[32138] in North American Network Operators' Group
Re: Defeating DoS Attacks Through Accountability
daemon@ATHENA.MIT.EDU (Daniel Senie)
Sun Nov 12 12:20:20 2000
Message-ID: <3A0ED0E2.F6706CA7@senie.com>
Date: Sun, 12 Nov 2000 12:18:26 -0500
From: Daniel Senie <dts@senie.com>
MIME-Version: 1.0
To: Sean Donelan <sean@donelan.com>
Cc: nanog@merit.edu
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Errors-To: owner-nanog-outgoing@merit.edu
Sean Donelan wrote:
>
> On Sat, 11 November 2000, Mark Prior wrote:
> > How would you propose to handle the case where an organisation has
> > their own IP space which isn't currently advertised and then you
> > receive a request from a third party to route it to them?
>
> First I would suggest they register their claim to use the IP address
> with the appropriate registration agencies. As I understand it,
> every register has a method for recording further delegations. It
> is providers who choose to create the problem by not recording the
> delegation.
>
> If for some reason they can't change the organization of record for
> the IP address, there is a concept called a "Letter of Agency" which
> is used when someone wants to authorize a third-party to take actions
> on their behalf. If the third-party does not have a LOA from the
> coordinator of record for the IP address, I wouldn't view it as a
> valid request.
I'm not sure you're being clear. If someone has portable /24 or /16, and
does NOT do their own BGP, but contracts with ONE ISP to do that
advertisement. How do other ISPs know that ISP has permission? We could
point to the RADB, but it's chock full of bogus data. We could point to
ARIN, but their database just says the owner of the net in question is
whomever it is. Those who own that space have a legitimate right to use
that space, so telling them to get ISP-provided space is a non-starter.
I agree it's a problem in need of a proper solution. The solution has to
account for portable address space not owned by providers.
--
-----------------------------------------------------------------
Daniel Senie dts@senie.com
Amaranth Networks Inc. http://www.amaranth.com
