[145419] in North American Network Operators' Group
Re: Botnets buying up IPv4 address space
daemon@ATHENA.MIT.EDU (Benson Schliesser)
Fri Oct 7 19:48:14 2011
From: Benson Schliesser <bensons@queuefull.net>
In-Reply-To: <CAAAwwbXO9wkrrv81zQP=Gt4d+du9K8yTwQLeKiOswfXoqE989Q@mail.gmail.com>
Date: Fri, 7 Oct 2011 18:47:19 -0500
To: Jimmy Hess <mysidia@gmail.com>
Cc: North American Network Operators Group <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
The important outcome is that transfers are documented. Making it easier =
for sellers to update Whois (so it points to the buyer) will encourage =
documentation. If "needs justification" is ever a disincentive to =
update Whois, then it will discourage documentation.
Granted, a seller that doesn't update Whois should be more worried about =
the reputation of the buyer. But regardless, it is incorrect to assume =
that "needs justification" will prevent bad actors from acquiring =
address blocks. Even bad actors can justify their need, and some of them =
might even (*gasp*) lie about it in order to get what they want. The =
result would look like a normal transfer (with justified need, a Whois =
update, etc) and yet would result in a bad actor becoming an address =
holder.
Cheers,
-Benson
On Oct 7, 2011, at 6:08 PM, Jimmy Hess wrote:
> On Fri, Oct 7, 2011 at 1:11 PM, Joly MacFie <joly@punkcast.com> wrote:
>> I'd welcome comments as to solutions to this. Or is it just =
scaremongering?
> Probably scaremongering... but it does raise an interesting thought.
>=20
> It provides another argument why RIRs don't need to abandon justified
> need as a mandatory
> criteria for transferring addresses to specified recipients out of
> fear that legacy and other
> holders will engage in "unofficial" sales and transfers that they
> intentionally fail to record via WHOIS.
>=20
> The legacy holder/unofficial transferror would be putting the
> reputation of their entire address block,
> and their other allocations at risk; if the buyer eventually hands
> some of the unofficial allocation
> to a spammer, either by accident, or intentionally, doesn't matter.
>=20
> The holder of addresses that unofficially transferred them, could have
> some major headaches,
> including service-affecting headaches to their network... just to
> sell spare IP addresses faster for
> a few extra bucks; when there is a legitimate process available
> that doesn't have that risk?
>=20
>> j
> --
> -JH
>=20
