[145421] in North American Network Operators' Group
Re: Botnets buying up IPv4 address space
daemon@ATHENA.MIT.EDU (Jimmy Hess)
Fri Oct 7 19:58:44 2011
In-Reply-To: <43D21289-264D-4945-AD5C-6061B35B06DF@queuefull.net>
Date: Fri, 7 Oct 2011 18:57:45 -0500
From: Jimmy Hess <mysidia@gmail.com>
To: Benson Schliesser <bensons@queuefull.net>
Cc: North American Network Operators Group <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Fri, Oct 7, 2011 at 6:47 PM, Benson Schliesser <bensons@queuefull.net> w=
rote:
> Granted, a seller that doesn't update Whois should be more worried about =
the reputation of the buyer. But regardless, it is incorrect to assume that=
"needs justification" will prevent bad actors from acquiring address block=
s. Even bad actors can justify their need, and some of them might even (*ga=
sp*) lie about it in order to get what they want. The result would look lik=
e a normal transfer (with justified need, a Whois update, etc) and yet woul=
d result in a bad actor becoming an address holder.
>
Yes.... I am completely conceded to the fact that some bad actors
will get all the addresses they want and more, in massive numbers.
And continue to manage to get new addresses to play with,
conveniently, as soon as their existing ones are blacklisted.
I believe they already get all the addresses they want inexpensively,
through lying to others or through illicit routing advertisements, and
IPv4 exhaustion will make it harder/more expensive for the bad actors
to "legitimately" get addresses that "look ok"; from the point of
view of actually receiving the assignment, or the bad actor
announcing address space "nobody will notice".
Address exhaustion simply ultimately means there are a lot fewer
addresses for bad actors to play; and they will be competing for
scarce IP addresses against legitimate businesses, resulting in
higher costs for bad actors attempting to utilize legitimate channels.
My suggestion is that the right solution is not to try to prevent bad
actors from getting addresses, but that the solution is for the bad
actors to get de-peered.
> Cheers,
> -Benson
--
-JH
