of time to complain or to modify practically obsoleted policy. Masataka Ohta

On Sun, Jan 24, 2021 at 4:22 AM JORDI PALET MARTINEZ via NANOG < nanog@nanog.org> wrote: [...]

So, you end up with 2-3 RIRs allocations, not 5. And the real situation is that 3 out of 5 RIRs communities, decided to be more relaxed on that requirement, so you don’t need actually more than 1 or may be 2 allocations. Of course, we are talking “in the past” because if we are referring to IPv4 addresses, you actually have a different problem trying to get them from the RIRs.

Hi Jordi, I've adjusted the subject line to reflect the real thrust of this discussion. You're right--if we're trying to get "new" allocations of IPv4 addresses, we've got bigger problems to solve. But when it comes to IPv6 address blocks and ASNs, these questions are still very relevant. And, going back to the original article that spawned the parent thread, the problem wasn't about companies requesting *new* blocks, it was about the usage of old, already granted blocks that were now being reclaimed. Historically, ISPs have focused on ensuring their usage of IP space reflected the then-current requirements at the time the blocks were requested. This action by Ron, well-intentioned as it is, raises a new challenge for ISPs: network numbering decisions that were made in the past, which may have been done perfectly according to the guidelines in place at the time the blocks were assigned, may later on violate *newly added* requirements put in place by RIRs. How many global networks allocate manpower and time cycles to potentially renumbering portions of their network each time a new policy is put in place at an RIR that makes previously-conforming addressing topologies no longer conforming? Historically, once addresses were granted by an RIR, and the exercise of ensuring all the requirements were met, and the addresses were in place, that was it; nobody went back every time a new policy was put in place and re-audited the network to ensure it was still in compliance, and did the work to bring it back into compliance if the new policy created violations, because the RIRs generally didn't go back to see if new policies had been retroactively applied to all member networks. Ron's actions have now put every network on notice; it wasn't good enough to be in compliance at the time you obtained your address space, you MUST re-audit your network any time new policies are put into force by the RIR in a region in which you do business, or your address space may be revoked due to retroactive application of the new policy against addresses you have already put into use. This is a bigger deal that I think many people on the list are first grasping. We grow up accustomed to the notion that laws can't be applied retroactively. If you smoked pot last year, before it was criminalized, they can't arrest you this year after a new law was passed for smoking it before the law was passed. In the DDoS-guard case, the address blocks in question seem to have been granted by LACNIC nearly a decade ago back in 2013, under whatever policies were in force at the time. But they're being revoked and reclaimed based on the policies that are in place *now*, nearly a decade later. It sends a very clear message--it's not enough to be in compliance with policies at the time the addresses are granted. New policies can and will be applied retroactively, so decisions you made in the past that were valid and legal, may now be invalid, and subject you to revocation. It's bad enough when it's your own infrastructure that you have some control over that you may need to re-number; woe to you if you assign address blocks to *customers* in a manner that was valid under previous policy, but is no longer valid under new policies--you get to go back to your customers, and explain that *they* now have to redo their network addressing so that it is in compliance, in order for *you* to be in compliance with the new policies. Otherwise, you can *all* end up losing your IP address blocks. So--while I think Ron's actions were done with the best of intentions, I think the fallout from those actions should be sending a chill down the spine of every network operator who obtained address blocks under policies in place a decade ago that hasn't gone back and re-audited their network for compliance after ever subsequent policy decision. What if one of *your* customers falls into Ron's spotlight; is the rest of your network still in compliance with every RIR policy passed in the years or decades since the addresses were allocated? Are you at risk of having chunks of your IP space revoked? I know this sets a precedent *I* find frightening. If it isn't scaring you, either you don't run a network, or I suspect you haven't thought all the way through how it could impact your business at some unforeseen point in the future, when a future policy is passed. :/ Thanks! Matt

