[190286] in North American Network Operators' Group
Re: IPv4 Legacy assignment frustration
daemon@ATHENA.MIT.EDU (Christopher Morrow)
Tue Jun 21 23:36:05 2016
X-Original-To: nanog@nanog.org
In-Reply-To: <0DADFF47-F759-4D13-BAC4-3E16078A6E2C@gmail.com>
From: Christopher Morrow <morrowc.lists@gmail.com>
Date: Tue, 21 Jun 2016 23:36:02 -0400
To: Suresh Ramasubramanian <ops.lists@gmail.com>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
how is this a problem with the RIR ?
On Tue, Jun 21, 2016 at 11:01 PM, Suresh Ramasubramanian <
ops.lists@gmail.com> wrote:
> There is absolutely no budgeting for idiots. Beyond a long hard process
> that is helped by internal escalations from affected people on a corporat=
e
> network - ideally as senior as you can get - ot their IT staff. =E2=80=
=9CMissouri
> isn=E2=80=99t in China, you nitwit. Fix it or I, the CFO, will go have a=
word with
> the CIO and ..=E2=80=9D
>
> In other words, have affected people escalate up the chain to the ISP or
> more likely corporate IT team that=E2=80=99s doing this sort of stupid fi=
lteringg.
>
> > On 21-Jun-2016, at 8:07 PM, Spurling, Shannon <shannon@more.net> wrote:
> >
> > I am not sure how many on the list are Legacy resource holders from
> before the RIR's were established, but there is an extremely short sighte=
d
> security practice that is being used across the internet.
> >
> > Apparently, the RIR that has been given "authority" for an IP prefix
> range that was a legacy assignment is being used as a geographical locato=
r
> for those prefixes. For instance, we provide access for several /16's tha=
t
> are in the 150/8 prefix that was set as APNIC. I am aware of quite a few
> organizations in the US that have prefixes in that range. We have
> registered our legacy resources with ARIN, but there are some people insi=
st
> that somehow the state of Missouri must be part of China because...
> "APNIC!". They set firewalls and access rules based on that, and are hard
> pressed to not fix them.
> >
> > Is there any way to raise awareness to this inconsistency so that
> security people will stop doing this?
>
>
