[117464] in North American Network Operators' Group
RE: Hijacked Blocks
daemon@ATHENA.MIT.EDU (Azinger, Marla)
Mon Sep 14 13:36:31 2009
From: "Azinger, Marla" <marla.azinger@frontiercorp.com>
To: "Azinger, Marla" <marla.azinger@frontiercorp.com>, Christopher Morrow
<morrowc.lists@gmail.com>, Chris Marlatt <cmarlatt@rxsec.com>
Date: Mon, 14 Sep 2009 13:35:20 -0400
In-Reply-To: <2E2FECEBAE57CC4BAACDE67638305F1048510F3C68@ROCH-EXCH1.corp.pvt>
Cc: John Curran <jcurran@arin.net>, "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
FYI-
I have forwarded this conversation to ARIN ppml as this is now a topic for =
that mailing list more than NANOG.
Cheers
Marla Azinger
ARIN AC VC
-----Original Message-----
From: Azinger, Marla [mailto:marla.azinger@frontiercorp.com]
Sent: Monday, September 14, 2009 10:29 AM
To: Christopher Morrow; Chris Marlatt
Cc: John Curran; nanog@nanog.org
Subject: RE: Hijacked Blocks
I haven't followed this entire string. Are you saying ARIN is repeatedly h=
anding out address space to known abusers? If that's the case then yes, so=
me form of policy should be worked on. If on the administrative level ARIN =
is not researching returned blocks for abuse complaints and working to clea=
n them up, then...I suppose policy could be proposed. I'm just not sure if =
that's really where the brunt of assignments to abusers is happening.
>From experience I learned the most effective place for abuse stopping is a=
t the network level. Back in 2001 my network had serious problems with thi=
s. Making a sale was more important than ensuring abuse didn't occur. How=
ever, I worked to install a policy that required customer review before ass=
igning them address space. If public records showed abuse (which was reall=
y easy to find) or public records showed a business model that would be rea=
lly only something leading to abuse complaints then engineering had the vet=
o power to not permit the potential customer onto our network. We managed =
to go from allot of abuse to essentially zero in 1 year. Then we worked to=
clean up the damaged blocks.
Granted, if a network or company goes out of business they wont care if the=
addresses are clean when they return them to ARIN. So maybe this is where=
some proposal could focus. Also, if this is a case where an entity is abl=
e to qualify for direct ARIN allocations and they are habitual at turning o=
ver because their business is essentially abusing the network, then policy =
could focus there as well. Its easy to create a new company name, but from=
experience the owners name still stays the same for the most part, so a re=
view of the company before allocation would catch that.
In reality, we would all benefit if policy to stop it before it happens and=
policy to clean it up before reissuing existed at the registry and the net=
work level. It would be interesting to see what legal and staff would have=
to say about taking those types of measures.
Controlling this type of abuse and the clean up of it is one of the older a=
rguments for not permitting just anyone direct allocations from ARIN. Abus=
e and clean up is better managed and cared for at the larger Network levels=
. Im not looking to open a debate on this last comment. ;o) Its just som=
ething that popped into my head as to one of the explanations for why speci=
fic levels of qualifications for direct allocations from ARIN existed with =
IPv4.
My 2cents. sorry if it seemed long
Cheers,
Marla Azinger
Frontier Communications
Sr Data Engineer
-----Original Message-----
From: Christopher Morrow [mailto:morrowc.lists@gmail.com]
Sent: Monday, September 14, 2009 9:40 AM
To: Chris Marlatt
Cc: John Curran; nanog@nanog.org
Subject: Re: Hijacked Blocks
On Mon, Sep 14, 2009 at 11:58 AM, Chris Marlatt <cmarlatt@rxsec.com> wrote:
> Christopher Morrow wrote:
>> The end of the discussion was along the lines of: "Yes, we know this
>> guy is bad news, but he always comes to us with the proper paperwork
>> and numbers, there's nothing in the current policy set to deny him
>> address resources. Happily though he never pays his bill after the
>> first 12 months so we just reclaim whatever resources are allocated
>> then." (yes, comments about more address space ending up on BL's
>> were made, and that he probably doesn't pay because after the first 3
>> months the address space is 'worthless' to him...)
>>
>> How should this get fixed? Is it possible to make policy to address
>> this sort of problem?
>>
>> -chris
>>
>
> If this is the case one could argue that ARIN should be reserving this
> "worthless" address space to be used when they receive similar
> requests in the future. There's no reason personX should get fresh,
> clean address space when they make additional requests.
That implies some process changes inside ARIN (I think) and effectively sav=
ing 'your old space' for some period of time in escrow for you. This doesn'=
t sound unreasonable, perhaps you put forth some policy verbiage on ppml?
-chris