Hi Matthew, I’m not sure I’ve succeded to explain it in previous emails. The requirement for the LACNIC policies about majority of usage *in the region* of the resources provided has been there for many years. I’m almost sure than since day 1, but will need to dig into older versions of the policy manual to check that. The *text* was only using the work “mayoría”, but the interpretation when ensuring policy compliance, was following that definition of “mayoria”, which is more than 50%. My policy proposal, was “cleaning” and “clarifiying” text here and there. For example, there were some text that clearly apply to IPv4 and IPv6, and was only in the IPv4 section, etc. The policy proposal also did a lot of major changes for the recovery of uncompliant addressing space by ensuring that LACNIC setup periodic and automatic policy compliance checks. So: the “>50%” was not a “change”, was just making explicit the actual practice, and during the discussion of the proposal, we made sure in the mailing list that everybody agree with that clarification of the *existing* interpretation. Nobody, absolutely nobody, objected or said “I don’t read it that way”. In fact, I asked if the people prefers to use some “other %”, or completely delete it or whatever. I don’t have the exact details of the case that Ron discovered in Belize, because, of course, most of the details are under NDA between the resourse holder and LACNIC, private documents, etc., etc. So I’m not sure if “initially” the resource holder was really having the “majority” of the resources operated in Belize or some other place in the region and then they “forgot” that they need to follow the policy (as said, the policy has not changed in that sense). My guess is that they provided false information to LACNIC “yes we have the majority of the operation in the region”, and the RIR trusted the provided documents, but is only my guess. I fully see your point, however *every ISP/LIR needs to follow the policies in every RIR where they have resources*. Policy changes may require changes in their operation, and if they don’t agree, *this is the reason* they MUST participate in policy discussions, to be able to defend their position. This is *nothing new*! Is part of the job of the ISPs/LIRs, to ensure that they follow the policy discussions, the same way as citizens follow law development because changes in law (new taxes, etc.), can change their compliance with law. Is not about retroactivity, is about every one of us developing the “laws” and justify why something can’t be changed. The solution to those that don’t want to follow (even if is part of their “job”) the policy development, is to have warnings when there is a policy change that affects them. In fact I’ve included that in a policy proposal in AFRINIC (https://www.afrinic.net/policy/proposals/2020-gen-001-d1?lang=en-GB#proposal), by means of a dash-board. This could be done also by other RIRs as part of their “operational” terms in the customers accounts (such in “mylacnic” in the case of LACNIC), etc., and in fact it was the main intent of my policy proposal. As said, remember that this has been not changed, just added a clarification based on the existing understanding of the previuos text. LACNIC will not have provided to this resource-holder in 2013 the resources if they didn’t had indicated that the majority (over 50%) of those resrouces aren’t being operated in the region. I found and older archived version of the policy manual from 2013 (in Spanish): https://www.lacnic.net/innovaportal/file/543/1/manual-politicas-sp-2.0.pdf In section 1.11, has exactly the same text: “Los recursos de numeración de Internet bajo la custodia de LACNIC se deben distribuir a organizaciones legalmente establecidas en su región de servicio [COBERTURA] y para atender mayoritariamente redes y servicios que operan en dicha región.” El 25/1/21 0:15, "Matthew Petach" <mpetach@netflight.com> escribió: On Sun, Jan 24, 2021 at 4:22 AM JORDI PALET MARTINEZ via NANOG <nanog@nanog.org> wrote: [...] So, you end up with 2-3 RIRs allocations, not 5. And the real situation is that 3 out of 5 RIRs communities, decided to be more relaxed on that requirement, so you don’t need actually more than 1 or may be 2 allocations. Of course, we are talking “in the past” because if we are referring to IPv4 addresses, you actually have a different problem trying to get them from the RIRs. Hi Jordi, I've adjusted the subject line to reflect the real thrust of this discussion. You're right--if we're trying to get "new" allocations of IPv4 addresses, we've got bigger problems to solve. But when it comes to IPv6 address blocks and ASNs, these questions are still very relevant. And, going back to the original article that spawned the parent thread, the problem wasn't about companies requesting *new* blocks, it was about the usage of old, already granted blocks that were now being reclaimed. Historically, ISPs have focused on ensuring their usage of IP space reflected the then-current requirements at the time the blocks were requested. This action by Ron, well-intentioned as it is, raises a new challenge for ISPs: network numbering decisions that were made in the past, which may have been done perfectly according to the guidelines in place at the time the blocks were assigned, may later on violate *newly added* requirements put in place by RIRs. How many global networks allocate manpower and time cycles to potentially renumbering portions of their network each time a new policy is put in place at an RIR that makes previously-conforming addressing topologies no longer conforming? Historically, once addresses were granted by an RIR, and the exercise of ensuring all the requirements were met, and the addresses were in place, that was it; nobody went back every time a new policy was put in place and re-audited the network to ensure it was still in compliance, and did the work to bring it back into compliance if the new policy created violations, because the RIRs generally didn't go back to see if new policies had been retroactively applied to all member networks. Ron's actions have now put every network on notice; it wasn't good enough to be in compliance at the time you obtained your address space, you MUST re-audit your network any time new policies are put into force by the RIR in a region in which you do business, or your address space may be revoked due to retroactive application of the new policy against addresses you have already put into use. This is a bigger deal that I think many people on the list are first grasping. We grow up accustomed to the notion that laws can't be applied retroactively. If you smoked pot last year, before it was criminalized, they can't arrest you this year after a new law was passed for smoking it before the law was passed. In the DDoS-guard case, the address blocks in question seem to have been granted by LACNIC nearly a decade ago back in 2013, under whatever policies were in force at the time. But they're being revoked and reclaimed based on the policies that are in place *now*, nearly a decade later. It sends a very clear message--it's not enough to be in compliance with policies at the time the addresses are granted. New policies can and will be applied retroactively, so decisions you made in the past that were valid and legal, may now be invalid, and subject you to revocation. It's bad enough when it's your own infrastructure that you have some control over that you may need to re-number; woe to you if you assign address blocks to *customers* in a manner that was valid under previous policy, but is no longer valid under new policies--you get to go back to your customers, and explain that *they* now have to redo their network addressing so that it is in compliance, in order for *you* to be in compliance with the new policies. Otherwise, you can *all* end up losing your IP address blocks. So--while I think Ron's actions were done with the best of intentions, I think the fallout from those actions should be sending a chill down the spine of every network operator who obtained address blocks under policies in place a decade ago that hasn't gone back and re-audited their network for compliance after ever subsequent policy decision. What if one of *your* customers falls into Ron's spotlight; is the rest of your network still in compliance with every RIR policy passed in the years or decades since the addresses were allocated? Are you at risk of having chunks of your IP space revoked? I know this sets a precedent *I* find frightening. If it isn't scaring you, either you don't run a network, or I suspect you haven't thought all the way through how it could impact your business at some unforeseen point in the future, when a future policy is passed. :/ Thanks! Matt ********************************************** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.

