[153945] in North American Network Operators' Group
Re: ZOMG: IPv6 a plot to stymie FBI !!!11!ONE!
daemon@ATHENA.MIT.EDU (Owen DeLong)
Mon Jun 18 08:53:37 2012
From: Owen DeLong <owen@delong.com>
In-Reply-To: <F76DB29C-555D-4173-B04E-5A3AB086E750@gmail.com>
Date: Mon, 18 Jun 2012 05:48:48 -0700
To: Arturo Servin <arturo.servin@gmail.com>
Cc: NANOG <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Jun 18, 2012, at 4:50 AM, Arturo Servin wrote:
>=20
> On 17 Jun 2012, at 20:29, Owen DeLong wrote:
>=20
>>=20
>> Lather rinse repeat with a better choice of address...
>>=20
>> 2001:550:3ee3:f329:102a3:2aff:fe23:1f69
>>=20
>> This is in the ARIN region...
>>=20
>> It's from within a particular ISP's /32.
>>=20
>> Has that ISP delegated some overlapping fraction to another ISP? If =
so, it's not in whois.
>> Have they delegated it to an end user? Again, if so, it's not in =
whois.
>>=20
>> Same for 2001:550:10:20:62a3:3eff:fe19:2909
>>=20
>> I don't honestly know if either of those prefixes is allocated or =
not, so maybe nothing's wrong
>> in this particular case, but if they have been delegated and not =
registered in whois, that's
>> a real problem when it comes time to get a search warrant if speed is =
of the essence.
>>=20
>> Owen
>>=20
>=20
> Not being in the whois is not an indicator that the ISP (to whom =
the address block has been delegated) does not know about which customer =
has an IP (v4 or v6, doesn't matter). I have seen tons of ISPs that do =
not publish delegations in the whois but have a huge excel worksheets =
where they record every suballocation.
> =09
> You just need a warrant to see that info. Ergo, the FBI, =
interpol or you name it should not have problem to get them.
>=20
> /as
Right...
However...
1. That's a violation of resource policy.
2. It's an extra step and multi-day delay in a situation where time =
may be of the essence.
Further, we're not talking about the recording of every end-user =
assignment so much as the fact that in some cases, large delegations to =
down-stream ISPs are not recorded in whois. My understanding from =
talking to the FBI/DEA people is that they want to be able to serve the =
correct ISP on the first try rather than iterating through multiple =
layers of delegations.
That does not seem an unreasonable expectation.
Owen
