[190285] in North American Network Operators' Group
Re: IPv4 Legacy assignment frustration
daemon@ATHENA.MIT.EDU (Suresh Ramasubramanian)
Tue Jun 21 23:01:51 2016
X-Original-To: nanog@nanog.org
From: Suresh Ramasubramanian <ops.lists@gmail.com>
In-Reply-To: <A70F8E3612EA89458171DFBAA8A2A8DC83AD1063@UM-MBX-T03.um.umsystem.edu>
Date: Wed, 22 Jun 2016 08:31:43 +0530
To: "Spurling, Shannon" <shannon@more.net>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
There is absolutely no budgeting for idiots. Beyond a long hard process =
that is helped by internal escalations from affected people on a =
corporate network - ideally as senior as you can get - ot their IT =
staff. =E2=80=9CMissouri isn=E2=80=99t in China, you nitwit. Fix it or =
I, the CFO, will go have a word with the CIO and ..=E2=80=9D
In other words, have affected people escalate up the chain to the ISP or =
more likely corporate IT team that=E2=80=99s doing this sort of stupid =
filteringg.
> On 21-Jun-2016, at 8:07 PM, Spurling, Shannon <shannon@more.net> =
wrote:
>=20
> I am not sure how many on the list are Legacy resource holders from =
before the RIR's were established, but there is an extremely short =
sighted security practice that is being used across the internet.
>=20
> Apparently, the RIR that has been given "authority" for an IP prefix =
range that was a legacy assignment is being used as a geographical =
locator for those prefixes. For instance, we provide access for several =
/16's that are in the 150/8 prefix that was set as APNIC. I am aware of =
quite a few organizations in the US that have prefixes in that range. We =
have registered our legacy resources with ARIN, but there are some =
people insist that somehow the state of Missouri must be part of China =
because... "APNIC!". They set firewalls and access rules based on that, =
and are hard pressed to not fix them.
>=20
> Is there any way to raise awareness to this inconsistency so that =
security people will stop doing this?