/(sent again since the last one had the inline graphic stripped out - so this one links to the graphic on a website)/ A take on the 1979 movie "When A Stranger Calls" - "have you checked the children?" becomes "have you checked the IP registration?" Have you checked the IP registration? https://www.invaluement.com/have-you-checked-the-ip-registration.jpg The vast majority of the time, Ron Guilmette does "the Lord's work" - but THIS time - it looks to me like he put his political biases ahead of legit anti-abuse, and it's no surprise that we now have a trail of destruction left behind, along with much "innocent bystander" collateral damage. Is DDoS-Guard without blame? Probably not, but them hosting some occasional criminals is NOT UNLIKE EVERY OTHER GLOBAL NETWORK! So like other large and diversity global networks, anti abuse should focus on removing their worst criminals/spammers. By these SAME standards, many other large and famous networks should lose most or much of their IPs too! So here we are, with many OTHER networks now legitimately freaked out about losing their IPs, and with massive potential collateral damage that might hurt many "innocent bystanders" each time that is done! -- Rob McEwen, invaluement

On 1/25/2021 11:34 AM, Rubens Kuhl wrote:

They are not losing IPs because of hosting questionable content.

Correct - but from reading the Brian Krebs article on this, that was the justification that Ron Guilmette used for going after Parler and DDoS-Guard. -- Rob McEwen https://www.invaluement.com +1 (478) 475-9032

Peace, On Fri, Jan 22, 2021, 3:24 PM Masataka Ohta < mohta@necom830.hpcl.titech.ac.jp> wrote:

JORDI PALET MARTINEZ via NANOG wrote:

My proposal added the clarification that "majority" is understood as "over 50%".

And the proposal is denied to be unreasonable by Toma and, more aggressively, by me.

Having seen my name being mentioned here, what I want to highlight is that: 1) I was asking that just out of idle curiosity; 2) The important context with this is that two people seem to be arguing about this: one (me) from the European Union, which is within the RIPE NCC region, and the other, apparently from the APNIC region, as far as the TLD in the email address could tell. And we're discussing LACNIC policies within the mailing list that is mostly related to the operations within the ARIN region. Though I definitely agree with certain points been made, this appears to be entirely off the topic of the NANOG, and I'm accepting the blame for raising this here. -- Töma

On Jan 21, 2021, at 12:59 PM, Eric Kuhnke <eric.kuhnke@gmail.com> wrote:

...

How many other Belize defuncts do they have? How many offshore countries like Belize are there in the region?

Based on my cursory knowledge of offshore corporate registrations in Belize, Panama and the Cayman Islands, identifying those locations which are only mailboxes versus actual business office addresses should not be overly complicated or difficult.

In the era of Google Street View for most major urban areas the initial search process can be done remotely, such as when it appears that dozens of companies occupy one street address of a very small office building.

That will basically fail in Belize; nobody has run a Google streets camera around down there. I was planning to try to start that last September with their volunteer loaner cameras program and a SUV for a couple of weeks but there was a pandemic instead of a vacation. Not even all of the English speaking world... -George Sent from my iPhone

...

    Well,     FYI: I'm not getting getting this kind of vibe from him, more like of an IP Space janitor.     I'm wondering if it is a statement from Ron or the opinion of the author of the article.     Myself, I'm jealous of Ron for having the capacity of doing this kind of task =D on top of his daily $$$ one. ----- Alain Hebert ahebert@pubnix.net PubNIX Inc. 50 boul. St-Charles P.O. Box 26770 Beaconsfield, Quebec H9W 6G7 Tel: 514-990-5911 http://www.pubnix.net Fax: 514-990-9443 On 1/21/21 1:59 PM, Anne P. Mitchell, Esq. wrote:

...

On Jan 21, 2021, at 10:16 AM, Jean St-Laurent via NANOG <nanog@nanog.org> wrote:

https://krebsonsecurity.com/2021/01/ddos-guard-to-forfeit-internet-space-occ... For context, from the article:

"The pending disruption for DDoS-Guard and Parler comes compliments of Ron Guilmette, a researcher who has made it something of a personal mission to de-platform conspiracy theorist and far-right groups."

Anne

-- Anne P. Mitchell, Attorney at Law CEO, SuretyMail Email Reputation Certification Dean of Cyberlaw & Cybersecurity, Lincoln Law School Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law) Board of Directors, Denver Internet Exchange Former Counsel: Mail Abuse Prevention System (MAPS)