[98297] in North American Network Operators' Group
Re: Questions about populating RIR with customer information.
daemon@ATHENA.MIT.EDU (Steve Atkins)
Wed Aug 1 13:07:52 2007
In-Reply-To: <B7152C470C9BF3448ED33F16A75D81C14D04152A29@exchanga.thenap.com>
From: Steve Atkins <steve@blighty.com>
Date: Wed, 1 Aug 2007 10:06:54 -0700
To: nanog@merit.edu
Errors-To: owner-nanog@merit.edu
On Aug 1, 2007, at 6:47 AM, Drew Weaver wrote:
>
> Up until recently, we were only providing the RIR database
> with information about our larger allocations /24 or larger. We
> have noticed however that many anti-spam organizations such as
> Spamhaus, and Fiveten will use the lack of information regarding an
> IP allocation as a blank check to blacklist entire /24s when they
> are really targeting a single /30 or a /29. As such we are
> examining publishing information for all allocations in the RIR
> database (/30s, /29s, etc).
Do you run an rwhois server with the allocation information already?
If so, you'd have good reason to be aggrieved at blacklists not doing
some amount of due diligence (though I think that's the first time
I've heard spamhaus and fiveten - the two extremes of professionalism
- bundled together).
If not, then yes, if there's abusive traffic coming from hosts on
your systems you're likely to find the smallest published allocation
blocked (for reasons that are generally pretty good decisions
operationally on the part of the people who don't want the bad traffic).
> My question, mostly is related to the privacy of the customer whom
> the space is being allocated to. Has anyone ever had an issue where
> they have published a user's information and the user had an issue
> with it? Is there some way that we can 'proxy' the information so
> that it simply states that the /29 has been allocated to a customer
> but it doesn't provide their contact information?
If you get a reputation for "providing spammers with anonymous SWIPs"
you're likely to have more problems with wider blocking, rather than
less.
>
> Most of our customers are co-location and dedicated hosting
> customers and we are simply unsure whether or not there are
> implications (legal or otherwise) in publishing our customer data
> in a public RIR database.
>
> Does anyone have any thoughts on this? Sorry if this is the wrong
> place to ask.
You'd need to ask your contract lawyers about most of that.
Cheers,
Steve
