[117462] in North American Network Operators' Group
RE: Hijacked Blocks
daemon@ATHENA.MIT.EDU (Azinger, Marla)
Mon Sep 14 13:30:34 2009
From: "Azinger, Marla" <marla.azinger@frontiercorp.com>
To: Christopher Morrow <morrowc.lists@gmail.com>, Chris Marlatt
<cmarlatt@rxsec.com>
Date: Mon, 14 Sep 2009 13:29:09 -0400
In-Reply-To: <75cb24520909140939u2557ca3fp2e86de3974062df0@mail.gmail.com>
Cc: John Curran <jcurran@arin.net>, "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
I haven't followed this entire string. Are you saying ARIN is repeatedly h=
anding out address space to known abusers? If that's the case then yes, so=
me form of policy should be worked on. If on the administrative level ARIN =
is not researching returned blocks for abuse complaints and working to clea=
n them up, then...I suppose policy could be proposed. I'm just not sure if =
that's really where the brunt of assignments to abusers is happening.
>From experience I learned the most effective place for abuse stopping is at=
the network level. Back in 2001 my network had serious problems with this=
. Making a sale was more important than ensuring abuse didn't occur. Howe=
ver, I worked to install a policy that required customer review before assi=
gning them address space. If public records showed abuse (which was really=
easy to find) or public records showed a business model that would be real=
ly only something leading to abuse complaints then engineering had the veto=
power to not permit the potential customer onto our network. We managed t=
o go from allot of abuse to essentially zero in 1 year. Then we worked to =
clean up the damaged blocks.
Granted, if a network or company goes out of business they wont care if the=
addresses are clean when they return them to ARIN. So maybe this is where=
some proposal could focus. Also, if this is a case where an entity is abl=
e to qualify for direct ARIN allocations and they are habitual at turning o=
ver because their business is essentially abusing the network, then policy =
could focus there as well. Its easy to create a new company name, but from=
experience the owners name still stays the same for the most part, so a re=
view of the company before allocation would catch that.
In reality, we would all benefit if policy to stop it before it happens and=
policy to clean it up before reissuing existed at the registry and the net=
work level. It would be interesting to see what legal and staff would have=
to say about taking those types of measures.
Controlling this type of abuse and the clean up of it is one of the older a=
rguments for not permitting just anyone direct allocations from ARIN. Abus=
e and clean up is better managed and cared for at the larger Network levels=
. Im not looking to open a debate on this last comment. ;o) Its just som=
ething that popped into my head as to one of the explanations for why speci=
fic levels of qualifications for direct allocations from ARIN existed with =
IPv4.
My 2cents. sorry if it seemed long
Cheers,
Marla Azinger
Frontier Communications
Sr Data Engineer
-----Original Message-----
From: Christopher Morrow [mailto:morrowc.lists@gmail.com]
Sent: Monday, September 14, 2009 9:40 AM
To: Chris Marlatt
Cc: John Curran; nanog@nanog.org
Subject: Re: Hijacked Blocks
On Mon, Sep 14, 2009 at 11:58 AM, Chris Marlatt <cmarlatt@rxsec.com> wrote:
> Christopher Morrow wrote:
>> The end of the discussion was along the lines of: "Yes, we know this
>> guy is bad news, but he always comes to us with the proper paperwork
>> and numbers, there's nothing in the current policy set to deny him
>> address resources. Happily though he never pays his bill after the
>> first 12 months so we just reclaim whatever resources are allocated
>> then." (yes, comments about more address space ending up on BL's
>> were made, and that he probably doesn't pay because after the first 3
>> months the address space is 'worthless' to him...)
>>
>> How should this get fixed? Is it possible to make policy to address
>> this sort of problem?
>>
>> -chris
>>
>
> If this is the case one could argue that ARIN should be reserving this
> "worthless" address space to be used when they receive similar
> requests in the future. There's no reason personX should get fresh,
> clean address space when they make additional requests.
That implies some process changes inside ARIN (I think) and effectively sav=
ing 'your old space' for some period of time in escrow for you. This doesn'=
t sound unreasonable, perhaps you put forth some policy verbiage on ppml?
-chris
